ImageMagick, Rootlesskit, Python, and more updates for SUSE

SUSE 5626 Published 2026-04-22 07:55 by Philipp Esselbach

News

SUSE-SU-2026:1497-1: important: Security update for ImageMagick

# Security update for ImageMagick

Announcement ID: SUSE-SU-2026:1497-1
Release Date: 2026-04-20T16:15:55Z
Rating: important
References:

* bsc#1258790
* bsc#1259446
* bsc#1259447
* bsc#1259448
* bsc#1259450
* bsc#1259451
* bsc#1259452
* bsc#1259455
* bsc#1259456
* bsc#1259457
* bsc#1259463
* bsc#1259464
* bsc#1259466
* bsc#1259467
* bsc#1259468
* bsc#1259528
* bsc#1259612
* bsc#1259872
* bsc#1260874
* bsc#1260879
* bsc#1262097

Cross-References:

* CVE-2026-24484
* CVE-2026-28493
* CVE-2026-28494
* CVE-2026-28686
* CVE-2026-28687
* CVE-2026-28688
* CVE-2026-28689
* CVE-2026-28690
* CVE-2026-28691
* CVE-2026-28692
* CVE-2026-28693
* CVE-2026-30883
* CVE-2026-30929
* CVE-2026-30936
* CVE-2026-30937
* CVE-2026-31853
* CVE-2026-32259
* CVE-2026-32636
* CVE-2026-33535
* CVE-2026-33536
* CVE-2026-33905

CVSS scores:

* CVE-2026-24484 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-28493 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-28493 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-28493 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-28494 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-28494 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-28494 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
* CVE-2026-28686 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-28686 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-28686 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-28687 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-28687 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-28687 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-28688 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-28688 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-28688 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-28688 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-28689 ( SUSE ): 7.2
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-28689 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-28689 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-28690 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-28690 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-28690 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
* CVE-2026-28690 ( NVD ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
* CVE-2026-28691 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-28691 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-28691 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-28692 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-28692 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-28692 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-28693 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-28693 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-28693 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-30883 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-30883 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-30883 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-30883 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-30929 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-30929 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-30929 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-30929 ( NVD ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-30936 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-30936 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-30936 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-30937 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-30937 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-30937 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-30937 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-31853 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31853 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-31853 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-31853 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-32259 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-32259 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-32259 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-32636 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-32636 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-32636 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-32636 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-33535 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-33535 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-33535 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33536 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33536 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-33536 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33536 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-33905 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33905 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-33905 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
* CVE-2026-33905 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* Desktop Applications Module 15-SP7
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves 21 vulnerabilities can now be installed.

## Description:

This update for ImageMagick fixes the following issues:

* CVE-2026-24484: denial of service via multi-layer nested MVG to SVG
conversion (bsc#1258790).
* CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds
write (bsc#1259446).
* CVE-2026-28494: missing bounds checks in the morphology kernel parsing
functions can lead to a stack buffer overflow (bsc#1259447).
* CVE-2026-28686: undersized output buffer allocation in the PCL encoder can
lead to a heap buffer overflow (bsc#1259448).
* CVE-2026-28687: heap use-after-free vulnerability in the MSL decoder via a
crafted MSL file (bsc#1259450).
* CVE-2026-28688: heap use-after-free in the MSL encoder when a cloned image
is destroyed twice (bsc#1259451).
* CVE-2026-28689: `domain="path"` authorization is checked before
final file open/use and allows for read/write bypass via symlink swaps
(bsc#1259452).
* CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack
buffer overflow (bsc#1259456).
* CVE-2026-28691: missing check in the JBIG decoder can lead to an
uninitialized pointer dereference (bsc#1259455).
* CVE-2026-28692: 32-bit integer overflow in MAT decoder can lead to a heap
buffer over-read (bsc#1259457).
* CVE-2026-28693: integer overflow in the DIB coder can lead to an out-of-
bounds read or write (bsc#1259466).
* CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a
heap buffer over-write (bsc#1259467).
* CVE-2026-30929: improper use of fixed-size stack buffer in `MagnifyImage`can
lead to a stack buffer overflow (bsc#1259468).
* CVE-2026-30936: heap buffer overflow in `WaveletDenoiseImage` (bsc#1259464).
* CVE-2026-30937: heap buffer overflow in XWD encoder due to CARD32 arithmetic
overflow (bsc#1259463).
* CVE-2026-31853: heap buffer overflow leads to crash in the SFW decoder of
32-bit systems when processing extremely large images (bsc#1259528).
* CVE-2026-32259: memory allocation failure in the SIXEL encoder can lead to a
stack out-of-bound write (bsc#1259612).
* CVE-2026-32636: denial of service via out-of-bounds write in `NewXMLTree`
method (bsc#1259872).
* CVE-2026-33535: out-of-Bounds write of a zero byte in X11 display
interaction (bsc#1260874).
* CVE-2026-33536: denial of Service via a stack out-of-bounds write in
`InterpretImageFilename` (bsc#1260879).
* CVE-2026-33905: denial of service via out-of-bounds read in `-sample`
operation (bsc#1262097).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1497=1

* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1497=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1497=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1497=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1497=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1497=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1497=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1497=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1497=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1497=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1497=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1497=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1
* ImageMagick-devel-7.1.0.9-150400.6.75.1
* ImageMagick-extra-7.1.0.9-150400.6.75.1
* ImageMagick-debugsource-7.1.0.9-150400.6.75.1
* ImageMagick-7.1.0.9-150400.6.75.1
* libMagick++-devel-7.1.0.9-150400.6.75.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.75.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1
* perl-PerlMagick-7.1.0.9-150400.6.75.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1
* ImageMagick-extra-debuginfo-7.1.0.9-150400.6.75.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1
* openSUSE Leap 15.4 (x86_64)
* libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.75.1
* libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.75.1
* libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.75.1
* libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.75.1
* libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.75.1
* libMagick++-devel-32bit-7.1.0.9-150400.6.75.1
* ImageMagick-devel-32bit-7.1.0.9-150400.6.75.1
* libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.75.1
* openSUSE Leap 15.4 (noarch)
* ImageMagick-doc-7.1.0.9-150400.6.75.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libMagickCore-7_Q16HDRI10-64bit-7.1.0.9-150400.6.75.1
* libMagickWand-7_Q16HDRI10-64bit-7.1.0.9-150400.6.75.1
* libMagick++-7_Q16HDRI5-64bit-7.1.0.9-150400.6.75.1
* libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.0.9-150400.6.75.1
* ImageMagick-devel-64bit-7.1.0.9-150400.6.75.1
* libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.75.1
* libMagick++-devel-64bit-7.1.0.9-150400.6.75.1
* libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.75.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* ImageMagick-debugsource-7.1.0.9-150400.6.75.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.75.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1
* ImageMagick-devel-7.1.0.9-150400.6.75.1
* ImageMagick-debugsource-7.1.0.9-150400.6.75.1
* ImageMagick-7.1.0.9-150400.6.75.1
* libMagick++-devel-7.1.0.9-150400.6.75.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.75.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1
* perl-PerlMagick-7.1.0.9-150400.6.75.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1
* ImageMagick-devel-7.1.0.9-150400.6.75.1
* ImageMagick-debugsource-7.1.0.9-150400.6.75.1
* ImageMagick-7.1.0.9-150400.6.75.1
* libMagick++-devel-7.1.0.9-150400.6.75.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.75.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1
* perl-PerlMagick-7.1.0.9-150400.6.75.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1
* ImageMagick-devel-7.1.0.9-150400.6.75.1
* ImageMagick-debugsource-7.1.0.9-150400.6.75.1
* ImageMagick-7.1.0.9-150400.6.75.1
* libMagick++-devel-7.1.0.9-150400.6.75.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.75.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1
* perl-PerlMagick-7.1.0.9-150400.6.75.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1
* ImageMagick-devel-7.1.0.9-150400.6.75.1
* ImageMagick-debugsource-7.1.0.9-150400.6.75.1
* ImageMagick-7.1.0.9-150400.6.75.1
* libMagick++-devel-7.1.0.9-150400.6.75.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.75.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1
* perl-PerlMagick-7.1.0.9-150400.6.75.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1
* ImageMagick-devel-7.1.0.9-150400.6.75.1
* ImageMagick-debugsource-7.1.0.9-150400.6.75.1
* ImageMagick-7.1.0.9-150400.6.75.1
* libMagick++-devel-7.1.0.9-150400.6.75.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.75.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1
* perl-PerlMagick-7.1.0.9-150400.6.75.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1
* ImageMagick-devel-7.1.0.9-150400.6.75.1
* ImageMagick-debugsource-7.1.0.9-150400.6.75.1
* ImageMagick-7.1.0.9-150400.6.75.1
* libMagick++-devel-7.1.0.9-150400.6.75.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.75.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1
* perl-PerlMagick-7.1.0.9-150400.6.75.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* ImageMagick-debugsource-7.1.0.9-150400.6.75.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.75.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1
* ImageMagick-devel-7.1.0.9-150400.6.75.1
* ImageMagick-debugsource-7.1.0.9-150400.6.75.1
* ImageMagick-7.1.0.9-150400.6.75.1
* libMagick++-devel-7.1.0.9-150400.6.75.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.75.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1
* perl-PerlMagick-7.1.0.9-150400.6.75.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1
* ImageMagick-devel-7.1.0.9-150400.6.75.1
* ImageMagick-debugsource-7.1.0.9-150400.6.75.1
* ImageMagick-7.1.0.9-150400.6.75.1
* libMagick++-devel-7.1.0.9-150400.6.75.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.75.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1
* perl-PerlMagick-7.1.0.9-150400.6.75.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* ImageMagick-debugsource-7.1.0.9-150400.6.75.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.75.1

## References:

* https://www.suse.com/security/cve/CVE-2026-24484.html
* https://www.suse.com/security/cve/CVE-2026-28493.html
* https://www.suse.com/security/cve/CVE-2026-28494.html
* https://www.suse.com/security/cve/CVE-2026-28686.html
* https://www.suse.com/security/cve/CVE-2026-28687.html
* https://www.suse.com/security/cve/CVE-2026-28688.html
* https://www.suse.com/security/cve/CVE-2026-28689.html
* https://www.suse.com/security/cve/CVE-2026-28690.html
* https://www.suse.com/security/cve/CVE-2026-28691.html
* https://www.suse.com/security/cve/CVE-2026-28692.html
* https://www.suse.com/security/cve/CVE-2026-28693.html
* https://www.suse.com/security/cve/CVE-2026-30883.html
* https://www.suse.com/security/cve/CVE-2026-30929.html
* https://www.suse.com/security/cve/CVE-2026-30936.html
* https://www.suse.com/security/cve/CVE-2026-30937.html
* https://www.suse.com/security/cve/CVE-2026-31853.html
* https://www.suse.com/security/cve/CVE-2026-32259.html
* https://www.suse.com/security/cve/CVE-2026-32636.html
* https://www.suse.com/security/cve/CVE-2026-33535.html
* https://www.suse.com/security/cve/CVE-2026-33536.html
* https://www.suse.com/security/cve/CVE-2026-33905.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258790
* https://bugzilla.suse.com/show_bug.cgi?id=1259446
* https://bugzilla.suse.com/show_bug.cgi?id=1259447
* https://bugzilla.suse.com/show_bug.cgi?id=1259448
* https://bugzilla.suse.com/show_bug.cgi?id=1259450
* https://bugzilla.suse.com/show_bug.cgi?id=1259451
* https://bugzilla.suse.com/show_bug.cgi?id=1259452
* https://bugzilla.suse.com/show_bug.cgi?id=1259455
* https://bugzilla.suse.com/show_bug.cgi?id=1259456
* https://bugzilla.suse.com/show_bug.cgi?id=1259457
* https://bugzilla.suse.com/show_bug.cgi?id=1259463
* https://bugzilla.suse.com/show_bug.cgi?id=1259464
* https://bugzilla.suse.com/show_bug.cgi?id=1259466
* https://bugzilla.suse.com/show_bug.cgi?id=1259467
* https://bugzilla.suse.com/show_bug.cgi?id=1259468
* https://bugzilla.suse.com/show_bug.cgi?id=1259528
* https://bugzilla.suse.com/show_bug.cgi?id=1259612
* https://bugzilla.suse.com/show_bug.cgi?id=1259872
* https://bugzilla.suse.com/show_bug.cgi?id=1260874
* https://bugzilla.suse.com/show_bug.cgi?id=1260879
* https://bugzilla.suse.com/show_bug.cgi?id=1262097

SUSE-SU-2026:1494-1: important: Security update for rootlesskit

# Security update for rootlesskit

Announcement ID: SUSE-SU-2026:1494-1
Release Date: 2026-04-20T15:58:21Z
Rating: important
References:

Affected Products:

* Containers Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that can now be installed.

## Description:

This update for rootlesskit rebuilds it against the current go 1.25 security
release.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1494=1

* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1494=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1494=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1494=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* rootlesskit-1.1.1-150600.3.2.2
* rootlesskit-debuginfo-1.1.1-150600.3.2.2
* Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* rootlesskit-1.1.1-150600.3.2.2
* rootlesskit-debuginfo-1.1.1-150600.3.2.2
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* rootlesskit-1.1.1-150600.3.2.2
* rootlesskit-debuginfo-1.1.1-150600.3.2.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* rootlesskit-1.1.1-150600.3.2.2
* rootlesskit-debuginfo-1.1.1-150600.3.2.2

SUSE-SU-2026:1498-1: important: Security update for glibc-livepatches

# Security update for glibc-livepatches

Announcement ID: SUSE-SU-2026:1498-1
Release Date: 2026-04-20T16:16:20Z
Rating: important
References:

* bsc#1261209

Cross-References:

* CVE-2026-4046

CVSS scores:

* CVE-2026-4046 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-4046 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4046 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for glibc-livepatches fixes the following issue:

* CVE-2026-4046: assertion failure when converting inputs may be used to
remotely crash an application (bsc#1261209).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1498=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1498=1

## Package List:

* openSUSE Leap 15.6 (x86_64)
* glibc-livepatches-debugsource-0.4-150600.8.5.1
* glibc-livepatches-debuginfo-0.4-150600.8.5.1
* glibc-livepatches-0.4-150600.8.5.1
* SUSE Linux Enterprise Live Patching 15-SP6 (x86_64)
* glibc-livepatches-0.4-150600.8.5.1

## References:

* https://www.suse.com/security/cve/CVE-2026-4046.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261209

SUSE-SU-2026:1502-1: moderate: Security update for python312

# Security update for python312

Announcement ID: SUSE-SU-2026:1502-1
Release Date: 2026-04-20T16:17:01Z
Rating: moderate
References:

* bsc#1258364
* bsc#1261970

Cross-References:

* CVE-2026-3446

CVSS scores:

* CVE-2026-3446 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-3446 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.6

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for python312 fixes the following issues:

* CVE-2026-3446: Base64 decoding stops at first padded quad by default
(bsc#1261970).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1502=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* python312-3.12.13-150600.3.56.1
* python312-debuginfo-3.12.13-150600.3.56.1
* python312-base-3.12.13-150600.3.56.1
* python312-core-debugsource-3.12.13-150600.3.56.1
* python312-doc-devhelp-3.12.13-150600.3.56.1
* python312-testsuite-3.12.13-150600.3.56.1
* python312-tk-3.12.13-150600.3.56.1
* python312-dbm-debuginfo-3.12.13-150600.3.56.1
* libpython3_12-1_0-debuginfo-3.12.13-150600.3.56.1
* python312-tools-3.12.13-150600.3.56.1
* python312-devel-3.12.13-150600.3.56.1
* python312-base-debuginfo-3.12.13-150600.3.56.1
* python312-tk-debuginfo-3.12.13-150600.3.56.1
* libpython3_12-1_0-3.12.13-150600.3.56.1
* python312-debugsource-3.12.13-150600.3.56.1
* python312-dbm-3.12.13-150600.3.56.1
* python312-testsuite-debuginfo-3.12.13-150600.3.56.1
* python312-curses-3.12.13-150600.3.56.1
* python312-curses-debuginfo-3.12.13-150600.3.56.1
* python312-idle-3.12.13-150600.3.56.1
* python312-doc-3.12.13-150600.3.56.1
* openSUSE Leap 15.6 (x86_64)
* libpython3_12-1_0-32bit-3.12.13-150600.3.56.1
* python312-32bit-debuginfo-3.12.13-150600.3.56.1
* python312-base-32bit-3.12.13-150600.3.56.1
* python312-32bit-3.12.13-150600.3.56.1
* python312-base-32bit-debuginfo-3.12.13-150600.3.56.1
* libpython3_12-1_0-32bit-debuginfo-3.12.13-150600.3.56.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* python312-base-64bit-debuginfo-3.12.13-150600.3.56.1
* libpython3_12-1_0-64bit-3.12.13-150600.3.56.1
* python312-64bit-3.12.13-150600.3.56.1
* python312-base-64bit-3.12.13-150600.3.56.1
* libpython3_12-1_0-64bit-debuginfo-3.12.13-150600.3.56.1
* python312-64bit-debuginfo-3.12.13-150600.3.56.1

## References:

* https://www.suse.com/security/cve/CVE-2026-3446.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258364
* https://bugzilla.suse.com/show_bug.cgi?id=1261970

SUSE-SU-2026:1504-1: moderate: Security update for GraphicsMagick

# Security update for GraphicsMagick

Announcement ID: SUSE-SU-2026:1504-1
Release Date: 2026-04-20T16:18:42Z
Rating: moderate
References:

* bsc#1260874

Cross-References:

* CVE-2026-33535

CVSS scores:

* CVE-2026-33535 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-33535 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-33535 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for GraphicsMagick fixes the following issue:

* CVE-2026-33535: Out-of-Bounds write of a zero byte in X11 display
interaction (bsc#1260874).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1504=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1504=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* GraphicsMagick-1.3.42-150600.3.21.1
* libGraphicsMagick++-Q16-12-debuginfo-1.3.42-150600.3.21.1
* libGraphicsMagickWand-Q16-2-debuginfo-1.3.42-150600.3.21.1
* perl-GraphicsMagick-1.3.42-150600.3.21.1
* libGraphicsMagick-Q16-3-1.3.42-150600.3.21.1
* libGraphicsMagick-Q16-3-debuginfo-1.3.42-150600.3.21.1
* libGraphicsMagick++-devel-1.3.42-150600.3.21.1
* libGraphicsMagick3-config-1.3.42-150600.3.21.1
* libGraphicsMagickWand-Q16-2-1.3.42-150600.3.21.1
* libGraphicsMagick++-Q16-12-1.3.42-150600.3.21.1
* GraphicsMagick-devel-1.3.42-150600.3.21.1
* GraphicsMagick-debuginfo-1.3.42-150600.3.21.1
* GraphicsMagick-debugsource-1.3.42-150600.3.21.1
* perl-GraphicsMagick-debuginfo-1.3.42-150600.3.21.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* GraphicsMagick-1.3.42-150600.3.21.1
* libGraphicsMagick++-Q16-12-debuginfo-1.3.42-150600.3.21.1
* libGraphicsMagickWand-Q16-2-debuginfo-1.3.42-150600.3.21.1
* perl-GraphicsMagick-1.3.42-150600.3.21.1
* libGraphicsMagick-Q16-3-1.3.42-150600.3.21.1
* libGraphicsMagick-Q16-3-debuginfo-1.3.42-150600.3.21.1
* libGraphicsMagick++-devel-1.3.42-150600.3.21.1
* libGraphicsMagick3-config-1.3.42-150600.3.21.1
* libGraphicsMagickWand-Q16-2-1.3.42-150600.3.21.1
* libGraphicsMagick++-Q16-12-1.3.42-150600.3.21.1
* GraphicsMagick-devel-1.3.42-150600.3.21.1
* GraphicsMagick-debuginfo-1.3.42-150600.3.21.1
* GraphicsMagick-debugsource-1.3.42-150600.3.21.1
* perl-GraphicsMagick-debuginfo-1.3.42-150600.3.21.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33535.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260874

SUSE-SU-2026:1531-1: important: Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise 15 SP6)

# Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:1531-1
Release Date: 2026-04-21T12:04:50Z
Rating: important
References:

* bsc#1259859

Cross-References:

* CVE-2026-23268

CVSS scores:

* CVE-2026-23268 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.87 fixes one
security issue

The following security issue was fixed:

* CVE-2026-23268: apparmor: fix unprivileged local user can do privileged
policy management (bsc#1259859).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1531=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1531=1

## Package List:

* openSUSE Leap 15.6 (x86_64)
* kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-3-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_20-debugsource-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_87-default-3-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x)
* kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-3-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_20-debugsource-3-150600.2.2
* kernel-livepatch-6_4_0-150600_23_87-default-3-150600.2.2
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x)
* kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-3-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_20-debugsource-3-150600.2.2
* kernel-livepatch-6_4_0-150600_23_87-default-3-150600.2.2
* SUSE Linux Enterprise Live Patching 15-SP6 (x86_64)
* kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-3-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_20-debugsource-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_87-default-3-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-23268.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259859

SUSE-SU-2026:1530-1: important: Security update for python311

# Security update for python311

Announcement ID: SUSE-SU-2026:1530-1
Release Date: 2026-04-21T11:04:59Z
Rating: important
References:

* bsc#1259611
* bsc#1259734
* bsc#1259735
* bsc#1259989
* bsc#1260026

Cross-References:

* CVE-2025-13462
* CVE-2026-3479
* CVE-2026-3644
* CVE-2026-4224
* CVE-2026-4519

CVSS scores:

* CVE-2025-13462 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-13462 ( NVD ): 2.0
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-3479 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-3479 ( NVD ): 0.0
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-3644 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-3644 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-4224 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4224 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-4519 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N
* CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N
* CVE-2026-4519 ( NVD ): 7.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-4519 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Affected Products:

* openSUSE Leap 15.4
* Public Cloud Module 15-SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves five vulnerabilities can now be installed.

## Description:

This update for python311 fixes the following issues:

* CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and
type AREGTYPE are combined (bsc#1259611).
* CVE-2026-3479: python: improper resource argument validation can allow path
traversal (bsc#1259989).
* CVE-2026-3644: incomplete control character validation in http.cookies
(bsc#1259734).
* CVE-2026-4224: C stack overflow when parsing XML with deeply nested DTD
content models (bsc#1259735).
* CVE-2026-4519: leading dashes in URLs are accepted by the
`webbrowser.open()` API and allow for web browser command line option
injection (bsc#1260026).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1530=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1530=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1530=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1530=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1530=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1530=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1530=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1530=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1530=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1530=1

## Package List:

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* python311-base-debuginfo-3.11.15-150400.9.85.1
* python311-dbm-3.11.15-150400.9.85.1
* python311-curses-3.11.15-150400.9.85.1
* python311-idle-3.11.15-150400.9.85.1
* python311-debugsource-3.11.15-150400.9.85.1
* python311-devel-3.11.15-150400.9.85.1
* python311-core-debugsource-3.11.15-150400.9.85.1
* libpython3_11-1_0-3.11.15-150400.9.85.1
* python311-curses-debuginfo-3.11.15-150400.9.85.1
* python311-debuginfo-3.11.15-150400.9.85.1
* python311-dbm-debuginfo-3.11.15-150400.9.85.1
* python311-doc-3.11.15-150400.9.85.1
* python311-doc-devhelp-3.11.15-150400.9.85.1
* python311-tk-3.11.15-150400.9.85.1
* python311-tk-debuginfo-3.11.15-150400.9.85.1
* python311-base-3.11.15-150400.9.85.1
* python311-tools-3.11.15-150400.9.85.1
* python311-3.11.15-150400.9.85.1
* libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* python311-base-debuginfo-3.11.15-150400.9.85.1
* python311-dbm-3.11.15-150400.9.85.1
* python311-curses-3.11.15-150400.9.85.1
* python311-idle-3.11.15-150400.9.85.1
* python311-debugsource-3.11.15-150400.9.85.1
* python311-devel-3.11.15-150400.9.85.1
* python311-core-debugsource-3.11.15-150400.9.85.1
* libpython3_11-1_0-3.11.15-150400.9.85.1
* python311-curses-debuginfo-3.11.15-150400.9.85.1
* python311-debuginfo-3.11.15-150400.9.85.1
* python311-dbm-debuginfo-3.11.15-150400.9.85.1
* python311-doc-3.11.15-150400.9.85.1
* python311-doc-devhelp-3.11.15-150400.9.85.1
* python311-tk-3.11.15-150400.9.85.1
* python311-tk-debuginfo-3.11.15-150400.9.85.1
* python311-base-3.11.15-150400.9.85.1
* python311-tools-3.11.15-150400.9.85.1
* python311-3.11.15-150400.9.85.1
* libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* python311-base-debuginfo-3.11.15-150400.9.85.1
* python311-dbm-3.11.15-150400.9.85.1
* python311-curses-3.11.15-150400.9.85.1
* python311-idle-3.11.15-150400.9.85.1
* python311-debugsource-3.11.15-150400.9.85.1
* python311-devel-3.11.15-150400.9.85.1
* python311-core-debugsource-3.11.15-150400.9.85.1
* libpython3_11-1_0-3.11.15-150400.9.85.1
* python311-curses-debuginfo-3.11.15-150400.9.85.1
* python311-debuginfo-3.11.15-150400.9.85.1
* python311-dbm-debuginfo-3.11.15-150400.9.85.1
* python311-doc-3.11.15-150400.9.85.1
* python311-doc-devhelp-3.11.15-150400.9.85.1
* python311-tk-3.11.15-150400.9.85.1
* python311-tk-debuginfo-3.11.15-150400.9.85.1
* python311-base-3.11.15-150400.9.85.1
* python311-tools-3.11.15-150400.9.85.1
* python311-3.11.15-150400.9.85.1
* libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* python311-base-debuginfo-3.11.15-150400.9.85.1
* python311-dbm-3.11.15-150400.9.85.1
* python311-curses-3.11.15-150400.9.85.1
* python311-idle-3.11.15-150400.9.85.1
* python311-debugsource-3.11.15-150400.9.85.1
* python311-devel-3.11.15-150400.9.85.1
* python311-core-debugsource-3.11.15-150400.9.85.1
* libpython3_11-1_0-3.11.15-150400.9.85.1
* python311-curses-debuginfo-3.11.15-150400.9.85.1
* python311-debuginfo-3.11.15-150400.9.85.1
* python311-dbm-debuginfo-3.11.15-150400.9.85.1
* python311-doc-3.11.15-150400.9.85.1
* python311-doc-devhelp-3.11.15-150400.9.85.1
* python311-tk-3.11.15-150400.9.85.1
* python311-tk-debuginfo-3.11.15-150400.9.85.1
* python311-base-3.11.15-150400.9.85.1
* python311-tools-3.11.15-150400.9.85.1
* python311-3.11.15-150400.9.85.1
* libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* python311-base-debuginfo-3.11.15-150400.9.85.1
* python311-dbm-3.11.15-150400.9.85.1
* python311-curses-3.11.15-150400.9.85.1
* python311-idle-3.11.15-150400.9.85.1
* python311-debugsource-3.11.15-150400.9.85.1
* python311-devel-3.11.15-150400.9.85.1
* python311-core-debugsource-3.11.15-150400.9.85.1
* libpython3_11-1_0-3.11.15-150400.9.85.1
* python311-curses-debuginfo-3.11.15-150400.9.85.1
* python311-debuginfo-3.11.15-150400.9.85.1
* python311-dbm-debuginfo-3.11.15-150400.9.85.1
* python311-doc-3.11.15-150400.9.85.1
* python311-doc-devhelp-3.11.15-150400.9.85.1
* python311-tk-3.11.15-150400.9.85.1
* python311-tk-debuginfo-3.11.15-150400.9.85.1
* python311-base-3.11.15-150400.9.85.1
* python311-tools-3.11.15-150400.9.85.1
* python311-3.11.15-150400.9.85.1
* libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* python311-base-debuginfo-3.11.15-150400.9.85.1
* python311-dbm-3.11.15-150400.9.85.1
* python311-curses-3.11.15-150400.9.85.1
* python311-idle-3.11.15-150400.9.85.1
* python311-debugsource-3.11.15-150400.9.85.1
* python311-devel-3.11.15-150400.9.85.1
* python311-core-debugsource-3.11.15-150400.9.85.1
* libpython3_11-1_0-3.11.15-150400.9.85.1
* python311-curses-debuginfo-3.11.15-150400.9.85.1
* python311-debuginfo-3.11.15-150400.9.85.1
* python311-dbm-debuginfo-3.11.15-150400.9.85.1
* python311-doc-3.11.15-150400.9.85.1
* python311-doc-devhelp-3.11.15-150400.9.85.1
* python311-tk-3.11.15-150400.9.85.1
* python311-tk-debuginfo-3.11.15-150400.9.85.1
* python311-base-3.11.15-150400.9.85.1
* python311-tools-3.11.15-150400.9.85.1
* python311-3.11.15-150400.9.85.1
* libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* python311-base-debuginfo-3.11.15-150400.9.85.1
* python311-dbm-3.11.15-150400.9.85.1
* python311-curses-3.11.15-150400.9.85.1
* python311-idle-3.11.15-150400.9.85.1
* python311-debugsource-3.11.15-150400.9.85.1
* python311-devel-3.11.15-150400.9.85.1
* python311-core-debugsource-3.11.15-150400.9.85.1
* libpython3_11-1_0-3.11.15-150400.9.85.1
* python311-curses-debuginfo-3.11.15-150400.9.85.1
* python311-debuginfo-3.11.15-150400.9.85.1
* python311-dbm-debuginfo-3.11.15-150400.9.85.1
* python311-doc-3.11.15-150400.9.85.1
* python311-doc-devhelp-3.11.15-150400.9.85.1
* python311-tk-3.11.15-150400.9.85.1
* python311-tk-debuginfo-3.11.15-150400.9.85.1
* python311-base-3.11.15-150400.9.85.1
* python311-tools-3.11.15-150400.9.85.1
* python311-3.11.15-150400.9.85.1
* libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* python311-base-debuginfo-3.11.15-150400.9.85.1
* python311-dbm-3.11.15-150400.9.85.1
* python311-curses-3.11.15-150400.9.85.1
* python311-idle-3.11.15-150400.9.85.1
* python311-debugsource-3.11.15-150400.9.85.1
* python311-devel-3.11.15-150400.9.85.1
* python311-core-debugsource-3.11.15-150400.9.85.1
* libpython3_11-1_0-3.11.15-150400.9.85.1
* python311-curses-debuginfo-3.11.15-150400.9.85.1
* python311-debuginfo-3.11.15-150400.9.85.1
* python311-dbm-debuginfo-3.11.15-150400.9.85.1
* python311-doc-3.11.15-150400.9.85.1
* python311-doc-devhelp-3.11.15-150400.9.85.1
* python311-tk-3.11.15-150400.9.85.1
* python311-tk-debuginfo-3.11.15-150400.9.85.1
* python311-base-3.11.15-150400.9.85.1
* python311-tools-3.11.15-150400.9.85.1
* python311-3.11.15-150400.9.85.1
* libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python311-curses-3.11.15-150400.9.85.1
* python311-core-debugsource-3.11.15-150400.9.85.1
* python311-dbm-3.11.15-150400.9.85.1
* python311-curses-debuginfo-3.11.15-150400.9.85.1
* python311-testsuite-debuginfo-3.11.15-150400.9.85.1
* python311-idle-3.11.15-150400.9.85.1
* python311-testsuite-3.11.15-150400.9.85.1
* python311-dbm-debuginfo-3.11.15-150400.9.85.1
* python311-tk-3.11.15-150400.9.85.1
* python311-doc-3.11.15-150400.9.85.1
* python311-base-3.11.15-150400.9.85.1
* python311-3.11.15-150400.9.85.1
* libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1
* python311-base-debuginfo-3.11.15-150400.9.85.1
* python311-debugsource-3.11.15-150400.9.85.1
* python311-devel-3.11.15-150400.9.85.1
* python311-tk-debuginfo-3.11.15-150400.9.85.1
* libpython3_11-1_0-3.11.15-150400.9.85.1
* python311-debuginfo-3.11.15-150400.9.85.1
* python311-tools-3.11.15-150400.9.85.1
* python311-doc-devhelp-3.11.15-150400.9.85.1
* openSUSE Leap 15.4 (x86_64)
* libpython3_11-1_0-32bit-debuginfo-3.11.15-150400.9.85.1
* python311-32bit-debuginfo-3.11.15-150400.9.85.1
* python311-base-32bit-debuginfo-3.11.15-150400.9.85.1
* python311-32bit-3.11.15-150400.9.85.1
* python311-base-32bit-3.11.15-150400.9.85.1
* libpython3_11-1_0-32bit-3.11.15-150400.9.85.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libpython3_11-1_0-64bit-3.11.15-150400.9.85.1
* python311-base-64bit-3.11.15-150400.9.85.1
* libpython3_11-1_0-64bit-debuginfo-3.11.15-150400.9.85.1
* python311-64bit-3.11.15-150400.9.85.1
* python311-base-64bit-debuginfo-3.11.15-150400.9.85.1
* python311-64bit-debuginfo-3.11.15-150400.9.85.1
* Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* libpython3_11-1_0-3.11.15-150400.9.85.1
* python311-3.11.15-150400.9.85.1
* python311-base-3.11.15-150400.9.85.1

## References:

* https://www.suse.com/security/cve/CVE-2025-13462.html
* https://www.suse.com/security/cve/CVE-2026-3479.html
* https://www.suse.com/security/cve/CVE-2026-3644.html
* https://www.suse.com/security/cve/CVE-2026-4224.html
* https://www.suse.com/security/cve/CVE-2026-4519.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259611
* https://bugzilla.suse.com/show_bug.cgi?id=1259734
* https://bugzilla.suse.com/show_bug.cgi?id=1259735
* https://bugzilla.suse.com/show_bug.cgi?id=1259989
* https://bugzilla.suse.com/show_bug.cgi?id=1260026

SUSE-SU-2026:1527-1: important: Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise 15 SP6)

# Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:1527-1
Release Date: 2026-04-21T10:34:38Z
Rating: important
References:

* bsc#1259859

Cross-References:

* CVE-2026-23268

CVSS scores:

* CVE-2026-23268 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.84 fixes one
security issue

The following security issue was fixed:

* CVE-2026-23268: apparmor: fix unprivileged local user can do privileged
policy management (bsc#1259859).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1527=1 SUSE-2026-1528=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1527=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2026-1528=1

## Package List:

* openSUSE Leap 15.6 (x86_64)
* kernel-livepatch-SLE15-SP6_Update_18-debugsource-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_81-default-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_84-default-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_19-debugsource-4-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x)
* kernel-livepatch-SLE15-SP6_Update_19-debugsource-4-150600.2.2
* kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-4-150600.2.2
* kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-4-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_18-debugsource-4-150600.2.2
* kernel-livepatch-6_4_0-150600_23_84-default-4-150600.2.2
* kernel-livepatch-6_4_0-150600_23_81-default-4-150600.2.2
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x)
* kernel-livepatch-SLE15-SP6_Update_19-debugsource-4-150600.2.2
* kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-4-150600.2.2
* kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-4-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_18-debugsource-4-150600.2.2
* kernel-livepatch-6_4_0-150600_23_84-default-4-150600.2.2
* kernel-livepatch-6_4_0-150600_23_81-default-4-150600.2.2
* SUSE Linux Enterprise Live Patching 15-SP6 (x86_64)
* kernel-livepatch-SLE15-SP6_Update_18-debugsource-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_81-default-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_84-default-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_19-debugsource-4-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-23268.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259859

SUSE-SU-2026:1513-1: important: Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise 15 SP6)

# Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:1513-1
Release Date: 2026-04-21T08:04:23Z
Rating: important
References:

* bsc#1255066
* bsc#1259859

Cross-References:

* CVE-2025-40309
* CVE-2026-23268

CVSS scores:

* CVE-2025-40309 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.73 fixes
various security issues

The following security issues were fixed:

* CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066).
* CVE-2026-23268: apparmor: fix unprivileged local user can do privileged
policy management (bsc#1259859).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1513=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1513=1

## Package List:

* openSUSE Leap 15.6 (x86_64)
* kernel-livepatch-SLE15-SP6_Update_16-debugsource-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_73-default-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-6-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x)
* kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-6-150600.2.2
* kernel-livepatch-6_4_0-150600_23_73-default-6-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_16-debugsource-6-150600.2.2
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x)
* kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-6-150600.2.2
* kernel-livepatch-6_4_0-150600_23_73-default-6-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_16-debugsource-6-150600.2.2
* SUSE Linux Enterprise Live Patching 15-SP6 (x86_64)
* kernel-livepatch-SLE15-SP6_Update_16-debugsource-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_73-default-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-6-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-40309.html
* https://www.suse.com/security/cve/CVE-2026-23268.html
* https://bugzilla.suse.com/show_bug.cgi?id=1255066
* https://bugzilla.suse.com/show_bug.cgi?id=1259859

openSUSE-SU-2026:10582-1: moderate: python311-PyPDF2-2.11.1-9.1 on GA media

# python311-PyPDF2-2.11.1-9.1 on GA media

Announcement ID: openSUSE-SU-2026:10582-1
Rating: moderate

Cross-References:

* CVE-2026-40260

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-PyPDF2-2.11.1-9.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-PyPDF2 2.11.1-9.1
* python313-PyPDF2 2.11.1-9.1
* python314-PyPDF2 2.11.1-9.1

## References:

* https://www.suse.com/security/cve/CVE-2026-40260.html

openSUSE-SU-2026:10581-1: moderate: haproxy-3.3.6+git91.af5637e93-1.1 on GA media

# haproxy-3.3.6+git91.af5637e93-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10581-1
Rating: moderate

Cross-References:

* CVE-2026-33555

CVSS scores:

* CVE-2026-33555 ( SUSE ): 4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
* CVE-2026-33555 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the haproxy-3.3.6+git91.af5637e93-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* haproxy 3.3.6+git91.af5637e93-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33555.html

openSUSE-SU-2026:20588-1: critical: Security update for chromium

openSUSE security update: security update for chromium
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20588-1
Rating: critical
References:

* bsc#1262174

Cross-References:

* CVE-2026-6296
* CVE-2026-6297
* CVE-2026-6298
* CVE-2026-6299
* CVE-2026-6300
* CVE-2026-6301
* CVE-2026-6302
* CVE-2026-6303
* CVE-2026-6304
* CVE-2026-6305
* CVE-2026-6306
* CVE-2026-6307
* CVE-2026-6308
* CVE-2026-6309
* CVE-2026-6310
* CVE-2026-6311
* CVE-2026-6312
* CVE-2026-6313
* CVE-2026-6314
* CVE-2026-6315
* CVE-2026-6316
* CVE-2026-6317
* CVE-2026-6318
* CVE-2026-6319
* CVE-2026-6358
* CVE-2026-6359
* CVE-2026-6360
* CVE-2026-6361
* CVE-2026-6362
* CVE-2026-6363
* CVE-2026-6364

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 31 vulnerabilities and has one bug fix can now be installed.

Description:

This update for chromium fixes the following issues:

Changes in chromium:

- Chromium 147.0.7727.101 (boo#1262174)
* CVE-2026-6296: Heap buffer overflow in ANGLE
* CVE-2026-6297: Use after free in Proxy
* CVE-2026-6298: Heap buffer overflow in Skia
* CVE-2026-6299: Use after free in Prerender
* CVE-2026-6358: Use after free in XR
* CVE-2026-6359: Use after free in Video
* CVE-2026-6300: Use after free in CSS
* CVE-2026-6301: Type Confusion in Turbofan
* CVE-2026-6302: Use after free in Video
* CVE-2026-6303: Use after free in Codecs
* CVE-2026-6304: Use after free in Graphite
* CVE-2026-6305: Heap buffer overflow in PDFium
* CVE-2026-6306: Heap buffer overflow in PDFium
* CVE-2026-6307: Type Confusion in Turbofan
* CVE-2026-6308: Out of bounds read in Media
* CVE-2026-6309: Use after free in Viz
* CVE-2026-6360: Use after free in FileSystem
* CVE-2026-6310: Use after free in Dawn
* CVE-2026-6311: Uninitialized Use in Accessibility
* CVE-2026-6312: Insufficient policy enforcement in Passwords
* CVE-2026-6313: Insufficient policy enforcement in CORS
* CVE-2026-6314: Out of bounds write in GPU
* CVE-2026-6315: Use after free in Permissions
* CVE-2026-6316: Use after free in Forms
* CVE-2026-6361: Heap buffer overflow in PDFium
* CVE-2026-6362: Use after free in Codecs
* CVE-2026-6317: Use after free in Cast
* CVE-2026-6363: Type Confusion in V8
* CVE-2026-6318: Use after free in Codecs
* CVE-2026-6319: Use after free in Payments
* CVE-2026-6364: Out of bounds read in Skia

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-206=1

Package List:

- openSUSE Leap 16.0:

chromedriver-147.0.7727.101-bp160.1.1
chromium-147.0.7727.101-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-6296.html
* https://www.suse.com/security/cve/CVE-2026-6297.html
* https://www.suse.com/security/cve/CVE-2026-6298.html
* https://www.suse.com/security/cve/CVE-2026-6299.html
* https://www.suse.com/security/cve/CVE-2026-6300.html
* https://www.suse.com/security/cve/CVE-2026-6301.html
* https://www.suse.com/security/cve/CVE-2026-6302.html
* https://www.suse.com/security/cve/CVE-2026-6303.html
* https://www.suse.com/security/cve/CVE-2026-6304.html
* https://www.suse.com/security/cve/CVE-2026-6305.html
* https://www.suse.com/security/cve/CVE-2026-6306.html
* https://www.suse.com/security/cve/CVE-2026-6307.html
* https://www.suse.com/security/cve/CVE-2026-6308.html
* https://www.suse.com/security/cve/CVE-2026-6309.html
* https://www.suse.com/security/cve/CVE-2026-6310.html
* https://www.suse.com/security/cve/CVE-2026-6311.html
* https://www.suse.com/security/cve/CVE-2026-6312.html
* https://www.suse.com/security/cve/CVE-2026-6313.html
* https://www.suse.com/security/cve/CVE-2026-6314.html
* https://www.suse.com/security/cve/CVE-2026-6315.html
* https://www.suse.com/security/cve/CVE-2026-6316.html
* https://www.suse.com/security/cve/CVE-2026-6317.html
* https://www.suse.com/security/cve/CVE-2026-6318.html
* https://www.suse.com/security/cve/CVE-2026-6319.html
* https://www.suse.com/security/cve/CVE-2026-6358.html
* https://www.suse.com/security/cve/CVE-2026-6359.html
* https://www.suse.com/security/cve/CVE-2026-6360.html
* https://www.suse.com/security/cve/CVE-2026-6361.html
* https://www.suse.com/security/cve/CVE-2026-6362.html
* https://www.suse.com/security/cve/CVE-2026-6363.html
* https://www.suse.com/security/cve/CVE-2026-6364.html

openSUSE-SU-2026:20558-1: important: Security update for gdk-pixbuf

openSUSE security update: security update for gdk-pixbuf
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20558-1
Rating: important
References:

* bsc#1261210

Cross-References:

* CVE-2026-5201

CVSS scores:

* CVE-2026-5201 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-5201 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for gdk-pixbuf fixes the following issue:

- CVE-2026-5201: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image
(bsc#1261210).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-581=1

Package List:

- openSUSE Leap 16.0:

gdk-pixbuf-devel-2.42.12-160000.4.1
gdk-pixbuf-lang-2.42.12-160000.4.1
gdk-pixbuf-query-loaders-2.42.12-160000.4.1
gdk-pixbuf-thumbnailer-2.42.12-160000.4.1
libgdk_pixbuf-2_0-0-2.42.12-160000.4.1
typelib-1_0-GdkPixbuf-2_0-2.42.12-160000.4.1
typelib-1_0-GdkPixdata-2_0-2.42.12-160000.4.1

References:

* https://www.suse.com/security/cve/CVE-2026-5201.html

openSUSE-SU-2026:20578-1: important: Security update for python-Django

openSUSE security update: security update for python-django
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20578-1
Rating: important
References:

* bsc#1261722
* bsc#1261724
* bsc#1261729
* bsc#1261731
* bsc#1261732

Cross-References:

* CVE-2026-33033
* CVE-2026-33034
* CVE-2026-3902
* CVE-2026-4277
* CVE-2026-4292

CVSS scores:

* CVE-2026-33033 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-33033 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-33034 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-3902 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-3902 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-4277 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-4292 ( SUSE ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed.

Description:

This update for python-Django fixes the following issues:

Changes in python-Django:

- CVE-2026-3902: ASGI header spoofing via underscore/hyphen conflation (bsc#1261729)
- CVE-2026-4277: Privilege abuse in GenericInlineModelAdmin (bsc#1261731)
- CVE-2026-4292: Privilege abuse in ModelAdmin.list_editable (bsc#1261732)
- CVE-2026-33033: Potential denial-of-service vulnerability in
MultiPartParser via base64-encoded file upload (bsc#1261722)
- CVE-2026-33034: Potential denial-of-service vulnerability in
ASGI requests via memory upload limit bypass (bsc#1261724)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-196=1

Package List:

- openSUSE Leap 16.0:

python313-Django-5.2.4-bp160.7.1

References:

* https://www.suse.com/security/cve/CVE-2026-33033.html
* https://www.suse.com/security/cve/CVE-2026-33034.html
* https://www.suse.com/security/cve/CVE-2026-3902.html
* https://www.suse.com/security/cve/CVE-2026-4277.html
* https://www.suse.com/security/cve/CVE-2026-4292.html

openSUSE-SU-2026:20581-1: important: Security update for nebula

openSUSE security update: security update for nebula
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20581-1
Rating: important

Cross-References:

* CVE-2025-22869

CVSS scores:

* CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22869 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability can now be installed.

Description:

This update for nebula fixes the following issues:

Changes in nebula:

- Update to version 1.10.3:
* Fix an issue where blocklist bypass is possible when using curve P256
Any newly issued P256 based certificates will have their signature clamped
to the low-s form. Nebula will assert the low-s signature form when
validating certificates in a future version

- Update to version 1.10.2:
* Fix panic when using use_system_route_table

- Update to version 1.10.1:
* Fix a bug where an unsafe route derived from the system route table could
be lost on a config reload
* Fix the PEM banner for ECDSA P256 public keys
* Fix a bug in handshake processing when a peer sends an unexpected public key
* Add a config option to control accepting recv_error packets which defaults
to always

- Update to version 1.10.0:
* Support for ipv6 and multiple ipv4/6 addresses in the overlay
* Add the ability to mark packets on linux to better target nebula packets in
iptables/nftables
* Add ECMP support for unsafe_routes
* PKCS11 support for P256 keys when built with pkcs11 tag
* default_local_cidr_any now defaults to false
* Improve logging when a relay is in use on an inbound packet
* Avoid fatal errors if rountines is > 1 on systems that domains (bsc#1258330).
- CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414).
- CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337).
- CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340).
- CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476).
- CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447).
- CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188).
- CVE-2026-23239: espintcp: Fix race condition in espintcp_close() (bsc#1259485).
- CVE-2026-23240: tls: Fix race condition in tls_sw_cancel_work_tx() (bsc#1259484).
- CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795).
- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797).
- CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891).
- CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870).
- CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886).
- CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009).
- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005).
- CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997).
- CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998).
- CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464).
- CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500).
- CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486).
- CVE-2026-23297: nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit() (bsc#1260490).
- CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544).
- CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735).
- CVE-2026-23326: xsk: Fix fragment node deletion to prevent buffer leak (bsc#1260606).
- CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550).
- CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527).
- CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732).
- CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481).
- CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471).
- CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497).
- CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799).
- CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion (bsc#1260522).
- CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730).
- CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498).
- CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496).
- CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507).
- CVE-2026-23425: KVM: arm64: Fix ID register initialization for non-protected pKVM guests (bsc#1261506).
- CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707).

The following non security issues were fixed:

- KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461).
- KVM: x86: synthesize CPUID bits only if CPU capability is set (bsc#1257511).
- Revert "drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129)."
- Update config files (bsc#1254307).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
- bpf, btf: Enforce destructor kfunc type with CFI (bsc#1259955).
- bpf: crypto: Use the correct destructor kfunc type (bsc#1259955).
- btrfs: only enforce free space tree if v1 cache is required for bs < ps cases (bsc#1260459).
- btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777).
- dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes).
- drm/amdkfd: Unreserve bo if queue update failed (git-fixes).
- drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129).
- drm/i915/dsc: Add Selective Update register definitions (stable-fixes).
- drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters (stable-fixes).
- firmware: microchip: fail auto-update probe if no flash found (git-fixes).
- kABI: Include trace recursion bits in kABI tracking (bsc#1258301).
- net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580).
- nvme: add support for dynamic quirk configuration via module parameter (bsc#1243208).
- nvme: expose active quirks in sysfs (bsc#1243208).
- nvme: fix memory leak in quirks_param_set() (bsc#1243208).
- powerpc/crash: adjust the elfcorehdr size (jsc#PED-11175 git-fixes).
- powerpc/kdump: Fix size calculation for hot-removed memory ranges (jsc#PED-11175 git-fixes).
- s390/cio: Update purge function to unregister the unused subchannels (bsc#1254214).
- s390/ipl: Clear SBP flag when bootprog is set (bsc#1258175).
- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).
- scsi: fnic: Add Cisco hardware model names (jsc#PED-15441).
- scsi: fnic: Add and integrate support for FDMI (jsc#PED-15441).
- scsi: fnic: Add and integrate support for FIP (jsc#PED-15441).
- scsi: fnic: Add functionality in fnic to support FDLS (jsc#PED-15441).
- scsi: fnic: Add headers and definitions for FDLS (jsc#PED-15441).
- scsi: fnic: Add stats and related functionality (jsc#PED-15441).
- scsi: fnic: Add support for fabric based solicited requests and responses (jsc#PED-15441).
- scsi: fnic: Add support for target based solicited requests and responses (jsc#PED-15441).
- scsi: fnic: Add support for unsolicited requests and responses (jsc#PED-15441).
- scsi: fnic: Add support to handle port channel RSCN (jsc#PED-15441).
- scsi: fnic: Code cleanup (jsc#PED-15441).
- scsi: fnic: Delete incorrect debugfs error handling (jsc#PED-15441).
- scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (jsc#PED-15441).
- scsi: fnic: Fix indentation and remove unnecessary parenthesis (jsc#PED-15441).
- scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() (jsc#PED-15441).
- scsi: fnic: Fix use of uninitialized value in debug message (jsc#PED-15441).
- scsi: fnic: Increment driver version (jsc#PED-15441).
- scsi: fnic: Modify IO path to use FDLS (jsc#PED-15441).
- scsi: fnic: Modify fnic interfaces to use FDLS (jsc#PED-15441).
- scsi: fnic: Propagate SCSI error code from fnic_scsi_drv_init() (jsc#PED-15441).
- scsi: fnic: Remove always-true IS_FNIC_FCP_INITIATOR macro (jsc#PED-15441).
- scsi: fnic: Remove extern definition from .c files (jsc#PED-15441).
- scsi: fnic: Remove unnecessary debug print (jsc#PED-15441).
- scsi: fnic: Remove unnecessary else and unnecessary break in FDLS (jsc#PED-15441).
- scsi: fnic: Remove unnecessary else to fix warning in FDLS FIP (jsc#PED-15441).
- scsi: fnic: Remove unnecessary spinlock locking and unlocking (jsc#PED-15441).
- scsi: fnic: Replace fnic->lock_flags with local flags (jsc#PED-15441).
- scsi: fnic: Replace shost_printk() with dev_info()/dev_err() (jsc#PED-15441).
- scsi: fnic: Replace use of sizeof with standard usage (jsc#PED-15441).
- scsi: fnic: Return appropriate error code for mem alloc failure (jsc#PED-15441).
- scsi: fnic: Return appropriate error code from failure of scsi drv init (jsc#PED-15441).
- scsi: fnic: Test for memory allocation failure and return error code (jsc#PED-15441).
- scsi: fnic: Turn off FDMI ACTIVE flags on link down (jsc#PED-15441).
- scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1255687).
- scsi: scsi_transport_sas: Fix the maximum channel scanning issue (bsc#1255687, git-fixes).
- scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() (git-fixes, jsc#PED-15042).
- selftests/bpf: Use the correct destructor kfunc type (bsc#1259955).
- selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669 ltc#212590).
- tg3: Fix race for querying speed/duplex (bsc#1257183).
- x86/platform/uv: Handle deconfigured sockets (bsc#1260347).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-596=1

Package List:

- openSUSE Leap 16.0:

cluster-md-kmp-64kb-6.12.0-160000.28.1
cluster-md-kmp-azure-6.12.0-160000.28.1
cluster-md-kmp-default-6.12.0-160000.28.1
cluster-md-kmp-rt-6.12.0-160000.28.1
dlm-kmp-64kb-6.12.0-160000.28.1
dlm-kmp-azure-6.12.0-160000.28.1
dlm-kmp-default-6.12.0-160000.28.1
dlm-kmp-rt-6.12.0-160000.28.1
dtb-allwinner-6.12.0-160000.28.1
dtb-altera-6.12.0-160000.28.1
dtb-amazon-6.12.0-160000.28.1
dtb-amd-6.12.0-160000.28.1
dtb-amlogic-6.12.0-160000.28.1
dtb-apm-6.12.0-160000.28.1
dtb-apple-6.12.0-160000.28.1
dtb-arm-6.12.0-160000.28.1
dtb-broadcom-6.12.0-160000.28.1
dtb-cavium-6.12.0-160000.28.1
dtb-exynos-6.12.0-160000.28.1
dtb-freescale-6.12.0-160000.28.1
dtb-hisilicon-6.12.0-160000.28.1
dtb-lg-6.12.0-160000.28.1
dtb-marvell-6.12.0-160000.28.1
dtb-mediatek-6.12.0-160000.28.1
dtb-nvidia-6.12.0-160000.28.1
dtb-qcom-6.12.0-160000.28.1
dtb-renesas-6.12.0-160000.28.1
dtb-rockchip-6.12.0-160000.28.1
dtb-socionext-6.12.0-160000.28.1
dtb-sprd-6.12.0-160000.28.1
dtb-xilinx-6.12.0-160000.28.1
gfs2-kmp-64kb-6.12.0-160000.28.1
gfs2-kmp-azure-6.12.0-160000.28.1
gfs2-kmp-default-6.12.0-160000.28.1
gfs2-kmp-rt-6.12.0-160000.28.1
kernel-64kb-6.12.0-160000.28.1
kernel-64kb-devel-6.12.0-160000.28.1
kernel-64kb-extra-6.12.0-160000.28.1
kernel-64kb-optional-6.12.0-160000.28.1
kernel-azure-6.12.0-160000.28.1
kernel-azure-devel-6.12.0-160000.28.1
kernel-azure-extra-6.12.0-160000.28.1
kernel-azure-optional-6.12.0-160000.28.1
kernel-azure-vdso-6.12.0-160000.28.1
kernel-default-6.12.0-160000.28.1
kernel-default-base-6.12.0-160000.27.1.160000.2.8
kernel-default-devel-6.12.0-160000.28.1
kernel-default-extra-6.12.0-160000.28.1
kernel-default-optional-6.12.0-160000.28.1
kernel-default-vdso-6.12.0-160000.28.1
kernel-devel-6.12.0-160000.28.1
kernel-docs-6.12.0-160000.28.1
kernel-docs-html-6.12.0-160000.28.1
kernel-kvmsmall-6.12.0-160000.28.1
kernel-kvmsmall-devel-6.12.0-160000.28.1
kernel-kvmsmall-vdso-6.12.0-160000.28.1
kernel-macros-6.12.0-160000.28.1
kernel-obs-build-6.12.0-160000.28.1
kernel-obs-qa-6.12.0-160000.28.1
kernel-rt-6.12.0-160000.28.1
kernel-rt-devel-6.12.0-160000.28.1
kernel-rt-extra-6.12.0-160000.28.1
kernel-rt-optional-6.12.0-160000.28.1
kernel-rt-vdso-6.12.0-160000.28.1
kernel-source-6.12.0-160000.28.1
kernel-source-vanilla-6.12.0-160000.28.1
kernel-syms-6.12.0-160000.28.1
kernel-zfcpdump-6.12.0-160000.28.1
kselftests-kmp-64kb-6.12.0-160000.28.1
kselftests-kmp-azure-6.12.0-160000.28.1
kselftests-kmp-default-6.12.0-160000.28.1
kselftests-kmp-rt-6.12.0-160000.28.1
ocfs2-kmp-64kb-6.12.0-160000.28.1
ocfs2-kmp-azure-6.12.0-160000.28.1
ocfs2-kmp-default-6.12.0-160000.28.1
ocfs2-kmp-rt-6.12.0-160000.28.1

References:

* https://www.suse.com/security/cve/CVE-2025-39998.html
* https://www.suse.com/security/cve/CVE-2025-40253.html
* https://www.suse.com/security/cve/CVE-2025-68794.html
* https://www.suse.com/security/cve/CVE-2025-71239.html
* https://www.suse.com/security/cve/CVE-2026-23072.html
* https://www.suse.com/security/cve/CVE-2026-23103.html
* https://www.suse.com/security/cve/CVE-2026-23120.html
* https://www.suse.com/security/cve/CVE-2026-23125.html
* https://www.suse.com/security/cve/CVE-2026-23138.html
* https://www.suse.com/security/cve/CVE-2026-23140.html
* https://www.suse.com/security/cve/CVE-2026-23187.html
* https://www.suse.com/security/cve/CVE-2026-23193.html
* https://www.suse.com/security/cve/CVE-2026-23201.html
* https://www.suse.com/security/cve/CVE-2026-23204.html
* https://www.suse.com/security/cve/CVE-2026-23215.html
* https://www.suse.com/security/cve/CVE-2026-23216.html
* https://www.suse.com/security/cve/CVE-2026-23231.html
* https://www.suse.com/security/cve/CVE-2026-23239.html
* https://www.suse.com/security/cve/CVE-2026-23240.html
* https://www.suse.com/security/cve/CVE-2026-23242.html
* https://www.suse.com/security/cve/CVE-2026-23243.html
* https://www.suse.com/security/cve/CVE-2026-23255.html
* https://www.suse.com/security/cve/CVE-2026-23262.html
* https://www.suse.com/security/cve/CVE-2026-23270.html
* https://www.suse.com/security/cve/CVE-2026-23272.html
* https://www.suse.com/security/cve/CVE-2026-23274.html
* https://www.suse.com/security/cve/CVE-2026-23277.html
* https://www.suse.com/security/cve/CVE-2026-23278.html
* https://www.suse.com/security/cve/CVE-2026-23281.html
* https://www.suse.com/security/cve/CVE-2026-23292.html
* https://www.suse.com/security/cve/CVE-2026-23293.html
* https://www.suse.com/security/cve/CVE-2026-23297.html
* https://www.suse.com/security/cve/CVE-2026-23304.html
* https://www.suse.com/security/cve/CVE-2026-23319.html
* https://www.suse.com/security/cve/CVE-2026-23326.html
* https://www.suse.com/security/cve/CVE-2026-23335.html
* https://www.suse.com/security/cve/CVE-2026-23343.html
* https://www.suse.com/security/cve/CVE-2026-23361.html
* https://www.suse.com/security/cve/CVE-2026-23379.html
* https://www.suse.com/security/cve/CVE-2026-23381.html
* https://www.suse.com/security/cve/CVE-2026-23383.html
* https://www.suse.com/security/cve/CVE-2026-23386.html
* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-23398.html
* https://www.suse.com/security/cve/CVE-2026-23413.html
* https://www.suse.com/security/cve/CVE-2026-23414.html
* https://www.suse.com/security/cve/CVE-2026-23419.html
* https://www.suse.com/security/cve/CVE-2026-23425.html
* https://www.suse.com/security/cve/CVE-2026-31788.html

openSUSE-SU-2026:20552-1: important: Security update for LibVNCServer

openSUSE security update: security update for libvncserver
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20552-1
Rating: important
References:

* bsc#1260429
* bsc#1260431

Cross-References:

* CVE-2026-32853
* CVE-2026-32854

CVSS scores:

* CVE-2026-32853 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-32853 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-32854 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-32854 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for LibVNCServer fixes the following issues:

- CVE-2026-32853: crafted FramebufferUpdate message can lead to information disclosure or denial of service
(bsc#1260431).
- CVE-2026-32854: crafted HTTP requests can cause a denial of service (bsc#1260429).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-575=1

Package List:

- openSUSE Leap 16.0:

LibVNCServer-devel-0.9.14-160000.4.1
libvncclient1-0.9.14-160000.4.1
libvncserver1-0.9.14-160000.4.1

References:

* https://www.suse.com/security/cve/CVE-2026-32853.html
* https://www.suse.com/security/cve/CVE-2026-32854.html

openSUSE-SU-2026:20569-1: moderate: Security update for rust1.94

openSUSE security update: security update for rust1.94
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20569-1
Rating: moderate
References:

* bsc#1259623
* bsc#1261876

Cross-References:

* CVE-2026-31812

CVSS scores:

* CVE-2026-31812 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-31812 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has 2 bug fixes can now be installed.

Description:

This update for rust1.94 fixes the following issues:

Changes in rust1.94:

- Don't force gcc-15 on SLE-16 and higher (bsc#1261876)

Update to rust1.94.1:

- Release notes can be found externally: https://github.com/rust-lang/rust/releases/tag/1.94.1

- Avoid unwrapping varint decoding during parameters parsing
(bsc#1259623 CVE-2026-31812).

- Release notes can be found externally: https://github.com/rust-lang/rust/releases/tag/1.94.0

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-593=1

Package List:

- openSUSE Leap 16.0:

cargo1.94-1.94.1-160000.1.1
rust1.94-1.94.1-160000.1.1
rust1.94-src-1.94.1-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-31812.html

openSUSE-SU-2026:20547-1: important: Security update for strongswan

openSUSE security update: security update for strongswan
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20547-1
Rating: important
References:

* bsc#1257359
* bsc#1259472

Cross-References:

* CVE-2025-9615
* CVE-2026-25075

CVSS scores:

* CVE-2025-9615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-25075 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25075 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for strongswan fixes the following issues:

Update to strongswan 6.0.4:

- CVE-2025-9615: NetworkManager File Access (bsc#1257359).
- CVE-2026-25075: Integer Underflow When Handling EAP-TTLS AVP (bsc#1259472).

Changes for strongswan:

- Fixed a vulnerability in the NetworkManager plugin that potentially
allows using credentials of other local users. This vulnerability
has been registered as CVE-2025-9615.
- The maximum supported length for section names in swanctl.conf
has been increased to the upper limit of 256 characters that's
enforced by VICI.
- Prevent a crash if a confused peer rekeys a Child SA twice before
sending a delete.
- Fixed a memory leak if a peer's self-signed certificate is untrusted.

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-570=1

Package List:

- openSUSE Leap 16.0:

strongswan-6.0.4-160000.1.1
strongswan-doc-6.0.4-160000.1.1
strongswan-fips-6.0.4-160000.1.1
strongswan-ipsec-6.0.4-160000.1.1
strongswan-mysql-6.0.4-160000.1.1
strongswan-nm-6.0.4-160000.1.1
strongswan-sqlite-6.0.4-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-9615.html
* https://www.suse.com/security/cve/CVE-2026-25075.html

openSUSE-SU-2026:20544-1: important: Security update for xorg-x11-server

openSUSE security update: security update for xorg-x11-server
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20544-1
Rating: important
References:

* bsc#1260922
* bsc#1260923
* bsc#1260924
* bsc#1260925
* bsc#1260926

Cross-References:

* CVE-2026-33999
* CVE-2026-34000
* CVE-2026-34001
* CVE-2026-34002
* CVE-2026-34003

CVSS scores:

* CVE-2026-33999 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-33999 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34000 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-34000 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34001 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-34001 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34002 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-34002 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34003 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-34003 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed.

Description:

This update for xorg-x11-server fixes the following issues:

- CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap() (bsc#1260922).
- CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom() (bsc#1260923).
- CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence() (bsc#1260924).
- CVE-2026-34002: XKB Out-of-bounds read in CheckModifierMap() (bsc#1260925).
- CVE-2026-34003: XKB Buffer overflow in CheckKeyTypes() (bsc#1260926).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-567=1

Package List:

- openSUSE Leap 16.0:

xorg-x11-server-21.1.15-160000.4.1
xorg-x11-server-Xvfb-21.1.15-160000.4.1
xorg-x11-server-extra-21.1.15-160000.4.1
xorg-x11-server-sdk-21.1.15-160000.4.1
xorg-x11-server-source-21.1.15-160000.4.1
xorg-x11-server-wrapper-21.1.15-160000.4.1

References:

* https://www.suse.com/security/cve/CVE-2026-33999.html
* https://www.suse.com/security/cve/CVE-2026-34000.html
* https://www.suse.com/security/cve/CVE-2026-34001.html
* https://www.suse.com/security/cve/CVE-2026-34002.html
* https://www.suse.com/security/cve/CVE-2026-34003.html

openSUSE-SU-2026:20556-1: important: Security update for freeipmi

openSUSE security update: security update for freeipmi
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20556-1
Rating: important
References:

* bsc#1260414

Cross-References:

* CVE-2026-33554

CVSS scores:

* CVE-2026-33554 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2026-33554 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for freeipmi fixes the following issue:

- CVE-2026-33554: improper memory handling and data validation can lead to stack buffer overflows and acceptance of
malformed payloads/responses (bsc#1260414).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-579=1

Package List:

- openSUSE Leap 16.0:

freeipmi-1.6.15-160000.3.1
freeipmi-bmc-watchdog-1.6.15-160000.3.1
freeipmi-devel-1.6.15-160000.3.1
freeipmi-ipmidetectd-1.6.15-160000.3.1
freeipmi-ipmiseld-1.6.15-160000.3.1
libfreeipmi17-1.6.15-160000.3.1
libipmiconsole2-1.6.15-160000.3.1
libipmidetect0-1.6.15-160000.3.1
libipmimonitoring6-1.6.15-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-33554.html

openSUSE-SU-2026:20536-1: moderate: Security update for GraphicsMagick

openSUSE security update: security update for graphicsmagick
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20536-1
Rating: moderate
References:

* bsc#1258765

Cross-References:

* CVE-2026-26284

CVSS scores:

* CVE-2026-26284 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-26284 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for GraphicsMagick fixes the following issues:

- CVE-2026-26284: Heap overflow in pcd decoder leads to out of bounds read. (bsc#1258765)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-559=1

Package List:

- openSUSE Leap 16.0:

GraphicsMagick-1.3.45-160000.4.1
GraphicsMagick-devel-1.3.45-160000.4.1
libGraphicsMagick++-Q16-12-1.3.45-160000.4.1
libGraphicsMagick++-devel-1.3.45-160000.4.1
libGraphicsMagick-Q16-3-1.3.45-160000.4.1
libGraphicsMagick3-config-1.3.45-160000.4.1
libGraphicsMagickWand-Q16-2-1.3.45-160000.4.1
perl-GraphicsMagick-1.3.45-160000.4.1

References:

* https://www.suse.com/security/cve/CVE-2026-26284.html

openSUSE-SU-2026:20554-1: important: Security update for dovecot24

openSUSE security update: security update for dovecot24
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20554-1
Rating: important
References:

* bsc#1260893
* bsc#1260894
* bsc#1260895
* bsc#1260896
* bsc#1260897
* bsc#1260898
* bsc#1260899
* bsc#1260900
* bsc#1260901
* bsc#1260902

Cross-References:

* CVE-2025-59028
* CVE-2025-59031
* CVE-2025-59032
* CVE-2026-24031
* CVE-2026-27855
* CVE-2026-27856
* CVE-2026-27857
* CVE-2026-27858
* CVE-2026-27859
* CVE-2026-27860

CVSS scores:

* CVE-2025-59028 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-59031 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-59031 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-59032 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-59032 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-24031 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
* CVE-2026-24031 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2026-27855 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2026-27855 ( SUSE ): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-27856 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-27856 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-27857 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-27857 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-27858 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-27858 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-27859 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-27859 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-27860 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-27860 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 10 vulnerabilities and has 10 bug fixes can now be installed.

Description:

This update for dovecot24 fixes the following issues:

- Update to v2.4.3
- CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins (bsc#1260894).
- CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing
(bsc#1260895).
- CVE-2025-59032: pigeonhole: ManageSieve panic occurs with sieve-connect as a client (bsc#1260902).
- CVE-2026-24031: SQL injection possible if auth_username_chars is configured empty. Fixed escaping to always happen.
v2.4 regression (bsc#1260896).
- CVE-2026-27855: OTP driver vulnerable to replay attack (bsc#1260900).
- CVE-2026-27856: Doveadm credentials were not checked using timing-safe checking function (bsc#1260899).
- CVE-2026-27857: sending excessive parenthesis causes imap-login to use excessive memory (bsc#1260898).
- CVE-2026-27858: pigeonhole: managesieve-login can allocate large amount of memory during authentication (bsc#1260901).
- CVE-2026-27859: excessive RFC 2231 MIME parameters in email would can excessive CPU usage (bsc#1260897).
- CVE-2026-27860: LDAP query injection possible if auth_username_chars is configured empty. Fixed escaping to always
happen. v2.4 regression (bsc#1260893).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-577=1

Package List:

- openSUSE Leap 16.0:

dovecot24-2.4.3-160000.1.1
dovecot24-backend-mysql-2.4.3-160000.1.1
dovecot24-backend-pgsql-2.4.3-160000.1.1
dovecot24-backend-sqlite-2.4.3-160000.1.1
dovecot24-devel-2.4.3-160000.1.1
dovecot24-fts-2.4.3-160000.1.1
dovecot24-fts-flatcurve-2.4.3-160000.1.1
dovecot24-fts-solr-2.4.3-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-59028.html
* https://www.suse.com/security/cve/CVE-2025-59031.html
* https://www.suse.com/security/cve/CVE-2025-59032.html
* https://www.suse.com/security/cve/CVE-2026-24031.html
* https://www.suse.com/security/cve/CVE-2026-27855.html
* https://www.suse.com/security/cve/CVE-2026-27856.html
* https://www.suse.com/security/cve/CVE-2026-27857.html
* https://www.suse.com/security/cve/CVE-2026-27858.html
* https://www.suse.com/security/cve/CVE-2026-27859.html
* https://www.suse.com/security/cve/CVE-2026-27860.html

openSUSE-SU-2026:20535-1: important: Security update for plexus-utils

openSUSE security update: security update for plexus-utils
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20535-1
Rating: important
References:

* bsc#1260588

Cross-References:

* CVE-2025-67030

CVSS scores:

* CVE-2025-67030 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-67030 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for plexus-utils fixes the following issue:

- CVE-2025-67030: directory traversal via the `extractFile` method of `org.codehaus.plexus.util.Expand` (bsc#1260588).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-558=1

Package List:

- openSUSE Leap 16.0:

plexus-utils-4.0.2-160000.3.1
plexus-utils-javadoc-4.0.2-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-67030.html

openSUSE-SU-2026:20540-1: important: Security update for vim

openSUSE security update: security update for vim
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20540-1
Rating: important
References:

* bsc#1259985
* bsc#1261191
* bsc#1261271

Cross-References:

* CVE-2026-33412
* CVE-2026-34714
* CVE-2026-34982

CVSS scores:

* CVE-2026-33412 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
* CVE-2026-33412 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34714 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-34714 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-34982 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
* CVE-2026-34982 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.

Description:

This update for vim fixes the following issues:

- CVE-2026-33412: command injection via newline in glob() (bsc#1259985).
- CVE-2026-34714: crafted file can allow code execution (bsc#1261191).
- CVE-2026-34982: Vim modeline bypass via various options (bsc#1261271).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-563=1

Package List:

- openSUSE Leap 16.0:

gvim-9.2.0280-160000.1.1
vim-9.2.0280-160000.1.1
vim-data-9.2.0280-160000.1.1
vim-data-common-9.2.0280-160000.1.1
vim-small-9.2.0280-160000.1.1
xxd-9.2.0280-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-33412.html
* https://www.suse.com/security/cve/CVE-2026-34714.html
* https://www.suse.com/security/cve/CVE-2026-34982.html

openSUSE-SU-2026:20532-1: important: Security update for cockpit-subscriptions

openSUSE security update: security update for cockpit-subscriptions
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20532-1
Rating: important
References:

* bsc#1258637

Cross-References:

* CVE-2026-26996

CVSS scores:

* CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for cockpit-subscriptions fixes the following issue:

- CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character
that doesn't appear in the test string (bsc#1258637).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-555=1

Package List:

- openSUSE Leap 16.0:

cockpit-subscriptions-12.1-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-26996.html

openSUSE-SU-2026:20517-1: important: Security update for python313

openSUSE security update: security update for python313
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20517-1
Rating: important
References:

* bsc#1257181
* bsc#1259240
* bsc#1259611
* bsc#1259734
* bsc#1259735
* bsc#1259989
* bsc#1260026

Cross-References:

* CVE-2025-13462
* CVE-2026-1299
* CVE-2026-2297
* CVE-2026-3479
* CVE-2026-3644
* CVE-2026-4224
* CVE-2026-4519

CVSS scores:

* CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-13462 ( SUSE ): 2 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
* CVE-2026-1299 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-2297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-2297 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-3479 ( SUSE ): 2 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N
* CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 7 vulnerabilities and has 7 bug fixes can now be installed.

Description:

This update for python313 fixes the following issues:

Update to version 3.13.13.

- CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to
misinterpretation of tar archives (bsc#1259611).
- CVE-2026-2297: incorrectly handled hook in FileLoader can lead to validation bypass (bsc#1259240).
- CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989).
- CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass
(bsc#1259734).
- CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735).
- CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser
command line option injection (bsc#1260026).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-539=1

Package List:

- openSUSE Leap 16.0:

libpython3_13-1_0-3.13.13-160000.1.1
libpython3_13-1_0-x86-64-v3-3.13.13-160000.1.1
libpython3_13t1_0-3.13.13-160000.1.1
python313-3.13.13-160000.1.1
python313-base-3.13.13-160000.1.1
python313-base-x86-64-v3-3.13.13-160000.1.1
python313-curses-3.13.13-160000.1.1
python313-dbm-3.13.13-160000.1.1
python313-devel-3.13.13-160000.1.1
python313-doc-3.13.13-160000.1.1
python313-doc-devhelp-3.13.13-160000.1.1
python313-idle-3.13.13-160000.1.1
python313-nogil-3.13.13-160000.1.1
python313-nogil-base-3.13.13-160000.1.1
python313-nogil-curses-3.13.13-160000.1.1
python313-nogil-dbm-3.13.13-160000.1.1
python313-nogil-devel-3.13.13-160000.1.1
python313-nogil-idle-3.13.13-160000.1.1
python313-nogil-testsuite-3.13.13-160000.1.1
python313-nogil-tk-3.13.13-160000.1.1
python313-nogil-tools-3.13.13-160000.1.1
python313-testsuite-3.13.13-160000.1.1
python313-tk-3.13.13-160000.1.1
python313-tools-3.13.13-160000.1.1
python313-x86-64-v3-3.13.13-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-13462.html
* https://www.suse.com/security/cve/CVE-2026-1299.html
* https://www.suse.com/security/cve/CVE-2026-2297.html
* https://www.suse.com/security/cve/CVE-2026-3479.html
* https://www.suse.com/security/cve/CVE-2026-3644.html
* https://www.suse.com/security/cve/CVE-2026-4224.html
* https://www.suse.com/security/cve/CVE-2026-4519.html

openSUSE-SU-2026:20512-1: moderate: Security update for pcre2

openSUSE security update: security update for pcre2
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20512-1
Rating: moderate
References:

* bsc#1248842

Cross-References:

* CVE-2025-58050

CVSS scores:

* CVE-2025-58050 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2025-58050 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for pcre2 fixes the following issue:

- CVE-2025-58050: integer overflow leads to heap buffer overread in match_ref due to missing boundary restoration in SCS
(bsc#1248842).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-528=1

Package List:

- openSUSE Leap 16.0:

libpcre2-16-0-10.45-160000.3.1
libpcre2-32-0-10.45-160000.3.1
libpcre2-8-0-10.45-160000.3.1
libpcre2-posix3-10.45-160000.3.1
pcre2-devel-10.45-160000.3.1
pcre2-devel-static-10.45-160000.3.1
pcre2-doc-10.45-160000.3.1
pcre2-tools-10.45-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-58050.html

openSUSE-SU-2026:20528-1: critical: Security update for Botan

openSUSE security update: security update for botan
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20528-1
Rating: critical
References:

* bsc#1261880

Cross-References:

* CVE-2026-34582

CVSS scores:

* CVE-2026-34582 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for Botan fixes the following issues:

- CVE-2026-34582: Fixed a client authentication bypass in TLS 1.3 implementation (bsc#1261880)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-551=1

Package List:

- openSUSE Leap 16.0:

Botan-3.7.1-160000.3.1
Botan-doc-3.7.1-160000.3.1
libbotan-3-7-3.7.1-160000.3.1
libbotan-devel-3.7.1-160000.3.1
python3-botan-3.7.1-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-34582.html

openSUSE-SU-2026:20504-1: important: Security update for cockpit

openSUSE security update: security update for cockpit
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20504-1
Rating: important
References:

* bsc#1257836
* bsc#1258641

Cross-References:

* CVE-2026-25547
* CVE-2026-26996

CVSS scores:

* CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for cockpit fixes the following issues:

- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash
a Node.js process (bsc#1257836).
- CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character
that doesn't appear in the test string can lead to ReDoS (bsc#1258641).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-520=1

Package List:

- openSUSE Leap 16.0:

cockpit-354-160000.2.1
cockpit-bridge-354-160000.2.1
cockpit-devel-354-160000.2.1
cockpit-doc-354-160000.2.1
cockpit-firewalld-354-160000.2.1
cockpit-kdump-354-160000.2.1
cockpit-networkmanager-354-160000.2.1
cockpit-packagekit-354-160000.2.1
cockpit-selinux-354-160000.2.1
cockpit-storaged-354-160000.2.1
cockpit-system-354-160000.2.1
cockpit-ws-354-160000.2.1
cockpit-ws-selinux-354-160000.2.1

References:

* https://www.suse.com/security/cve/CVE-2026-25547.html
* https://www.suse.com/security/cve/CVE-2026-26996.html

openSUSE-SU-2026:20501-1: important: Security update for glibc

openSUSE security update: security update for glibc
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20501-1
Rating: important
References:

* bsc#1258319
* bsc#1260078
* bsc#1260082

Cross-References:

* CVE-2026-4437
* CVE-2026-4438

CVSS scores:

* CVE-2026-4437 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2026-4437 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-4438 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2026-4438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 3 bug fixes can now be installed.

Description:

This update for glibc fixes the following issues:

Security fixes:

- CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078).
- CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082).

Other fixes:

- nss: Missing checks in __nss_configure_lookup, __nss_database_get (bsc#1258319).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-516=1

Package List:

- openSUSE Leap 16.0:

cross-aarch64-glibc-devel-2.40-160000.4.1
cross-ppc64le-glibc-devel-2.40-160000.4.1
cross-riscv64-glibc-devel-2.40-160000.4.1
cross-s390x-glibc-devel-2.40-160000.4.1
glibc-2.40-160000.4.1
glibc-devel-2.40-160000.4.1
glibc-devel-static-2.40-160000.4.1
glibc-extra-2.40-160000.4.1
glibc-gconv-modules-extra-2.40-160000.4.1
glibc-html-2.40-160000.4.1
glibc-i18ndata-2.40-160000.4.1
glibc-info-2.40-160000.4.1
glibc-lang-2.40-160000.4.1
glibc-locale-2.40-160000.4.1
glibc-locale-base-2.40-160000.4.1
glibc-profile-2.40-160000.4.1
glibc-utils-2.40-160000.4.1

References:

* https://www.suse.com/security/cve/CVE-2026-4437.html
* https://www.suse.com/security/cve/CVE-2026-4438.html

openSUSE-SU-2026:20506-1: important: Security update for python-cryptography

openSUSE security update: security update for python-cryptography
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20506-1
Rating: important
References:

* bsc#1258074
* bsc#1260876

Cross-References:

* CVE-2026-26007
* CVE-2026-34073

CVSS scores:

* CVE-2026-26007 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-26007 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34073 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-34073 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for python-cryptography fixes the following issues:

- CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. (bsc#1260876)
- CVE-2026-26007: missing validation can lead to security issues for signature verification (ECDSA) and shared key negotiation (ECDH) (bsc#1258074).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-522=1

Package List:

- openSUSE Leap 16.0:

python313-cryptography-44.0.3-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-26007.html
* https://www.suse.com/security/cve/CVE-2026-34073.html

openSUSE-SU-2026:20519-1: important: Security update for nodejs24

openSUSE security update: security update for nodejs24
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20519-1
Rating: important
References:

* bsc#1256572
* bsc#1256576
* bsc#1260455
* bsc#1260460
* bsc#1260462
* bsc#1260463
* bsc#1260480
* bsc#1260482
* bsc#1260494

Cross-References:

* CVE-2025-59464
* CVE-2026-21637
* CVE-2026-21710
* CVE-2026-21712
* CVE-2026-21713
* CVE-2026-21714
* CVE-2026-21715
* CVE-2026-21716
* CVE-2026-21717

CVSS scores:

* CVE-2025-59464 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-59464 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-21637 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21710 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-21712 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-21712 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-21713 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-21713 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-21714 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21714 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-21715 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-21715 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-21716 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-21716 ( SUSE ): 2 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-21717 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-21717 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 9 vulnerabilities and has 9 bug fixes can now be installed.

Description:

This update for nodejs24 fixes the following issues:

Update to version 24.14.1.

Security issues fixed:

- CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for
performance degradation via a crafted request (bsc#1260494).
- CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file
permissions and ownership on already-open file descriptors (bsc#1260462).
- CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and
filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482).
- CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent
on stream 0 (bsc#1260480).
- CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and
potential MAC forgery (bsc#1260463).
- CVE-2026-21712: assertion error caused by flaw in URL processing allows for a process crash via a URL with a
malformed IDN (bsc#1260460).
- CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a
header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455).
- CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or
`ALPNCallback` are in use (bsc#1256576).
- CVE-2025-59464: memory leak allows for remote denial of service against applications processing TLS client
certificates (bsc#1256572).

Other updates and bugfixes:

- Version 24.14.0:
* async_hooks: add trackPromises option to createHook()
* build,deps: replace cjs-module-lexer with merve
* deps: add LIEF as a dependency
* events: repurpose events.listenerCount() to accept EventTargets
* fs: add ignore option to fs.watch
* http: add http.setGlobalProxyFromEnv()
* module: allow subpath imports that start with #/
* process: preserve AsyncLocalStorage in queueMicrotask only when needed
* sea: split sea binary manipulation code
* sqlite: enable defensive mode by default
* sqlite: add sqlite prepare options args
* src: add initial support for ESM in embedder API
* stream: add bytes() method to node:stream/consumers
* stream: do not pass readable.compose() output via Readable.from()
* test: use fixture directories for sea tests
* test_runner: add env option to run function
* test_runner: support expecting a test-case to fail
* util: add convertProcessSignalToExitCode utility
* For details, see https://nodejs.org/en/blog/release/v24.14.0

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-541=1

Package List:

- openSUSE Leap 16.0:

corepack24-24.14.1-160000.1.1
nodejs24-24.14.1-160000.1.1
nodejs24-devel-24.14.1-160000.1.1
nodejs24-docs-24.14.1-160000.1.1
npm24-24.14.1-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-59464.html
* https://www.suse.com/security/cve/CVE-2026-21637.html
* https://www.suse.com/security/cve/CVE-2026-21710.html
* https://www.suse.com/security/cve/CVE-2026-21712.html
* https://www.suse.com/security/cve/CVE-2026-21713.html
* https://www.suse.com/security/cve/CVE-2026-21714.html
* https://www.suse.com/security/cve/CVE-2026-21715.html
* https://www.suse.com/security/cve/CVE-2026-21716.html
* https://www.suse.com/security/cve/CVE-2026-21717.html

openSUSE-SU-2026:20502-1: important: Security update for cockpit-podman

openSUSE security update: security update for cockpit-podman
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20502-1
Rating: important
References:

* bsc#1257836
* bsc#1258641

Cross-References:

* CVE-2026-25547
* CVE-2026-26996

CVSS scores:

* CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for cockpit-podman fixes the following issues:

- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and
may crash a Node.js process (bsc#1257836).
- CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character
that doesn't appear in the test string (bsc#1258641).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-518=1

Package List:

- openSUSE Leap 16.0:

cockpit-podman-117-160000.2.1

References:

* https://www.suse.com/security/cve/CVE-2026-25547.html
* https://www.suse.com/security/cve/CVE-2026-26996.html

openSUSE-SU-2026:20486-1: important: Security update for MozillaFirefox

openSUSE security update: security update for mozillafirefox
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20486-1
Rating: important
References:

* bsc#1261663

Cross-References:

* CVE-2026-5731
* CVE-2026-5732
* CVE-2026-5734

CVSS scores:

* CVE-2026-5731 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-5732 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-5734 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 3 vulnerabilities and has one bug fix can now be installed.

Description:

This update for MozillaFirefox fixes the following issues:

Update to Firefox Extended Support Release 140.9.1 ESR (bsc#1261663).

- MFSA 2026-27:
* CVE-2026-5731: memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1,
Firefox 149.0.2 and Thunderbird 149.0.2.
* CVE-2026-5732: incorrect boundary conditions, integer overflow in the Graphics: Text component.
* CVE-2026-5734: memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and
Thunderbird 149.0.2.

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-501=1

Package List:

- openSUSE Leap 16.0:

MozillaFirefox-140.9.1-160000.1.1
MozillaFirefox-branding-upstream-140.9.1-160000.1.1
MozillaFirefox-devel-140.9.1-160000.1.1
MozillaFirefox-translations-common-140.9.1-160000.1.1
MozillaFirefox-translations-other-140.9.1-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-5731.html
* https://www.suse.com/security/cve/CVE-2026-5732.html
* https://www.suse.com/security/cve/CVE-2026-5734.html

openSUSE-SU-2026:20499-1: moderate: Security update for ovmf

openSUSE security update: security update for ovmf
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20499-1
Rating: moderate
References:

* bsc#1252441

Cross-References:

* CVE-2025-59438

CVSS scores:

* CVE-2025-59438 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-59438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for ovmf fixes the following issue:

- CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting (bsc#1252441).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-514=1

Package List:

- openSUSE Leap 16.0:

ovmf-202502-160000.4.1
ovmf-tools-202502-160000.4.1
qemu-ovmf-ia32-202502-160000.4.1
qemu-ovmf-x86_64-202502-160000.4.1
qemu-ovmf-x86_64-debug-202502-160000.4.1
qemu-uefi-aarch32-202502-160000.4.1
qemu-uefi-aarch64-202502-160000.4.1
qemu-uefi-riscv64-202502-160000.4.1

References:

* https://www.suse.com/security/cve/CVE-2025-59438.html

openSUSE-SU-2026:20495-1: moderate: Security update for util-linux

openSUSE security update: security update for util-linux
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20495-1
Rating: moderate
References:

* bsc#1222465
* bsc#1254666
* bsc#1258859

Cross-References:

* CVE-2025-14104
* CVE-2026-3184

CVSS scores:

* CVE-2025-14104 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-14104 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-3184 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-3184 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 3 bug fixes can now be installed.

Description:

This update for util-linux fixes the following issues:

Security issues:

- CVE-2025-14104: heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- CVE-2026-3184: access control bypass due to improper hostname canonicalization in `login` (bsc#1258859).

Non security issues:

- fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-510=1

Package List:

- openSUSE Leap 16.0:

lastlog2-2.41.1-160000.3.1
libblkid-devel-2.41.1-160000.3.1
libblkid-devel-static-2.41.1-160000.3.1
libblkid1-2.41.1-160000.3.1
libfdisk-devel-2.41.1-160000.3.1
libfdisk-devel-static-2.41.1-160000.3.1
libfdisk1-2.41.1-160000.3.1
liblastlog2-2-2.41.1-160000.3.1
liblastlog2-devel-2.41.1-160000.3.1
libmount-devel-2.41.1-160000.3.1
libmount-devel-static-2.41.1-160000.3.1
libmount1-2.41.1-160000.3.1
libsmartcols-devel-2.41.1-160000.3.1
libsmartcols-devel-static-2.41.1-160000.3.1
libsmartcols1-2.41.1-160000.3.1
libuuid-devel-2.41.1-160000.3.1
libuuid-devel-static-2.41.1-160000.3.1
libuuid1-2.41.1-160000.3.1
python313-libmount-2.41.1-160000.3.1
util-linux-2.41.1-160000.3.1
util-linux-extra-2.41.1-160000.3.1
util-linux-lang-2.41.1-160000.3.1
util-linux-systemd-2.41.1-160000.3.1
util-linux-tty-tools-2.41.1-160000.3.1
uuidd-2.41.1-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-14104.html
* https://www.suse.com/security/cve/CVE-2026-3184.html

openSUSE-SU-2026:20497-1: moderate: Security update for python-gi-docgen

openSUSE security update: security update for python-gi-docgen
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20497-1
Rating: moderate
References:

* bsc#1251961

Cross-References:

* CVE-2025-11687

CVSS scores:

* CVE-2025-11687 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
* CVE-2025-11687 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for python-gi-docgen fixes the following issues:

- CVE-2025-11687: Fixed reflected DOM XSS (bsc#1251961)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-512=1

Package List:

- openSUSE Leap 16.0:

python3-gi-docgen-2025.5-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-11687.html

openSUSE-SU-2026:20479-1: moderate: Security update for clamav

openSUSE security update: security update for clamav
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20479-1
Rating: moderate
References:

* bsc#1221954
* bsc#1258072
* bsc#1259207

Cross-References:

* CVE-2026-20031

CVSS scores:

* CVE-2026-20031 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-20031 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has 3 bug fixes can now be installed.

Description:

This update for clamav fixes the following issues:

Update to clamav 1.5.2:

Security issue:

- CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of
service conditions via a crafted HTML file (bsc#1259207).

Non security issue:

- Support transactional updates (jsc#PED-14819).

Changelog:

* Fixed a possible infinite loop when scanning some JPEG files by
upgrading affected ClamAV dependency, a Rust image library.
* The CVD verification process will now ignore certificate files
in the CVD certs directory when the user lacks read permissions.
* Freshclam: Fix CLD verification bug with PrivateMirror option.
* Upgraded the Rust bytes dependency to a newer version to
resolve RUSTSEC-2026-0007 advisory.
* Fixed a possible crash caused by invalid pointer alignment on
some platforms.

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-487=1

Package List:

- openSUSE Leap 16.0:

clamav-1.5.2-160000.1.1
clamav-devel-1.5.2-160000.1.1
clamav-docs-html-1.5.2-160000.1.1
clamav-milter-1.5.2-160000.1.1
libclamav12-1.5.2-160000.1.1
libclammspack0-1.5.2-160000.1.1
libfreshclam4-1.5.2-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-20031.html

SUSE-SU-2026:1508-1: important: Security update for podman

# Security update for podman

Announcement ID: SUSE-SU-2026:1508-1
Release Date: 2026-04-21T06:27:09Z
Rating: important
References:

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that can now be installed.

## Description:

This update for podman rebuilds it against the current go 1.25 security release.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1508=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1508=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1508=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1508=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1508=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1508=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1508=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1508=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1508=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* podmansh-4.9.5-150400.4.67.1
* podman-remote-4.9.5-150400.4.67.1
* podman-remote-debuginfo-4.9.5-150400.4.67.1
* podman-4.9.5-150400.4.67.1
* podman-debuginfo-4.9.5-150400.4.67.1
* openSUSE Leap 15.4 (noarch)
* podman-docker-4.9.5-150400.4.67.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* podman-4.9.5-150400.4.67.1
* podman-remote-4.9.5-150400.4.67.1
* podman-debuginfo-4.9.5-150400.4.67.1
* podman-remote-debuginfo-4.9.5-150400.4.67.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* podman-4.9.5-150400.4.67.1
* podman-remote-4.9.5-150400.4.67.1
* podman-debuginfo-4.9.5-150400.4.67.1
* podman-remote-debuginfo-4.9.5-150400.4.67.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* podman-4.9.5-150400.4.67.1
* podman-remote-4.9.5-150400.4.67.1
* podman-debuginfo-4.9.5-150400.4.67.1
* podman-remote-debuginfo-4.9.5-150400.4.67.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* podman-4.9.5-150400.4.67.1
* podman-remote-4.9.5-150400.4.67.1
* podman-debuginfo-4.9.5-150400.4.67.1
* podman-remote-debuginfo-4.9.5-150400.4.67.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* podman-4.9.5-150400.4.67.1
* podman-remote-4.9.5-150400.4.67.1
* podman-debuginfo-4.9.5-150400.4.67.1
* podman-remote-debuginfo-4.9.5-150400.4.67.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* podman-docker-4.9.5-150400.4.67.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* podman-4.9.5-150400.4.67.1
* podman-remote-4.9.5-150400.4.67.1
* podman-debuginfo-4.9.5-150400.4.67.1
* podman-remote-debuginfo-4.9.5-150400.4.67.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* podman-docker-4.9.5-150400.4.67.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* podman-4.9.5-150400.4.67.1
* podman-remote-4.9.5-150400.4.67.1
* podman-debuginfo-4.9.5-150400.4.67.1
* podman-remote-debuginfo-4.9.5-150400.4.67.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* podman-docker-4.9.5-150400.4.67.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* podman-4.9.5-150400.4.67.1
* podman-remote-4.9.5-150400.4.67.1
* podman-debuginfo-4.9.5-150400.4.67.1
* podman-remote-debuginfo-4.9.5-150400.4.67.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* podman-docker-4.9.5-150400.4.67.1

SUSE-SU-2026:1511-1: important: Security update for flatpak

# Security update for flatpak

Announcement ID: SUSE-SU-2026:1511-1
Release Date: 2026-04-21T06:28:50Z
Rating: important
References:

* bsc#1261769
* bsc#1261770

Cross-References:

* CVE-2026-34078
* CVE-2026-34079

CVSS scores:

* CVE-2026-34078 ( SUSE ): 6.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
* CVE-2026-34078 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-34078 ( NVD ): 9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-34079 ( SUSE ): 4.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
* CVE-2026-34079 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L
* CVE-2026-34079 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves two vulnerabilities can now be installed.

## Description:

This update for flatpak fixes the following issues:

* CVE-2026-34078: Arbitrary code execution via crafted symlinks in sandbox-
expose options (bsc#1261769).
* CVE-2026-34079: Arbitrary file deletion on host via improper cache file path
validation (bsc#1261770).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1511=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1511=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1511=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1511=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1511=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* flatpak-debuginfo-1.12.8-150400.3.12.1
* flatpak-1.12.8-150400.3.12.1
* typelib-1_0-Flatpak-1_0-1.12.8-150400.3.12.1
* flatpak-zsh-completion-1.12.8-150400.3.12.1
* libflatpak0-1.12.8-150400.3.12.1
* libflatpak0-debuginfo-1.12.8-150400.3.12.1
* system-user-flatpak-1.12.8-150400.3.12.1
* flatpak-debugsource-1.12.8-150400.3.12.1
* flatpak-devel-1.12.8-150400.3.12.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* flatpak-debuginfo-1.12.8-150400.3.12.1
* flatpak-1.12.8-150400.3.12.1
* typelib-1_0-Flatpak-1_0-1.12.8-150400.3.12.1
* flatpak-zsh-completion-1.12.8-150400.3.12.1
* libflatpak0-1.12.8-150400.3.12.1
* libflatpak0-debuginfo-1.12.8-150400.3.12.1
* system-user-flatpak-1.12.8-150400.3.12.1
* flatpak-debugsource-1.12.8-150400.3.12.1
* flatpak-devel-1.12.8-150400.3.12.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* flatpak-debuginfo-1.12.8-150400.3.12.1
* flatpak-1.12.8-150400.3.12.1
* typelib-1_0-Flatpak-1_0-1.12.8-150400.3.12.1
* flatpak-zsh-completion-1.12.8-150400.3.12.1
* libflatpak0-1.12.8-150400.3.12.1
* libflatpak0-debuginfo-1.12.8-150400.3.12.1
* system-user-flatpak-1.12.8-150400.3.12.1
* flatpak-debugsource-1.12.8-150400.3.12.1
* flatpak-devel-1.12.8-150400.3.12.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* flatpak-debuginfo-1.12.8-150400.3.12.1
* flatpak-1.12.8-150400.3.12.1
* typelib-1_0-Flatpak-1_0-1.12.8-150400.3.12.1
* flatpak-zsh-completion-1.12.8-150400.3.12.1
* libflatpak0-1.12.8-150400.3.12.1
* libflatpak0-debuginfo-1.12.8-150400.3.12.1
* system-user-flatpak-1.12.8-150400.3.12.1
* flatpak-debugsource-1.12.8-150400.3.12.1
* flatpak-devel-1.12.8-150400.3.12.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* flatpak-debuginfo-1.12.8-150400.3.12.1
* flatpak-1.12.8-150400.3.12.1
* typelib-1_0-Flatpak-1_0-1.12.8-150400.3.12.1
* flatpak-zsh-completion-1.12.8-150400.3.12.1
* libflatpak0-1.12.8-150400.3.12.1
* libflatpak0-debuginfo-1.12.8-150400.3.12.1
* system-user-flatpak-1.12.8-150400.3.12.1
* flatpak-debugsource-1.12.8-150400.3.12.1
* flatpak-devel-1.12.8-150400.3.12.1

## References:

* https://www.suse.com/security/cve/CVE-2026-34078.html
* https://www.suse.com/security/cve/CVE-2026-34079.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261769
* https://bugzilla.suse.com/show_bug.cgi?id=1261770

SUSE-SU-2026:1505-1: important: Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6)

# Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:1505-1
Release Date: 2026-04-21T07:34:22Z
Rating: important
References:

* bsc#1255066
* bsc#1259859

Cross-References:

* CVE-2025-40309
* CVE-2026-23268

CVSS scores:

* CVE-2025-40309 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.65 fixes
various security issues

The following security issues were fixed:

* CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066).
* CVE-2026-23268: apparmor: fix unprivileged local user can do privileged
policy management (bsc#1259859).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1505=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2026-1512=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2026-1507=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1512=1 SUSE-2026-1507=1 SUSE-2026-1505=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x)
* kernel-livepatch-SLE15-SP6_Update_14-debugsource-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_70-default-9-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_15-debugsource-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-13-150600.2.2
* kernel-livepatch-6_4_0-150600_23_60-default-13-150600.2.2
* kernel-livepatch-6_4_0-150600_23_65-default-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-9-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_13-debugsource-13-150600.2.2
* SUSE Linux Enterprise Live Patching 15-SP6 (x86_64)
* kernel-livepatch-SLE15-SP6_Update_15-debugsource-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-9-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_13-debugsource-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-13-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_14-debugsource-9-150600.2.1
* openSUSE Leap 15.6 (x86_64)
* kernel-livepatch-SLE15-SP6_Update_15-debugsource-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-9-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_13-debugsource-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-13-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_14-debugsource-9-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x)
* kernel-livepatch-SLE15-SP6_Update_14-debugsource-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_70-default-9-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_15-debugsource-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-13-150600.2.2
* kernel-livepatch-6_4_0-150600_23_60-default-13-150600.2.2
* kernel-livepatch-6_4_0-150600_23_65-default-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-9-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_13-debugsource-13-150600.2.2

## References:

* https://www.suse.com/security/cve/CVE-2025-40309.html
* https://www.suse.com/security/cve/CVE-2026-23268.html
* https://bugzilla.suse.com/show_bug.cgi?id=1255066
* https://bugzilla.suse.com/show_bug.cgi?id=1259859

SUSE-SU-2026:1509-1: important: Security update for nodejs22

# Security update for nodejs22

Announcement ID: SUSE-SU-2026:1509-1
Release Date: 2026-04-21T06:27:54Z
Rating: important
References:

* bsc#1256576
* bsc#1260455
* bsc#1260462
* bsc#1260463
* bsc#1260480
* bsc#1260482
* bsc#1260494

Cross-References:

* CVE-2026-21637
* CVE-2026-21710
* CVE-2026-21713
* CVE-2026-21714
* CVE-2026-21715
* CVE-2026-21716
* CVE-2026-21717

CVSS scores:

* CVE-2026-21637 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21710 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21710 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21713 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-21713 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-21713 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-21714 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-21714 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21714 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-21715 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-21715 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-21715 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-21716 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-21716 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-21716 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-21717 ( SUSE ): 7.2
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-21717 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-21717 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for nodejs22 fixes the following issues:

Update to version 22.22.2.

* CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's
string hashing mechanism allows for performance degradation via a crafted
request (bsc#1260494).
* CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based
FileHandle methods to be used to modify file permissions and ownership on
already-open file descriptors (bsc#1260462).
* CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows
for file existence disclosure and filesystem path enumeration via
`fs.realpathSync.native()` (bsc#1260482).
* CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource
exhaustion via `WINDOW_UPDATE` frames sent on stream 0 (bsc#1260480).
* CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification
allows for discovery of HMAC values and potential MAC forgery (bsc#1260463).
* CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for
a process crash via requests with a header named `__proto__` when the
application accesses `req.headersDistinct` (bsc#1260455).
* CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion
and crash when `pskCallback` or `ALPNCallback` are in use (bsc#1256576).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1509=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1509=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1509=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* npm22-22.22.2-150600.13.15.1
* nodejs22-debugsource-22.22.2-150600.13.15.1
* nodejs22-22.22.2-150600.13.15.1
* corepack22-22.22.2-150600.13.15.1
* nodejs22-devel-22.22.2-150600.13.15.1
* nodejs22-debuginfo-22.22.2-150600.13.15.1
* openSUSE Leap 15.6 (noarch)
* nodejs22-docs-22.22.2-150600.13.15.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* npm22-22.22.2-150600.13.15.1
* nodejs22-debugsource-22.22.2-150600.13.15.1
* nodejs22-22.22.2-150600.13.15.1
* nodejs22-devel-22.22.2-150600.13.15.1
* nodejs22-debuginfo-22.22.2-150600.13.15.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* nodejs22-docs-22.22.2-150600.13.15.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* npm22-22.22.2-150600.13.15.1
* nodejs22-debugsource-22.22.2-150600.13.15.1
* nodejs22-22.22.2-150600.13.15.1
* nodejs22-devel-22.22.2-150600.13.15.1
* nodejs22-debuginfo-22.22.2-150600.13.15.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* nodejs22-docs-22.22.2-150600.13.15.1

## References:

* https://www.suse.com/security/cve/CVE-2026-21637.html
* https://www.suse.com/security/cve/CVE-2026-21710.html
* https://www.suse.com/security/cve/CVE-2026-21713.html
* https://www.suse.com/security/cve/CVE-2026-21714.html
* https://www.suse.com/security/cve/CVE-2026-21715.html
* https://www.suse.com/security/cve/CVE-2026-21716.html
* https://www.suse.com/security/cve/CVE-2026-21717.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256576
* https://bugzilla.suse.com/show_bug.cgi?id=1260455
* https://bugzilla.suse.com/show_bug.cgi?id=1260462
* https://bugzilla.suse.com/show_bug.cgi?id=1260463
* https://bugzilla.suse.com/show_bug.cgi?id=1260480
* https://bugzilla.suse.com/show_bug.cgi?id=1260482
* https://bugzilla.suse.com/show_bug.cgi?id=1260494

Firefox, Thunderbird, libXpm updates for Slackware

RapidJSON, Apache Commons IO, NTFS 3G, Libcap updates for Ubuntu

SUSE-SU-2026:1497-1: important: Security update for ImageMagick

SUSE-SU-2026:1494-1: important: Security update for rootlesskit

SUSE-SU-2026:1498-1: important: Security update for glibc-livepatches

SUSE-SU-2026:1502-1: moderate: Security update for python312

SUSE-SU-2026:1504-1: moderate: Security update for GraphicsMagick

SUSE-SU-2026:1531-1: important: Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise 15 SP6)

SUSE-SU-2026:1530-1: important: Security update for python311

SUSE-SU-2026:1527-1: important: Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise 15 SP6)

SUSE-SU-2026:1513-1: important: Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise 15 SP6)

openSUSE-SU-2026:10582-1: moderate: python311-PyPDF2-2.11.1-9.1 on GA media

openSUSE-SU-2026:10581-1: moderate: haproxy-3.3.6+git91.af5637e93-1.1 on GA media

openSUSE-SU-2026:20588-1: critical: Security update for chromium

openSUSE-SU-2026:20558-1: important: Security update for gdk-pixbuf

openSUSE-SU-2026:20578-1: important: Security update for python-Django

openSUSE-SU-2026:20581-1: important: Security update for nebula

openSUSE-SU-2026:20552-1: important: Security update for LibVNCServer

openSUSE-SU-2026:20569-1: moderate: Security update for rust1.94

openSUSE-SU-2026:20547-1: important: Security update for strongswan

openSUSE-SU-2026:20544-1: important: Security update for xorg-x11-server

openSUSE-SU-2026:20556-1: important: Security update for freeipmi

openSUSE-SU-2026:20536-1: moderate: Security update for GraphicsMagick

openSUSE-SU-2026:20554-1: important: Security update for dovecot24

openSUSE-SU-2026:20535-1: important: Security update for plexus-utils

openSUSE-SU-2026:20540-1: important: Security update for vim

openSUSE-SU-2026:20532-1: important: Security update for cockpit-subscriptions

openSUSE-SU-2026:20517-1: important: Security update for python313

openSUSE-SU-2026:20512-1: moderate: Security update for pcre2

openSUSE-SU-2026:20528-1: critical: Security update for Botan

openSUSE-SU-2026:20504-1: important: Security update for cockpit

openSUSE-SU-2026:20501-1: important: Security update for glibc

openSUSE-SU-2026:20506-1: important: Security update for python-cryptography

openSUSE-SU-2026:20519-1: important: Security update for nodejs24

openSUSE-SU-2026:20502-1: important: Security update for cockpit-podman

openSUSE-SU-2026:20486-1: important: Security update for MozillaFirefox

openSUSE-SU-2026:20499-1: moderate: Security update for ovmf

openSUSE-SU-2026:20495-1: moderate: Security update for util-linux

openSUSE-SU-2026:20497-1: moderate: Security update for python-gi-docgen

openSUSE-SU-2026:20479-1: moderate: Security update for clamav

SUSE-SU-2026:1508-1: important: Security update for podman

SUSE-SU-2026:1511-1: important: Security update for flatpak

SUSE-SU-2026:1505-1: important: Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6)

SUSE-SU-2026:1509-1: important: Security update for nodejs22

Windows

Linux

macOS

Community