Kernel, Flatpak, OpenSSL, and more updates for SUSE

SUSE 5629 Published by

SUSE recently issued a series of security advisories targeting critical flaws in the Linux kernel live patches alongside popular applications like flatpak, vim, and ImageMagick. These updates resolve dozens of common vulnerability exposures that could enable unauthorized code execution, privilege escalation, or system crashes for local and remote attackers. Administrators managing SUSE Linux Enterprise Server versions 15 SP4 through SP7 will also need to apply these changes across various openSUSE Leap distributions.

SUSE-SU-2026:1578-1: important: Security update for the Linux Kernel (Live Patch 38 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2026:1583-1: important: Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:1584-1: important: Security update for the Linux Kernel (Live Patch 47 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2026:1600-1: important: Security update for flatpak
SUSE-SU-2026:1602-1: moderate: Security update for libpng16
SUSE-SU-2026:1605-1: moderate: Security update for openssl-3
SUSE-SU-2026:1607-1: important: Security update for vim
SUSE-SU-2026:1592-1: important: Security update for the Linux Kernel (Live Patch 48 for SUSE Linux Enterprise 15 SP4)
openSUSE-SU-2026:20618-1: moderate: Security update for haproxy
openSUSE-SU-2026:20617-1: important: Security update for python-Pillow
openSUSE-SU-2026:20619-1: important: Security update for coredns
openSUSE-SU-2026:10607-1: moderate: golang-github-prometheus-prometheus-3.11.2-1.1 on GA media
openSUSE-SU-2026:10608-1: moderate: libXpm-devel-3.5.18-2.1 on GA media
openSUSE-SU-2026:10606-1: moderate: frr-10.5.1-3.1 on GA media
SUSE-SU-2026:1597-1: important: Security update for ImageMagick
SUSE-SU-2026:1599-1: important: Security update for librsvg
SUSE-SU-2026:1619-1: moderate: Security update for PackageKit
SUSE-SU-2026:1613-1: important: Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:1611-1: important: Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5)




SUSE-SU-2026:1578-1: important: Security update for the Linux Kernel (Live Patch 38 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 38 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:1578-1
Release Date: 2026-04-23T16:06:07Z
Rating: important
References:

* bsc#1258396
* bsc#1259859

Cross-References:

* CVE-2026-23191
* CVE-2026-23268

CVSS scores:

* CVE-2026-23191 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.158 fixes
various security issues

The following security issues were fixed:

* CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396).
* CVE-2026-23268: apparmor: fix unprivileged local user can do privileged
policy management (bsc#1259859).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1578=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1578=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_158-default-17-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_38-debugsource-17-150400.2.1
* kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-17-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_158-default-17-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_38-debugsource-17-150400.2.1
* kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-17-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-23191.html
* https://www.suse.com/security/cve/CVE-2026-23268.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258396
* https://bugzilla.suse.com/show_bug.cgi?id=1259859



SUSE-SU-2026:1583-1: important: Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise 15 SP6)


# Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:1583-1
Release Date: 2026-04-23T17:04:03Z
Rating: important
References:

* bsc#1255066
* bsc#1259859

Cross-References:

* CVE-2025-40309
* CVE-2026-23268

CVSS scores:

* CVE-2025-40309 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.78 fixes
various security issues

The following security issues were fixed:

* CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066).
* CVE-2026-23268: apparmor: fix unprivileged local user can do privileged
policy management (bsc#1259859).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1583=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1583=1

## Package List:

* openSUSE Leap 15.6 (x86_64)
* kernel-livepatch-SLE15-SP6_Update_17-debugsource-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_78-default-4-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x)
* kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-4-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_17-debugsource-4-150600.2.2
* kernel-livepatch-6_4_0-150600_23_78-default-4-150600.2.2
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x)
* kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-4-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_17-debugsource-4-150600.2.2
* kernel-livepatch-6_4_0-150600_23_78-default-4-150600.2.2
* SUSE Linux Enterprise Live Patching 15-SP6 (x86_64)
* kernel-livepatch-SLE15-SP6_Update_17-debugsource-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_78-default-4-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-40309.html
* https://www.suse.com/security/cve/CVE-2026-23268.html
* https://bugzilla.suse.com/show_bug.cgi?id=1255066
* https://bugzilla.suse.com/show_bug.cgi?id=1259859



SUSE-SU-2026:1584-1: important: Security update for the Linux Kernel (Live Patch 47 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 47 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:1584-1
Release Date: 2026-04-24T06:34:01Z
Rating: important
References:

* bsc#1258396
* bsc#1259859

Cross-References:

* CVE-2026-23191
* CVE-2026-23268

CVSS scores:

* CVE-2026-23191 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 12-SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.187 fixes
various security issues

The following security issues were fixed:

* CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396).
* CVE-2026-23268: apparmor: fix unprivileged local user can do privileged
policy management (bsc#1259859).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 12-SP5
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1584=1 SUSE-SLE-Live-
Patching-12-SP5-2026-1585=1 SUSE-SLE-Live-Patching-12-SP5-2026-1586=1 SUSE-SLE-
Live-Patching-12-SP5-2026-1587=1 SUSE-SLE-Live-Patching-12-SP5-2026-1588=1 SUSE-
SLE-Live-Patching-12-SP5-2026-1589=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1591=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1591=1

## Package List:

* SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64)
* kgraft-patch-4_12_14-122_290-default-5-2.1
* kgraft-patch-4_12_14-122_275-default-7-2.1
* kgraft-patch-4_12_14-122_283-default-5-2.1
* kgraft-patch-4_12_14-122_293-default-4-2.1
* kgraft-patch-4_12_14-122_272-default-9-2.1
* kgraft-patch-4_12_14-122_280-default-5-2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_187-default-debuginfo-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_187-default-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_47-debugsource-5-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_187-default-debuginfo-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_187-default-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_47-debugsource-5-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-23191.html
* https://www.suse.com/security/cve/CVE-2026-23268.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258396
* https://bugzilla.suse.com/show_bug.cgi?id=1259859



SUSE-SU-2026:1600-1: important: Security update for flatpak


# Security update for flatpak

Announcement ID: SUSE-SU-2026:1600-1
Release Date: 2026-04-24T11:46:10Z
Rating: important
References:

* bsc#1261769
* bsc#1261770

Cross-References:

* CVE-2026-34078
* CVE-2026-34079

CVSS scores:

* CVE-2026-34078 ( SUSE ): 6.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
* CVE-2026-34078 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-34078 ( NVD ): 9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-34079 ( SUSE ): 4.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
* CVE-2026-34079 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L
* CVE-2026-34079 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products:

* Desktop Applications Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves two vulnerabilities can now be installed.

## Description:

This update for flatpak fixes the following issues:

* CVE-2026-34078: Arbitrary code execution via crafted symlinks in sandbox-
expose options (bsc#1261769).
* CVE-2026-34079: Arbitrary file deletion on host via improper cache file path
validation (bsc#1261770).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1600=1

* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1600=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1600=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1600=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* flatpak-1.16.0-150600.3.9.1
* typelib-1_0-Flatpak-1_0-1.16.0-150600.3.9.1
* libflatpak0-1.16.0-150600.3.9.1
* flatpak-debuginfo-1.16.0-150600.3.9.1
* libflatpak0-debuginfo-1.16.0-150600.3.9.1
* flatpak-devel-1.16.0-150600.3.9.1
* flatpak-debugsource-1.16.0-150600.3.9.1
* openSUSE Leap 15.6 (noarch)
* flatpak-zsh-completion-1.16.0-150600.3.9.1
* system-user-flatpak-1.16.0-150600.3.9.1
* flatpak-remote-flathub-1.16.0-150600.3.9.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* flatpak-1.16.0-150600.3.9.1
* typelib-1_0-Flatpak-1_0-1.16.0-150600.3.9.1
* libflatpak0-1.16.0-150600.3.9.1
* flatpak-debuginfo-1.16.0-150600.3.9.1
* libflatpak0-debuginfo-1.16.0-150600.3.9.1
* flatpak-devel-1.16.0-150600.3.9.1
* flatpak-debugsource-1.16.0-150600.3.9.1
* Desktop Applications Module 15-SP7 (noarch)
* flatpak-zsh-completion-1.16.0-150600.3.9.1
* system-user-flatpak-1.16.0-150600.3.9.1
* flatpak-remote-flathub-1.16.0-150600.3.9.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* flatpak-1.16.0-150600.3.9.1
* typelib-1_0-Flatpak-1_0-1.16.0-150600.3.9.1
* libflatpak0-1.16.0-150600.3.9.1
* flatpak-debuginfo-1.16.0-150600.3.9.1
* libflatpak0-debuginfo-1.16.0-150600.3.9.1
* flatpak-devel-1.16.0-150600.3.9.1
* flatpak-debugsource-1.16.0-150600.3.9.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* flatpak-zsh-completion-1.16.0-150600.3.9.1
* system-user-flatpak-1.16.0-150600.3.9.1
* flatpak-remote-flathub-1.16.0-150600.3.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* flatpak-1.16.0-150600.3.9.1
* typelib-1_0-Flatpak-1_0-1.16.0-150600.3.9.1
* libflatpak0-1.16.0-150600.3.9.1
* flatpak-debuginfo-1.16.0-150600.3.9.1
* libflatpak0-debuginfo-1.16.0-150600.3.9.1
* flatpak-devel-1.16.0-150600.3.9.1
* flatpak-debugsource-1.16.0-150600.3.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* flatpak-zsh-completion-1.16.0-150600.3.9.1
* system-user-flatpak-1.16.0-150600.3.9.1
* flatpak-remote-flathub-1.16.0-150600.3.9.1

## References:

* https://www.suse.com/security/cve/CVE-2026-34078.html
* https://www.suse.com/security/cve/CVE-2026-34079.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261769
* https://bugzilla.suse.com/show_bug.cgi?id=1261770



SUSE-SU-2026:1602-1: moderate: Security update for libpng16


# Security update for libpng16

Announcement ID: SUSE-SU-2026:1602-1
Release Date: 2026-04-24T11:46:32Z
Rating: moderate
References:

* bsc#1261957

Cross-References:

* CVE-2026-34757

CVSS scores:

* CVE-2026-34757 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34757 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-34757 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for libpng16 fixes the following issue:

* CVE-2026-34757: information disclosure and data corruption due to use-after-
free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST` (bsc#1261957).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1602=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1602=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libpng16-compat-devel-1.6.40-150600.3.20.1
* libpng16-tools-debuginfo-1.6.40-150600.3.20.1
* libpng16-devel-1.6.40-150600.3.20.1
* libpng16-16-1.6.40-150600.3.20.1
* libpng16-tools-1.6.40-150600.3.20.1
* libpng16-debugsource-1.6.40-150600.3.20.1
* libpng16-16-debuginfo-1.6.40-150600.3.20.1
* openSUSE Leap 15.6 (x86_64)
* libpng16-16-32bit-1.6.40-150600.3.20.1
* libpng16-16-32bit-debuginfo-1.6.40-150600.3.20.1
* libpng16-devel-32bit-1.6.40-150600.3.20.1
* libpng16-compat-devel-32bit-1.6.40-150600.3.20.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libpng16-compat-devel-64bit-1.6.40-150600.3.20.1
* libpng16-16-64bit-1.6.40-150600.3.20.1
* libpng16-16-64bit-debuginfo-1.6.40-150600.3.20.1
* libpng16-devel-64bit-1.6.40-150600.3.20.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libpng16-compat-devel-1.6.40-150600.3.20.1
* libpng16-devel-1.6.40-150600.3.20.1
* libpng16-16-1.6.40-150600.3.20.1
* libpng16-debugsource-1.6.40-150600.3.20.1
* libpng16-16-debuginfo-1.6.40-150600.3.20.1
* Basesystem Module 15-SP7 (x86_64)
* libpng16-16-32bit-1.6.40-150600.3.20.1
* libpng16-16-32bit-debuginfo-1.6.40-150600.3.20.1

## References:

* https://www.suse.com/security/cve/CVE-2026-34757.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261957



SUSE-SU-2026:1605-1: moderate: Security update for openssl-3


# Security update for openssl-3

Announcement ID: SUSE-SU-2026:1605-1
Release Date: 2026-04-24T11:48:58Z
Rating: moderate
References:

* bsc#1261678
* jsc#PED-15724

Cross-References:

* CVE-2026-28390

CVSS scores:

* CVE-2026-28390 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability and contains one feature can now be
installed.

## Description:

This update for openssl-3 fixes the following issue:

Security issues fixed:

* CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS
EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678).

Other updates and bugfixes:

* Enable MD2 in legacy provider (jsc#PED-15724).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1605=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1605=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1605=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* openssl-3-3.1.4-150600.5.50.1
* openssl-3-debuginfo-3.1.4-150600.5.50.1
* libopenssl3-3.1.4-150600.5.50.1
* libopenssl-3-fips-provider-3.1.4-150600.5.50.1
* libopenssl-3-devel-3.1.4-150600.5.50.1
* libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.50.1
* libopenssl3-debuginfo-3.1.4-150600.5.50.1
* openssl-3-debugsource-3.1.4-150600.5.50.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64)
* libopenssl-3-fips-provider-32bit-3.1.4-150600.5.50.1
* libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.50.1
* libopenssl3-32bit-debuginfo-3.1.4-150600.5.50.1
* libopenssl3-32bit-3.1.4-150600.5.50.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* openssl-3-3.1.4-150600.5.50.1
* openssl-3-debuginfo-3.1.4-150600.5.50.1
* libopenssl3-3.1.4-150600.5.50.1
* libopenssl-3-fips-provider-3.1.4-150600.5.50.1
* libopenssl-3-devel-3.1.4-150600.5.50.1
* libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.50.1
* libopenssl3-debuginfo-3.1.4-150600.5.50.1
* openssl-3-debugsource-3.1.4-150600.5.50.1
* openSUSE Leap 15.6 (x86_64)
* libopenssl-3-fips-provider-32bit-3.1.4-150600.5.50.1
* libopenssl3-32bit-debuginfo-3.1.4-150600.5.50.1
* libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.50.1
* libopenssl3-32bit-3.1.4-150600.5.50.1
* libopenssl-3-devel-32bit-3.1.4-150600.5.50.1
* openSUSE Leap 15.6 (noarch)
* openssl-3-doc-3.1.4-150600.5.50.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libopenssl-3-fips-provider-64bit-3.1.4-150600.5.50.1
* libopenssl-3-devel-64bit-3.1.4-150600.5.50.1
* libopenssl3-64bit-3.1.4-150600.5.50.1
* libopenssl-3-fips-provider-64bit-debuginfo-3.1.4-150600.5.50.1
* libopenssl3-64bit-debuginfo-3.1.4-150600.5.50.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* openssl-3-3.1.4-150600.5.50.1
* openssl-3-debuginfo-3.1.4-150600.5.50.1
* libopenssl3-3.1.4-150600.5.50.1
* libopenssl-3-fips-provider-3.1.4-150600.5.50.1
* libopenssl-3-devel-3.1.4-150600.5.50.1
* libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.50.1
* libopenssl3-debuginfo-3.1.4-150600.5.50.1
* openssl-3-debugsource-3.1.4-150600.5.50.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64)
* libopenssl-3-fips-provider-32bit-3.1.4-150600.5.50.1
* libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.50.1
* libopenssl3-32bit-debuginfo-3.1.4-150600.5.50.1
* libopenssl3-32bit-3.1.4-150600.5.50.1

## References:

* https://www.suse.com/security/cve/CVE-2026-28390.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261678
* https://jira.suse.com/browse/PED-15724



SUSE-SU-2026:1607-1: important: Security update for vim


# Security update for vim

Announcement ID: SUSE-SU-2026:1607-1
Release Date: 2026-04-24T11:51:19Z
Rating: important
References:

* bsc#1259985
* bsc#1261191
* bsc#1261271

Cross-References:

* CVE-2026-33412
* CVE-2026-34714
* CVE-2026-34982

CVSS scores:

* CVE-2026-33412 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-33412 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
* CVE-2026-33412 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
* CVE-2026-33412 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-34714 ( SUSE ): 9.3
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-34714 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-34714 ( NVD ): 9.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
* CVE-2026-34714 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-34982 ( SUSE ): 8.3
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34982 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
* CVE-2026-34982 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Affected Products:

* Basesystem Module 15-SP7
* Desktop Applications Module 15-SP7
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves three vulnerabilities can now be installed.

## Description:

This update for vim fixes the following issues:

Update to version 9.2.0280.

* CVE-2026-34982: missing input validation allows for a modeline sandbox
bypass and can lead to arbitrary OS command execution (bsc#1261271).
* CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and
can lead to arbitrary OS command execution (bsc#1261191).
* CVE-2026-33412: improper escaping of newline characters allows for command
injection in `glob` and can lead to arbitrary code execution (bsc#1259985).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1607=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1607=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-1607=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1607=1

* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1607=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1607=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1607=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1607=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1607=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1607=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1607=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* vim-small-9.2.0280-150500.20.46.1
* gvim-debuginfo-9.2.0280-150500.20.46.1
* vim-debuginfo-9.2.0280-150500.20.46.1
* vim-small-debuginfo-9.2.0280-150500.20.46.1
* vim-9.2.0280-150500.20.46.1
* gvim-9.2.0280-150500.20.46.1
* vim-debugsource-9.2.0280-150500.20.46.1
* openSUSE Leap 15.5 (noarch)
* vim-data-9.2.0280-150500.20.46.1
* vim-data-common-9.2.0280-150500.20.46.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* vim-small-9.2.0280-150500.20.46.1
* gvim-debuginfo-9.2.0280-150500.20.46.1
* vim-debuginfo-9.2.0280-150500.20.46.1
* vim-small-debuginfo-9.2.0280-150500.20.46.1
* vim-9.2.0280-150500.20.46.1
* gvim-9.2.0280-150500.20.46.1
* vim-debugsource-9.2.0280-150500.20.46.1
* openSUSE Leap 15.6 (noarch)
* vim-data-9.2.0280-150500.20.46.1
* vim-data-common-9.2.0280-150500.20.46.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* vim-data-common-9.2.0280-150500.20.46.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* vim-debuginfo-9.2.0280-150500.20.46.1
* vim-small-debuginfo-9.2.0280-150500.20.46.1
* vim-small-9.2.0280-150500.20.46.1
* vim-debugsource-9.2.0280-150500.20.46.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* vim-small-9.2.0280-150500.20.46.1
* vim-debuginfo-9.2.0280-150500.20.46.1
* vim-small-debuginfo-9.2.0280-150500.20.46.1
* vim-9.2.0280-150500.20.46.1
* vim-debugsource-9.2.0280-150500.20.46.1
* Basesystem Module 15-SP7 (noarch)
* vim-data-9.2.0280-150500.20.46.1
* vim-data-common-9.2.0280-150500.20.46.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* vim-debugsource-9.2.0280-150500.20.46.1
* vim-debuginfo-9.2.0280-150500.20.46.1
* gvim-9.2.0280-150500.20.46.1
* gvim-debuginfo-9.2.0280-150500.20.46.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* vim-small-9.2.0280-150500.20.46.1
* gvim-debuginfo-9.2.0280-150500.20.46.1
* vim-debuginfo-9.2.0280-150500.20.46.1
* vim-small-debuginfo-9.2.0280-150500.20.46.1
* vim-9.2.0280-150500.20.46.1
* gvim-9.2.0280-150500.20.46.1
* vim-debugsource-9.2.0280-150500.20.46.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* vim-data-9.2.0280-150500.20.46.1
* vim-data-common-9.2.0280-150500.20.46.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* vim-small-9.2.0280-150500.20.46.1
* gvim-debuginfo-9.2.0280-150500.20.46.1
* vim-debuginfo-9.2.0280-150500.20.46.1
* vim-small-debuginfo-9.2.0280-150500.20.46.1
* vim-9.2.0280-150500.20.46.1
* gvim-9.2.0280-150500.20.46.1
* vim-debugsource-9.2.0280-150500.20.46.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* vim-data-9.2.0280-150500.20.46.1
* vim-data-common-9.2.0280-150500.20.46.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* vim-small-9.2.0280-150500.20.46.1
* gvim-debuginfo-9.2.0280-150500.20.46.1
* vim-debuginfo-9.2.0280-150500.20.46.1
* vim-small-debuginfo-9.2.0280-150500.20.46.1
* vim-9.2.0280-150500.20.46.1
* gvim-9.2.0280-150500.20.46.1
* vim-debugsource-9.2.0280-150500.20.46.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* vim-data-9.2.0280-150500.20.46.1
* vim-data-common-9.2.0280-150500.20.46.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* vim-small-9.2.0280-150500.20.46.1
* gvim-debuginfo-9.2.0280-150500.20.46.1
* vim-debuginfo-9.2.0280-150500.20.46.1
* vim-small-debuginfo-9.2.0280-150500.20.46.1
* vim-9.2.0280-150500.20.46.1
* gvim-9.2.0280-150500.20.46.1
* vim-debugsource-9.2.0280-150500.20.46.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* vim-data-9.2.0280-150500.20.46.1
* vim-data-common-9.2.0280-150500.20.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* vim-small-9.2.0280-150500.20.46.1
* gvim-debuginfo-9.2.0280-150500.20.46.1
* vim-debuginfo-9.2.0280-150500.20.46.1
* vim-small-debuginfo-9.2.0280-150500.20.46.1
* vim-9.2.0280-150500.20.46.1
* gvim-9.2.0280-150500.20.46.1
* vim-debugsource-9.2.0280-150500.20.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* vim-data-9.2.0280-150500.20.46.1
* vim-data-common-9.2.0280-150500.20.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* vim-small-9.2.0280-150500.20.46.1
* gvim-debuginfo-9.2.0280-150500.20.46.1
* vim-debuginfo-9.2.0280-150500.20.46.1
* vim-small-debuginfo-9.2.0280-150500.20.46.1
* vim-9.2.0280-150500.20.46.1
* gvim-9.2.0280-150500.20.46.1
* vim-debugsource-9.2.0280-150500.20.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* vim-data-9.2.0280-150500.20.46.1
* vim-data-common-9.2.0280-150500.20.46.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33412.html
* https://www.suse.com/security/cve/CVE-2026-34714.html
* https://www.suse.com/security/cve/CVE-2026-34982.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259985
* https://bugzilla.suse.com/show_bug.cgi?id=1261191
* https://bugzilla.suse.com/show_bug.cgi?id=1261271



SUSE-SU-2026:1592-1: important: Security update for the Linux Kernel (Live Patch 48 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 48 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:1592-1
Release Date: 2026-04-24T09:04:09Z
Rating: important
References:

* bsc#1258396
* bsc#1259859

Cross-References:

* CVE-2026-23191
* CVE-2026-23268

CVSS scores:

* CVE-2026-23191 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.194 fixes
various security issues

The following security issues were fixed:

* CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396).
* CVE-2026-23268: apparmor: fix unprivileged local user can do privileged
policy management (bsc#1259859).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1592=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1592=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_48-debugsource-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_194-default-debuginfo-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_194-default-3-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_48-debugsource-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_194-default-debuginfo-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_194-default-3-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-23191.html
* https://www.suse.com/security/cve/CVE-2026-23268.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258396
* https://bugzilla.suse.com/show_bug.cgi?id=1259859



openSUSE-SU-2026:20618-1: moderate: Security update for haproxy


openSUSE security update: security update for haproxy
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20618-1
Rating: moderate
References:

* bsc#1261626
* bsc#1262103

Cross-References:

* CVE-2026-33555

CVSS scores:

* CVE-2026-33555 ( SUSE ): 4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
* CVE-2026-33555 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has 2 bug fixes can now be installed.

Description:

This update for haproxy fixes the following issues:

Security issue:

- CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization (bsc#1262103).
- bug in SLZ compression (bsc#1261626).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-632=1

Package List:

- openSUSE Leap 16.0:

haproxy-3.2.15+git64.0fc44b458-160000.2.1

References:

* https://www.suse.com/security/cve/CVE-2026-33555.html



openSUSE-SU-2026:20617-1: important: Security update for python-Pillow


openSUSE security update: security update for python-pillow
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20617-1
Rating: important
References:

* bsc#1262184

Cross-References:

* CVE-2026-40192

CVSS scores:

* CVE-2026-40192 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40192 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for python-Pillow fixes the following issue:

- CVE-2026-40192: Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a
FITS image, making them vulnerable to decompression bomb attacks (bsc#1262184).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-629=1

Package List:

- openSUSE Leap 16.0:

python313-Pillow-11.3.0-160000.4.1
python313-Pillow-tk-11.3.0-160000.4.1

References:

* https://www.suse.com/security/cve/CVE-2026-40192.html



openSUSE-SU-2026:20619-1: important: Security update for coredns


openSUSE security update: security update for coredns
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20619-1
Rating: important
References:

* bsc#1259319
* bsc#1259320

Cross-References:

* CVE-2025-61726
* CVE-2025-61728
* CVE-2025-61731
* CVE-2025-68119
* CVE-2025-68121
* CVE-2026-26017
* CVE-2026-26018

CVSS scores:

* CVE-2025-61726 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-61726 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61728 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-61728 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61731 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-61731 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68119 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-68119 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68121 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-68121 ( SUSE ): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 7 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for coredns fixes the following issues:

Changes in coredns:

- Update to version 1.14.2:
* plugin/reload: Allow disabling jitter with 0s
* bump deps
* plugin/forward: fix parsing error when handling TLS+IPv6 address
* plugin/loop: use crypto/rand for query name generation
* plugin: reorder rewrite before acl to prevent bypass
* fix(rewrite): fix cname target rewrite for CNAME chains
* fix(kubernetes): panic on empty ListenHosts
* chore: bump minimum Go version to 1.25
* feat(proxyproto): add proxy protocol support
* refactor(cache): modernize with generics
* Add metadata for response Type and Class to Log
* docs: clarify kubernetes auth docs
* fix: return SOA and NS records when queried for a record CNAMEd to origin

- fixes bsc#1259320 CVE-2026-26017
- fixes bsc#1259319 CVE-2026-26018

- address more unstable unstable tests under aarch64 and s390x

- Update to version 1.14.1:
* This release primarily addresses security vulnerabilities affecting Go
versions prior to Go 1.25.6 and Go 1.24.12
(CVE-2025-61728, CVE-2025-61726, CVE-2025-68121, CVE-2025-61731,
CVE-2025-68119).
It also includes performance improvements to the proxy plugin via
multiplexed connections, along with various documentation updates.

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-212=1

Package List:

- openSUSE Leap 16.0:

coredns-1.14.2-bp160.1.1
coredns-extras-1.14.2-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-61726.html
* https://www.suse.com/security/cve/CVE-2025-61728.html
* https://www.suse.com/security/cve/CVE-2025-61731.html
* https://www.suse.com/security/cve/CVE-2025-68119.html
* https://www.suse.com/security/cve/CVE-2025-68121.html
* https://www.suse.com/security/cve/CVE-2026-26017.html
* https://www.suse.com/security/cve/CVE-2026-26018.html



openSUSE-SU-2026:10607-1: moderate: golang-github-prometheus-prometheus-3.11.2-1.1 on GA media


# golang-github-prometheus-prometheus-3.11.2-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10607-1
Rating: moderate

Cross-References:

* CVE-2026-40179

CVSS scores:

* CVE-2026-40179 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-40179 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the golang-github-prometheus-prometheus-3.11.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* golang-github-prometheus-prometheus 3.11.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-40179.html



openSUSE-SU-2026:10608-1: moderate: libXpm-devel-3.5.18-2.1 on GA media


# libXpm-devel-3.5.18-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10608-1
Rating: moderate

Cross-References:

* CVE-2026-4367

CVSS scores:

* CVE-2026-4367 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-4367 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libXpm-devel-3.5.18-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libXpm-devel 3.5.18-2.1
* libXpm-devel-32bit 3.5.18-2.1
* libXpm-tools 3.5.18-2.1
* libXpm4 3.5.18-2.1
* libXpm4-32bit 3.5.18-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-4367.html



openSUSE-SU-2026:10606-1: moderate: frr-10.5.1-3.1 on GA media


# frr-10.5.1-3.1 on GA media

Announcement ID: openSUSE-SU-2026:10606-1
Rating: moderate

Cross-References:

* CVE-2026-5107

CVSS scores:

* CVE-2026-5107 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-5107 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the frr-10.5.1-3.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* frr 10.5.1-3.1
* frr-devel 10.5.1-3.1
* libfrr0 10.5.1-3.1
* libfrr_pb0 10.5.1-3.1
* libfrrcares0 10.5.1-3.1
* libfrrfpm_pb0 10.5.1-3.1
* libfrrospfapiclient0 10.5.1-3.1
* libfrrsnmp0 10.5.1-3.1
* libfrrzmq0 10.5.1-3.1
* libmgmt_be_nb0 10.5.1-3.1
* libmlag_pb0 10.5.1-3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-5107.html



SUSE-SU-2026:1597-1: important: Security update for ImageMagick


# Security update for ImageMagick

Announcement ID: SUSE-SU-2026:1597-1
Release Date: 2026-04-24T11:44:19Z
Rating: important
References:

* bsc#1262097
* bsc#1262145
* bsc#1262146
* bsc#1262147
* bsc#1262148
* bsc#1262149
* bsc#1262150
* bsc#1262152
* bsc#1262154
* bsc#1262155
* bsc#1262156

Cross-References:

* CVE-2026-33899
* CVE-2026-33900
* CVE-2026-33901
* CVE-2026-33905
* CVE-2026-33908
* CVE-2026-34238
* CVE-2026-40169
* CVE-2026-40183
* CVE-2026-40310
* CVE-2026-40311
* CVE-2026-40312

CVSS scores:

* CVE-2026-33899 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-33899 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-33899 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-33900 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33900 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33900 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33900 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33901 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33901 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33901 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33905 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33905 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-33905 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-33905 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
* CVE-2026-33908 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33908 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33908 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34238 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34238 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-34238 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34238 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-40169 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-40169 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40169 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40169 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40183 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-40183 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-40183 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-40183 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-40310 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-40310 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-40310 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-40310 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-40311 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-40311 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-40311 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-40311 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-40312 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-40312 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40312 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-40312 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves 11 vulnerabilities can now be installed.

## Description:

This update for ImageMagick fixes the following issues:

* CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing
(bsc#1262154).
* CVE-2026-33900: Denial of Service via integer truncation in viff encoder
(bsc#1262156).
* CVE-2026-33901: Denial of Service due to heap buffer overflow in MVG decoder
(bsc#1262155).
* CVE-2026-33905: Denial of service via out-of-bounds read in -sample
operation (bsc#1262097).
* CVE-2026-33908: Denial of Service via deeply nested XML file processing
(bsc#1262152).
* CVE-2026-34238: Denial of Service via integer overflow in despeckle
operation (bsc#1262147).
* CVE-2026-40169: Denial of Service via crafted image leading to out-of-bounds
write (bsc#1262150).
* CVE-2026-40183: Denial of Service via heap write overflow in JXL encoder
(bsc#1262145).
* CVE-2026-40310: Denial of service via heap out-of-bounds write in JP2
encoder (bsc#1262148).
* CVE-2026-40311: Denial of Service via heap use-after-free in XMP profile
processing (bsc#1262146).
* CVE-2026-40312: Denial of Service via malicious MSL file processing
(bsc#1262149).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1597=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1597=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1597=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.55.1
* ImageMagick-7.1.1.21-150600.3.55.1
* ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.55.1
* perl-PerlMagick-debuginfo-7.1.1.21-150600.3.55.1
* ImageMagick-debugsource-7.1.1.21-150600.3.55.1
* ImageMagick-extra-7.1.1.21-150600.3.55.1
* ImageMagick-debuginfo-7.1.1.21-150600.3.55.1
* libMagick++-devel-7.1.1.21-150600.3.55.1
* libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.55.1
* libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.55.1
* ImageMagick-extra-debuginfo-7.1.1.21-150600.3.55.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.55.1
* ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.55.1
* ImageMagick-config-7-SUSE-7.1.1.21-150600.3.55.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.55.1
* ImageMagick-devel-7.1.1.21-150600.3.55.1
* perl-PerlMagick-7.1.1.21-150600.3.55.1
* libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.55.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.55.1
* ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.55.1
* openSUSE Leap 15.6 (x86_64)
* libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.1.21-150600.3.55.1
* libMagickCore-7_Q16HDRI10-32bit-7.1.1.21-150600.3.55.1
* libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.55.1
* libMagick++-devel-32bit-7.1.1.21-150600.3.55.1
* libMagickWand-7_Q16HDRI10-32bit-7.1.1.21-150600.3.55.1
* libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.55.1
* libMagick++-7_Q16HDRI5-32bit-7.1.1.21-150600.3.55.1
* ImageMagick-devel-32bit-7.1.1.21-150600.3.55.1
* openSUSE Leap 15.6 (noarch)
* ImageMagick-doc-7.1.1.21-150600.3.55.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libMagickCore-7_Q16HDRI10-64bit-7.1.1.21-150600.3.55.1
* libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.55.1
* libMagick++-devel-64bit-7.1.1.21-150600.3.55.1
* libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.1.21-150600.3.55.1
* libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.55.1
* libMagick++-7_Q16HDRI5-64bit-7.1.1.21-150600.3.55.1
* libMagickWand-7_Q16HDRI10-64bit-7.1.1.21-150600.3.55.1
* ImageMagick-devel-64bit-7.1.1.21-150600.3.55.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.55.1
* ImageMagick-7.1.1.21-150600.3.55.1
* ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.55.1
* perl-PerlMagick-debuginfo-7.1.1.21-150600.3.55.1
* ImageMagick-debugsource-7.1.1.21-150600.3.55.1
* ImageMagick-debuginfo-7.1.1.21-150600.3.55.1
* libMagick++-devel-7.1.1.21-150600.3.55.1
* libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.55.1
* libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.55.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.55.1
* perl-PerlMagick-7.1.1.21-150600.3.55.1
* ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.55.1
* ImageMagick-config-7-SUSE-7.1.1.21-150600.3.55.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.55.1
* ImageMagick-devel-7.1.1.21-150600.3.55.1
* libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.55.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.55.1
* ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.55.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.55.1
* ImageMagick-7.1.1.21-150600.3.55.1
* ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.55.1
* perl-PerlMagick-debuginfo-7.1.1.21-150600.3.55.1
* ImageMagick-debugsource-7.1.1.21-150600.3.55.1
* ImageMagick-debuginfo-7.1.1.21-150600.3.55.1
* libMagick++-devel-7.1.1.21-150600.3.55.1
* libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.55.1
* libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.55.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.55.1
* perl-PerlMagick-7.1.1.21-150600.3.55.1
* ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.55.1
* ImageMagick-config-7-SUSE-7.1.1.21-150600.3.55.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.55.1
* ImageMagick-devel-7.1.1.21-150600.3.55.1
* libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.55.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.55.1
* ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.55.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33899.html
* https://www.suse.com/security/cve/CVE-2026-33900.html
* https://www.suse.com/security/cve/CVE-2026-33901.html
* https://www.suse.com/security/cve/CVE-2026-33905.html
* https://www.suse.com/security/cve/CVE-2026-33908.html
* https://www.suse.com/security/cve/CVE-2026-34238.html
* https://www.suse.com/security/cve/CVE-2026-40169.html
* https://www.suse.com/security/cve/CVE-2026-40183.html
* https://www.suse.com/security/cve/CVE-2026-40310.html
* https://www.suse.com/security/cve/CVE-2026-40311.html
* https://www.suse.com/security/cve/CVE-2026-40312.html
* https://bugzilla.suse.com/show_bug.cgi?id=1262097
* https://bugzilla.suse.com/show_bug.cgi?id=1262145
* https://bugzilla.suse.com/show_bug.cgi?id=1262146
* https://bugzilla.suse.com/show_bug.cgi?id=1262147
* https://bugzilla.suse.com/show_bug.cgi?id=1262148
* https://bugzilla.suse.com/show_bug.cgi?id=1262149
* https://bugzilla.suse.com/show_bug.cgi?id=1262150
* https://bugzilla.suse.com/show_bug.cgi?id=1262152
* https://bugzilla.suse.com/show_bug.cgi?id=1262154
* https://bugzilla.suse.com/show_bug.cgi?id=1262155
* https://bugzilla.suse.com/show_bug.cgi?id=1262156



SUSE-SU-2026:1599-1: important: Security update for librsvg


# Security update for librsvg

Announcement ID: SUSE-SU-2026:1599-1
Release Date: 2026-04-24T11:45:53Z
Rating: important
References:

* bsc#1257922

Cross-References:

* CVE-2026-25727

CVSS scores:

* CVE-2026-25727 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25727 ( NVD ): 6.8
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for librsvg fixes the following issue:

* CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date
parser can lead to stack exhaustion (bsc#1257922).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-1599=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1599=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1599=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1599=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1599=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1599=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1599=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1599=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1599=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1599=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1599=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1599=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1599=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1599=1

## Package List:

* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1
* librsvg-2-2-2.52.12-150400.3.12.1
* gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1
* librsvg-2-2-debuginfo-2.52.12-150400.3.12.1
* librsvg-debugsource-2.52.12-150400.3.12.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1
* typelib-1_0-Rsvg-2_0-2.52.12-150400.3.12.1
* librsvg-2-2-2.52.12-150400.3.12.1
* gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1
* librsvg-devel-2.52.12-150400.3.12.1
* librsvg-2-2-debuginfo-2.52.12-150400.3.12.1
* librsvg-debugsource-2.52.12-150400.3.12.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1
* typelib-1_0-Rsvg-2_0-2.52.12-150400.3.12.1
* librsvg-2-2-2.52.12-150400.3.12.1
* gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1
* librsvg-devel-2.52.12-150400.3.12.1
* librsvg-2-2-debuginfo-2.52.12-150400.3.12.1
* librsvg-debugsource-2.52.12-150400.3.12.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1
* typelib-1_0-Rsvg-2_0-2.52.12-150400.3.12.1
* librsvg-2-2-2.52.12-150400.3.12.1
* gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1
* librsvg-devel-2.52.12-150400.3.12.1
* librsvg-2-2-debuginfo-2.52.12-150400.3.12.1
* librsvg-debugsource-2.52.12-150400.3.12.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1
* typelib-1_0-Rsvg-2_0-2.52.12-150400.3.12.1
* librsvg-2-2-2.52.12-150400.3.12.1
* gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1
* librsvg-devel-2.52.12-150400.3.12.1
* librsvg-2-2-debuginfo-2.52.12-150400.3.12.1
* librsvg-debugsource-2.52.12-150400.3.12.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1
* typelib-1_0-Rsvg-2_0-2.52.12-150400.3.12.1
* librsvg-2-2-2.52.12-150400.3.12.1
* gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1
* librsvg-devel-2.52.12-150400.3.12.1
* librsvg-2-2-debuginfo-2.52.12-150400.3.12.1
* librsvg-debugsource-2.52.12-150400.3.12.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1
* typelib-1_0-Rsvg-2_0-2.52.12-150400.3.12.1
* librsvg-2-2-2.52.12-150400.3.12.1
* gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1
* librsvg-devel-2.52.12-150400.3.12.1
* librsvg-2-2-debuginfo-2.52.12-150400.3.12.1
* librsvg-debugsource-2.52.12-150400.3.12.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1
* typelib-1_0-Rsvg-2_0-2.52.12-150400.3.12.1
* librsvg-2-2-2.52.12-150400.3.12.1
* gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1
* librsvg-devel-2.52.12-150400.3.12.1
* librsvg-2-2-debuginfo-2.52.12-150400.3.12.1
* librsvg-debugsource-2.52.12-150400.3.12.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1
* typelib-1_0-Rsvg-2_0-2.52.12-150400.3.12.1
* librsvg-2-2-2.52.12-150400.3.12.1
* gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1
* librsvg-devel-2.52.12-150400.3.12.1
* librsvg-2-2-debuginfo-2.52.12-150400.3.12.1
* librsvg-debugsource-2.52.12-150400.3.12.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1
* typelib-1_0-Rsvg-2_0-2.52.12-150400.3.12.1
* librsvg-2-2-2.52.12-150400.3.12.1
* rsvg-convert-2.52.12-150400.3.12.1
* gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1
* librsvg-devel-2.52.12-150400.3.12.1
* librsvg-2-2-debuginfo-2.52.12-150400.3.12.1
* librsvg-debugsource-2.52.12-150400.3.12.1
* openSUSE Leap 15.4 (noarch)
* rsvg-thumbnailer-2.52.12-150400.3.12.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* librsvg-2-2-64bit-debuginfo-2.52.12-150400.3.12.1
* gdk-pixbuf-loader-rsvg-64bit-2.52.12-150400.3.12.1
* librsvg-2-2-64bit-2.52.12-150400.3.12.1
* gdk-pixbuf-loader-rsvg-64bit-debuginfo-2.52.12-150400.3.12.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1
* librsvg-2-2-2.52.12-150400.3.12.1
* gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1
* librsvg-2-2-debuginfo-2.52.12-150400.3.12.1
* librsvg-debugsource-2.52.12-150400.3.12.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1
* librsvg-2-2-2.52.12-150400.3.12.1
* gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1
* librsvg-2-2-debuginfo-2.52.12-150400.3.12.1
* librsvg-debugsource-2.52.12-150400.3.12.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1
* librsvg-2-2-2.52.12-150400.3.12.1
* gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1
* librsvg-2-2-debuginfo-2.52.12-150400.3.12.1
* librsvg-debugsource-2.52.12-150400.3.12.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1
* librsvg-2-2-2.52.12-150400.3.12.1
* gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1
* librsvg-2-2-debuginfo-2.52.12-150400.3.12.1
* librsvg-debugsource-2.52.12-150400.3.12.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25727.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257922



SUSE-SU-2026:1619-1: moderate: Security update for PackageKit


# Security update for PackageKit

Announcement ID: SUSE-SU-2026:1619-1
Release Date: 2026-04-24T14:34:25Z
Rating: moderate
References:

* bsc#1262220

Cross-References:

* CVE-2026-41651

CVSS scores:

* CVE-2026-41651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41651 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5

An update that solves one vulnerability can now be installed.

## Description:

This update for PackageKit fixes the following issue:

* CVE-2026-41651: Do not allow re-invoking methods on non-new transactions
(bsc#1262220).

## Special Instructions and Notes:

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1619=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* typelib-1_0-PackageKitGlib-1_0-1.2.4-150500.6.5.1
* PackageKit-backend-dnf-1.2.4-150500.6.5.1
* PackageKit-1.2.4-150500.6.5.1
* PackageKit-debugsource-1.2.4-150500.6.5.1
* PackageKit-gtk3-module-1.2.4-150500.6.5.1
* libpackagekit-glib2-18-1.2.4-150500.6.5.1
* libpackagekit-glib2-devel-1.2.4-150500.6.5.1
* PackageKit-gtk3-module-debuginfo-1.2.4-150500.6.5.1
* PackageKit-devel-debuginfo-1.2.4-150500.6.5.1
* PackageKit-debuginfo-1.2.4-150500.6.5.1
* libpackagekit-glib2-18-debuginfo-1.2.4-150500.6.5.1
* PackageKit-backend-zypp-debuginfo-1.2.4-150500.6.5.1
* PackageKit-backend-zypp-1.2.4-150500.6.5.1
* PackageKit-backend-dnf-debuginfo-1.2.4-150500.6.5.1
* PackageKit-gstreamer-plugin-1.2.4-150500.6.5.1
* PackageKit-gstreamer-plugin-debuginfo-1.2.4-150500.6.5.1
* PackageKit-devel-1.2.4-150500.6.5.1
* openSUSE Leap 15.5 (noarch)
* PackageKit-branding-upstream-1.2.4-150500.6.5.1
* PackageKit-lang-1.2.4-150500.6.5.1
* openSUSE Leap 15.5 (x86_64)
* libpackagekit-glib2-18-32bit-1.2.4-150500.6.5.1
* libpackagekit-glib2-18-32bit-debuginfo-1.2.4-150500.6.5.1
* libpackagekit-glib2-devel-32bit-1.2.4-150500.6.5.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* libpackagekit-glib2-18-64bit-debuginfo-1.2.4-150500.6.5.1
* libpackagekit-glib2-18-64bit-1.2.4-150500.6.5.1
* libpackagekit-glib2-devel-64bit-1.2.4-150500.6.5.1

## References:

* https://www.suse.com/security/cve/CVE-2026-41651.html
* https://bugzilla.suse.com/show_bug.cgi?id=1262220



SUSE-SU-2026:1613-1: important: Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP6)


# Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:1613-1
Release Date: 2026-04-24T13:34:09Z
Rating: important
References:

* bsc#1255066
* bsc#1259859

Cross-References:

* CVE-2025-40309
* CVE-2026-23268

CVSS scores:

* CVE-2025-40309 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.50 fixes
various security issues

The following security issues were fixed:

* CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066).
* CVE-2026-23268: apparmor: fix unprivileged local user can do privileged
policy management (bsc#1259859).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1613=1 SUSE-2026-1610=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1613=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2026-1610=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_10-debugsource-16-150600.2.2
* kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-16-150600.2.2
* kernel-livepatch-6_4_0-150600_23_47-default-16-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_11-debugsource-15-150600.2.2
* kernel-livepatch-6_4_0-150600_23_50-default-15-150600.2.2
* kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-15-150600.2.2
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_10-debugsource-16-150600.2.2
* kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-16-150600.2.2
* kernel-livepatch-6_4_0-150600_23_47-default-16-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_11-debugsource-15-150600.2.2
* kernel-livepatch-6_4_0-150600_23_50-default-15-150600.2.2
* kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-15-150600.2.2

## References:

* https://www.suse.com/security/cve/CVE-2025-40309.html
* https://www.suse.com/security/cve/CVE-2026-23268.html
* https://bugzilla.suse.com/show_bug.cgi?id=1255066
* https://bugzilla.suse.com/show_bug.cgi?id=1259859



SUSE-SU-2026:1611-1: important: Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5)


# Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:1611-1
Release Date: 2026-04-24T14:06:13Z
Rating: important
References:

* bsc#1258396
* bsc#1259859

Cross-References:

* CVE-2026-23191
* CVE-2026-23268

CVSS scores:

* CVE-2026-23191 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 12-SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.133 fixes
various security issues

The following security issues were fixed:

* CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396).
* CVE-2026-23268: apparmor: fix unprivileged local user can do privileged
policy management (bsc#1259859).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 12-SP5
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1611=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1612=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1612=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1614=1 SUSE-2026-1615=1 SUSE-2026-1616=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1614=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2026-1615=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2026-1616=1

## Package List:

* SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64)
* kgraft-patch-4_12_14-122_261-default-13-2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_46-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_184-default-debuginfo-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_184-default-5-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_46-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_184-default-debuginfo-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_184-default-5-150400.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_116-default-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-13-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_31-debugsource-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_124-default-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_133-default-5-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_34-debugsource-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_124-default-debuginfo-8-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_29-debugsource-13-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_116-default-13-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_31-debugsource-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_124-default-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_133-default-5-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_34-debugsource-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_124-default-debuginfo-8-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x)
* kernel-livepatch-SLE15-SP5_Update_29-debugsource-13-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-23191.html
* https://www.suse.com/security/cve/CVE-2026-23268.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258396
* https://bugzilla.suse.com/show_bug.cgi?id=1259859


Thunderbird, Wireshark, Webkit2GTK3 updates for Rocky Linux

GStreamer Bad Plugins and Kernel updates for Ubuntu

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...