Kernel, FreeCIV, Firefox, and more updates for SUSE

SUSE 5632 Published by

SUSE rolled out a batch of security advisories that impact various Linux distributions and widely used open source software. Kernel live patches for SUSE Linux Enterprise address critical race conditions in ALSA alongside privilege escalation flaws within AppArmor. Firefox Extended Support Release gets a major upgrade to version 140.10.0, which closes 25 separate vulnerabilities tied to memory corruption and boundary checking failures. System administrators should also apply important fixes for freerdp that resolve multiple heap overflows, while moderate updates quietly patch security gaps in freeciv, systemd components, Emacs, and the ngtcp2 library.

SUSE-SU-2026:1622-1: important: Security update for the Linux Kernel (Live Patch 27 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2026:1621-1: important: Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise 15 SP5)
openSUSE-SU-2026:0155-1: moderate: Security update for freeciv
openSUSE-SU-2026:20621-1: important: Security update for MozillaFirefox
openSUSE-SU-2026:10624-1: moderate: libsystemd0-259.5-1.3 on GA media
openSUSE-SU-2026:10619-1: moderate: emacs-30.2-8.1 on GA media
openSUSE-SU-2026:10621-1: moderate: libngtcp2-16-1.22.1-1.1 on GA media
SUSE-SU-2026:1630-1: important: Security update for the Linux Kernel (Live Patch 26 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2026:1632-1: important: Security update for freerdp
SUSE-SU-2026:1634-1: important: Security update for freerdp




SUSE-SU-2026:1622-1: important: Security update for the Linux Kernel (Live Patch 27 for SUSE Linux Enterprise 15 SP5)


# Security update for the Linux Kernel (Live Patch 27 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:1622-1
Release Date: 2026-04-25T06:33:49Z
Rating: important
References:

* bsc#1258396
* bsc#1259859

Cross-References:

* CVE-2026-23191
* CVE-2026-23268

CVSS scores:

* CVE-2026-23191 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.110 fixes
various security issues

The following security issues were fixed:

* CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396).
* CVE-2026-23268: apparmor: fix unprivileged local user can do privileged
policy management (bsc#1259859).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1627=1 SUSE-2026-1628=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1627=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2026-1628=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1622=1 SUSE-2026-1623=1 SUSE-2026-1624=1
SUSE-2026-1625=1 SUSE-2026-1626=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1622=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2026-1623=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2026-1624=1 SUSE-SLE-Module-Live-Patching-15-SP4-2026-1625=1
SUSE-SLE-Module-Live-Patching-15-SP4-2026-1626=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_27-debugsource-16-150500.2.1
* kernel-livepatch-5_14_21-150500_55_100-default-17-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-16-150500.2.1
* kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-17-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_25-debugsource-17-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-16-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_27-debugsource-16-150500.2.1
* kernel-livepatch-5_14_21-150500_55_100-default-17-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-16-150500.2.1
* kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-17-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_25-debugsource-17-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-16-150500.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-17-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_176-default-11-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_40-debugsource-17-150400.2.1
* kernel-livepatch-5_14_21-150400_24_179-default-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_179-default-debuginfo-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-11-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_44-debugsource-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-17-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_43-debugsource-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-16-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_45-debugsource-9-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-17-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_176-default-11-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_40-debugsource-17-150400.2.1
* kernel-livepatch-5_14_21-150400_24_179-default-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_179-default-debuginfo-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-11-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_44-debugsource-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-17-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_43-debugsource-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-16-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_45-debugsource-9-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-23191.html
* https://www.suse.com/security/cve/CVE-2026-23268.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258396
* https://bugzilla.suse.com/show_bug.cgi?id=1259859



SUSE-SU-2026:1621-1: important: Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise 15 SP5)


# Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:1621-1
Release Date: 2026-04-24T19:04:09Z
Rating: important
References:

* bsc#1258396
* bsc#1259859

Cross-References:

* CVE-2026-23191
* CVE-2026-23268

CVSS scores:

* CVE-2026-23191 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.121 fixes
various security issues

The following security issues were fixed:

* CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396).
* CVE-2026-23268: apparmor: fix unprivileged local user can do privileged
policy management (bsc#1259859).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1620=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1621=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1621=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1620=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_121-default-debuginfo-10-150500.2.1
* kernel-livepatch-5_14_21-150500_55_121-default-10-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_30-debugsource-10-150500.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_161-default-17-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-17-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_39-debugsource-17-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_161-default-17-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-17-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_39-debugsource-17-150400.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_121-default-debuginfo-10-150500.2.1
* kernel-livepatch-5_14_21-150500_55_121-default-10-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_30-debugsource-10-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-23191.html
* https://www.suse.com/security/cve/CVE-2026-23268.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258396
* https://bugzilla.suse.com/show_bug.cgi?id=1259859



openSUSE-SU-2026:0155-1: moderate: Security update for freeciv


openSUSE Security Update: Security update for freeciv
_______________________________

Announcement ID: openSUSE-SU-2026:0155-1
Rating: moderate
References: #1260036
Cross-References: CVE-2026-33250
Affected Products:
openSUSE Backports SLE-15-SP6
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for freeciv fixes the following issues:

- CVE-2026-33250: Fix a vulnerability allowing remote crashing of the
server (boo#1260036).

- update to version 3.0.10:
* Generic bugfix release* Generic bugfix release
* Fixed nation color selection assert failures when moving from pre-game
to turn 1
* Fixed a crash when city removal left a unit stranded
* Fixed growing of the internal string handling buffer, fixing, e.g.,
issues with very long lines in the savegame
* Fixed fc_vsnprintf() return value on Windows, fixing, e.g., issues on
loading the tutorial scenario
* Various internal changes which should only affect developers
* Fixed bad memory access while loading freeciv-2.6 format ruleset
* Miscellaneous improvements to in-game text and user documentation
* Miscellaneous changes to developer/install/ruleset docs
* Updated translations
* see https://freeciv.fandom.com/wiki/NEWS-3.0.10

- update to version 3.0.9:
* Generic bugfix release
* Set diplomatic relations state correctly between team members
osdn#48295
* Fixed assert failures when city grows to freeciv's internal max city
size (255)
* Sammarinese city name Borgo Maggiore corrected osdn#48316
* Cargo gets bounced when transport is lost due to terrain change
* Fixed crash with recursive autoattacks in case of occupychance setting
being > 0
* Fixed memory corruption when transport is not bounced, but cargo is
* Corrected amount treasury gets increased by a city in some situations
* Cities stop working tiles turned unworkable at turn change
* Fixed clearing city border claims when player gets removed from the
game osdn#48837
* see https://freeciv.fandom.com/wiki/NEWS-3.0.9

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-155=1

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2026-155=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64):

freeciv-3.1.6-bp157.2.3.1
freeciv-debuginfo-3.1.6-bp157.2.3.1
freeciv-debugsource-3.1.6-bp157.2.3.1
freeciv-gtk3-3.1.6-bp157.2.3.1
freeciv-gtk3-debuginfo-3.1.6-bp157.2.3.1
freeciv-gtk4-3.1.6-bp157.2.3.1
freeciv-gtk4-debuginfo-3.1.6-bp157.2.3.1
freeciv-qt-3.1.6-bp157.2.3.1
freeciv-qt-debuginfo-3.1.6-bp157.2.3.1

- openSUSE Backports SLE-15-SP7 (noarch):

freeciv-lang-3.1.6-bp157.2.3.1

- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

freeciv-3.0.10-bp156.2.3.1
freeciv-gtk3-3.0.10-bp156.2.3.1
freeciv-qt-3.0.10-bp156.2.3.1

- openSUSE Backports SLE-15-SP6 (noarch):

freeciv-lang-3.0.10-bp156.2.3.1

References:

https://www.suse.com/security/cve/CVE-2026-33250.html
https://bugzilla.suse.com/1260036



openSUSE-SU-2026:20621-1: important: Security update for MozillaFirefox


openSUSE security update: security update for mozillafirefox
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20621-1
Rating: important
References:

* bsc#1262230

Cross-References:

* CVE-2026-6746
* CVE-2026-6747
* CVE-2026-6748
* CVE-2026-6749
* CVE-2026-6750
* CVE-2026-6751
* CVE-2026-6752
* CVE-2026-6753
* CVE-2026-6754
* CVE-2026-6757
* CVE-2026-6759
* CVE-2026-6761
* CVE-2026-6762
* CVE-2026-6763
* CVE-2026-6764
* CVE-2026-6765
* CVE-2026-6766
* CVE-2026-6767
* CVE-2026-6769
* CVE-2026-6770
* CVE-2026-6771
* CVE-2026-6772
* CVE-2026-6776
* CVE-2026-6785
* CVE-2026-6786

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 25 vulnerabilities and has one bug fix can now be installed.

Description:

This update for MozillaFirefox fixes the following issues:

Update to Firefox Extended Support Release 140.10.0 ESR.

- MFSA 2026-32 (bsc#1262230):
* CVE-2026-6746: Use-after-free in the DOM: Core & HTML component
* CVE-2026-6747: Use-after-free in the WebRTC component
* CVE-2026-6748: Uninitialized memory in the Audio/Video: Web Codecs component
* CVE-2026-6749: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component
* CVE-2026-6750: Privilege escalation in the Graphics: WebRender component
* CVE-2026-6751: Uninitialized memory in the Audio/Video: Web Codecs component
* CVE-2026-6752: Incorrect boundary conditions in the WebRTC component
* CVE-2026-6753: Incorrect boundary conditions in the WebRTC component
* CVE-2026-6754: Use-after-free in the JavaScript Engine component
* CVE-2026-6757: Invalid pointer in the JavaScript: WebAssembly component
* CVE-2026-6759: Use-after-free in the Widget: Cocoa component
* CVE-2026-6761: Privilege escalation in the Networking component
* CVE-2026-6762: Spoofing issue in the DOM: Core & HTML component
* CVE-2026-6763: Mitigation bypass in the File Handling component
* CVE-2026-6764: Incorrect boundary conditions in the DOM: Device Interfaces component
* CVE-2026-6765: Information disclosure in the Form Autofill component
* CVE-2026-6766: Incorrect boundary conditions in the Libraries component in NSS
* CVE-2026-6767: Other issue in the Libraries component in NSS
* CVE-2026-6769: Privilege escalation in the Debugger component
* CVE-2026-6770: Other issue in the Storage: IndexedDB component
* CVE-2026-6771: Mitigation bypass in the DOM: Security component
* CVE-2026-6772: Incorrect boundary conditions in the Libraries component in NSS
* CVE-2026-6776: Incorrect boundary conditions in the WebRTC: Networking component
* CVE-2026-6785: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox
150 and Thunderbird 150
* CVE-2026-6786: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird
150

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-635=1

Package List:

- openSUSE Leap 16.0:

MozillaFirefox-140.10.0-160000.1.1
MozillaFirefox-branding-upstream-140.10.0-160000.1.1
MozillaFirefox-devel-140.10.0-160000.1.1
MozillaFirefox-translations-common-140.10.0-160000.1.1
MozillaFirefox-translations-other-140.10.0-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-6746.html
* https://www.suse.com/security/cve/CVE-2026-6747.html
* https://www.suse.com/security/cve/CVE-2026-6748.html
* https://www.suse.com/security/cve/CVE-2026-6749.html
* https://www.suse.com/security/cve/CVE-2026-6750.html
* https://www.suse.com/security/cve/CVE-2026-6751.html
* https://www.suse.com/security/cve/CVE-2026-6752.html
* https://www.suse.com/security/cve/CVE-2026-6753.html
* https://www.suse.com/security/cve/CVE-2026-6754.html
* https://www.suse.com/security/cve/CVE-2026-6757.html
* https://www.suse.com/security/cve/CVE-2026-6759.html
* https://www.suse.com/security/cve/CVE-2026-6761.html
* https://www.suse.com/security/cve/CVE-2026-6762.html
* https://www.suse.com/security/cve/CVE-2026-6763.html
* https://www.suse.com/security/cve/CVE-2026-6764.html
* https://www.suse.com/security/cve/CVE-2026-6765.html
* https://www.suse.com/security/cve/CVE-2026-6766.html
* https://www.suse.com/security/cve/CVE-2026-6767.html
* https://www.suse.com/security/cve/CVE-2026-6769.html
* https://www.suse.com/security/cve/CVE-2026-6770.html
* https://www.suse.com/security/cve/CVE-2026-6771.html
* https://www.suse.com/security/cve/CVE-2026-6772.html
* https://www.suse.com/security/cve/CVE-2026-6776.html
* https://www.suse.com/security/cve/CVE-2026-6785.html
* https://www.suse.com/security/cve/CVE-2026-6786.html



openSUSE-SU-2026:10624-1: moderate: libsystemd0-259.5-1.3 on GA media


# libsystemd0-259.5-1.3 on GA media

Announcement ID: openSUSE-SU-2026:10624-1
Rating: moderate

Cross-References:

* CVE-2026-29111
* CVE-2026-4105

CVSS scores:

* CVE-2026-29111 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-29111 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-4105 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4105 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the libsystemd0-259.5-1.3 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libsystemd0 259.5-1.3
* libsystemd0-32bit 259.5-1.3
* libudev1 259.5-1.3
* libudev1-32bit 259.5-1.3
* systemd 259.5-1.3
* systemd-32bit 259.5-1.3
* systemd-boot 259.5-1.3
* systemd-container 259.5-1.3
* systemd-devel 259.5-1.3
* systemd-devel-32bit 259.5-1.3
* systemd-doc 259.5-1.3
* systemd-experimental 259.5-1.3
* systemd-homed 259.5-1.3
* systemd-journal-remote 259.5-1.3
* systemd-lang 259.5-1.3
* systemd-networkd 259.5-1.3
* systemd-portable 259.5-1.3
* systemd-resolved 259.5-1.3
* systemd-sysvcompat 259.5-1.3
* systemd-testsuite 259.5-1.3
* systemd-ukify 259.5-1.3
* udev 259.5-1.3

## References:

* https://www.suse.com/security/cve/CVE-2026-29111.html
* https://www.suse.com/security/cve/CVE-2026-4105.html



openSUSE-SU-2026:10619-1: moderate: emacs-30.2-8.1 on GA media


# emacs-30.2-8.1 on GA media

Announcement ID: openSUSE-SU-2026:10619-1
Rating: moderate

Cross-References:

* CVE-2026-6861

CVSS scores:

* CVE-2026-6861 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
* CVE-2026-6861 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the emacs-30.2-8.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* emacs 30.2-8.1
* emacs-el 30.2-8.1
* emacs-eln 30.2-8.1
* emacs-games 30.2-8.1
* emacs-info 30.2-8.1
* emacs-nox 30.2-8.1
* emacs-x11 30.2-8.1
* etags 30.2-8.1

## References:

* https://www.suse.com/security/cve/CVE-2026-6861.html



openSUSE-SU-2026:10621-1: moderate: libngtcp2-16-1.22.1-1.1 on GA media


# libngtcp2-16-1.22.1-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10621-1
Rating: moderate

Cross-References:

* CVE-2026-40170

CVSS scores:

* CVE-2026-40170 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40170 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libngtcp2-16-1.22.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libngtcp2-16 1.22.1-1.1
* libngtcp2-16-32bit 1.22.0-2.1
* libngtcp2_crypto_gnutls-devel 1.22.1-1.1
* libngtcp2_crypto_gnutls8 1.22.1-1.1
* libngtcp2_crypto_gnutls8-32bit 1.22.0-2.1
* libngtcp2_crypto_ossl-devel 1.22.1-1.1
* libngtcp2_crypto_ossl0 1.22.1-1.1
* libngtcp2_crypto_ossl0-32bit 1.22.0-2.1
* ngtcp2-devel 1.22.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-40170.html



SUSE-SU-2026:1630-1: important: Security update for the Linux Kernel (Live Patch 26 for SUSE Linux Enterprise 15 SP5)


# Security update for the Linux Kernel (Live Patch 26 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:1630-1
Release Date: 2026-04-27T08:04:20Z
Rating: important
References:

* bsc#1258396
* bsc#1259859

Cross-References:

* CVE-2026-23191
* CVE-2026-23268

CVSS scores:

* CVE-2026-23191 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.103 fixes
various security issues

The following security issues were fixed:

* CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396).
* CVE-2026-23268: apparmor: fix unprivileged local user can do privileged
policy management (bsc#1259859).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1630=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1630=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_103-default-17-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-17-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-17-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_103-default-17-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-17-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-17-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-23191.html
* https://www.suse.com/security/cve/CVE-2026-23268.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258396
* https://bugzilla.suse.com/show_bug.cgi?id=1259859



SUSE-SU-2026:1632-1: important: Security update for freerdp


# Security update for freerdp

Announcement ID: SUSE-SU-2026:1632-1
Release Date: 2026-04-27T12:04:31Z
Rating: important
References:

* bsc#1258919
* bsc#1258920
* bsc#1258921
* bsc#1258923
* bsc#1258924
* bsc#1258939
* bsc#1258967
* bsc#1258977
* bsc#1258987
* bsc#1259680
* bsc#1259684
* bsc#1259689
* bsc#1259692
* bsc#1259693
* bsc#1261848

Cross-References:

* CVE-2026-25941
* CVE-2026-25942
* CVE-2026-25952
* CVE-2026-25953
* CVE-2026-25954
* CVE-2026-25997
* CVE-2026-26986
* CVE-2026-27015
* CVE-2026-27951
* CVE-2026-29774
* CVE-2026-29775
* CVE-2026-29776
* CVE-2026-31884
* CVE-2026-31897

CVSS scores:

* CVE-2026-25941 ( SUSE ): 5.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-25941 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-25941 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
* CVE-2026-25941 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-25942 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-25942 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-25942 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25942 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25952 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-25952 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-25952 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25952 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-25953 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-25953 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-25953 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25953 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-25954 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-25954 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-25954 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25954 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25997 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-25997 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-25997 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25997 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-26986 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-26986 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-26986 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-26986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-27015 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-27015 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-27015 ( NVD ): 5.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-27015 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-27951 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-27951 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-27951 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-27951 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-29774 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-29774 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-29774 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-29774 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-29775 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-29775 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-29775 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-29775 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-29776 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-29776 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-29776 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-31884 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-31884 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-31884 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-31884 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31897 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-31897 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-31897 ( NVD ): 0.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
* CVE-2026-31897 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves 14 vulnerabilities and has one security fix can now be
installed.

## Description:

This update for freerdp fixes the following issues:

* CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted
`WIRE_TO_SURFACE_2` PDU (bsc#1258919).
* CVE-2026-25942: Global-buffer-overflow in `xf_rail_server_execute_result`
(bsc#1258920).
* CVE-2026-25952: Heap-use-after-free in `xf_SetWindowMinMaxInfo`
(bsc#1258921).
* CVE-2026-25953: Heap-use-after-free in `xf_AppUpdateWindowFromSurface`
(bsc#1258923).
* CVE-2026-25954: Heap-use-after-free in `xf_rail_server_local_move_size`
(bsc#1258924).
* CVE-2026-25997: Heap-use-after-free in `xf_clipboard_format_equal`
(bsc#1258977).
* CVE-2026-26986: Heap-use-after-free in `rail_window_free` (bsc#1258967).
* CVE-2026-27015: Smartcard NDR alignment padding triggers reachable
`WINPR_ASSERT` abort (bsc#1258987).
* CVE-2026-27951: Denial of service via endless blocking loop in
`Stream_EnsureCapacity` (bsc#1258939).
* CVE-2026-29774: Missing bounds validation can cause a client-side heap
buffer overflow (bsc#1259689).
* CVE-2026-29775: Malicious server can trigger a client-side heap out-of-
bounds access (bsc#1259684).
* CVE-2026-29776: Missing length check can lead to an integer underflow
(bsc#1259692).
* CVE-2026-31897: Missing length check can cause an out-of-bounds read
(bsc#1259693).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1632=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1632=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* freerdp-debuginfo-2.11.2-150600.4.26.1
* freerdp-server-debuginfo-2.11.2-150600.4.26.1
* libfreerdp2-2-2.11.2-150600.4.26.1
* freerdp-debugsource-2.11.2-150600.4.26.1
* libwinpr2-2-debuginfo-2.11.2-150600.4.26.1
* freerdp-server-2.11.2-150600.4.26.1
* freerdp-2.11.2-150600.4.26.1
* freerdp-proxy-debuginfo-2.11.2-150600.4.26.1
* libuwac0-0-2.11.2-150600.4.26.1
* libuwac0-0-debuginfo-2.11.2-150600.4.26.1
* winpr-devel-2.11.2-150600.4.26.1
* freerdp-devel-2.11.2-150600.4.26.1
* freerdp-wayland-debuginfo-2.11.2-150600.4.26.1
* libwinpr2-2-2.11.2-150600.4.26.1
* freerdp-wayland-2.11.2-150600.4.26.1
* freerdp-proxy-2.11.2-150600.4.26.1
* libfreerdp2-2-debuginfo-2.11.2-150600.4.26.1
* uwac0-0-devel-2.11.2-150600.4.26.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x)
* freerdp-debuginfo-2.11.2-150600.4.26.1
* freerdp-debugsource-2.11.2-150600.4.26.1
* uwac0-0-devel-2.11.2-150600.4.26.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25941.html
* https://www.suse.com/security/cve/CVE-2026-25942.html
* https://www.suse.com/security/cve/CVE-2026-25952.html
* https://www.suse.com/security/cve/CVE-2026-25953.html
* https://www.suse.com/security/cve/CVE-2026-25954.html
* https://www.suse.com/security/cve/CVE-2026-25997.html
* https://www.suse.com/security/cve/CVE-2026-26986.html
* https://www.suse.com/security/cve/CVE-2026-27015.html
* https://www.suse.com/security/cve/CVE-2026-27951.html
* https://www.suse.com/security/cve/CVE-2026-29774.html
* https://www.suse.com/security/cve/CVE-2026-29775.html
* https://www.suse.com/security/cve/CVE-2026-29776.html
* https://www.suse.com/security/cve/CVE-2026-31884.html
* https://www.suse.com/security/cve/CVE-2026-31897.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258919
* https://bugzilla.suse.com/show_bug.cgi?id=1258920
* https://bugzilla.suse.com/show_bug.cgi?id=1258921
* https://bugzilla.suse.com/show_bug.cgi?id=1258923
* https://bugzilla.suse.com/show_bug.cgi?id=1258924
* https://bugzilla.suse.com/show_bug.cgi?id=1258939
* https://bugzilla.suse.com/show_bug.cgi?id=1258967
* https://bugzilla.suse.com/show_bug.cgi?id=1258977
* https://bugzilla.suse.com/show_bug.cgi?id=1258987
* https://bugzilla.suse.com/show_bug.cgi?id=1259680
* https://bugzilla.suse.com/show_bug.cgi?id=1259684
* https://bugzilla.suse.com/show_bug.cgi?id=1259689
* https://bugzilla.suse.com/show_bug.cgi?id=1259692
* https://bugzilla.suse.com/show_bug.cgi?id=1259693
* https://bugzilla.suse.com/show_bug.cgi?id=1261848



SUSE-SU-2026:1634-1: important: Security update for freerdp


# Security update for freerdp

Announcement ID: SUSE-SU-2026:1634-1
Release Date: 2026-04-27T12:06:21Z
Rating: important
References:

* bsc#1258919
* bsc#1258920
* bsc#1258921
* bsc#1258923
* bsc#1258924
* bsc#1258939
* bsc#1258967
* bsc#1258977
* bsc#1258987
* bsc#1259680
* bsc#1259684
* bsc#1259689
* bsc#1259692
* bsc#1259693
* bsc#1261848

Cross-References:

* CVE-2026-25941
* CVE-2026-25942
* CVE-2026-25952
* CVE-2026-25953
* CVE-2026-25954
* CVE-2026-25997
* CVE-2026-26986
* CVE-2026-27015
* CVE-2026-27951
* CVE-2026-29774
* CVE-2026-29775
* CVE-2026-29776
* CVE-2026-31884
* CVE-2026-31897

CVSS scores:

* CVE-2026-25941 ( SUSE ): 5.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-25941 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-25941 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
* CVE-2026-25941 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-25942 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-25942 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-25942 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25942 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25952 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-25952 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-25952 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25952 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-25953 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-25953 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-25953 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25953 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-25954 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-25954 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-25954 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25954 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25997 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-25997 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-25997 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25997 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-26986 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-26986 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-26986 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-26986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-27015 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-27015 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-27015 ( NVD ): 5.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-27015 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-27951 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-27951 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-27951 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-27951 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-29774 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-29774 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-29774 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-29774 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-29775 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-29775 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-29775 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-29775 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-29776 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-29776 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-29776 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-31884 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-31884 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-31884 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-31884 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31897 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-31897 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-31897 ( NVD ): 0.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
* CVE-2026-31897 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves 14 vulnerabilities and has one security fix can now be
installed.

## Description:

This update for freerdp fixes the following issues:

* CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted
`WIRE_TO_SURFACE_2` PDU (bsc#1258919).
* CVE-2026-25942: Global-buffer-overflow in `xf_rail_server_execute_result`
(bsc#1258920).
* CVE-2026-25952: Heap-use-after-free in `xf_SetWindowMinMaxInfo`
(bsc#1258921).
* CVE-2026-25953: Heap-use-after-free in `xf_AppUpdateWindowFromSurface`
(bsc#1258923).
* CVE-2026-25954: Heap-use-after-free in `xf_rail_server_local_move_size`
(bsc#1258924).
* CVE-2026-25997: Heap-use-after-free in `xf_clipboard_format_equal`
(bsc#1258977).
* CVE-2026-26986: Heap-use-after-free in `rail_window_free` (bsc#1258967).
* CVE-2026-27015: Smartcard NDR alignment padding triggers reachable
`WINPR_ASSERT` abort (bsc#1258987).
* CVE-2026-27951: Denial of service via endless blocking loop in
`Stream_EnsureCapacity` (bsc#1258939).
* CVE-2026-29774: Missing bounds validation can cause a client-side heap
buffer overflow (bsc#1259689).
* CVE-2026-29775: Malicious server can trigger a client-side heap out-of-
bounds access (bsc#1259684).
* CVE-2026-29776: Missing length check can lead to an integer underflow
(bsc#1259692).
* CVE-2026-31897: Missing length check can cause an out-of-bounds read
(bsc#1259693).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1634=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1634=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* freerdp-server-debuginfo-2.4.0-150400.3.52.1
* libwinpr2-debuginfo-2.4.0-150400.3.52.1
* freerdp-debuginfo-2.4.0-150400.3.52.1
* freerdp-proxy-2.4.0-150400.3.52.1
* libfreerdp2-debuginfo-2.4.0-150400.3.52.1
* freerdp-proxy-debuginfo-2.4.0-150400.3.52.1
* libuwac0-0-2.4.0-150400.3.52.1
* freerdp-2.4.0-150400.3.52.1
* libwinpr2-2.4.0-150400.3.52.1
* freerdp-wayland-debuginfo-2.4.0-150400.3.52.1
* libfreerdp2-2.4.0-150400.3.52.1
* freerdp-devel-2.4.0-150400.3.52.1
* winpr2-devel-2.4.0-150400.3.52.1
* libuwac0-0-debuginfo-2.4.0-150400.3.52.1
* freerdp-wayland-2.4.0-150400.3.52.1
* freerdp-server-2.4.0-150400.3.52.1
* uwac0-0-devel-2.4.0-150400.3.52.1
* freerdp-debugsource-2.4.0-150400.3.52.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x)
* libwinpr2-debuginfo-2.4.0-150400.3.52.1
* freerdp-debuginfo-2.4.0-150400.3.52.1
* libfreerdp2-debuginfo-2.4.0-150400.3.52.1
* libfreerdp2-2.4.0-150400.3.52.1
* freerdp-debugsource-2.4.0-150400.3.52.1
* libwinpr2-2.4.0-150400.3.52.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25941.html
* https://www.suse.com/security/cve/CVE-2026-25942.html
* https://www.suse.com/security/cve/CVE-2026-25952.html
* https://www.suse.com/security/cve/CVE-2026-25953.html
* https://www.suse.com/security/cve/CVE-2026-25954.html
* https://www.suse.com/security/cve/CVE-2026-25997.html
* https://www.suse.com/security/cve/CVE-2026-26986.html
* https://www.suse.com/security/cve/CVE-2026-27015.html
* https://www.suse.com/security/cve/CVE-2026-27951.html
* https://www.suse.com/security/cve/CVE-2026-29774.html
* https://www.suse.com/security/cve/CVE-2026-29775.html
* https://www.suse.com/security/cve/CVE-2026-29776.html
* https://www.suse.com/security/cve/CVE-2026-31884.html
* https://www.suse.com/security/cve/CVE-2026-31897.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258919
* https://bugzilla.suse.com/show_bug.cgi?id=1258920
* https://bugzilla.suse.com/show_bug.cgi?id=1258921
* https://bugzilla.suse.com/show_bug.cgi?id=1258923
* https://bugzilla.suse.com/show_bug.cgi?id=1258924
* https://bugzilla.suse.com/show_bug.cgi?id=1258939
* https://bugzilla.suse.com/show_bug.cgi?id=1258967
* https://bugzilla.suse.com/show_bug.cgi?id=1258977
* https://bugzilla.suse.com/show_bug.cgi?id=1258987
* https://bugzilla.suse.com/show_bug.cgi?id=1259680
* https://bugzilla.suse.com/show_bug.cgi?id=1259684
* https://bugzilla.suse.com/show_bug.cgi?id=1259689
* https://bugzilla.suse.com/show_bug.cgi?id=1259692
* https://bugzilla.suse.com/show_bug.cgi?id=1259693
* https://bugzilla.suse.com/show_bug.cgi?id=1261848


MPG123 update for Slackware

NTFS, Pillow, ClamAV, and more updates for Ubuntu

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...