Kernel, Jetty-Minimal, Botan, and more updates for SUSE

SUSE 5625 Published by

SUSE released a batch of critical security updates to address multiple vulnerabilities across their Linux distributions. These patches fix serious flaws in widely used software such as the Linux kernel live modules, image processing libraries, webmail clients, and container tools like Kubernetes and Cosign. Many of the identified issues carry high severity ratings because they could allow unprivileged users to escalate privileges or trigger memory corruption through malformed input files.

SUSE-SU-2026:1464-1: important: Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2026:1463-1: important: Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:1461-1: low: Security update for jetty-minimal
SUSE-SU-2026:1481-1: important: Security update for gegl
SUSE-SU-2026:1480-1: important: Security update for buildah
openSUSE-SU-2026:10580-1: moderate: python315-3.15.0~a8-2.1 on GA media
openSUSE-SU-2026:10579-1: moderate: python310-3.10.20-5.1 on GA media
openSUSE-SU-2026:0142-1: important: Security update for Botan
openSUSE-SU-2026:0141-1: important: Security update for roundcubemail
SUSE-SU-2026:1488-1: important: Security update for rekor
SUSE-SU-2026:1489-1: important: Security update for kubernetes-old
SUSE-SU-2026:1486-1: important: Security update for cosign
SUSE-SU-2026:1491-1: important: Security update for buildah
SUSE-SU-2026:1490-1: important: Security update for kubernetes
openSUSE-SU-2026:0144-1: important: Security update for roundcubemail




SUSE-SU-2026:1464-1: important: Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise 15 SP5)


# Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:1464-1
Release Date: 2026-04-20T07:34:17Z
Rating: important
References:

* bsc#1258396
* bsc#1259859

Cross-References:

* CVE-2026-23191
* CVE-2026-23268

CVSS scores:

* CVE-2026-23191 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.136 fixes
various security issues

The following security issues were fixed:

* CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396).
* CVE-2026-23268: apparmor: fix unprivileged local user can do privileged
policy management (bsc#1259859).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1459=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2026-1460=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2026-1462=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1460=1 SUSE-2026-1462=1 SUSE-2026-1459=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1464=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1464=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-15-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_33-debugsource-5-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_35-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_130-default-debuginfo-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-15-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_28-debugsource-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_130-default-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_136-default-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_136-default-debuginfo-4-150500.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_35-debugsource-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_33-debugsource-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_130-default-debuginfo-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-15-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_28-debugsource-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_130-default-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_136-default-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_136-default-debuginfo-4-150500.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-15-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-15-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-15-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-15-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-23191.html
* https://www.suse.com/security/cve/CVE-2026-23268.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258396
* https://bugzilla.suse.com/show_bug.cgi?id=1259859



SUSE-SU-2026:1463-1: important: Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP6)


# Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:1463-1
Release Date: 2026-04-20T06:34:20Z
Rating: important
References:

* bsc#1255066
* bsc#1259859

Cross-References:

* CVE-2025-40309
* CVE-2026-23268

CVSS scores:

* CVE-2025-40309 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.53 fixes
various security issues

The following security issues were fixed:

* CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066).
* CVE-2026-23268: apparmor: fix unprivileged local user can do privileged
policy management (bsc#1259859).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1463=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1463=1

## Package List:

* openSUSE Leap 15.6 (x86_64)
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-15-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-15-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-15-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x)
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-15-150600.2.2
* kernel-livepatch-6_4_0-150600_23_53-default-15-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-15-150600.2.2
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x)
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-15-150600.2.2
* kernel-livepatch-6_4_0-150600_23_53-default-15-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-15-150600.2.2
* SUSE Linux Enterprise Live Patching 15-SP6 (x86_64)
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-15-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-15-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-15-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-40309.html
* https://www.suse.com/security/cve/CVE-2026-23268.html
* https://bugzilla.suse.com/show_bug.cgi?id=1255066
* https://bugzilla.suse.com/show_bug.cgi?id=1259859



SUSE-SU-2026:1461-1: low: Security update for jetty-minimal


# Security update for jetty-minimal

Announcement ID: SUSE-SU-2026:1461-1
Release Date: 2026-04-20T05:47:00Z
Rating: low
References:

* bsc#1259242

Cross-References:

* CVE-2025-11143

CVSS scores:

* CVE-2025-11143 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-11143 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-11143 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-11143 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products:

* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for jetty-minimal fixes the following issues:

* CVE-2025-11143: Fixed different parsing of invalid URIs (bsc#1259242).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1461=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1461=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1461=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* jetty-jsp-9.4.58-150200.3.37.1
* jetty-javax-websocket-client-impl-9.4.58-150200.3.37.1
* jetty-minimal-javadoc-9.4.58-150200.3.37.1
* jetty-start-9.4.58-150200.3.37.1
* jetty-security-9.4.58-150200.3.37.1
* jetty-webapp-9.4.58-150200.3.37.1
* jetty-websocket-common-9.4.58-150200.3.37.1
* jetty-deploy-9.4.58-150200.3.37.1
* jetty-server-9.4.58-150200.3.37.1
* jetty-plus-9.4.58-150200.3.37.1
* jetty-jmx-9.4.58-150200.3.37.1
* jetty-util-9.4.58-150200.3.37.1
* jetty-cdi-9.4.58-150200.3.37.1
* jetty-http-spi-9.4.58-150200.3.37.1
* jetty-project-9.4.58-150200.3.37.1
* jetty-websocket-servlet-9.4.58-150200.3.37.1
* jetty-annotations-9.4.58-150200.3.37.1
* jetty-io-9.4.58-150200.3.37.1
* jetty-continuation-9.4.58-150200.3.37.1
* jetty-javax-websocket-server-impl-9.4.58-150200.3.37.1
* jetty-jaas-9.4.58-150200.3.37.1
* jetty-jndi-9.4.58-150200.3.37.1
* jetty-websocket-server-9.4.58-150200.3.37.1
* jetty-servlet-9.4.58-150200.3.37.1
* jetty-proxy-9.4.58-150200.3.37.1
* jetty-websocket-client-9.4.58-150200.3.37.1
* jetty-xml-9.4.58-150200.3.37.1
* jetty-ant-9.4.58-150200.3.37.1
* jetty-rewrite-9.4.58-150200.3.37.1
* jetty-servlets-9.4.58-150200.3.37.1
* jetty-util-ajax-9.4.58-150200.3.37.1
* jetty-openid-9.4.58-150200.3.37.1
* jetty-http-9.4.58-150200.3.37.1
* jetty-websocket-api-9.4.58-150200.3.37.1
* jetty-websocket-javadoc-9.4.58-150200.3.37.1
* jetty-fcgi-9.4.58-150200.3.37.1
* jetty-quickstart-9.4.58-150200.3.37.1
* jetty-client-9.4.58-150200.3.37.1
* Development Tools Module 15-SP7 (noarch)
* jetty-util-9.4.58-150200.3.37.1
* jetty-util-ajax-9.4.58-150200.3.37.1
* jetty-http-9.4.58-150200.3.37.1
* jetty-servlet-9.4.58-150200.3.37.1
* jetty-security-9.4.58-150200.3.37.1
* jetty-server-9.4.58-150200.3.37.1
* jetty-io-9.4.58-150200.3.37.1
* SUSE Package Hub 15 15-SP7 (noarch)
* jetty-continuation-9.4.58-150200.3.37.1

## References:

* https://www.suse.com/security/cve/CVE-2025-11143.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259242



SUSE-SU-2026:1481-1: important: Security update for gegl


# Security update for gegl

Announcement ID: SUSE-SU-2026:1481-1
Release Date: 2026-04-20T10:09:56Z
Rating: important
References:

* bsc#1259749

Cross-References:

* CVE-2026-2049

CVSS scores:

* CVE-2026-2049 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-2049 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Linux Enterprise Workstation Extension 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for gegl fixes the following issue:

* CVE-2026-2049: improper validation of the length of user-supplied data when
parsing HDR files can lead to a heap buffer overflow (bsc#1259749).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Workstation Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1481=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1481=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1481=1

## Package List:

* SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64)
* gegl-debuginfo-0.4.46-150600.4.8.2
* gegl-0_4-0.4.46-150600.4.8.2
* gegl-debugsource-0.4.46-150600.4.8.2
* gegl-0_4-debuginfo-0.4.46-150600.4.8.2
* libgegl-0_4-0-0.4.46-150600.4.8.2
* libgegl-0_4-0-debuginfo-0.4.46-150600.4.8.2
* typelib-1_0-Gegl-0_4-0.4.46-150600.4.8.2
* gegl-devel-0.4.46-150600.4.8.2
* SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch)
* gegl-0_4-lang-0.4.46-150600.4.8.2
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* gegl-debuginfo-0.4.46-150600.4.8.2
* gegl-0_4-0.4.46-150600.4.8.2
* gegl-debugsource-0.4.46-150600.4.8.2
* gegl-0_4-debuginfo-0.4.46-150600.4.8.2
* gegl-doc-0.4.46-150600.4.8.2
* libgegl-0_4-0-0.4.46-150600.4.8.2
* libgegl-0_4-0-debuginfo-0.4.46-150600.4.8.2
* typelib-1_0-Gegl-0_4-0.4.46-150600.4.8.2
* gegl-devel-0.4.46-150600.4.8.2
* gegl-0.4.46-150600.4.8.2
* openSUSE Leap 15.6 (noarch)
* gegl-0_4-lang-0.4.46-150600.4.8.2
* openSUSE Leap 15.6 (x86_64)
* libgegl-0_4-0-32bit-debuginfo-0.4.46-150600.4.8.2
* libgegl-0_4-0-32bit-0.4.46-150600.4.8.2
* openSUSE Leap 15.6 (aarch64_ilp32)
* libgegl-0_4-0-64bit-debuginfo-0.4.46-150600.4.8.2
* libgegl-0_4-0-64bit-0.4.46-150600.4.8.2
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x)
* gegl-debuginfo-0.4.46-150600.4.8.2
* gegl-0_4-0.4.46-150600.4.8.2
* gegl-debugsource-0.4.46-150600.4.8.2
* gegl-0_4-debuginfo-0.4.46-150600.4.8.2
* gegl-doc-0.4.46-150600.4.8.2
* libgegl-0_4-0-0.4.46-150600.4.8.2
* libgegl-0_4-0-debuginfo-0.4.46-150600.4.8.2
* typelib-1_0-Gegl-0_4-0.4.46-150600.4.8.2
* gegl-devel-0.4.46-150600.4.8.2
* gegl-0.4.46-150600.4.8.2
* SUSE Package Hub 15 15-SP7 (noarch)
* gegl-0_4-lang-0.4.46-150600.4.8.2

## References:

* https://www.suse.com/security/cve/CVE-2026-2049.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259749



SUSE-SU-2026:1480-1: important: Security update for buildah


# Security update for buildah

Announcement ID: SUSE-SU-2026:1480-1
Release Date: 2026-04-20T10:09:40Z
Rating: important
References:

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that can now be installed.

## Description:

This update for buildah rebuilds it against the current go 1.25 security
release.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1480=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1480=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1480=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1480=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1480=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* buildah-1.35.5-150400.3.61.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* buildah-1.35.5-150400.3.61.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* buildah-1.35.5-150400.3.61.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150400.3.61.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* buildah-1.35.5-150400.3.61.1



openSUSE-SU-2026:10580-1: moderate: python315-3.15.0~a8-2.1 on GA media


# python315-3.15.0~a8-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10580-1
Rating: moderate

Cross-References:

* CVE-2026-3446

CVSS scores:

* CVE-2026-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-3446 ( SUSE ): 6 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python315-3.15.0~a8-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python315 3.15.0~a8-2.1
* python315-curses 3.15.0~a8-2.1
* python315-dbm 3.15.0~a8-2.1
* python315-idle 3.15.0~a8-2.1
* python315-profiling 3.15.0~a8-2.1
* python315-tk 3.15.0~a8-2.1
* python315-x86-64-v3 3.15.0~a8-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-3446.html



openSUSE-SU-2026:10579-1: moderate: python310-3.10.20-5.1 on GA media


# python310-3.10.20-5.1 on GA media

Announcement ID: openSUSE-SU-2026:10579-1
Rating: moderate

Cross-References:

* CVE-2026-3446

CVSS scores:

* CVE-2026-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-3446 ( SUSE ): 6 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python310-3.10.20-5.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python310 3.10.20-5.1
* python310-curses 3.10.20-5.1
* python310-dbm 3.10.20-5.1
* python310-idle 3.10.20-5.1
* python310-tk 3.10.20-5.1

## References:

* https://www.suse.com/security/cve/CVE-2026-3446.html



openSUSE-SU-2026:0142-1: important: Security update for Botan


openSUSE Security Update: Security update for Botan
_______________________________

Announcement ID: openSUSE-SU-2026:0142-1
Rating: important
References: #1261880
Cross-References: CVE-2026-34582
CVSS scores:
CVE-2026-34582 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for Botan fixes the following issues:

- CVE-2026-34582: client authentication bypass in TLS 1.3 implementation
(boo#1261880)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-142=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

Botan-3.5.0-bp157.2.3.1
libbotan-3-5-3.5.0-bp157.2.3.1
libbotan-devel-3.5.0-bp157.2.3.1
python3-botan-3.5.0-bp157.2.3.1

- openSUSE Backports SLE-15-SP7 (aarch64_ilp32):

libbotan-3-5-64bit-3.5.0-bp157.2.3.1
libbotan-devel-64bit-3.5.0-bp157.2.3.1

- openSUSE Backports SLE-15-SP7 (x86_64):

libbotan-3-5-32bit-3.5.0-bp157.2.3.1
libbotan-devel-32bit-3.5.0-bp157.2.3.1

- openSUSE Backports SLE-15-SP7 (noarch):

Botan-doc-3.5.0-bp157.2.3.1

References:

https://www.suse.com/security/cve/CVE-2026-34582.html
https://bugzilla.suse.com/1261880



openSUSE-SU-2026:0141-1: important: Security update for roundcubemail


openSUSE Security Update: Security update for roundcubemail
_______________________________

Announcement ID: openSUSE-SU-2026:0141-1
Rating: important
References: #1261157 #1261488
Cross-References: CVE-2026-35537
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for roundcubemail fixes the following issues:

- update to 1.6.15 This is a security update to the stable version 1.6 of
Roundcube Webmail. It provides fixes to some regressions introduced in
the previous release as well a recently reported security vulnerability:
SVG Animate FUNCIRI Attribute Bypass ??? Remote Image Loading via
fill/filter/stroke, reported by class_nzm. This version is considered
stable and we recommend to update all productive installations of
Roundcube 1.6.x with it. Please do backup your data before updating!
+ Fix regression where mail search would fail on non-ascii search
criteria (#10121)
+ Fix regression where some data url images could get ignored/lost
(#10128)
+ Fix SVG Animate FUNCIRI Attribute Bypass ??? Remote Image Loading via
fill/filter/stroke (boo#1261157)

- update to 1.6.14 This is a security update to the stable version 1.6 of
Roundcube Webmail.
+ Fix Postgres connection using IPv6 address (#10104)
+ Security: Fix pre-auth arbitrary file write via unsafe deserialization
in redis/memcache session handler (boo#1261488, CVE-2026-35537)
+ Security: Fix bug where a password could get changed without providing
the old password
+ Security: Fix IMAP Injection + CSRF bypass in mail search
+ Security: Fix remote image blocking bypass via various SVG animate
attributes
+ Security: Fix remote image blocking bypass via a crafted body
background attribute
+ Security: Fix fixed position mitigation bypass via use of !important
+ Security: Fix XSS issue in a HTML attachment preview
+ Security: Fix SSRF + Information Disclosure via stylesheet links to a
local network hosts

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-141=1

Package List:

- openSUSE Backports SLE-15-SP7 (noarch):

roundcubemail-1.6.15-bp157.2.9.1

References:

https://www.suse.com/security/cve/CVE-2026-35537.html
https://bugzilla.suse.com/1261157
https://bugzilla.suse.com/1261488



SUSE-SU-2026:1488-1: important: Security update for rekor


# Security update for rekor

Announcement ID: SUSE-SU-2026:1488-1
Release Date: 2026-04-20T15:54:29Z
Rating: important
References:

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that can now be installed.

## Description:

This update for rekor rebuilds it against the current go 1.25 security release.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1488=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1488=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1488=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1488=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1488=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1488=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1488=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1488=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1488=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1488=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1488=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1488=1

## Package List:

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* rekor-1.4.3-150400.4.30.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* rekor-1.4.3-150400.4.30.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* rekor-1.4.3-150400.4.30.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* rekor-1.4.3-150400.4.30.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* rekor-1.4.3-150400.4.30.1
* rekor-debuginfo-1.4.3-150400.4.30.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* rekor-1.4.3-150400.4.30.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* rekor-1.4.3-150400.4.30.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* rekor-1.4.3-150400.4.30.1
* rekor-debuginfo-1.4.3-150400.4.30.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* rekor-1.4.3-150400.4.30.1
* rekor-debuginfo-1.4.3-150400.4.30.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* rekor-1.4.3-150400.4.30.1
* rekor-debuginfo-1.4.3-150400.4.30.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* rekor-1.4.3-150400.4.30.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* rekor-1.4.3-150400.4.30.1



SUSE-SU-2026:1489-1: important: Security update for kubernetes-old


# Security update for kubernetes-old

Announcement ID: SUSE-SU-2026:1489-1
Release Date: 2026-04-20T15:54:39Z
Rating: important
References:

Affected Products:

* Containers Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that can now be installed.

## Description:

This update for kubernetes-old rebuilds it against the current go 1.25 security
release.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1489=1

* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1489=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* kubernetes1.33-client-1.33.7-150600.13.27.1
* kubernetes1.33-client-common-1.33.7-150600.13.27.1
* openSUSE Leap 15.6 (noarch)
* kubernetes1.33-client-bash-completion-1.33.7-150600.13.27.1
* kubernetes1.33-client-fish-completion-1.33.7-150600.13.27.1
* Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* kubernetes1.33-client-1.33.7-150600.13.27.1
* kubernetes1.33-client-common-1.33.7-150600.13.27.1
* Containers Module 15-SP7 (noarch)
* kubernetes1.33-client-bash-completion-1.33.7-150600.13.27.1



SUSE-SU-2026:1486-1: important: Security update for cosign


# Security update for cosign

Announcement ID: SUSE-SU-2026:1486-1
Release Date: 2026-04-20T15:51:24Z
Rating: important
References:

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that can now be installed.

## Description:

This update for cosign rebuilds it against the current go 1.25 security release.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1486=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1486=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1486=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1486=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1486=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1486=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1486=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1486=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1486=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1486=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1486=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1486=1

## Package List:

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* cosign-3.0.5-150400.3.39.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* cosign-3.0.5-150400.3.39.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* cosign-3.0.5-150400.3.39.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* cosign-3.0.5-150400.3.39.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* cosign-3.0.5-150400.3.39.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* cosign-debuginfo-3.0.5-150400.3.39.1
* cosign-3.0.5-150400.3.39.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* cosign-3.0.5-150400.3.39.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* cosign-3.0.5-150400.3.39.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* cosign-debuginfo-3.0.5-150400.3.39.1
* cosign-3.0.5-150400.3.39.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* cosign-debuginfo-3.0.5-150400.3.39.1
* cosign-3.0.5-150400.3.39.1
* openSUSE Leap 15.4 (noarch)
* cosign-bash-completion-3.0.5-150400.3.39.1
* cosign-zsh-completion-3.0.5-150400.3.39.1
* cosign-fish-completion-3.0.5-150400.3.39.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* cosign-debuginfo-3.0.5-150400.3.39.1
* cosign-3.0.5-150400.3.39.1
* Basesystem Module 15-SP7 (noarch)
* cosign-bash-completion-3.0.5-150400.3.39.1
* cosign-zsh-completion-3.0.5-150400.3.39.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* cosign-3.0.5-150400.3.39.1



SUSE-SU-2026:1491-1: important: Security update for buildah


# Security update for buildah

Announcement ID: SUSE-SU-2026:1491-1
Release Date: 2026-04-20T15:55:20Z
Rating: important
References:

Affected Products:

* Containers Module 15-SP7
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that can now be installed.

## Description:

This update for buildah rebuilds it against the current go 1.25 security
release.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1491=1

* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1491=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1491=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1491=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1491=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1491=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1491=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1491=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* buildah-1.35.5-150500.3.55.1
* Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.55.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* buildah-1.35.5-150500.3.55.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* buildah-1.35.5-150500.3.55.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.55.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.55.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* buildah-1.35.5-150500.3.55.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* buildah-1.35.5-150500.3.55.1



SUSE-SU-2026:1490-1: important: Security update for kubernetes


# Security update for kubernetes

Announcement ID: SUSE-SU-2026:1490-1
Release Date: 2026-04-20T15:54:48Z
Rating: important
References:

Affected Products:

* Containers Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that can now be installed.

## Description:

This update for kubernetes rebuilds it against the current go 1.25 security
release.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1490=1

* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1490=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* kubernetes1.35-client-common-1.35.0-150600.13.29.1
* kubernetes1.35-client-1.35.0-150600.13.29.1
* openSUSE Leap 15.6 (noarch)
* kubernetes1.35-client-bash-completion-1.35.0-150600.13.29.1
* kubernetes1.35-client-fish-completion-1.35.0-150600.13.29.1
* Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* kubernetes1.35-client-common-1.35.0-150600.13.29.1
* kubernetes1.35-client-1.35.0-150600.13.29.1
* Containers Module 15-SP7 (noarch)
* kubernetes1.35-client-bash-completion-1.35.0-150600.13.29.1



openSUSE-SU-2026:0144-1: important: Security update for roundcubemail


openSUSE Security Update: Security update for roundcubemail
_______________________________

Announcement ID: openSUSE-SU-2026:0144-1
Rating: important
References: #1261157 #1261488
Cross-References: CVE-2026-35537
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for roundcubemail fixes the following issues:

- update to 1.6.15 This is a security update to the stable version 1.6 of
Roundcube Webmail. It provides fixes to some regressions introduced in
the previous release as well a recently reported security vulnerability:
SVG Animate FUNCIRI Attribute Bypass ??? Remote Image Loading via
fill/filter/stroke, reported by class_nzm. This version is considered
stable and we recommend to update all productive installations of
Roundcube 1.6.x with it. Please do backup your data before updating!
+ Fix regression where mail search would fail on non-ascii search
criteria (#10121)
+ Fix regression where some data url images could get ignored/lost
(#10128)
+ Fix SVG Animate FUNCIRI Attribute Bypass ??? Remote Image Loading via
fill/filter/stroke (boo#1261157)

- update to 1.6.14 This is a security update to the stable version 1.6 of
Roundcube Webmail.
+ Fix Postgres connection using IPv6 address (#10104)
+ Security: Fix pre-auth arbitrary file write via unsafe deserialization
in redis/memcache session handler (boo#1261488, CVE-2026-35537)
+ Security: Fix bug where a password could get changed without providing
the old password
+ Security: Fix IMAP Injection + CSRF bypass in mail search
+ Security: Fix remote image blocking bypass via various SVG animate
attributes
+ Security: Fix remote image blocking bypass via a crafted body
background attribute
+ Security: Fix fixed position mitigation bypass via use of !important
+ Security: Fix XSS issue in a HTML attachment preview
+ Security: Fix SSRF + Information Disclosure via stylesheet links to a
local network hosts

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2026-144=1

Package List:

- openSUSE Backports SLE-15-SP6 (noarch):

roundcubemail-1.6.15-bp156.2.15.1

References:

https://www.suse.com/security/cve/CVE-2026-35537.html
https://bugzilla.suse.com/1261157
https://bugzilla.suse.com/1261488


Libarchive, OpenEXR, Squid, and more security updates for RHEL

Fedora Linux 44 RC 1.5 released

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...