Kernel Live Patches, Apptainer, BIND, and OpenSSL updates for SUSE

SUSE 5688 Published by

SUSE pushed out a heavy batch of security patches covering the Linux kernel, Xen, and Apptainer across SLES and openSUSE Leap. The kernel live updates target a familiar set of network and file system flaws, and while most admins just want to get back to their actual coding projects, the Apptainer roll alone tackles nineteen separate vulnerabilities tied to SSH handling and certificate validation.

SUSE-SU-2026:2601-1: important: Security update for the Linux Kernel (Live Patch 38 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2026:2607-1: important: Security update for the Linux Kernel (Live Patch 44 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2026:2608-1: important: Security update for the Linux Kernel (Live Patch 24 for SUSE Linux Enterprise 15 SP6)
openSUSE-SU-2026:11084-1: moderate: ghc-crypton-x509-system-1.9.0-1.1 on GA media
openSUSE-SU-2026:11091-1: moderate: kubevirt1.8-container-disk-1.8.3-1.1 on GA media
openSUSE-SU-2026:11089-1: moderate: hamlib-4.7.2-1.1 on GA media
openSUSE-SU-2026:11088-1: moderate: gstreamer-plugins-bad-1.28.4+24-1.1 on GA media
openSUSE-SU-2026:11083-1: moderate: ghc-crypton-x509-store-1.9.0-1.1 on GA media
SUSE-SU-2026:2613-1: important: Security update for xen
SUSE-SU-2026:2609-1: important: Security update for apptainer
SUSE-SU-2026:2616-1: important: Security update for bind
SUSE-SU-2026:2614-1: important: Security update for openssl-1_1
SUSE-SU-2026:2617-1: important: Security update for bind
SUSE-SU-2026:2620-1: low: Security update for iproute2
SUSE-SU-2026:2621-1: important: Security update for openssl-1_1-livepatches
SUSE-SU-2026:2610-1: important: Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:2625-1: moderate: Security update for GraphicsMagick




SUSE-SU-2026:2601-1: important: Security update for the Linux Kernel (Live Patch 38 for SUSE Linux Enterprise 15 SP5)


# Security update for the Linux Kernel (Live Patch 38 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:2601-1
Release Date: 2026-06-23T17:04:54Z
Rating: important
References:

* bsc#1261640
* bsc#1263088
* bsc#1263902
* bsc#1266229
* bsc#1268282

Cross-References:

* CVE-2026-31402
* CVE-2026-31504
* CVE-2026-31694
* CVE-2026-43503
* CVE-2026-46323

CVSS scores:

* CVE-2026-31402 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-31402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31504 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43503 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.149 fixes
various security issues

The following security issues were fixed:

* CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
(bsc#1261640).
* CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race
(bsc#1263088).
* CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
* CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
* CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2602=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2601=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-2602=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2601=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_179-default-debuginfo-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_179-default-13-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_45-debugsource-13-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_179-default-debuginfo-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_179-default-13-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_45-debugsource-13-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_149-default-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_38-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_149-default-debuginfo-4-150500.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_149-default-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_38-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_149-default-debuginfo-4-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-31402.html
* https://www.suse.com/security/cve/CVE-2026-31504.html
* https://www.suse.com/security/cve/CVE-2026-31694.html
* https://www.suse.com/security/cve/CVE-2026-43503.html
* https://www.suse.com/security/cve/CVE-2026-46323.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261640
* https://bugzilla.suse.com/show_bug.cgi?id=1263088
* https://bugzilla.suse.com/show_bug.cgi?id=1263902
* https://bugzilla.suse.com/show_bug.cgi?id=1266229
* https://bugzilla.suse.com/show_bug.cgi?id=1268282



SUSE-SU-2026:2607-1: important: Security update for the Linux Kernel (Live Patch 44 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 44 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:2607-1
Release Date: 2026-06-24T07:34:15Z
Rating: important
References:

* bsc#1261640
* bsc#1263088
* bsc#1263902
* bsc#1266229
* bsc#1268282

Cross-References:

* CVE-2026-31402
* CVE-2026-31504
* CVE-2026-31694
* CVE-2026-43503
* CVE-2026-46323

CVSS scores:

* CVE-2026-31402 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-31402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31504 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43503 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.176 fixes
various security issues

The following security issues were fixed:

* CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
(bsc#1261640).
* CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race
(bsc#1263088).
* CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
* CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
* CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2607=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2607=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_176-default-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-15-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_44-debugsource-15-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_176-default-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-15-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_44-debugsource-15-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-31402.html
* https://www.suse.com/security/cve/CVE-2026-31504.html
* https://www.suse.com/security/cve/CVE-2026-31694.html
* https://www.suse.com/security/cve/CVE-2026-43503.html
* https://www.suse.com/security/cve/CVE-2026-46323.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261640
* https://bugzilla.suse.com/show_bug.cgi?id=1263088
* https://bugzilla.suse.com/show_bug.cgi?id=1263902
* https://bugzilla.suse.com/show_bug.cgi?id=1266229
* https://bugzilla.suse.com/show_bug.cgi?id=1268282



SUSE-SU-2026:2608-1: important: Security update for the Linux Kernel (Live Patch 24 for SUSE Linux Enterprise 15 SP6)


# Security update for the Linux Kernel (Live Patch 24 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:2608-1
Release Date: 2026-06-24T07:34:36Z
Rating: important
References:

* bsc#1261640
* bsc#1263088
* bsc#1263902
* bsc#1266229
* bsc#1267625
* bsc#1268282

Cross-References:

* CVE-2026-31402
* CVE-2026-31504
* CVE-2026-31694
* CVE-2026-43503
* CVE-2026-46323

CVSS scores:

* CVE-2026-31402 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-31402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31504 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43503 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves five vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.103 fixes
various security issues

The following security issues were fixed:

* CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
(bsc#1261640).
* CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race
(bsc#1263088).
* CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
* CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
* CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
* net/sched: fix pedit partial COW leading to page cache (bsc#1267625).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2608=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-2608=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_103-default-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_103-default-debuginfo-3-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_24-debugsource-3-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_103-default-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_103-default-debuginfo-3-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_24-debugsource-3-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-31402.html
* https://www.suse.com/security/cve/CVE-2026-31504.html
* https://www.suse.com/security/cve/CVE-2026-31694.html
* https://www.suse.com/security/cve/CVE-2026-43503.html
* https://www.suse.com/security/cve/CVE-2026-46323.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261640
* https://bugzilla.suse.com/show_bug.cgi?id=1263088
* https://bugzilla.suse.com/show_bug.cgi?id=1263902
* https://bugzilla.suse.com/show_bug.cgi?id=1266229
* https://bugzilla.suse.com/show_bug.cgi?id=1267625
* https://bugzilla.suse.com/show_bug.cgi?id=1268282



openSUSE-SU-2026:11084-1: moderate: ghc-crypton-x509-system-1.9.0-1.1 on GA media


# ghc-crypton-x509-system-1.9.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11084-1
Rating: moderate

Cross-References:

* CVE-2026-9648

CVSS scores:

* CVE-2026-9648 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ghc-crypton-x509-system-1.9.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ghc-crypton-x509-system 1.9.0-1.1
* ghc-crypton-x509-system-devel 1.9.0-1.1
* ghc-crypton-x509-system-doc 1.9.0-1.1
* ghc-crypton-x509-system-prof 1.9.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-9648.html



openSUSE-SU-2026:11091-1: moderate: kubevirt1.8-container-disk-1.8.3-1.1 on GA media


# kubevirt1.8-container-disk-1.8.3-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11091-1
Rating: moderate

Cross-References:

* CVE-2021-43565
* CVE-2023-26484
* CVE-2023-44487
* CVE-2024-33394
* CVE-2025-22872
* CVE-2025-64433
* CVE-2025-64437
* CVE-2026-33186
* CVE-2026-9804

CVSS scores:

* CVE-2021-43565 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-26484 ( SUSE ): 8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-33394 ( SUSE ): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-22872 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
* CVE-2025-22872 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
* CVE-2025-64433 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-64433 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-64437 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-64437 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-9804 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 9 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the kubevirt1.8-container-disk-1.8.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* kubevirt1.8-container-disk 1.8.3-1.1
* kubevirt1.8-manifests 1.8.3-1.1
* kubevirt1.8-pr-helper-conf 1.8.3-1.1
* kubevirt1.8-sidecar-shim 1.8.3-1.1
* kubevirt1.8-tests 1.8.3-1.1
* kubevirt1.8-virt-api 1.8.3-1.1
* kubevirt1.8-virt-controller 1.8.3-1.1
* kubevirt1.8-virt-exportproxy 1.8.3-1.1
* kubevirt1.8-virt-exportserver 1.8.3-1.1
* kubevirt1.8-virt-handler 1.8.3-1.1
* kubevirt1.8-virt-launcher 1.8.3-1.1
* kubevirt1.8-virt-operator 1.8.3-1.1
* kubevirt1.8-virt-synchronization-controller 1.8.3-1.1
* kubevirt1.8-virtctl 1.8.3-1.1
* obs-service-kubevirt1.8_containers_meta 1.8.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2021-43565.html
* https://www.suse.com/security/cve/CVE-2023-26484.html
* https://www.suse.com/security/cve/CVE-2023-44487.html
* https://www.suse.com/security/cve/CVE-2024-33394.html
* https://www.suse.com/security/cve/CVE-2025-22872.html
* https://www.suse.com/security/cve/CVE-2025-64433.html
* https://www.suse.com/security/cve/CVE-2025-64437.html
* https://www.suse.com/security/cve/CVE-2026-33186.html
* https://www.suse.com/security/cve/CVE-2026-9804.html



openSUSE-SU-2026:11089-1: moderate: hamlib-4.7.2-1.1 on GA media


# hamlib-4.7.2-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11089-1
Rating: moderate

Cross-References:

* CVE-2026-54634

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the hamlib-4.7.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* hamlib 4.7.2-1.1
* hamlib-devel 4.7.2-1.1
* libhamlib++4 4.7.2-1.1
* libhamlib4 4.7.2-1.1
* lua-Hamliblua 4.7.2-1.1
* perl-Hamlib 4.7.2-1.1
* python3-Hamlib 4.7.2-1.1
* tcl-Hamlib 4.7.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-54634.html



openSUSE-SU-2026:11088-1: moderate: gstreamer-plugins-bad-1.28.4+24-1.1 on GA media


# gstreamer-plugins-bad-1.28.4+24-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11088-1
Rating: moderate

Cross-References:

* CVE-2026-52718
* CVE-2026-52720

CVSS scores:

* CVE-2026-52718 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-52720 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the gstreamer-plugins-bad-1.28.4+24-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* gstreamer-plugins-bad 1.28.4+24-1.1
* gstreamer-plugins-bad-32bit 1.28.4+24-1.1
* gstreamer-plugins-bad-chromaprint 1.28.4+24-1.1
* gstreamer-plugins-bad-chromaprint-32bit 1.28.4+24-1.1
* gstreamer-plugins-bad-devel 1.28.4+24-1.1
* gstreamer-plugins-bad-extra 1.28.4+24-1.1
* gstreamer-plugins-bad-fluidsynth 1.28.4+24-1.1
* gstreamer-plugins-bad-fluidsynth-32bit 1.28.4+24-1.1
* gstreamer-plugins-bad-lang 1.28.4+24-1.1
* gstreamer-transcoder 1.28.4+24-1.1
* gstreamer-transcoder-devel 1.28.4+24-1.1
* libgstadaptivedemux-1_0-0 1.28.4+24-1.1
* libgstadaptivedemux-1_0-0-32bit 1.28.4+24-1.1
* libgstanalytics-1_0-0 1.28.4+24-1.1
* libgstanalytics-1_0-0-32bit 1.28.4+24-1.1
* libgstbadaudio-1_0-0 1.28.4+24-1.1
* libgstbadaudio-1_0-0-32bit 1.28.4+24-1.1
* libgstbasecamerabinsrc-1_0-0 1.28.4+24-1.1
* libgstbasecamerabinsrc-1_0-0-32bit 1.28.4+24-1.1
* libgstcodecparsers-1_0-0 1.28.4+24-1.1
* libgstcodecparsers-1_0-0-32bit 1.28.4+24-1.1
* libgstcodecs-1_0-0 1.28.4+24-1.1
* libgstcodecs-1_0-0-32bit 1.28.4+24-1.1
* libgstcuda-1_0-0 1.28.4+24-1.1
* libgstcuda-1_0-0-32bit 1.28.4+24-1.1
* libgstdxva-1_0-0 1.28.4+24-1.1
* libgstdxva-1_0-0-32bit 1.28.4+24-1.1
* libgsthip-1_0-0 1.28.4+24-1.1
* libgsthip-1_0-0-32bit 1.28.4+24-1.1
* libgstinsertbin-1_0-0 1.28.4+24-1.1
* libgstinsertbin-1_0-0-32bit 1.28.4+24-1.1
* libgstisoff-1_0-0 1.28.4+24-1.1
* libgstisoff-1_0-0-32bit 1.28.4+24-1.1
* libgstmpegts-1_0-0 1.28.4+24-1.1
* libgstmpegts-1_0-0-32bit 1.28.4+24-1.1
* libgstmse-1_0-0 1.28.4+24-1.1
* libgstmse-1_0-0-32bit 1.28.4+24-1.1
* libgstphotography-1_0-0 1.28.4+24-1.1
* libgstphotography-1_0-0-32bit 1.28.4+24-1.1
* libgstplay-1_0-0 1.28.4+24-1.1
* libgstplay-1_0-0-32bit 1.28.4+24-1.1
* libgstplayer-1_0-0 1.28.4+24-1.1
* libgstplayer-1_0-0-32bit 1.28.4+24-1.1
* libgstsctp-1_0-0 1.28.4+24-1.1
* libgstsctp-1_0-0-32bit 1.28.4+24-1.1
* libgsttranscoder-1_0-0 1.28.4+24-1.1
* libgsttranscoder-1_0-0-32bit 1.28.4+24-1.1
* libgsturidownloader-1_0-0 1.28.4+24-1.1
* libgsturidownloader-1_0-0-32bit 1.28.4+24-1.1
* libgstva-1_0-0 1.28.4+24-1.1
* libgstva-1_0-0-32bit 1.28.4+24-1.1
* libgstvulkan-1_0-0 1.28.4+24-1.1
* libgstvulkan-1_0-0-32bit 1.28.4+24-1.1
* libgstwayland-1_0-0 1.28.4+24-1.1
* libgstwayland-1_0-0-32bit 1.28.4+24-1.1
* libgstwebrtc-1_0-0 1.28.4+24-1.1
* libgstwebrtc-1_0-0-32bit 1.28.4+24-1.1
* libgstwebrtcnice-1_0-0 1.28.4+24-1.1
* libgstwebrtcnice-1_0-0-32bit 1.28.4+24-1.1
* typelib-1_0-CudaGst-1_0 1.28.4+24-1.1
* typelib-1_0-GstAnalytics-1_0 1.28.4+24-1.1
* typelib-1_0-GstBadAudio-1_0 1.28.4+24-1.1
* typelib-1_0-GstCodecParsers-1_0 1.28.4+24-1.1
* typelib-1_0-GstCodecs-1_0 1.28.4+24-1.1
* typelib-1_0-GstCuda-1_0 1.28.4+24-1.1
* typelib-1_0-GstDxva-1_0 1.28.4+24-1.1
* typelib-1_0-GstHip-1_0 1.28.4+24-1.1
* typelib-1_0-GstHipGL-1_0 1.28.4+24-1.1
* typelib-1_0-GstInsertBin-1_0 1.28.4+24-1.1
* typelib-1_0-GstMpegts-1_0 1.28.4+24-1.1
* typelib-1_0-GstMse-1_0 1.28.4+24-1.1
* typelib-1_0-GstPlay-1_0 1.28.4+24-1.1
* typelib-1_0-GstPlayer-1_0 1.28.4+24-1.1
* typelib-1_0-GstTranscoder-1_0 1.28.4+24-1.1
* typelib-1_0-GstVa-1_0 1.28.4+24-1.1
* typelib-1_0-GstVulkan-1_0 1.28.4+24-1.1
* typelib-1_0-GstVulkanWayland-1_0 1.28.4+24-1.1
* typelib-1_0-GstVulkanXCB-1_0 1.28.4+24-1.1
* typelib-1_0-GstWebRTC-1_0 1.28.4+24-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-52718.html
* https://www.suse.com/security/cve/CVE-2026-52720.html



openSUSE-SU-2026:11083-1: moderate: ghc-crypton-x509-store-1.9.0-1.1 on GA media


# ghc-crypton-x509-store-1.9.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11083-1
Rating: moderate

Cross-References:

* CVE-2026-9648

CVSS scores:

* CVE-2026-9648 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ghc-crypton-x509-store-1.9.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ghc-crypton-x509-store 1.9.0-1.1
* ghc-crypton-x509-store-devel 1.9.0-1.1
* ghc-crypton-x509-store-doc 1.9.0-1.1
* ghc-crypton-x509-store-prof 1.9.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-9648.html



SUSE-SU-2026:2613-1: important: Security update for xen


# Security update for xen

Announcement ID: SUSE-SU-2026:2613-1
Release Date: 2026-06-24T09:01:48Z
Rating: important
References:

* bsc#1264066
* bsc#1266952
* bsc#1266953
* bsc#1266955

Cross-References:

* CVE-2025-54518
* CVE-2026-42487
* CVE-2026-42488
* CVE-2026-42489
* CVE-2026-42490

CVSS scores:

* CVE-2025-54518 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-54518 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-54518 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-42487 ( SUSE ): 8.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-42487 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-42487 ( NVD ): 7.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
* CVE-2026-42488 ( SUSE ): 8.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-42488 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-42488 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-42489 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
* CVE-2026-42489 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
* CVE-2026-42489 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
* CVE-2026-42490 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
* CVE-2026-42490 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42490 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves five vulnerabilities can now be installed.

## Description:

This update for xen fixes the following issues

* CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264066).
* CVE-2026-42487: x86 HVM I/O port list traversal (bsc#1266952).
* CVE-2026-42488: x86: mismatched mapcache metadata (bsc#1266955).
* CVE-2026-42489,CVE-2026-42490: domctl lock open to abuse (bsc#1266953).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2613=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2613=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2613=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2613=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2613=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2613=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2613=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2613=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2613=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* xen-4.16.7_10-150400.4.86.2
* xen-tools-domU-4.16.7_10-150400.4.86.2
* xen-libs-debuginfo-4.16.7_10-150400.4.86.2
* xen-tools-debuginfo-4.16.7_10-150400.4.86.2
* xen-devel-4.16.7_10-150400.4.86.2
* xen-debugsource-4.16.7_10-150400.4.86.2
* xen-tools-domU-debuginfo-4.16.7_10-150400.4.86.2
* xen-libs-4.16.7_10-150400.4.86.2
* xen-tools-4.16.7_10-150400.4.86.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* xen-tools-xendomains-wait-disk-4.16.7_10-150400.4.86.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* xen-4.16.7_10-150400.4.86.2
* xen-tools-domU-4.16.7_10-150400.4.86.2
* xen-libs-debuginfo-4.16.7_10-150400.4.86.2
* xen-tools-debuginfo-4.16.7_10-150400.4.86.2
* xen-devel-4.16.7_10-150400.4.86.2
* xen-debugsource-4.16.7_10-150400.4.86.2
* xen-tools-domU-debuginfo-4.16.7_10-150400.4.86.2
* xen-libs-4.16.7_10-150400.4.86.2
* xen-tools-4.16.7_10-150400.4.86.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* xen-tools-xendomains-wait-disk-4.16.7_10-150400.4.86.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* xen-4.16.7_10-150400.4.86.2
* xen-tools-domU-4.16.7_10-150400.4.86.2
* xen-libs-debuginfo-4.16.7_10-150400.4.86.2
* xen-tools-debuginfo-4.16.7_10-150400.4.86.2
* xen-devel-4.16.7_10-150400.4.86.2
* xen-debugsource-4.16.7_10-150400.4.86.2
* xen-tools-domU-debuginfo-4.16.7_10-150400.4.86.2
* xen-libs-4.16.7_10-150400.4.86.2
* xen-tools-4.16.7_10-150400.4.86.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* xen-tools-xendomains-wait-disk-4.16.7_10-150400.4.86.2
* openSUSE Leap 15.4 (aarch64 x86_64)
* xen-tools-debuginfo-4.16.7_10-150400.4.86.2
* xen-doc-html-4.16.7_10-150400.4.86.2
* xen-4.16.7_10-150400.4.86.2
* xen-tools-4.16.7_10-150400.4.86.2
* openSUSE Leap 15.4 (aarch64 i586 x86_64)
* xen-tools-domU-4.16.7_10-150400.4.86.2
* xen-libs-debuginfo-4.16.7_10-150400.4.86.2
* xen-devel-4.16.7_10-150400.4.86.2
* xen-debugsource-4.16.7_10-150400.4.86.2
* xen-libs-4.16.7_10-150400.4.86.2
* xen-tools-domU-debuginfo-4.16.7_10-150400.4.86.2
* openSUSE Leap 15.4 (x86_64)
* xen-libs-32bit-debuginfo-4.16.7_10-150400.4.86.2
* xen-libs-32bit-4.16.7_10-150400.4.86.2
* openSUSE Leap 15.4 (aarch64_ilp32)
* xen-libs-64bit-4.16.7_10-150400.4.86.2
* xen-libs-64bit-debuginfo-4.16.7_10-150400.4.86.2
* openSUSE Leap 15.4 (noarch)
* xen-tools-xendomains-wait-disk-4.16.7_10-150400.4.86.2
* SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
* xen-libs-debuginfo-4.16.7_10-150400.4.86.2
* xen-debugsource-4.16.7_10-150400.4.86.2
* xen-libs-4.16.7_10-150400.4.86.2
* SUSE Linux Enterprise Micro 5.3 (x86_64)
* xen-libs-debuginfo-4.16.7_10-150400.4.86.2
* xen-debugsource-4.16.7_10-150400.4.86.2
* xen-libs-4.16.7_10-150400.4.86.2
* SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
* xen-libs-debuginfo-4.16.7_10-150400.4.86.2
* xen-debugsource-4.16.7_10-150400.4.86.2
* xen-libs-4.16.7_10-150400.4.86.2
* SUSE Linux Enterprise Micro 5.4 (x86_64)
* xen-libs-debuginfo-4.16.7_10-150400.4.86.2
* xen-debugsource-4.16.7_10-150400.4.86.2
* xen-libs-4.16.7_10-150400.4.86.2
* SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
* xen-4.16.7_10-150400.4.86.2
* xen-tools-domU-4.16.7_10-150400.4.86.2
* xen-libs-debuginfo-4.16.7_10-150400.4.86.2
* xen-tools-debuginfo-4.16.7_10-150400.4.86.2
* xen-devel-4.16.7_10-150400.4.86.2
* xen-debugsource-4.16.7_10-150400.4.86.2
* xen-tools-domU-debuginfo-4.16.7_10-150400.4.86.2
* xen-libs-4.16.7_10-150400.4.86.2
* xen-tools-4.16.7_10-150400.4.86.2
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* xen-tools-xendomains-wait-disk-4.16.7_10-150400.4.86.2

## References:

* https://www.suse.com/security/cve/CVE-2025-54518.html
* https://www.suse.com/security/cve/CVE-2026-42487.html
* https://www.suse.com/security/cve/CVE-2026-42488.html
* https://www.suse.com/security/cve/CVE-2026-42489.html
* https://www.suse.com/security/cve/CVE-2026-42490.html
* https://bugzilla.suse.com/show_bug.cgi?id=1264066
* https://bugzilla.suse.com/show_bug.cgi?id=1266952
* https://bugzilla.suse.com/show_bug.cgi?id=1266953
* https://bugzilla.suse.com/show_bug.cgi?id=1266955



SUSE-SU-2026:2609-1: important: Security update for apptainer


# Security update for apptainer

Announcement ID: SUSE-SU-2026:2609-1
Release Date: 2026-06-24T08:46:20Z
Rating: important
References:

* bsc#1260311
* bsc#1262956
* bsc#1264177
* bsc#1265844
* bsc#1266202
* bsc#1266656
* bsc#1267982

Cross-References:

* CVE-2026-24137
* CVE-2026-33186
* CVE-2026-33814
* CVE-2026-34986
* CVE-2026-39821
* CVE-2026-39827
* CVE-2026-39828
* CVE-2026-39829
* CVE-2026-39830
* CVE-2026-39831
* CVE-2026-39832
* CVE-2026-39833
* CVE-2026-39834
* CVE-2026-39835
* CVE-2026-42508
* CVE-2026-46595
* CVE-2026-46597
* CVE-2026-46598
* CVE-2026-48785

CVSS scores:

* CVE-2026-24137 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-24137 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2026-24137 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
* CVE-2026-33186 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34986 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39821 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39827 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39828 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39828 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-39829 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39829 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39830 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39830 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-39831 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39831 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39832 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
* CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39832 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39833 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39833 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39834 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39834 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-39835 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39835 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-42508 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42508 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46595 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46595 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
* CVE-2026-46597 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46597 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46598 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46598 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-48785 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Affected Products:

* HPC Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7

An update that solves 19 vulnerabilities can now be installed.

## Description:

This update for apptainer fixes the following issues

* CVE-2026-24137: github.com/sigstore/sigstore/pkg/tuf: legacy TUF client
allows for arbitrary file writes with target cache path traversal
(bsc#1264177).
* CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper
validation of the HTTP/2: path pseudo- header (bsc#1260311).
* CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport
when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1265844).
* CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3:
crafted JWE input with a missing encrypted key can lead to a denial of
service (bsc#1262956).
* CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only
Punycode-encoded labels allows for validation bypass and privilege
escalation (bsc#1266656).
* CVE-2026-39827: memory leak when rejecting channels can lead to DoS in
golang.org/x/crypto/ssh (bsc#1266202).
* CVE-2026-39828: bypass of certificate restrictions in
golang.org/x/crypto/ssh (bsc#1266202).
* CVE-2026-39829: pathological RSA/DSA parameters may cause DoS in
golang.org/x/crypto/ssh (bsc#1266202).
* CVE-2026-39830: client can cause server deadlock on unexpected responses in
golang.org/x/crypto/ssh (bsc#1266202).
* CVE-2026-39831: bypass of FIDO/U2F security keys physical interaction in
golang.org/x/crypto/ssh (bsc#1266202).
* CVE-2026-39832: agent constraints dropped when forwarding keys in
golang.org/x/crypto/ssh/agent (bsc#1266202).
* CVE-2026-39833: key constraints not enforced in
golang.org/x/crypto/ssh/agent (bsc#1266202).
* CVE-2026-39834: infinite loop on large channel writes in
golang.org/x/crypto/ssh (bsc#1266202).
* CVE-2026-39835: server panic during CheckHostKey/Authenticate in
golang.org/x/crypto/ssh (bsc#1266202).
* CVE-2026-42508: auth bypass via unenforced @revoked status in
golang.org/x/crypto/ssh/knownhosts (bsc#1266202).
* CVE-2026-46595: VerifiedPublicKeyCallback permissions skip enforcement in
golang.org/x/crypto/ssh (bsc#1266202).
* CVE-2026-46597: byte arithmetic causes underflow and panic in
golang.org/x/crypto/ssh (bsc#1266202).
* CVE-2026-46598: pathological inputs can lead to client panic in
golang.org/x/crypto/ssh/agent (bsc#1266202).
* CVE-2026-48785: incorrect path matching for limit container paths directive
(bsc#1267982).

Changes for apptainer:

* Update apptainer to version v1.5.1

* Work around segmentation fault sometimes seen while `mksquashfs` under proot
is creating a SIF file.

* Update bundled PRoot to version 5.4.0-rootless.3 in order to fix a problem
where SIF files could be corrupted when `mksquashfs` died with a signal. The
proot command was not passing back an error exit code.
* Updated bundled `squashfuse_ll` to version 0.6.2 in order to fix a crash
sometimes seen with apptainer in unprivileged docker.
* Update bundled fuse2fs to version 1.47.4 instead of patching the bugs in
1.47.3.
* Fix a crash that happened when `/etc/resolv.conf` was a symlink while
building from a definition file using the localimage bootstrap.
* Support hosts that have an /etc/resolv.conf symlink pointing to `../run` in
addition to `/run`.
* Change the download-dependencies script to skip downloading the PRoot source
code on architectures that it is known to not support (that is: ppc _, s390_
, and riscv*). In those situations Apptainer will skip trying to compile and
run proot. As a result original owners and groups of files will not be
preserved in SIF images built by unprivileged users, as was the case for all
architectures prior to 1.5.0.
* Fix panic encountered during progress bar update while pulling image.
* Fix fakeroot overwriting root's username in `/etc/passwd` with the host
user's name, a regression introduced in v1.5.0.
* Add nonested flag for --mount specifications to prevent individual bind
mounts from being passed to nested containers via `APPTAINER_BIND`.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* HPC Module 15-SP7
zypper in -t patch SUSE-SLE-Module-HPC-15-SP7-2026-2609=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2609=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2609=1

## Package List:

* openSUSE Leap 15.6 (aarch64 x86_64)
* apptainer-debuginfo-1.5.1-150600.4.24.1
* apptainer-1.5.1-150600.4.24.1
* openSUSE Leap 15.6 (noarch)
* apptainer-sle15_6-1.5.1-150600.4.24.1
* apptainer-leap-1.5.1-150600.4.24.1
* apptainer-sle15_7-1.5.1-150600.4.24.1
* apptainer-sle16-1.5.1-150600.4.24.1
* HPC Module 15-SP7 (aarch64 x86_64)
* apptainer-debuginfo-1.5.1-150600.4.24.1
* apptainer-1.5.1-150600.4.24.1
* HPC Module 15-SP7 (noarch)
* apptainer-sle15_7-1.5.1-150600.4.24.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 x86_64)
* apptainer-debuginfo-1.5.1-150600.4.24.1
* apptainer-1.5.1-150600.4.24.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* apptainer-sle15_6-1.5.1-150600.4.24.1

## References:

* https://www.suse.com/security/cve/CVE-2026-24137.html
* https://www.suse.com/security/cve/CVE-2026-33186.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-34986.html
* https://www.suse.com/security/cve/CVE-2026-39821.html
* https://www.suse.com/security/cve/CVE-2026-39827.html
* https://www.suse.com/security/cve/CVE-2026-39828.html
* https://www.suse.com/security/cve/CVE-2026-39829.html
* https://www.suse.com/security/cve/CVE-2026-39830.html
* https://www.suse.com/security/cve/CVE-2026-39831.html
* https://www.suse.com/security/cve/CVE-2026-39832.html
* https://www.suse.com/security/cve/CVE-2026-39833.html
* https://www.suse.com/security/cve/CVE-2026-39834.html
* https://www.suse.com/security/cve/CVE-2026-39835.html
* https://www.suse.com/security/cve/CVE-2026-42508.html
* https://www.suse.com/security/cve/CVE-2026-46595.html
* https://www.suse.com/security/cve/CVE-2026-46597.html
* https://www.suse.com/security/cve/CVE-2026-46598.html
* https://www.suse.com/security/cve/CVE-2026-48785.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260311
* https://bugzilla.suse.com/show_bug.cgi?id=1262956
* https://bugzilla.suse.com/show_bug.cgi?id=1264177
* https://bugzilla.suse.com/show_bug.cgi?id=1265844
* https://bugzilla.suse.com/show_bug.cgi?id=1266202
* https://bugzilla.suse.com/show_bug.cgi?id=1266656
* https://bugzilla.suse.com/show_bug.cgi?id=1267982



SUSE-SU-2026:2616-1: important: Security update for bind


# Security update for bind

Announcement ID: SUSE-SU-2026:2616-1
Release Date: 2026-06-24T09:03:14Z
Rating: important
References:

* bsc#1265591
* bsc#1265592
* bsc#1265594

Cross-References:

* CVE-2026-3039
* CVE-2026-3592
* CVE-2026-5946

CVSS scores:

* CVE-2026-3039 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-3039 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-3592 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-3592 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-5946 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-5946 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves three vulnerabilities can now be installed.

## Description:

This update for bind fixes the following issues:

* CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records
(bsc#1265592).
* CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY
negotiation (bsc#1265591).
* CVE-2026-5946: Invalid handling of CLASS != IN (bsc#1265594).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2616=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2616=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2616=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2616=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2616=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-2616=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* bind-debuginfo-9.16.50-150500.8.38.1
* bind-utils-9.16.50-150500.8.38.1
* bind-9.16.50-150500.8.38.1
* bind-utils-debuginfo-9.16.50-150500.8.38.1
* bind-debugsource-9.16.50-150500.8.38.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* bind-doc-9.16.50-150500.8.38.1
* python3-bind-9.16.50-150500.8.38.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* bind-debuginfo-9.16.50-150500.8.38.1
* bind-utils-9.16.50-150500.8.38.1
* bind-9.16.50-150500.8.38.1
* bind-utils-debuginfo-9.16.50-150500.8.38.1
* bind-debugsource-9.16.50-150500.8.38.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* bind-doc-9.16.50-150500.8.38.1
* python3-bind-9.16.50-150500.8.38.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* bind-debuginfo-9.16.50-150500.8.38.1
* bind-utils-9.16.50-150500.8.38.1
* bind-9.16.50-150500.8.38.1
* bind-utils-debuginfo-9.16.50-150500.8.38.1
* bind-debugsource-9.16.50-150500.8.38.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* bind-doc-9.16.50-150500.8.38.1
* python3-bind-9.16.50-150500.8.38.1
* openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64)
* bind-debuginfo-9.16.50-150500.8.38.1
* bind-utils-9.16.50-150500.8.38.1
* bind-9.16.50-150500.8.38.1
* bind-utils-debuginfo-9.16.50-150500.8.38.1
* bind-debugsource-9.16.50-150500.8.38.1
* openSUSE Leap 15.5 (noarch)
* bind-doc-9.16.50-150500.8.38.1
* python3-bind-9.16.50-150500.8.38.1
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* bind-debuginfo-9.16.50-150500.8.38.1
* bind-debugsource-9.16.50-150500.8.38.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* bind-utils-9.16.50-150500.8.38.1
* bind-utils-debuginfo-9.16.50-150500.8.38.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* python3-bind-9.16.50-150500.8.38.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* bind-debuginfo-9.16.50-150500.8.38.1
* bind-utils-9.16.50-150500.8.38.1
* bind-9.16.50-150500.8.38.1
* bind-utils-debuginfo-9.16.50-150500.8.38.1
* bind-debugsource-9.16.50-150500.8.38.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* bind-doc-9.16.50-150500.8.38.1
* python3-bind-9.16.50-150500.8.38.1

## References:

* https://www.suse.com/security/cve/CVE-2026-3039.html
* https://www.suse.com/security/cve/CVE-2026-3592.html
* https://www.suse.com/security/cve/CVE-2026-5946.html
* https://bugzilla.suse.com/show_bug.cgi?id=1265591
* https://bugzilla.suse.com/show_bug.cgi?id=1265592
* https://bugzilla.suse.com/show_bug.cgi?id=1265594



SUSE-SU-2026:2614-1: important: Security update for openssl-1_1


# Security update for openssl-1_1

Announcement ID: SUSE-SU-2026:2614-1
Release Date: 2026-06-24T09:02:27Z
Rating: important
References:

* bsc#1266340
* bsc#1266341
* bsc#1266342
* bsc#1266349
* bsc#1266357

Cross-References:

* CVE-2026-34180
* CVE-2026-42766
* CVE-2026-45447
* CVE-2026-7383
* CVE-2026-9076

CVSS scores:

* CVE-2026-34180 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-34180 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-34180 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42766 ( SUSE ): 6.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42766 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-42766 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-45447 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45447 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45447 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-7383 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-7383 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-7383 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-9076 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-9076 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-9076 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves five vulnerabilities can now be installed.

## Description:

This update for openssl-1_1 fixes the following issues:

* CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify() (bsc#1266357).
* CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption
(bsc#1266349).
* CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption
(bsc#1266341).
* CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String
Conversion (bsc#1266340).
* CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing
(bsc#1266342).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2614=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2614=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2614=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2614=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2614=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2614=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2614=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2614=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2614=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libopenssl-1_1-devel-1.1.1l-150400.7.96.2
* openssl-1_1-debugsource-1.1.1l-150400.7.96.2
* libopenssl1_1-debuginfo-1.1.1l-150400.7.96.2
* openssl-1_1-1.1.1l-150400.7.96.2
* libopenssl1_1-hmac-1.1.1l-150400.7.96.2
* libopenssl1_1-1.1.1l-150400.7.96.2
* openssl-1_1-debuginfo-1.1.1l-150400.7.96.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* libopenssl-1_1-devel-32bit-1.1.1l-150400.7.96.2
* libopenssl1_1-hmac-32bit-1.1.1l-150400.7.96.2
* libopenssl1_1-32bit-1.1.1l-150400.7.96.2
* libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.96.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libopenssl-1_1-devel-1.1.1l-150400.7.96.2
* openssl-1_1-debugsource-1.1.1l-150400.7.96.2
* libopenssl1_1-debuginfo-1.1.1l-150400.7.96.2
* openssl-1_1-1.1.1l-150400.7.96.2
* libopenssl1_1-hmac-1.1.1l-150400.7.96.2
* libopenssl1_1-1.1.1l-150400.7.96.2
* openssl-1_1-debuginfo-1.1.1l-150400.7.96.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* libopenssl-1_1-devel-32bit-1.1.1l-150400.7.96.2
* libopenssl1_1-hmac-32bit-1.1.1l-150400.7.96.2
* libopenssl1_1-32bit-1.1.1l-150400.7.96.2
* libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.96.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libopenssl-1_1-devel-1.1.1l-150400.7.96.2
* openssl-1_1-debugsource-1.1.1l-150400.7.96.2
* libopenssl1_1-debuginfo-1.1.1l-150400.7.96.2
* openssl-1_1-1.1.1l-150400.7.96.2
* libopenssl1_1-hmac-1.1.1l-150400.7.96.2
* libopenssl1_1-1.1.1l-150400.7.96.2
* openssl-1_1-debuginfo-1.1.1l-150400.7.96.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* libopenssl-1_1-devel-32bit-1.1.1l-150400.7.96.2
* libopenssl1_1-hmac-32bit-1.1.1l-150400.7.96.2
* libopenssl1_1-32bit-1.1.1l-150400.7.96.2
* libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.96.2
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* libopenssl-1_1-devel-1.1.1l-150400.7.96.2
* openssl-1_1-debugsource-1.1.1l-150400.7.96.2
* libopenssl1_1-debuginfo-1.1.1l-150400.7.96.2
* openssl-1_1-1.1.1l-150400.7.96.2
* libopenssl1_1-hmac-1.1.1l-150400.7.96.2
* libopenssl1_1-1.1.1l-150400.7.96.2
* openssl-1_1-debuginfo-1.1.1l-150400.7.96.2
* openSUSE Leap 15.4 (x86_64)
* libopenssl-1_1-devel-32bit-1.1.1l-150400.7.96.2
* libopenssl1_1-hmac-32bit-1.1.1l-150400.7.96.2
* libopenssl1_1-32bit-1.1.1l-150400.7.96.2
* libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.96.2
* openSUSE Leap 15.4 (aarch64_ilp32)
* libopenssl1_1-64bit-1.1.1l-150400.7.96.2
* libopenssl1_1-64bit-debuginfo-1.1.1l-150400.7.96.2
* libopenssl1_1-hmac-64bit-1.1.1l-150400.7.96.2
* libopenssl-1_1-devel-64bit-1.1.1l-150400.7.96.2
* openSUSE Leap 15.4 (noarch)
* openssl-1_1-doc-1.1.1l-150400.7.96.2
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libopenssl-1_1-devel-1.1.1l-150400.7.96.2
* openssl-1_1-debugsource-1.1.1l-150400.7.96.2
* libopenssl1_1-debuginfo-1.1.1l-150400.7.96.2
* openssl-1_1-1.1.1l-150400.7.96.2
* libopenssl1_1-hmac-1.1.1l-150400.7.96.2
* libopenssl1_1-1.1.1l-150400.7.96.2
* openssl-1_1-debuginfo-1.1.1l-150400.7.96.2
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libopenssl-1_1-devel-1.1.1l-150400.7.96.2
* openssl-1_1-debugsource-1.1.1l-150400.7.96.2
* libopenssl1_1-debuginfo-1.1.1l-150400.7.96.2
* openssl-1_1-1.1.1l-150400.7.96.2
* libopenssl1_1-hmac-1.1.1l-150400.7.96.2
* libopenssl1_1-1.1.1l-150400.7.96.2
* openssl-1_1-debuginfo-1.1.1l-150400.7.96.2
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libopenssl-1_1-devel-1.1.1l-150400.7.96.2
* openssl-1_1-debugsource-1.1.1l-150400.7.96.2
* libopenssl1_1-debuginfo-1.1.1l-150400.7.96.2
* openssl-1_1-1.1.1l-150400.7.96.2
* libopenssl1_1-hmac-1.1.1l-150400.7.96.2
* libopenssl1_1-1.1.1l-150400.7.96.2
* openssl-1_1-debuginfo-1.1.1l-150400.7.96.2
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libopenssl-1_1-devel-1.1.1l-150400.7.96.2
* openssl-1_1-debugsource-1.1.1l-150400.7.96.2
* libopenssl1_1-debuginfo-1.1.1l-150400.7.96.2
* openssl-1_1-1.1.1l-150400.7.96.2
* libopenssl1_1-hmac-1.1.1l-150400.7.96.2
* libopenssl1_1-1.1.1l-150400.7.96.2
* openssl-1_1-debuginfo-1.1.1l-150400.7.96.2
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libopenssl-1_1-devel-1.1.1l-150400.7.96.2
* openssl-1_1-debugsource-1.1.1l-150400.7.96.2
* libopenssl1_1-debuginfo-1.1.1l-150400.7.96.2
* openssl-1_1-1.1.1l-150400.7.96.2
* libopenssl1_1-hmac-1.1.1l-150400.7.96.2
* libopenssl1_1-1.1.1l-150400.7.96.2
* openssl-1_1-debuginfo-1.1.1l-150400.7.96.2
* SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
* libopenssl-1_1-devel-32bit-1.1.1l-150400.7.96.2
* libopenssl1_1-hmac-32bit-1.1.1l-150400.7.96.2
* libopenssl1_1-32bit-1.1.1l-150400.7.96.2
* libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.96.2

## References:

* https://www.suse.com/security/cve/CVE-2026-34180.html
* https://www.suse.com/security/cve/CVE-2026-42766.html
* https://www.suse.com/security/cve/CVE-2026-45447.html
* https://www.suse.com/security/cve/CVE-2026-7383.html
* https://www.suse.com/security/cve/CVE-2026-9076.html
* https://bugzilla.suse.com/show_bug.cgi?id=1266340
* https://bugzilla.suse.com/show_bug.cgi?id=1266341
* https://bugzilla.suse.com/show_bug.cgi?id=1266342
* https://bugzilla.suse.com/show_bug.cgi?id=1266349
* https://bugzilla.suse.com/show_bug.cgi?id=1266357



SUSE-SU-2026:2617-1: important: Security update for bind


# Security update for bind

Announcement ID: SUSE-SU-2026:2617-1
Release Date: 2026-06-24T09:03:42Z
Rating: important
References:

* bsc#1265591
* bsc#1265592
* bsc#1265594

Cross-References:

* CVE-2026-3039
* CVE-2026-3592
* CVE-2026-5946

CVSS scores:

* CVE-2026-3039 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-3039 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-3592 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-3592 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-5946 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-5946 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves three vulnerabilities can now be installed.

## Description:

This update for bind fixes the following issues:

* CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records
(bsc#1265592).
* CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY
negotiation (bsc#1265591).
* CVE-2026-5946: Invalid handling of CLASS != IN (bsc#1265594).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2617=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2617=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2617=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2617=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2617=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* bind-debuginfo-9.16.50-150400.5.62.1
* bind-9.16.50-150400.5.62.1
* bind-utils-debuginfo-9.16.50-150400.5.62.1
* bind-utils-9.16.50-150400.5.62.1
* bind-debugsource-9.16.50-150400.5.62.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* python3-bind-9.16.50-150400.5.62.1
* bind-doc-9.16.50-150400.5.62.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* bind-debuginfo-9.16.50-150400.5.62.1
* bind-9.16.50-150400.5.62.1
* bind-utils-debuginfo-9.16.50-150400.5.62.1
* bind-utils-9.16.50-150400.5.62.1
* bind-debugsource-9.16.50-150400.5.62.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* python3-bind-9.16.50-150400.5.62.1
* bind-doc-9.16.50-150400.5.62.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* bind-debuginfo-9.16.50-150400.5.62.1
* bind-9.16.50-150400.5.62.1
* bind-utils-debuginfo-9.16.50-150400.5.62.1
* bind-utils-9.16.50-150400.5.62.1
* bind-debugsource-9.16.50-150400.5.62.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* python3-bind-9.16.50-150400.5.62.1
* bind-doc-9.16.50-150400.5.62.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* bind-debuginfo-9.16.50-150400.5.62.1
* bind-9.16.50-150400.5.62.1
* bind-utils-debuginfo-9.16.50-150400.5.62.1
* bind-utils-9.16.50-150400.5.62.1
* bind-debugsource-9.16.50-150400.5.62.1
* openSUSE Leap 15.4 (noarch)
* python3-bind-9.16.50-150400.5.62.1
* bind-doc-9.16.50-150400.5.62.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* bind-debuginfo-9.16.50-150400.5.62.1
* bind-9.16.50-150400.5.62.1
* bind-utils-debuginfo-9.16.50-150400.5.62.1
* bind-utils-9.16.50-150400.5.62.1
* bind-debugsource-9.16.50-150400.5.62.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* python3-bind-9.16.50-150400.5.62.1
* bind-doc-9.16.50-150400.5.62.1

## References:

* https://www.suse.com/security/cve/CVE-2026-3039.html
* https://www.suse.com/security/cve/CVE-2026-3592.html
* https://www.suse.com/security/cve/CVE-2026-5946.html
* https://bugzilla.suse.com/show_bug.cgi?id=1265591
* https://bugzilla.suse.com/show_bug.cgi?id=1265592
* https://bugzilla.suse.com/show_bug.cgi?id=1265594



SUSE-SU-2026:2620-1: low: Security update for iproute2


# Security update for iproute2

Announcement ID: SUSE-SU-2026:2620-1
Release Date: 2026-06-24T09:04:19Z
Rating: low
References:

* bsc#1204562
* bsc#1254324

Cross-References:

* CVE-2024-58251

CVSS scores:

* CVE-2024-58251 ( SUSE ): 2.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-58251 ( SUSE ): 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
* CVE-2024-58251 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for iproute2 fixes the following issue

* CVE-2024-58251: denial of service via terminal escape sequences
(bsc#1254324).

Other updates:

* support display of bound but unconnected sockets (bsc#1204562)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2620=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2620=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2620=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-2620=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2620=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2620=1

## Package List:

* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* iproute2-5.14-150400.3.6.1
* libnetlink-devel-5.14-150400.3.6.1
* iproute2-debugsource-5.14-150400.3.6.1
* iproute2-arpd-5.14-150400.3.6.1
* iproute2-debuginfo-5.14-150400.3.6.1
* iproute2-arpd-debuginfo-5.14-150400.3.6.1
* iproute2-bash-completion-5.14-150400.3.6.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* iproute2-5.14-150400.3.6.1
* iproute2-debugsource-5.14-150400.3.6.1
* iproute2-debuginfo-5.14-150400.3.6.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* iproute2-5.14-150400.3.6.1
* iproute2-debugsource-5.14-150400.3.6.1
* iproute2-debuginfo-5.14-150400.3.6.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* iproute2-5.14-150400.3.6.1
* iproute2-debugsource-5.14-150400.3.6.1
* iproute2-debuginfo-5.14-150400.3.6.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* iproute2-5.14-150400.3.6.1
* iproute2-debugsource-5.14-150400.3.6.1
* iproute2-debuginfo-5.14-150400.3.6.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* iproute2-5.14-150400.3.6.1
* iproute2-debugsource-5.14-150400.3.6.1
* iproute2-debuginfo-5.14-150400.3.6.1

## References:

* https://www.suse.com/security/cve/CVE-2024-58251.html
* https://bugzilla.suse.com/show_bug.cgi?id=1204562
* https://bugzilla.suse.com/show_bug.cgi?id=1254324



SUSE-SU-2026:2621-1: important: Security update for openssl-1_1-livepatches


# Security update for openssl-1_1-livepatches

Announcement ID: SUSE-SU-2026:2621-1
Release Date: 2026-06-24T09:05:53Z
Rating: important
References:

* bsc#1266357
* bsc#1266389

Cross-References:

* CVE-2026-45447

CVSS scores:

* CVE-2026-45447 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45447 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45447 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for openssl-1_1-livepatches fixes the following issues

* CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify() (bsc#1266357).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2621=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2621=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (x86_64)
* openssl-1_1-livepatches-0.6-150400.3.20.1
* openSUSE Leap 15.4 (x86_64)
* openssl-1_1-livepatches-debugsource-0.6-150400.3.20.1
* openssl-1_1-livepatches-debuginfo-0.6-150400.3.20.1
* openssl-1_1-livepatches-0.6-150400.3.20.1

## References:

* https://www.suse.com/security/cve/CVE-2026-45447.html
* https://bugzilla.suse.com/show_bug.cgi?id=1266357
* https://bugzilla.suse.com/show_bug.cgi?id=1266389



SUSE-SU-2026:2610-1: important: Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP6)


# Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:2610-1
Release Date: 2026-06-24T08:49:52Z
Rating: important
References:

* bsc#1260907
* bsc#1261640
* bsc#1263088
* bsc#1263902
* bsc#1266229
* bsc#1267625
* bsc#1268282

Cross-References:

* CVE-2026-23278
* CVE-2026-31402
* CVE-2026-31504
* CVE-2026-31694
* CVE-2026-43503
* CVE-2026-46323

CVSS scores:

* CVE-2026-23278 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31402 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-31402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31504 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43503 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves six vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.50 fixes
various security issues

The following security issues were fixed:

* CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall
elements (bsc#1260907).
* CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
(bsc#1261640).
* CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race
(bsc#1263088).
* CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
* CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
* CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
* net/sched: fix pedit partial COW leading to page cache (bsc#1267625).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-2610=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2610=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-19-150600.2.1
* kernel-livepatch-6_4_0-150600_23_50-default-19-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_11-debugsource-19-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-19-150600.2.1
* kernel-livepatch-6_4_0-150600_23_50-default-19-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_11-debugsource-19-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-23278.html
* https://www.suse.com/security/cve/CVE-2026-31402.html
* https://www.suse.com/security/cve/CVE-2026-31504.html
* https://www.suse.com/security/cve/CVE-2026-31694.html
* https://www.suse.com/security/cve/CVE-2026-43503.html
* https://www.suse.com/security/cve/CVE-2026-46323.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260907
* https://bugzilla.suse.com/show_bug.cgi?id=1261640
* https://bugzilla.suse.com/show_bug.cgi?id=1263088
* https://bugzilla.suse.com/show_bug.cgi?id=1263902
* https://bugzilla.suse.com/show_bug.cgi?id=1266229
* https://bugzilla.suse.com/show_bug.cgi?id=1267625
* https://bugzilla.suse.com/show_bug.cgi?id=1268282



SUSE-SU-2026:2625-1: moderate: Security update for GraphicsMagick


# Security update for GraphicsMagick

Announcement ID: SUSE-SU-2026:2625-1
Release Date: 2026-06-24T14:39:01Z
Rating: moderate
References:

* bsc#1268125

Cross-References:

* CVE-2026-46523

CVSS scores:

* CVE-2026-46523 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46523 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-46523 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for GraphicsMagick fixes the following issue

* CVE-2026-46523: heap-use-after-free via a crafted MSL image (bsc#1268125).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2625=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2625=1

## Package List:

* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* libGraphicsMagick++-devel-1.3.42-150600.3.30.1
* GraphicsMagick-debugsource-1.3.42-150600.3.30.1
* libGraphicsMagick++-Q16-12-debuginfo-1.3.42-150600.3.30.1
* GraphicsMagick-devel-1.3.42-150600.3.30.1
* libGraphicsMagickWand-Q16-2-debuginfo-1.3.42-150600.3.30.1
* perl-GraphicsMagick-debuginfo-1.3.42-150600.3.30.1
* GraphicsMagick-1.3.42-150600.3.30.1
* libGraphicsMagick-Q16-3-debuginfo-1.3.42-150600.3.30.1
* libGraphicsMagick++-Q16-12-1.3.42-150600.3.30.1
* perl-GraphicsMagick-1.3.42-150600.3.30.1
* GraphicsMagick-debuginfo-1.3.42-150600.3.30.1
* libGraphicsMagickWand-Q16-2-1.3.42-150600.3.30.1
* libGraphicsMagick3-config-1.3.42-150600.3.30.1
* libGraphicsMagick-Q16-3-1.3.42-150600.3.30.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* libGraphicsMagick++-devel-1.3.42-150600.3.30.1
* GraphicsMagick-debugsource-1.3.42-150600.3.30.1
* libGraphicsMagick++-Q16-12-debuginfo-1.3.42-150600.3.30.1
* GraphicsMagick-devel-1.3.42-150600.3.30.1
* libGraphicsMagickWand-Q16-2-debuginfo-1.3.42-150600.3.30.1
* perl-GraphicsMagick-debuginfo-1.3.42-150600.3.30.1
* GraphicsMagick-1.3.42-150600.3.30.1
* libGraphicsMagick-Q16-3-debuginfo-1.3.42-150600.3.30.1
* libGraphicsMagick++-Q16-12-1.3.42-150600.3.30.1
* perl-GraphicsMagick-1.3.42-150600.3.30.1
* GraphicsMagick-debuginfo-1.3.42-150600.3.30.1
* libGraphicsMagickWand-Q16-2-1.3.42-150600.3.30.1
* libGraphicsMagick3-config-1.3.42-150600.3.30.1
* libGraphicsMagick-Q16-3-1.3.42-150600.3.30.1

## References:

* https://www.suse.com/security/cve/CVE-2026-46523.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268125


Nginx, PostgreSQL, Firefox, and more updates for Rocky Linux

MySQL, libxml2, Perl, FFmpeg updates for Ubuntu

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...