Kernel Live Patches, OpenSSL and ImageMagick updates for SUSE

SUSE 5687 Published 2026-06-24 07:46 by Philipp Esselbach

News

SUSE-SU-2026:2496-1: important: Security update for the Linux Kernel (Live Patch 52 for SUSE Linux Enterprise 15 SP4)

# Security update for the Linux Kernel (Live Patch 52 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:2496-1
Release Date: 2026-06-22T19:05:50Z
Rating: important
References:

* bsc#1261640
* bsc#1263088
* bsc#1263902
* bsc#1266229
* bsc#1268282

Cross-References:

* CVE-2026-31402
* CVE-2026-31504
* CVE-2026-31694
* CVE-2026-43503
* CVE-2026-46323

CVSS scores:

* CVE-2026-31402 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-31402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31504 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43503 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.209 fixes
various security issues

The following security issues were fixed:

* CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
(bsc#1261640).
* CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race
(bsc#1263088).
* CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
* CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
* CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2495=1 SUSE-2026-2499=1 SUSE-2026-2496=1
SUSE-2026-2497=1 SUSE-2026-2498=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2495=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2026-2499=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2026-2496=1 SUSE-SLE-Module-Live-Patching-15-SP4-2026-2497=1
SUSE-SLE-Module-Live-Patching-15-SP4-2026-2498=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-19-150400.2.1
* kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-20-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-20-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-20-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-19-150400.2.1
* kernel-livepatch-5_14_21-150400_24_184-default-debuginfo-9-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_43-debugsource-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_209-default-debuginfo-3-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_52-debugsource-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_209-default-3-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_46-debugsource-9-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-19-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-16-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-19-150400.2.1
* kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-20-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-20-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-20-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-19-150400.2.1
* kernel-livepatch-5_14_21-150400_24_184-default-debuginfo-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_209-default-debuginfo-3-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_43-debugsource-16-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_52-debugsource-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_209-default-3-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_46-debugsource-9-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-19-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-16-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-31402.html
* https://www.suse.com/security/cve/CVE-2026-31504.html
* https://www.suse.com/security/cve/CVE-2026-31694.html
* https://www.suse.com/security/cve/CVE-2026-43503.html
* https://www.suse.com/security/cve/CVE-2026-46323.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261640
* https://bugzilla.suse.com/show_bug.cgi?id=1263088
* https://bugzilla.suse.com/show_bug.cgi?id=1263902
* https://bugzilla.suse.com/show_bug.cgi?id=1266229
* https://bugzilla.suse.com/show_bug.cgi?id=1268282

SUSE-SU-2026:2520-1: important: Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise 15 SP7)

# Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise
15 SP7)

Announcement ID: SUSE-SU-2026:2520-1
Release Date: 2026-06-23T07:34:15Z
Rating: important
References:

* bsc#1261640
* bsc#1263088
* bsc#1263902
* bsc#1266229
* bsc#1267625
* bsc#1268282

Cross-References:

* CVE-2026-31402
* CVE-2026-31504
* CVE-2026-31694
* CVE-2026-43503
* CVE-2026-46323

CVSS scores:

* CVE-2026-31402 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-31402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31504 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43503 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Live Patching 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves five vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.45 fixes
various security issues

The following security issues were fixed:

* CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
(bsc#1261640).
* CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race
(bsc#1263088).
* CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
* CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
* CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
* net/sched: fix pedit partial COW leading to page cache (bsc#1267625).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-2521=1 SUSE-SLE-
Module-Live-Patching-15-SP7-2026-2522=1 SUSE-SLE-Module-Live-
Patching-15-SP7-2026-2509=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-2508=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-2520=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2520=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_22-debugsource-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_95-default-debuginfo-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_95-default-5-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_22-debugsource-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_95-default-debuginfo-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_95-default-5-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP7_Update_11-debugsource-5-150700.2.1
* kernel-livepatch-6_4_0-150700_53_40-default-debuginfo-4-150700.2.1
* kernel-livepatch-SLE15-SP7_Update_13-debugsource-3-150700.2.1
* kernel-livepatch-SLE15-SP7_Update_12-debugsource-4-150700.2.1
* kernel-livepatch-6_4_0-150700_53_40-default-4-150700.2.1
* kernel-livepatch-6_4_0-150700_53_45-default-debuginfo-3-150700.2.1
* kernel-livepatch-6_4_0-150700_53_37-default-debuginfo-5-150700.2.1
* kernel-livepatch-6_4_0-150700_53_37-default-5-150700.2.1
* kernel-livepatch-6_4_0-150700_53_45-default-3-150700.2.1
* SUSE Linux Enterprise Live Patching 15-SP7 (x86_64)
* kernel-livepatch-6_4_0-150700_7_44-rt-debuginfo-3-150700.2.1
* kernel-livepatch-SLE15-SP7-RT_Update_13-debugsource-3-150700.2.1
* kernel-livepatch-6_4_0-150700_7_44-rt-3-150700.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-31402.html
* https://www.suse.com/security/cve/CVE-2026-31504.html
* https://www.suse.com/security/cve/CVE-2026-31694.html
* https://www.suse.com/security/cve/CVE-2026-43503.html
* https://www.suse.com/security/cve/CVE-2026-46323.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261640
* https://bugzilla.suse.com/show_bug.cgi?id=1263088
* https://bugzilla.suse.com/show_bug.cgi?id=1263902
* https://bugzilla.suse.com/show_bug.cgi?id=1266229
* https://bugzilla.suse.com/show_bug.cgi?id=1267625
* https://bugzilla.suse.com/show_bug.cgi?id=1268282

SUSE-SU-2026:2511-1: important: Security update for the Linux Kernel (Live Patch 53 for SUSE Linux Enterprise 15 SP4)

# Security update for the Linux Kernel (Live Patch 53 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:2511-1
Release Date: 2026-06-23T05:04:26Z
Rating: important
References:

* bsc#1261640
* bsc#1263088
* bsc#1263902
* bsc#1266229
* bsc#1268282

Cross-References:

* CVE-2026-31402
* CVE-2026-31504
* CVE-2026-31694
* CVE-2026-43503
* CVE-2026-46323

CVSS scores:

* CVE-2026-31402 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-31402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31504 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43503 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.214 fixes
various security issues

The following security issues were fixed:

* CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
(bsc#1261640).
* CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race
(bsc#1263088).
* CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
* CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
* CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2513=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2026-2510=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2026-2511=1 SUSE-SLE-Module-Live-Patching-15-SP4-2026-2512=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2510=1 SUSE-2026-2511=1 SUSE-2026-2512=1
SUSE-2026-2513=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_197-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_205-default-debuginfo-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_47-debugsource-9-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_49-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_187-default-debuginfo-9-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_53-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_214-default-2-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_51-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_214-default-debuginfo-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_197-default-debuginfo-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_205-default-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_197-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_205-default-debuginfo-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_47-debugsource-9-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_49-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_187-default-debuginfo-9-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_53-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_214-default-2-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_51-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_214-default-debuginfo-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_197-default-debuginfo-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_205-default-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-31402.html
* https://www.suse.com/security/cve/CVE-2026-31504.html
* https://www.suse.com/security/cve/CVE-2026-31694.html
* https://www.suse.com/security/cve/CVE-2026-43503.html
* https://www.suse.com/security/cve/CVE-2026-46323.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261640
* https://bugzilla.suse.com/show_bug.cgi?id=1263088
* https://bugzilla.suse.com/show_bug.cgi?id=1263902
* https://bugzilla.suse.com/show_bug.cgi?id=1266229
* https://bugzilla.suse.com/show_bug.cgi?id=1268282

openSUSE-SU-2026:0212-1: important: Security update for hamlib

openSUSE Security Update: Security update for hamlib
_______________________________

Announcement ID: openSUSE-SU-2026:0212-1
Rating: important
References: #1268628 #1268629
Cross-References: CVE-2026-54634
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for hamlib fixes the following issues:

- Update to 4.7.2:
* Fix IC-7600/IC-7610 clock commands
* Icom: Add CWR to modes eligible for DSP filtering
* Kenwood: New model Hamgeek uSGX
* Various fixes for Skywatcher, DX-SR8, FT-710, FTX-1, IC-705, X6100
* rigctld: Fix send_raw stack out-of-bounds write and uninitialized
memory CVE-2026-54634 (boo#1268628)
* rigctld: Fix stack/heap overflow primitive in read_string_generic +
auth bypass in rigctld + weak password handling (boo#1268629)

- Update to 4.7.1:
* Various compiler and portability fixes
* Fix rig port timeout
* Fix various FTX-1 meter, level and CTCSS table
* Add power off capability to Flrig backend
* Add SWR to supported 'get levels' for K3/K4
* Add get_split_vfo to TS-850 backend
* New simplecat backend
* Fix and generalize clock handling for Icom radios
* Fix Yaesu attenuator levels and LVL_KEYSPD reinitialization
* Add new rig model Harris PRC-138
* Various FT-710 fixes, eespecially handling SH format and RX bandwidth
* Ensure FT-710 simulator rejects RF command
* Fix low power calculation for K3/K3S
* Fix FTX-1 SH bandwidth command in set/get_mode

- Update to 4.7.0:
* Revamp Kenwood voice memory handler - Fixes TS-890S & TS-990S
* libusb is now detected using the pkg-config facility.
* Functions rig_get_conf, rot_get_conf, amp_get_conf deprecated use
*_get_conf2() instead
* rig_set_trn and rig_get_trn deprecated.
* Many fixes for SWIG binding generation and improved Python support and
testing
* Fix AGC for IC-R75, fix AGC for all Icom rigs
* New Drake R8 backend
* New AF6SA WRC rotator backend
* New Yaesu FTX-1 model support (alpha)
* Update QRPLabs QMX backend for max serial rate of 230400 bps
* Updates to Icom IC-F8101
* New rig model Icom ID-52A/W Plus
* Fix memory leaks in rigctld and rigctltcp
* Fix Skywatcher backend for firmware that doesn't echo commands
* Additional Yaesu FTX-1 capabilities
* Add extended commands for the IC-7300MK2--
* Revert updating FLRig model name
* Add manual pages for rigctltcp, rigtestlibusb, rigtestmcast, and
rigtestmcastrx
* Pause building rigfreqwalk as the code does not align with the
required commandline parameters
* Developer visible changes, code moves and refactoring

- Update to 4.6.5:
* Update Kenwood CW buffer max message size, fix one byte buffer
overrun
* Fix segmentation Faults

- Update to 4.6.4:
* Fix handling of unprintable characters affecting radios such as the
TM-D710/TM-V71
* Fix memory leak in rigctld
* Fix powerstat check for Icom R75 which rejects the command
* Restore TS-590S/SG RIG_LEVEL_RFPOWER_METER
* Fix rotctl \dump_caps output
* Add CW sending capability to Flex SmartSDR
* Handle spaces correctly for Fles SmartSDR

- Update to 4.6.3:
* JRC: Remove RIG_FUNC_FAGC from 535D as erroneous
* Add RIG_FUNC_NB2 functionality to both 535D and 545
* * Restore IC-7300 spectrum data callback - regression in 4.6
* Add locking to rig_[gs]et_level() - fixes sending CW from tlf
* Fix attempt to use memory returned by setlocale() after being freed
* Language bindings configuration and build fixes
* Various build system and compilation fixes
* IC-705 filter selection bandwidth for FM and WFM
* IC-705 COMP, VD, and ID meter calibration values
* Fix ACLog thousands separator
* Documentation updates, typo fixes, man page fixes
* Drop redundant token lookups and make local functions static
* Fix rigctl showing hamlib_verson when connecting to rigctld
* Add rig CODAN 2110

- Update to 4.6.2:
* Add missing levels for IC746/PRO RIG_LEVEL_RFPOWER_METER,
RIG_LEVEL_RFPOWER_METER_WATTS,RIG_LEVEL_SWR,RIG_LEVEL_ALC
* Fix IC905 for gpredict
* Fix potential segfault on QMX
* Fix pmr171

- update to 4.6.1:
* Fix C++ builds failing on rig_list_foreach function
* Fix IC9100 rigctld startup to end up on VFOA
* Fix grig build by removing sys/socket.h -- apparently not needed
* Add new QMX entry to fix incompability with QDX
* Fix IC746/PROT to not use data byte
* FLRig to add DATA-U DATA-L modes
* Fix TS570 RIG_LEVEL_STRENGTH with cal table
* Remove get_powerstat from IC785X -- not supported
* Fix SDRConsole by removing lots of things it does not have

- Update to version 4.6 (2024-12-24)
* send_raw can now take hex digits as colon-separated -- e.g. send _raw
icom xfe:xfe:x94:xe0:03:xfd
* Add IC7760
* IC7300 Mode filter can now be set by # (i.e. 1,2,3)
* Fixed AF6SA WRC rotor controller
* Added Rhode&Schwarz XK852
* Added Xiegu X6200
* Added Commradio CTX-10
* Added Guoehe PMR-171
* Added csntechnoligies.net S.A.T Satellite rotor control
* Added PSTRotator control
* Added Flex SmartSDR slices A-H
* Added Motorola Micom M2/M3
* Added SDR Radio SDRConsole -- TS-2000 is now hardware flow control so
need separate entry
* Added --set-conf=filter_usb, filter_usbd, and filter_cw to allow Icom
rigs set mode to set filter number too
* Added macros for applications to obtain pointers to Hamlib
structures(issues #1445, #1420, #487). Internal conversion is still a
WIP, but use of these macros will make the final cutover transparent
to applications.
* Added Guohe Q900 entry
* Unify behavior of all rigctl split commands
* Make the set_split_* commands modify the state of the specified split
VFO -- the current or targeted VFO do not have any effect
* Make the set_split_* commands enable split automatically if not enabled
* Make the get_split_* commands return frequency of 0 Hz, mode NONE and
filter of 0 Hz if split is not enabled
* Allow all split commands to avoid VFO swapping if supported by the rig
model
* Improve Icom backend to set/get frequency, mode and filter without VFO
swapping if supported by the rig model
* Improve Yaesu newcat backend split handling
* Expose "Targetable features" (RIG_TARGETABLE_*) in dump_caps
output to allow clients to determine which commands can be executed
without VFO swapping
* Added RIG_FUNC_SYNC for FTDX101D/MP
* Added Barrett 4100
* Added DL2MAN (tr)uSDX -- needs refinement
* Added Thetis entry -- derived from FlexRadio/Apache PowerSDR
* Added VOICE/CW memory capability to many rigs -- thanks to David
Balharrie M0DGB/G8FKH
* Add -# --skip_init option to rigctl to skip rig initialization --
useful for executing commands quickly
* rig_caps is no longer constant -- this may break some 3rd party
relying on the "const" declaration.
* IC7610 now has IPP, DPP, and TX_INHIBIT functions set/get
* Hamlib now starts a multicast server that sends out rig information.
Does not receive commands yet. See README.multicast
* rigctld has new -b/bind-all option to try all interfaces
-- restores original behavior. This was done to fix duplicate rigctld
instances on Windows
* Yaesu rigs can now use send_morse to send keyer message 1-5
or a CW message up to 50 chars (which will use memory 1)
* rig set level METER can now take SWR,COMP,ALC,IC/ID,DB,PO, VDD,TEMP
arguments to set which meter to display
* reg get level displays meter number=name now
* Added parm BANDSELECT for Yaesu rigs 'p BANDSELECT' returns current
band of VFOA 'P BANDSELECT BAND160M' example selects the 160M band 'P
BANDSELECT ?' shows bands available for the rig
* Added rig_cm108_get/set_bit to API and get/set_gpio to rigctl(d) for
GPIO1,2,3,4 access on CM108
* Added BG2FX FX4/C/CR/L
* Fixed IC7610 to use new 0x25 0x26 command added in latest firmware
* Fix W command in rigctld to work properly -- can take terminating char
or # of bytes to expect
* Add rig_set_debug_filename so Python can redirect debug stream
* Fix Yaesu LBL_NR to use proper values
* Add IC-905
* Add Anytone D578UVIII -- should work on any D558 model and perhaps
others too
* Add saebrtrack rotor
https://sites.google.com/site/marklhammond/saebrtrack
* Add offset_vfoa and offset_vfob applying to rig_set_freq
* Fix K4 to put it in K40 mode when requesting ID
* Fixes for M2 Rotors
* Add rigctlsync utility to synchronize frequency from a rig to SDR# (or
others)
* Add SDR# rig for use with SDR#'s gpredict plugin -- can only get/set
freq
* Add Apex Shared Loop rotator -- unidirectional only so far
* Add client_version to rigctld so client can report it's version for
future use/compatibility/alternatives
* Add --set-conf=tuner_control_pathname=hamlib_tuner_control (default).
If file exists then it will be called with 0/1 (Off/On) argument with
'U TUNER 0' or 'U TUNER 1". Default path is for current directory
* Add MDS 4710/9710 rigs
* Add FLIR PTU-D48, E46, D100, D300 rotors
* Fix FTDX3000 rig split
* Fix rigctld/rigctltcp information
* Fix FT817 get/set_vfo

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-212=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

hamlib-4.7.2-bp157.2.3.1
hamlib-devel-4.7.2-bp157.2.3.1
libhamlib++4-4.7.2-bp157.2.3.1
libhamlib4-4.7.2-bp157.2.3.1
lua-Hamliblua-4.7.2-bp157.2.3.1
perl-Hamlib-4.7.2-bp157.2.3.1
python3-Hamlib-4.7.2-bp157.2.3.1
tcl-Hamlib-4.7.2-bp157.2.3.1

References:

https://www.suse.com/security/cve/CVE-2026-54634.html
https://bugzilla.suse.com/1268628
https://bugzilla.suse.com/1268629

SUSE-SU-2026:2523-1: important: Security update for libinput

# Security update for libinput

Announcement ID: SUSE-SU-2026:2523-1
Release Date: 2026-06-23T08:52:48Z
Rating: important
References:

* bsc#1267852

Cross-References:

* CVE-2026-50265
* CVE-2026-50292

CVSS scores:

* CVE-2026-50265 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-50265 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-50265 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-50292 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-50292 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves two vulnerabilities can now be installed.

## Description:

This update for libinput fixes the following issues

* CVE-2026-50265,CVE-2026-50292: crafted uinput devices can lead to local
privilege escalation (bsc#1267852).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2523=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2523=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2523=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2523=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2523=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libinput-debugsource-1.21.0-150500.3.3.1
* libinput10-debuginfo-1.21.0-150500.3.3.1
* libinput-udev-debuginfo-1.21.0-150500.3.3.1
* libinput-tools-debuginfo-1.21.0-150500.3.3.1
* libinput10-1.21.0-150500.3.3.1
* libinput-devel-1.21.0-150500.3.3.1
* libinput-udev-1.21.0-150500.3.3.1
* libinput-tools-1.21.0-150500.3.3.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libinput-debugsource-1.21.0-150500.3.3.1
* libinput10-debuginfo-1.21.0-150500.3.3.1
* libinput-udev-debuginfo-1.21.0-150500.3.3.1
* libinput-tools-debuginfo-1.21.0-150500.3.3.1
* libinput10-1.21.0-150500.3.3.1
* libinput-devel-1.21.0-150500.3.3.1
* libinput-udev-1.21.0-150500.3.3.1
* libinput-tools-1.21.0-150500.3.3.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libinput-debugsource-1.21.0-150500.3.3.1
* libinput10-debuginfo-1.21.0-150500.3.3.1
* libinput-udev-debuginfo-1.21.0-150500.3.3.1
* libinput-tools-debuginfo-1.21.0-150500.3.3.1
* libinput10-1.21.0-150500.3.3.1
* libinput-devel-1.21.0-150500.3.3.1
* libinput-udev-1.21.0-150500.3.3.1
* libinput-tools-1.21.0-150500.3.3.1
* openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64)
* libinput-debugsource-1.21.0-150500.3.3.1
* libinput10-debuginfo-1.21.0-150500.3.3.1
* libinput-udev-debuginfo-1.21.0-150500.3.3.1
* libinput-tools-debuginfo-1.21.0-150500.3.3.1
* libinput10-1.21.0-150500.3.3.1
* libinput-devel-1.21.0-150500.3.3.1
* libinput-debug-gui-1.21.0-150500.3.3.1
* libinput-udev-1.21.0-150500.3.3.1
* libinput-tools-1.21.0-150500.3.3.1
* libinput-debug-gui-debuginfo-1.21.0-150500.3.3.1
* libinput-extra-debugsource-1.21.0-150500.3.3.1
* openSUSE Leap 15.5 (x86_64)
* libinput10-32bit-debuginfo-1.21.0-150500.3.3.1
* libinput10-32bit-1.21.0-150500.3.3.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* libinput10-64bit-1.21.0-150500.3.3.1
* libinput10-64bit-debuginfo-1.21.0-150500.3.3.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libinput-debugsource-1.21.0-150500.3.3.1
* libinput10-debuginfo-1.21.0-150500.3.3.1
* libinput-udev-debuginfo-1.21.0-150500.3.3.1
* libinput-tools-debuginfo-1.21.0-150500.3.3.1
* libinput10-1.21.0-150500.3.3.1
* libinput-devel-1.21.0-150500.3.3.1
* libinput-udev-1.21.0-150500.3.3.1
* libinput-tools-1.21.0-150500.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-50265.html
* https://www.suse.com/security/cve/CVE-2026-50292.html
* https://bugzilla.suse.com/show_bug.cgi?id=1267852

SUSE-SU-2026:2530-1: important: Security update for libinput

# Security update for libinput

Announcement ID: SUSE-SU-2026:2530-1
Release Date: 2026-06-23T10:03:23Z
Rating: important
References:

* bsc#1267852

Cross-References:

* CVE-2026-50265
* CVE-2026-50292

CVSS scores:

* CVE-2026-50265 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-50265 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-50265 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-50292 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-50292 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves two vulnerabilities can now be installed.

## Description:

This update for libinput fixes the following issues

* CVE-2026-50265,CVE-2026-50292: crafted uinput devices can lead to local
privilege escalation (bsc#1267852).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2530=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2530=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2530=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2530=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2530=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libinput10-1.19.4-150400.3.3.1
* libinput10-debuginfo-1.19.4-150400.3.3.1
* libinput-udev-1.19.4-150400.3.3.1
* libinput-debugsource-1.19.4-150400.3.3.1
* libinput-tools-1.19.4-150400.3.3.1
* libinput-tools-debuginfo-1.19.4-150400.3.3.1
* libinput-devel-1.19.4-150400.3.3.1
* libinput-udev-debuginfo-1.19.4-150400.3.3.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libinput10-1.19.4-150400.3.3.1
* libinput10-debuginfo-1.19.4-150400.3.3.1
* libinput-udev-1.19.4-150400.3.3.1
* libinput-debugsource-1.19.4-150400.3.3.1
* libinput-tools-1.19.4-150400.3.3.1
* libinput-tools-debuginfo-1.19.4-150400.3.3.1
* libinput-devel-1.19.4-150400.3.3.1
* libinput-udev-debuginfo-1.19.4-150400.3.3.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libinput10-1.19.4-150400.3.3.1
* libinput10-debuginfo-1.19.4-150400.3.3.1
* libinput-udev-1.19.4-150400.3.3.1
* libinput-debugsource-1.19.4-150400.3.3.1
* libinput-tools-1.19.4-150400.3.3.1
* libinput-tools-debuginfo-1.19.4-150400.3.3.1
* libinput-devel-1.19.4-150400.3.3.1
* libinput-udev-debuginfo-1.19.4-150400.3.3.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* libinput10-1.19.4-150400.3.3.1
* libinput-extra-debugsource-1.19.4-150400.3.3.1
* libinput10-debuginfo-1.19.4-150400.3.3.1
* libinput-udev-1.19.4-150400.3.3.1
* libinput-debugsource-1.19.4-150400.3.3.1
* libinput-tools-1.19.4-150400.3.3.1
* libinput-tools-debuginfo-1.19.4-150400.3.3.1
* libinput-devel-1.19.4-150400.3.3.1
* libinput-udev-debuginfo-1.19.4-150400.3.3.1
* libinput-debug-gui-debuginfo-1.19.4-150400.3.3.1
* libinput-debug-gui-1.19.4-150400.3.3.1
* openSUSE Leap 15.4 (x86_64)
* libinput10-32bit-debuginfo-1.19.4-150400.3.3.1
* libinput10-32bit-1.19.4-150400.3.3.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libinput10-64bit-1.19.4-150400.3.3.1
* libinput10-64bit-debuginfo-1.19.4-150400.3.3.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libinput10-1.19.4-150400.3.3.1
* libinput10-debuginfo-1.19.4-150400.3.3.1
* libinput-udev-1.19.4-150400.3.3.1
* libinput-debugsource-1.19.4-150400.3.3.1
* libinput-tools-1.19.4-150400.3.3.1
* libinput-tools-debuginfo-1.19.4-150400.3.3.1
* libinput-devel-1.19.4-150400.3.3.1
* libinput-udev-debuginfo-1.19.4-150400.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-50265.html
* https://www.suse.com/security/cve/CVE-2026-50292.html
* https://bugzilla.suse.com/show_bug.cgi?id=1267852

SUSE-SU-2026:2529-1: important: Security update for libinput

# Security update for libinput

Announcement ID: SUSE-SU-2026:2529-1
Release Date: 2026-06-23T10:02:38Z
Rating: important
References:

* bsc#1267852

Cross-References:

* CVE-2026-50265
* CVE-2026-50292

CVSS scores:

* CVE-2026-50265 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-50265 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-50265 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-50292 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-50292 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for libinput fixes the following issues

* CVE-2026-50265,CVE-2026-50292: crafted uinput devices can lead to local
privilege escalation (bsc#1267852).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2529=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2529=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2529=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libinput10-1.25.0-150600.3.3.1
* libinput-udev-debuginfo-1.25.0-150600.3.3.1
* libinput-tools-debuginfo-1.25.0-150600.3.3.1
* libinput-devel-1.25.0-150600.3.3.1
* libinput-udev-1.25.0-150600.3.3.1
* libinput-tools-1.25.0-150600.3.3.1
* libinput-debugsource-1.25.0-150600.3.3.1
* libinput10-debuginfo-1.25.0-150600.3.3.1
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* libinput10-1.25.0-150600.3.3.1
* libinput-udev-debuginfo-1.25.0-150600.3.3.1
* libinput-tools-debuginfo-1.25.0-150600.3.3.1
* libinput-devel-1.25.0-150600.3.3.1
* libinput-udev-1.25.0-150600.3.3.1
* libinput-tools-1.25.0-150600.3.3.1
* libinput-debug-gui-1.25.0-150600.3.3.1
* libinput-extra-debugsource-1.25.0-150600.3.3.1
* libinput-debugsource-1.25.0-150600.3.3.1
* libinput-debug-gui-debuginfo-1.25.0-150600.3.3.1
* libinput10-debuginfo-1.25.0-150600.3.3.1
* openSUSE Leap 15.6 (x86_64)
* libinput10-32bit-1.25.0-150600.3.3.1
* libinput10-32bit-debuginfo-1.25.0-150600.3.3.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libinput10-64bit-debuginfo-1.25.0-150600.3.3.1
* libinput10-64bit-1.25.0-150600.3.3.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libinput10-1.25.0-150600.3.3.1
* libinput-udev-debuginfo-1.25.0-150600.3.3.1
* libinput-tools-debuginfo-1.25.0-150600.3.3.1
* libinput-devel-1.25.0-150600.3.3.1
* libinput-udev-1.25.0-150600.3.3.1
* libinput-tools-1.25.0-150600.3.3.1
* libinput-debugsource-1.25.0-150600.3.3.1
* libinput10-debuginfo-1.25.0-150600.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-50265.html
* https://www.suse.com/security/cve/CVE-2026-50292.html
* https://bugzilla.suse.com/show_bug.cgi?id=1267852

SUSE-SU-2026:2553-1: important: Security update for the Linux Kernel (Live Patch 26 for SUSE Linux Enterprise 15 SP6)

# Security update for the Linux Kernel (Live Patch 26 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:2553-1
Release Date: 2026-06-23T11:34:46Z
Rating: important
References:

* bsc#1266229
* bsc#1268282

Cross-References:

* CVE-2026-43503
* CVE-2026-46323

CVSS scores:

* CVE-2026-43503 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise Live Patching 12-SP5
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.112 fixes
various security issues

The following security issues were fixed:

* CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
* CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-2526=1

* SUSE Linux Enterprise Live Patching 12-SP5
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-2553=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2526=1

## Package List:

* SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64)
* kgraft-patch-4_12_14-122_310-default-2-2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_112-default-debuginfo-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_112-default-2-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_26-debugsource-2-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_112-default-debuginfo-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_112-default-2-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_26-debugsource-2-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-43503.html
* https://www.suse.com/security/cve/CVE-2026-46323.html
* https://bugzilla.suse.com/show_bug.cgi?id=1266229
* https://bugzilla.suse.com/show_bug.cgi?id=1268282

SUSE-SU-2026:2532-1: important: Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP7)

# Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise
15 SP7)

Announcement ID: SUSE-SU-2026:2532-1
Release Date: 2026-06-23T12:05:59Z
Rating: important
References:

* bsc#1260907
* bsc#1261640
* bsc#1263088
* bsc#1263902
* bsc#1266229
* bsc#1267625
* bsc#1268282

Cross-References:

* CVE-2026-23278
* CVE-2026-31402
* CVE-2026-31504
* CVE-2026-31694
* CVE-2026-43503
* CVE-2026-46323

CVSS scores:

* CVE-2026-23278 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31402 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-31402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31504 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43503 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Live Patching 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves six vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.34 fixes
various security issues

The following security issues were fixed:

* CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall
elements (bsc#1260907).
* CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
(bsc#1261640).
* CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race
(bsc#1263088).
* CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
* CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
* CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
* net/sched: fix pedit partial COW leading to page cache (bsc#1267625).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-2538=1 SUSE-SLE-
Module-Live-Patching-15-SP7-2026-2541=1 SUSE-SLE-Module-Live-
Patching-15-SP7-2026-2542=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-2543=1
SUSE-SLE-Module-Live-Patching-15-SP7-2026-2544=1 SUSE-SLE-Module-Live-
Patching-15-SP7-2026-2545=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-2546=1
SUSE-SLE-Module-Live-Patching-15-SP7-2026-2547=1 SUSE-SLE-Module-Live-
Patching-15-SP7-2026-2548=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-2560=1
SUSE-SLE-Module-Live-Patching-15-SP7-2026-2562=1 SUSE-SLE-Module-Live-
Patching-15-SP7-2026-2561=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-2563=1
SUSE-SLE-Module-Live-Patching-15-SP7-2026-2564=1 SUSE-SLE-Module-Live-
Patching-15-SP7-2026-2565=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-2566=1
SUSE-SLE-Module-Live-Patching-15-SP7-2026-2537=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-2532=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2026-2533=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2026-2534=1 SUSE-SLE-Module-Live-Patching-15-SP6-2026-2535=1
SUSE-SLE-Module-Live-Patching-15-SP6-2026-2536=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2026-2557=1 SUSE-SLE-Module-Live-Patching-15-SP6-2026-2568=1
SUSE-SLE-Module-Live-Patching-15-SP6-2026-2558=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2532=1 SUSE-2026-2533=1 SUSE-2026-2534=1
SUSE-2026-2535=1 SUSE-2026-2536=1 SUSE-2026-2557=1 SUSE-2026-2568=1
SUSE-2026-2558=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-7-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_21-debugsource-5-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_17-debugsource-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-17-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_14-debugsource-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_92-default-5-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_19-debugsource-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_84-default-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-19-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_20-debugsource-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_87-default-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_78-default-8-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-19-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-17-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-19-150600.2.1
* kernel-livepatch-6_4_0-150600_23_92-default-debuginfo-5-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_15-debugsource-13-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_13-debugsource-17-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-7-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_21-debugsource-5-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_17-debugsource-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-17-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_14-debugsource-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_92-default-5-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_19-debugsource-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_84-default-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-19-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_20-debugsource-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_87-default-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_78-default-8-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-19-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-17-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-19-150600.2.1
* kernel-livepatch-6_4_0-150600_23_92-default-debuginfo-5-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_15-debugsource-13-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_13-debugsource-17-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150700_53_16-default-debuginfo-13-150700.2.1
* kernel-livepatch-6_4_0-150700_53_22-default-debuginfo-8-150700.2.1
* kernel-livepatch-SLE15-SP7_Update_10-debugsource-5-150700.2.1
* kernel-livepatch-6_4_0-150700_51-default-18-150700.3.51.1
* kernel-livepatch-6_4_0-150700_53_25-default-8-150700.2.1
* kernel-livepatch-6_4_0-150700_53_16-default-13-150700.2.1
* kernel-livepatch-6_4_0-150700_53_6-default-debuginfo-17-150700.2.1
* kernel-livepatch-6_4_0-150700_53_11-default-debuginfo-13-150700.2.1
* kernel-livepatch-6_4_0-150700_53_3-default-debuginfo-18-150700.2.1
* kernel-livepatch-6_4_0-150700_53_3-default-18-150700.2.1
* kernel-livepatch-6_4_0-150700_53_34-default-5-150700.2.1
* kernel-livepatch-SLE15-SP7_Update_5-debugsource-10-150700.2.1
* kernel-livepatch-SLE15-SP7_Update_1-debugsource-18-150700.2.1
* kernel-livepatch-SLE15-SP7_Update_0-debugsource-18-150700.3.51.1
* kernel-livepatch-SLE15-SP7_Update_3-debugsource-13-150700.2.1
* kernel-livepatch-6_4_0-150700_51-default-debuginfo-18-150700.3.51.1
* kernel-livepatch-6_4_0-150700_53_34-default-debuginfo-5-150700.2.1
* kernel-livepatch-SLE15-SP7_Update_2-debugsource-17-150700.2.1
* kernel-livepatch-SLE15-SP7_Update_6-debugsource-8-150700.2.1
* kernel-livepatch-6_4_0-150700_53_11-default-13-150700.2.1
* kernel-livepatch-6_4_0-150700_53_19-default-debuginfo-10-150700.2.1
* kernel-livepatch-6_4_0-150700_53_6-default-17-150700.2.1
* kernel-livepatch-SLE15-SP7_Update_4-debugsource-13-150700.2.1
* kernel-livepatch-SLE15-SP7_Update_7-debugsource-8-150700.2.1
* kernel-livepatch-6_4_0-150700_53_22-default-8-150700.2.1
* kernel-livepatch-6_4_0-150700_53_25-default-debuginfo-8-150700.2.1
* kernel-livepatch-6_4_0-150700_53_19-default-10-150700.2.1
* SUSE Linux Enterprise Live Patching 15-SP7 (x86_64)
* kernel-livepatch-6_4_0-150700_7_3-rt-18-150700.2.1
* kernel-livepatch-SLE15-SP7-RT_Update_0-debugsource-18-150700.3.1
* kernel-livepatch-6_4_0-150700_7_8-rt-debuginfo-17-150700.2.1
* kernel-livepatch-6_4_0-150700_7_25-rt-8-150700.2.1
* kernel-livepatch-6_4_0-150700_7_25-rt-debuginfo-8-150700.2.1
* kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource-13-150700.2.1
* kernel-livepatch-SLE15-SP7-RT_Update_7-debugsource-8-150700.2.1
* kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo-13-150700.2.1
* kernel-livepatch-6_4_0-150700_5-rt-debuginfo-18-150700.3.1
* kernel-livepatch-6_4_0-150700_7_13-rt-13-150700.2.1
* kernel-livepatch-6_4_0-150700_7_8-rt-17-150700.2.1
* kernel-livepatch-6_4_0-150700_7_3-rt-debuginfo-18-150700.2.1
* kernel-livepatch-6_4_0-150700_7_16-rt-13-150700.2.1
* kernel-livepatch-SLE15-SP7-RT_Update_2-debugsource-17-150700.2.1
* kernel-livepatch-6_4_0-150700_7_19-rt-10-150700.2.1
* kernel-livepatch-SLE15-SP7-RT_Update_6-debugsource-9-150700.2.1
* kernel-livepatch-SLE15-SP7-RT_Update_5-debugsource-10-150700.2.1
* kernel-livepatch-6_4_0-150700_7_22-rt-9-150700.2.1
* kernel-livepatch-6_4_0-150700_7_22-rt-debuginfo-9-150700.2.1
* kernel-livepatch-SLE15-SP7-RT_Update_3-debugsource-13-150700.2.1
* kernel-livepatch-SLE15-SP7-RT_Update_1-debugsource-18-150700.2.1
* kernel-livepatch-6_4_0-150700_7_13-rt-debuginfo-13-150700.2.1
* kernel-livepatch-6_4_0-150700_7_19-rt-debuginfo-10-150700.2.1
* kernel-livepatch-6_4_0-150700_5-rt-18-150700.3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-23278.html
* https://www.suse.com/security/cve/CVE-2026-31402.html
* https://www.suse.com/security/cve/CVE-2026-31504.html
* https://www.suse.com/security/cve/CVE-2026-31694.html
* https://www.suse.com/security/cve/CVE-2026-43503.html
* https://www.suse.com/security/cve/CVE-2026-46323.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260907
* https://bugzilla.suse.com/show_bug.cgi?id=1261640
* https://bugzilla.suse.com/show_bug.cgi?id=1263088
* https://bugzilla.suse.com/show_bug.cgi?id=1263902
* https://bugzilla.suse.com/show_bug.cgi?id=1266229
* https://bugzilla.suse.com/show_bug.cgi?id=1267625
* https://bugzilla.suse.com/show_bug.cgi?id=1268282

SUSE-SU-2026:2567-1: important: Security update for the Linux Kernel (Live Patch 31 for SUSE Linux Enterprise 15 SP5)

# Security update for the Linux Kernel (Live Patch 31 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:2567-1
Release Date: 2026-06-23T12:05:41Z
Rating: important
References:

* bsc#1261640
* bsc#1263088
* bsc#1263902
* bsc#1266229
* bsc#1268282

Cross-References:

* CVE-2026-31402
* CVE-2026-31504
* CVE-2026-31694
* CVE-2026-43503
* CVE-2026-46323

CVSS scores:

* CVE-2026-31402 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-31402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31504 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43503 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.124 fixes
various security issues

The following security issues were fixed:

* CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
(bsc#1261640).
* CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race
(bsc#1263088).
* CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
* CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
* CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-2539=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2026-2540=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2026-2554=1 SUSE-SLE-Module-Live-Patching-15-SP5-2026-2555=1
SUSE-SLE-Module-Live-Patching-15-SP5-2026-2556=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2539=1 SUSE-2026-2540=1 SUSE-2026-2554=1
SUSE-2026-2555=1 SUSE-2026-2556=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2567=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2567=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_40-debugsource-21-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-21-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-21-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_40-debugsource-21-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-21-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-21-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_113-default-19-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-20-150500.2.1
* kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-17-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-19-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_31-debugsource-12-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-21-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-21-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_27-debugsource-20-150500.2.1
* kernel-livepatch-5_14_21-150500_55_124-default-debuginfo-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-21-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-20-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_28-debugsource-19-150500.2.1
* kernel-livepatch-5_14_21-150500_55_116-default-17-150500.2.1
* kernel-livepatch-5_14_21-150500_55_124-default-12-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x)
* kernel-livepatch-SLE15-SP5_Update_29-debugsource-17-150500.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_113-default-19-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-20-150500.2.1
* kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-17-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-19-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_31-debugsource-12-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-21-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-21-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_27-debugsource-20-150500.2.1
* kernel-livepatch-5_14_21-150500_55_124-default-debuginfo-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-21-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-20-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_28-debugsource-19-150500.2.1
* kernel-livepatch-5_14_21-150500_55_116-default-17-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_29-debugsource-17-150500.2.1
* kernel-livepatch-5_14_21-150500_55_124-default-12-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-31402.html
* https://www.suse.com/security/cve/CVE-2026-31504.html
* https://www.suse.com/security/cve/CVE-2026-31694.html
* https://www.suse.com/security/cve/CVE-2026-43503.html
* https://www.suse.com/security/cve/CVE-2026-46323.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261640
* https://bugzilla.suse.com/show_bug.cgi?id=1263088
* https://bugzilla.suse.com/show_bug.cgi?id=1263902
* https://bugzilla.suse.com/show_bug.cgi?id=1266229
* https://bugzilla.suse.com/show_bug.cgi?id=1268282

SUSE-SU-2026:2559-1: important: Security update for the Linux Kernel (Live Patch 25 for SUSE Linux Enterprise 15 SP6)

# Security update for the Linux Kernel (Live Patch 25 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:2559-1
Release Date: 2026-06-23T12:06:14Z
Rating: important
References:

* bsc#1261640
* bsc#1263088
* bsc#1263902
* bsc#1266229
* bsc#1267625
* bsc#1268282

Cross-References:

* CVE-2026-31402
* CVE-2026-31504
* CVE-2026-31694
* CVE-2026-43503
* CVE-2026-46323

CVSS scores:

* CVE-2026-31402 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-31402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31504 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43503 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves five vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.109 fixes
various security issues

The following security issues were fixed:

* CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
(bsc#1261640).
* CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race
(bsc#1263088).
* CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
* CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
* CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
* net/sched: fix pedit partial COW leading to page cache (bsc#1267625).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2559=1 SUSE-2026-2569=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-2559=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2026-2569=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_25-debugsource-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_109-default-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_109-default-debuginfo-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_100-default-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_100-default-debuginfo-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_23-debugsource-4-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_25-debugsource-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_109-default-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_109-default-debuginfo-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_100-default-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_100-default-debuginfo-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_23-debugsource-4-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-31402.html
* https://www.suse.com/security/cve/CVE-2026-31504.html
* https://www.suse.com/security/cve/CVE-2026-31694.html
* https://www.suse.com/security/cve/CVE-2026-43503.html
* https://www.suse.com/security/cve/CVE-2026-46323.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261640
* https://bugzilla.suse.com/show_bug.cgi?id=1263088
* https://bugzilla.suse.com/show_bug.cgi?id=1263902
* https://bugzilla.suse.com/show_bug.cgi?id=1266229
* https://bugzilla.suse.com/show_bug.cgi?id=1267625
* https://bugzilla.suse.com/show_bug.cgi?id=1268282

openSUSE-SU-2026:20965-1: important: Security update for the Linux Kernel

openSUSE security update: security update for the linux kernel
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20965-1
Rating: important
References:

* bsc#1259884
* bsc#1260502
* bsc#1260548
* bsc#1261041
* bsc#1261603
* bsc#1261619
* bsc#1261791
* bsc#1262606
* bsc#1262615
* bsc#1262619
* bsc#1262622
* bsc#1262624
* bsc#1263006
* bsc#1263058
* bsc#1263062
* bsc#1263115
* bsc#1263180
* bsc#1263579
* bsc#1263594
* bsc#1263724
* bsc#1263794
* bsc#1263883
* bsc#1263932
* bsc#1264000
* bsc#1264040
* bsc#1264091
* bsc#1264196
* bsc#1264243
* bsc#1264245
* bsc#1264255
* bsc#1264415
* bsc#1264484
* bsc#1264609
* bsc#1264622
* bsc#1264672
* bsc#1264723
* bsc#1264765
* bsc#1265081
* bsc#1265114
* bsc#1265170
* bsc#1265186
* bsc#1265579
* bsc#1266394
* bsc#1266400
* bsc#1266696
* bsc#1266711
* bsc#1266720
* bsc#1266810
* bsc#1266816
* bsc#1266826
* bsc#1266827
* bsc#1266888
* bsc#1266889
* bsc#1266901
* bsc#1266914
* bsc#1266927
* bsc#1266972
* bsc#1267205
* bsc#1267214
* bsc#1267220
* bsc#1267531
* bsc#1267652
* bsc#1267875
* bsc#1268018

Cross-References:

* CVE-2026-23254
* CVE-2026-23303
* CVE-2026-23327
* CVE-2026-23438
* CVE-2026-31396
* CVE-2026-31401
* CVE-2026-31446
* CVE-2026-31448
* CVE-2026-31454
* CVE-2026-31455
* CVE-2026-31518
* CVE-2026-31546
* CVE-2026-31556
* CVE-2026-31562
* CVE-2026-31584
* CVE-2026-31645
* CVE-2026-31648
* CVE-2026-31655
* CVE-2026-31671
* CVE-2026-31683
* CVE-2026-31703
* CVE-2026-31774
* CVE-2026-43026
* CVE-2026-43030
* CVE-2026-43040
* CVE-2026-43063
* CVE-2026-43065
* CVE-2026-43066
* CVE-2026-43068
* CVE-2026-43109
* CVE-2026-43150
* CVE-2026-43184
* CVE-2026-43197
* CVE-2026-43332
* CVE-2026-43393
* CVE-2026-43394
* CVE-2026-43411
* CVE-2026-43455
* CVE-2026-45842
* CVE-2026-45846
* CVE-2026-45852
* CVE-2026-45856
* CVE-2026-45886
* CVE-2026-45898
* CVE-2026-45910
* CVE-2026-45932
* CVE-2026-45942
* CVE-2026-45970
* CVE-2026-45984
* CVE-2026-46021
* CVE-2026-46043
* CVE-2026-46083
* CVE-2026-46090
* CVE-2026-46094
* CVE-2026-46114
* CVE-2026-46159
* CVE-2026-46176
* CVE-2026-46181
* CVE-2026-46316
* CVE-2026-46317

CVSS scores:

* CVE-2026-23254 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23303 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23327 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23438 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23438 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31396 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-31396 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31401 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-31401 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31446 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31446 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31448 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31448 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31454 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31454 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31455 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31455 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31518 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31518 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31546 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31546 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31556 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31556 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31562 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31562 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31584 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31584 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31645 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-31645 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-31648 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-31648 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31655 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31655 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31671 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-31671 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-31683 ( SUSE ): 4.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-31683 ( SUSE ): 5.7 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31703 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-31703 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31774 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-43026 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-43030 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-43040 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-43063 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-43065 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-43065 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-43066 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-43066 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43068 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-43068 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43109 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43109 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43150 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-43184 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-43184 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-43197 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-43332 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43332 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43393 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-43393 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43394 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-43394 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43411 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-43411 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43455 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-45842 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2026-45842 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
* CVE-2026-45846 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-45846 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45852 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45852 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45856 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-45856 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-45886 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45886 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45898 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45898 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45910 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45910 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45932 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45932 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45942 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-45942 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45984 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45984 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46021 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46021 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46043 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46043 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46090 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46094 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-46094 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46114 ( SUSE ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-46114 ( SUSE ): 5.3 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-46159 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46176 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46181 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46316 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 60 vulnerabilities and has 64 bug fixes can now be installed.

Description:

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2026-23254: net: gro: fix outer network offset (bsc#1259884).
- CVE-2026-23303: smb: client: Don't log plaintext credentials in cifs_set_cifscreds (bsc#1260502).
- CVE-2026-23327: cxl/mbox: validate payload size before accessing
contents in cxl_payload_from_user_allowed() (bsc#1260548).
- CVE-2026-23438: net: mvpp2: guard flow control update with global_tx_fc in buffer switching (bsc#1261619).
- CVE-2026-31396: net: macb: fix use-after-free access to PTP clock (bsc#1261791).
- CVE-2026-31401: HID: bpf: prevent buffer overflow in hid_hw_request (bsc#1261603).
- CVE-2026-31446: ext4: fix use-after-free in update_super_work when racing with umount (bsc#1262619).
- CVE-2026-31448: ext4: avoid infinite loops caused by residual data (bsc#1262622).
- CVE-2026-31454: xfs: save ailp before dropping the AIL lock in push callbacks (bsc#1262624).
- CVE-2026-31455: xfs: stop reclaim before pushing AIL during unmount (bsc#1262615).
- CVE-2026-31518: esp: fix skb leak with espintcp and async crypto (bsc#1262606).
- CVE-2026-31546: net: bonding: fix NULL deref in bond_debug_rlb_hash_show (bsc#1263006).
- CVE-2026-31556: xfs: scrub: unlock dquot before early return in quota scrub (bsc#1263062).
- CVE-2026-31562: drm/mediatek: dsi: Store driver data before invoking mipi_dsi_host_register (bsc#1263058).
- CVE-2026-31584: media: mediatek: vcodec: fix use-after-free in encoder release path (bsc#1263180).
- CVE-2026-31645: net: lan966x: fix page pool leak in error paths (bsc#1263794).
- CVE-2026-31648: mm: filemap: fix nr_pages calculation overflow in filemap_map_pages() (bsc#1263579).
- CVE-2026-31655: pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled (bsc#1263724).
- CVE-2026-31671: xfrm_user: fix info leak in build_report() (bsc#1263115).
- CVE-2026-31683: batman-adv: avoid OGM aggregation when skb tailroom is insufficient (bsc#1263594).
- CVE-2026-31703: writeback: Fix use after free in inode_switch_wbs_work_fn() (bsc#1263883).
- CVE-2026-31774: io_uring/net: fix slab-out-of-bounds read in io_bundle_nbufs() (bsc#1264040).
- CVE-2026-43026: netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent (bsc#1263932).
- CVE-2026-43030: bpf: Fix regsafe() for pointers to packet (bsc#1264000).
- CVE-2026-43040: net: ipv6: ndisc: fix ndisc_ra_useropt to initialize
nduseropt_padX fields to zero to prevent an info-leak (bsc#1264091).
- CVE-2026-43063: xfs: don't irele after failing to iget in xfs_attri_recover_work (bsc#1264196).
- CVE-2026-43065: ext4: always drain queued discard work in ext4_mb_release() (bsc#1264243).
- CVE-2026-43066: ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths (bsc#1264245).
- CVE-2026-43068: ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal() (bsc#1264255).
- CVE-2026-43109: x86: shadow stacks: proper error handling for mmap lock (bsc#1264484).
- CVE-2026-43150: perf/arm-cmn: Reject unsupported hardware configurations (bsc#1264415).
- CVE-2026-43184: rnbd-srv: Zero the rsp buffer before using it (bsc#1264622).
- CVE-2026-43197: netconsole: avoid OOB reads, msg is not nul-terminated (bsc#1264609).
- CVE-2026-43332: thermal: core: Fix thermal zone device registration error path (bsc#1265114).
- CVE-2026-43393: btrfs: fix chunk map leak in btrfs_map_block() after btrfs_chunk_map_num_copies() (bsc#1264723).
- CVE-2026-43394: nfsd: Fix cred ref leak in nfsd_nl_listener_set_doit() (bsc#1265081).
- CVE-2026-43411: tipc: fix divide-by-zero in tipc_sk_filter_connect() (bsc#1264672).
- CVE-2026-43455: net: mctp: Ensure keys maintain only one ref to corresponding dev (bsc#1264765).
- CVE-2026-45842: slip: reject VJ receive packets on instances with no rstate array (bsc#1266400).
- CVE-2026-45846: bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst() (bsc#1266394).
- CVE-2026-45852: RDMA/rxe: Fix double free in rxe_srq_from_init (bsc#1266711).
- CVE-2026-45856: RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send (bsc#1266720).
- CVE-2026-45886: bpf: Fix bpf_xdp_store_bytes proto for read-only arg (bsc#1266810).
- CVE-2026-45898: RDMA/iwcm: Fix workqueue list corruption by removing work_list (bsc#1266888).
- CVE-2026-45910: RDMA/rxe: Fix race condition in QP timer handlers (bsc#1266889).
- CVE-2026-45932: bpf: Fix tcx/netkit detach permissions when prog fd isn't given (bsc#1266827).
- CVE-2026-45942: ext4: fix e4b bitmap inconsistency reports (bsc#1266914).
- CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down (bsc#1267205).
- CVE-2026-45984: gfs2: Fix use-after-free in iomap inline data write path (bsc#1267214).
- CVE-2026-46021: thermal: core: Fix thermal zone governor cleanup issues (bsc#1267220).
- CVE-2026-46043: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv (bsc#1266901).
- CVE-2026-46083: spi: fix resource leaks on device setup failure (bsc#1266696).
- CVE-2026-46090: ALSA: aloop: Use guard() for spin locks (bsc#1267531).
- CVE-2026-46094: ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access (bsc#1266927).
- CVE-2026-46114: RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads (bsc#1266972).
- CVE-2026-46159: btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak (bsc#1267652).
- CVE-2026-46176: RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init() (bsc#1266816).
- CVE-2026-46181: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() (bsc#1266826).

The following non security issues were fixed:

- accel/ivpu: Add bounds checks for firmware log indices (git-fixes).
- accel/ivpu: Add buffer overflow check in MS get_info_ioctl (git-fixes).
- ALSA: PCM: Fix wait queue list corruption in snd_pcm_drain() on linked streams (git-fixes).
- ALSA: seq: dummy: fix UMP event stack overread (git-fixes).
- arm64: tlb: Allow XZR argument to TLBI ops (git-fixes).
- arm64: tlb: Optimize ARM64_WORKAROUND_REPEAT_TLBI (git-fixes).
- Bluetooth: bnep: reject short frames before parsing (git-fixes).
- Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend (git-fixes).
- Bluetooth: ISO: Fix not releasing hdev reference on iso_conn_big_sync (git-fixes).
- Bluetooth: MGMT: Fix backward compatibility with userspace (git-fixes).
- Bluetooth: MGMT: validate advertising TLV before type checks (git-fixes).
- Bluetooth: RFCOMM: hold listener socket in rfcomm_connect_ind() (git-fixes).
- Bluetooth: RFCOMM: validate skb length in MCC handlers (git-fixes).
- config: remove DEBUG_FS_DISALLOW_MOUNT
- debugfs: Remove broken no-mount mode (bsc#1265186).
- debugfs: Fix default access mode config check (bsc#1265186).
- debugfs: Remove broken no-mount mode (bsc#1265186).
- debugfs: Remove redundant access mode checks (bsc#1265186).
- drm/amd/display: Bound VBIOS record-chain walk loops (git-fixes).
- drm/amd/display: Clamp HDMI HDCP2 rx_id_list read to buffer size (git-fixes).
- drm/amd/display: Fix NULL deref and buffer over-read in SDP debugfs (git-fixes).
- drm/amd/display: Reject gpio_bitshift >= 32 in bios_parser_get_gpio_pin_info() (git-fixes).
- drm/amd/display: Use krealloc_array() in dal_vector_reserve() (git-fixes).
- drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11 (git-fixes).
- drm/amdkfd: fix NULL dereference in get_queue_ids() (git-fixes).
- drm/imx: Fix three kernel-doc warnings in dcss-scaler.c (git-fixes).
- drm/v3d: Fix vaddr leak when indirect CSD has zeroed workgroups (git-fixes).
- drm/xe: Clear pending_disable before signaling suspend fence (git-fixes).
- ima: return error early if file xattr cannot be changed (bsc#1261041).
- Input: atkbd - skip deactivate for HONOR BCC-N's internal keyboard (git-fixes).
- KVM: arm64: Reassign nested_mmus array behind mmu_lock (git-fixes).
- KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation (git-fixes).
- KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry (git-fixes).
- KVM: SEV: Check PSC request indices against the actual size of the buffer (git-fixes).
- KVM: SEV: Compute the correct max length of the in-GHCB scratch area (git-fixes).
- KVM: SEV: Don't explicitly pass PSC buffer to snp_begin_psc() (git-fixes).
- KVM: SEV: Ignore MMIO requests of length '0' (git-fixes).
- KVM: SEV: Ignore Port I/O requests of length '0' (git-fixes).
- KVM: SEV: Reject MMIO requests larger than 8 bytes with GHCB v2+ (git-fixes).
- KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use (git-fixes).
- KVM: SEV: Use READ_ONCE() when reading entries/indices from PSC buffer (git-fixes).
- KVM: SEV: Use the size of the PSC header as the minimum size for PSC requests (git-fixes).
- KVM: SEV: WARN if KVM attempts to setup scratch area with min_len==0 (git-fixes).
- KVM: SVM: Convert plain error code numbers to defines (git-fixes).
- KVM: SVM: Flush the current TLB when transitioning from xAVIC => x2AVIC (git-fixes).
- KVM: SVM: Provide helpers to set the error code (git-fixes).
- KVM: x86: Consolidate SEV-ES MMIO emulation into a single public API (git-fixes).
- KVM: x86: Dedup kvm_sev_es_mmio_{read,write}() (git-fixes).
- KVM: x86: Harden SEV-ES MMIO against on-stack use-after-free (git-fixes).
- KVM: x86: Move MMIO write tracing into vcpu_mmio_write() (git-fixes).
- KVM: x86: Open code handling of completed MMIO reads in emulator_read_write() (git-fixes).
- KVM: x86: Open code read vs. write userspace MMIO exits in emulator_read_write() (git-fixes).
- KVM: x86: Trace unsatisfied MMIO reads on a per-page basis (git-fixes).
- KVM: x86: Use local MMIO fragment variable to clean up emulator_read_write() (git-fixes).
- mmc: core: Fix host controller programming for fixed driver type (git-fixes).
- mmc: dw_mmc-rockchip: Add missing private data for very old controllers (git-fixes).
- mmc: litex_mmc: Set mandatory idle clocks before CMD0 (git-fixes).
- mmc: litex_mmc: Use DIV_ROUND_UP for more accurate clock calculation (git-fixes).
- mmc: renesas_sdhi: Add OF entry for RZ/G2H SoC (git-fixes).
- mmc: sdhci: add signal voltage switch in sdhci_resume_host (git-fixes).
- wifi: mac80211: limit injected antenna index in ieee80211_parse_tx_radiotap (git-fixes).
- wifi: nl80211: reject oversized EMA RNR lists (git-fixes).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-929=1

Package List:

- openSUSE Leap 16.0:

cluster-md-kmp-64kb-6.12.0-160000.35.1
cluster-md-kmp-azure-6.12.0-160000.35.1
cluster-md-kmp-default-6.12.0-160000.35.1
cluster-md-kmp-rt-6.12.0-160000.35.1
dlm-kmp-64kb-6.12.0-160000.35.1
dlm-kmp-azure-6.12.0-160000.35.1
dlm-kmp-default-6.12.0-160000.35.1
dlm-kmp-rt-6.12.0-160000.35.1
dtb-allwinner-6.12.0-160000.35.1
dtb-altera-6.12.0-160000.35.1
dtb-amazon-6.12.0-160000.35.1
dtb-amd-6.12.0-160000.35.1
dtb-amlogic-6.12.0-160000.35.1
dtb-apm-6.12.0-160000.35.1
dtb-apple-6.12.0-160000.35.1
dtb-arm-6.12.0-160000.35.1
dtb-broadcom-6.12.0-160000.35.1
dtb-cavium-6.12.0-160000.35.1
dtb-exynos-6.12.0-160000.35.1
dtb-freescale-6.12.0-160000.35.1
dtb-hisilicon-6.12.0-160000.35.1
dtb-lg-6.12.0-160000.35.1
dtb-marvell-6.12.0-160000.35.1
dtb-mediatek-6.12.0-160000.35.1
dtb-nvidia-6.12.0-160000.35.1
dtb-qcom-6.12.0-160000.35.1
dtb-renesas-6.12.0-160000.35.1
dtb-rockchip-6.12.0-160000.35.1
dtb-socionext-6.12.0-160000.35.1
dtb-sprd-6.12.0-160000.35.1
dtb-xilinx-6.12.0-160000.35.1
gfs2-kmp-64kb-6.12.0-160000.35.1
gfs2-kmp-azure-6.12.0-160000.35.1
gfs2-kmp-default-6.12.0-160000.35.1
gfs2-kmp-rt-6.12.0-160000.35.1
kernel-64kb-6.12.0-160000.35.1
kernel-64kb-devel-6.12.0-160000.35.1
kernel-64kb-extra-6.12.0-160000.35.1
kernel-64kb-optional-6.12.0-160000.35.1
kernel-azure-6.12.0-160000.35.1
kernel-azure-devel-6.12.0-160000.35.1
kernel-azure-extra-6.12.0-160000.35.1
kernel-azure-optional-6.12.0-160000.35.1
kernel-azure-vdso-6.12.0-160000.35.1
kernel-default-6.12.0-160000.35.1
kernel-default-base-6.12.0-160000.35.1.160000.2.16
kernel-default-devel-6.12.0-160000.35.1
kernel-default-extra-6.12.0-160000.35.1
kernel-default-optional-6.12.0-160000.35.1
kernel-default-vdso-6.12.0-160000.35.1
kernel-devel-6.12.0-160000.35.1
kernel-docs-6.12.0-160000.35.1
kernel-docs-html-6.12.0-160000.35.1
kernel-kvmsmall-6.12.0-160000.35.1
kernel-kvmsmall-devel-6.12.0-160000.35.1
kernel-kvmsmall-vdso-6.12.0-160000.35.1
kernel-macros-6.12.0-160000.35.1
kernel-obs-build-6.12.0-160000.35.1
kernel-obs-qa-6.12.0-160000.35.1
kernel-rt-6.12.0-160000.35.1
kernel-rt-devel-6.12.0-160000.35.1
kernel-rt-extra-6.12.0-160000.35.1
kernel-rt-optional-6.12.0-160000.35.1
kernel-rt-vdso-6.12.0-160000.35.1
kernel-source-6.12.0-160000.35.1
kernel-source-vanilla-6.12.0-160000.35.1
kernel-syms-6.12.0-160000.35.1
kernel-zfcpdump-6.12.0-160000.35.1
kselftests-kmp-64kb-6.12.0-160000.35.1
kselftests-kmp-azure-6.12.0-160000.35.1
kselftests-kmp-default-6.12.0-160000.35.1
kselftests-kmp-rt-6.12.0-160000.35.1
ocfs2-kmp-64kb-6.12.0-160000.35.1
ocfs2-kmp-azure-6.12.0-160000.35.1
ocfs2-kmp-default-6.12.0-160000.35.1
ocfs2-kmp-rt-6.12.0-160000.35.1

References:

* https://www.suse.com/security/cve/CVE-2026-23254.html
* https://www.suse.com/security/cve/CVE-2026-23303.html
* https://www.suse.com/security/cve/CVE-2026-23327.html
* https://www.suse.com/security/cve/CVE-2026-23438.html
* https://www.suse.com/security/cve/CVE-2026-31396.html
* https://www.suse.com/security/cve/CVE-2026-31401.html
* https://www.suse.com/security/cve/CVE-2026-31446.html
* https://www.suse.com/security/cve/CVE-2026-31448.html
* https://www.suse.com/security/cve/CVE-2026-31454.html
* https://www.suse.com/security/cve/CVE-2026-31455.html
* https://www.suse.com/security/cve/CVE-2026-31518.html
* https://www.suse.com/security/cve/CVE-2026-31546.html
* https://www.suse.com/security/cve/CVE-2026-31556.html
* https://www.suse.com/security/cve/CVE-2026-31562.html
* https://www.suse.com/security/cve/CVE-2026-31584.html
* https://www.suse.com/security/cve/CVE-2026-31645.html
* https://www.suse.com/security/cve/CVE-2026-31648.html
* https://www.suse.com/security/cve/CVE-2026-31655.html
* https://www.suse.com/security/cve/CVE-2026-31671.html
* https://www.suse.com/security/cve/CVE-2026-31683.html
* https://www.suse.com/security/cve/CVE-2026-31703.html
* https://www.suse.com/security/cve/CVE-2026-31774.html
* https://www.suse.com/security/cve/CVE-2026-43026.html
* https://www.suse.com/security/cve/CVE-2026-43030.html
* https://www.suse.com/security/cve/CVE-2026-43040.html
* https://www.suse.com/security/cve/CVE-2026-43063.html
* https://www.suse.com/security/cve/CVE-2026-43065.html
* https://www.suse.com/security/cve/CVE-2026-43066.html
* https://www.suse.com/security/cve/CVE-2026-43068.html
* https://www.suse.com/security/cve/CVE-2026-43109.html
* https://www.suse.com/security/cve/CVE-2026-43150.html
* https://www.suse.com/security/cve/CVE-2026-43184.html
* https://www.suse.com/security/cve/CVE-2026-43197.html
* https://www.suse.com/security/cve/CVE-2026-43332.html
* https://www.suse.com/security/cve/CVE-2026-43393.html
* https://www.suse.com/security/cve/CVE-2026-43394.html
* https://www.suse.com/security/cve/CVE-2026-43411.html
* https://www.suse.com/security/cve/CVE-2026-43455.html
* https://www.suse.com/security/cve/CVE-2026-45842.html
* https://www.suse.com/security/cve/CVE-2026-45846.html
* https://www.suse.com/security/cve/CVE-2026-45852.html
* https://www.suse.com/security/cve/CVE-2026-45856.html
* https://www.suse.com/security/cve/CVE-2026-45886.html
* https://www.suse.com/security/cve/CVE-2026-45898.html
* https://www.suse.com/security/cve/CVE-2026-45910.html
* https://www.suse.com/security/cve/CVE-2026-45932.html
* https://www.suse.com/security/cve/CVE-2026-45942.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-45984.html
* https://www.suse.com/security/cve/CVE-2026-46021.html
* https://www.suse.com/security/cve/CVE-2026-46043.html
* https://www.suse.com/security/cve/CVE-2026-46083.html
* https://www.suse.com/security/cve/CVE-2026-46090.html
* https://www.suse.com/security/cve/CVE-2026-46094.html
* https://www.suse.com/security/cve/CVE-2026-46114.html
* https://www.suse.com/security/cve/CVE-2026-46159.html
* https://www.suse.com/security/cve/CVE-2026-46176.html
* https://www.suse.com/security/cve/CVE-2026-46181.html
* https://www.suse.com/security/cve/CVE-2026-46316.html
* https://www.suse.com/security/cve/CVE-2026-46317.html

openSUSE-SU-2026:20966-1: moderate: Security update for editorconfig-core-c

openSUSE security update: security update for editorconfig-core-c
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20966-1
Rating: moderate
References:

* bsc#1262131

Cross-References:

* CVE-2026-40489

CVSS scores:

* CVE-2026-40489 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40489 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for editorconfig-core-c fixes the following issue:

- CVE-2026-40489: l_pattern buffer overflow (bsc#1262131).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-931=1

Package List:

- openSUSE Leap 16.0:

editorconfig-0.12.9-160000.3.1
libeditorconfig-devel-0.12.9-160000.3.1
libeditorconfig0-0.12.9-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-40489.html

openSUSE-SU-2026:20967-1: low: Security update for opensc

openSUSE security update: security update for opensc
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20967-1
Rating: low
References:

* bsc#1261214
* bsc#1261218
* bsc#1261219
* bsc#1261220

Cross-References:

* CVE-2025-49010
* CVE-2025-66037
* CVE-2025-66038
* CVE-2025-66215

CVSS scores:

* CVE-2025-49010 ( SUSE ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-49010 ( SUSE ): 1 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-66037 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-66037 ( SUSE ): 1 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-66038 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-66038 ( SUSE ): 1 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-66215 ( SUSE ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-66215 ( SUSE ): 1 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 4 vulnerabilities and has 4 bug fixes can now be installed.

Description:

This update for opensc fixes the following issues:

- CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device responses (bsc#1261214).
- CVE-2025-66037: crafted input can cause an out-of-bounds read (bsc#1261218).
- CVE-2025-66038: improper compact-TLV length validation can lead to crash or unexpected behavior (bsc#1261219).
- CVE-2025-66215: crafted smart card or USB device can cause a stack-buffer-overflow write (bsc#1261220).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-932=1

Package List:

- openSUSE Leap 16.0:

opensc-0.26.1-160000.3.1
opensc-bash-completion-0.26.1-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-49010.html
* https://www.suse.com/security/cve/CVE-2025-66037.html
* https://www.suse.com/security/cve/CVE-2025-66038.html
* https://www.suse.com/security/cve/CVE-2025-66215.html

openSUSE-SU-2026:11079-1: moderate: ghc-crypton-asn1-parse-0.10.0-1.1 on GA media

# ghc-crypton-asn1-parse-0.10.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11079-1
Rating: moderate

Cross-References:

* CVE-2026-9648

CVSS scores:

* CVE-2026-9648 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ghc-crypton-asn1-parse-0.10.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ghc-crypton-asn1-parse 0.10.0-1.1
* ghc-crypton-asn1-parse-devel 0.10.0-1.1
* ghc-crypton-asn1-parse-doc 0.10.0-1.1
* ghc-crypton-asn1-parse-prof 0.10.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-9648.html

openSUSE-SU-2026:11078-1: moderate: ghc-crypton-asn1-encoding-0.10.0-1.1 on GA media

# ghc-crypton-asn1-encoding-0.10.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11078-1
Rating: moderate

Cross-References:

* CVE-2026-9648

CVSS scores:

* CVE-2026-9648 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ghc-crypton-asn1-encoding-0.10.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ghc-crypton-asn1-encoding 0.10.0-1.1
* ghc-crypton-asn1-encoding-devel 0.10.0-1.1
* ghc-crypton-asn1-encoding-doc 0.10.0-1.1
* ghc-crypton-asn1-encoding-prof 0.10.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-9648.html

openSUSE-SU-2026:11075-1: moderate: docker-stable-24.0.9_ce-18.1 on GA media

# docker-stable-24.0.9_ce-18.1 on GA media

Announcement ID: openSUSE-SU-2026:11075-1
Rating: moderate

Cross-References:

* CVE-2026-33186
* CVE-2026-33747
* CVE-2026-33748
* CVE-2026-33814
* CVE-2026-33997
* CVE-2026-34040
* CVE-2026-39821
* CVE-2026-41567

CVSS scores:

* CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-33747 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-33747 ( SUSE ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33748 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-33748 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33997 ( SUSE ): 8.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-34040 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-41567 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 8 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the docker-stable-24.0.9_ce-18.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* docker-stable 24.0.9_ce-18.1
* docker-stable-bash-completion 24.0.9_ce-18.1
* docker-stable-buildx 0.25.0-18.1
* docker-stable-fish-completion 24.0.9_ce-18.1
* docker-stable-rootless-extras 24.0.9_ce-18.1
* docker-stable-zsh-completion 24.0.9_ce-18.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33186.html
* https://www.suse.com/security/cve/CVE-2026-33747.html
* https://www.suse.com/security/cve/CVE-2026-33748.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-33997.html
* https://www.suse.com/security/cve/CVE-2026-34040.html
* https://www.suse.com/security/cve/CVE-2026-39821.html
* https://www.suse.com/security/cve/CVE-2026-41567.html

openSUSE-SU-2026:11077-1: moderate: ghc-aws-0.25.2-1.1 on GA media

# ghc-aws-0.25.2-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11077-1
Rating: moderate

Cross-References:

* CVE-2026-9648

CVSS scores:

* CVE-2026-9648 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ghc-aws-0.25.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ghc-aws 0.25.2-1.1
* ghc-aws-devel 0.25.2-1.1
* ghc-aws-doc 0.25.2-1.1
* ghc-aws-prof 0.25.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-9648.html

openSUSE-SU-2026:11081-1: moderate: ghc-crypton-pem-0.3.0-1.1 on GA media

# ghc-crypton-pem-0.3.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11081-1
Rating: moderate

Cross-References:

* CVE-2026-9648

CVSS scores:

* CVE-2026-9648 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ghc-crypton-pem-0.3.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ghc-crypton-pem 0.3.0-1.1
* ghc-crypton-pem-devel 0.3.0-1.1
* ghc-crypton-pem-doc 0.3.0-1.1
* ghc-crypton-pem-prof 0.3.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-9648.html

openSUSE-SU-2026:11074-1: moderate: containerized-data-importer1.65-api-1.65.0-1.1 on GA media

# containerized-data-importer1.65-api-1.65.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11074-1
Rating: moderate

Cross-References:

* CVE-2024-3727

CVSS scores:

* CVE-2024-3727 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the containerized-data-importer1.65-api-1.65.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* containerized-data-importer1.65-api 1.65.0-1.1
* containerized-data-importer1.65-cloner 1.65.0-1.1
* containerized-data-importer1.65-controller 1.65.0-1.1
* containerized-data-importer1.65-importer 1.65.0-1.1
* containerized-data-importer1.65-manifests 1.65.0-1.1
* containerized-data-importer1.65-operator 1.65.0-1.1
* containerized-data-importer1.65-uploadproxy 1.65.0-1.1
* containerized-data-importer1.65-uploadserver 1.65.0-1.1
* obs-service-cdi1.65_containers_meta 1.65.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-3727.html

openSUSE-SU-2026:11073-1: moderate: bitcoin-qt6-31.0-2.1 on GA media

# bitcoin-qt6-31.0-2.1 on GA media

Announcement ID: openSUSE-SU-2026:11073-1
Rating: moderate

Cross-References:

* CVE-2018-20587
* CVE-2019-15947
* CVE-2020-14198
* CVE-2023-37192
* CVE-2024-35202

Affected Products:

* openSUSE Tumbleweed

An update that solves 5 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the bitcoin-qt6-31.0-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* bitcoin-qt6 31.0-2.1
* bitcoin-test 31.0-2.1
* bitcoin-utils 31.0-2.1
* bitcoind 31.0-2.1

## References:

* https://www.suse.com/security/cve/CVE-2018-20587.html
* https://www.suse.com/security/cve/CVE-2019-15947.html
* https://www.suse.com/security/cve/CVE-2020-14198.html
* https://www.suse.com/security/cve/CVE-2023-37192.html
* https://www.suse.com/security/cve/CVE-2024-35202.html

openSUSE-SU-2026:11080-1: moderate: ghc-crypton-asn1-types-0.4.1-1.1 on GA media

# ghc-crypton-asn1-types-0.4.1-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11080-1
Rating: moderate

Cross-References:

* CVE-2026-9648

CVSS scores:

* CVE-2026-9648 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ghc-crypton-asn1-types-0.4.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ghc-crypton-asn1-types 0.4.1-1.1
* ghc-crypton-asn1-types-devel 0.4.1-1.1
* ghc-crypton-asn1-types-doc 0.4.1-1.1
* ghc-crypton-asn1-types-prof 0.4.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-9648.html

openSUSE-SU-2026:11076-1: moderate: dracut-110+suse.35.g9834432-1.1 on GA media

# dracut-110+suse.35.g9834432-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11076-1
Rating: moderate

Cross-References:

* CVE-2026-6893

CVSS scores:

* CVE-2026-6893 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-6893 ( SUSE ): 8.7 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the dracut-110+suse.35.g9834432-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* dracut 110+suse.35.g9834432-1.1
* dracut-extra 110+suse.35.g9834432-1.1
* dracut-fips 110+suse.35.g9834432-1.1
* dracut-ima 110+suse.35.g9834432-1.1
* dracut-tools 110+suse.35.g9834432-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-6893.html

SUSE-SU-2026:2575-1: important: Security update for libsolv, libzypp, zypper

# Security update for libsolv, libzypp, zypper

Announcement ID: SUSE-SU-2026:2575-1
Release Date: 2026-06-23T12:48:49Z
Rating: important
References:

* bsc#1158038
* bsc#1239718
* bsc#1246504
* bsc#1247948
* bsc#1249435
* bsc#1252744
* bsc#1253193
* bsc#1253740
* bsc#1257068
* bsc#1257882
* bsc#1258193
* bsc#1259311
* bsc#1259706
* bsc#1259802
* bsc#1259842
* bsc#1265223
* bsc#1265935
* bsc#1265938
* bsc#1266039
* bsc#1267426
* bsc#1267874
* jsc#PED-13680
* jsc#PED-14658
* jsc#PED-15607

Cross-References:

* CVE-2026-25707
* CVE-2026-44933
* CVE-2026-44941
* CVE-2026-44942
* CVE-2026-48863
* CVE-2026-9149
* CVE-2026-9150

CVSS scores:

* CVE-2026-25707 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-44933 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-44933 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-44933 ( NVD ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-44933 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-44941 ( SUSE ): 7.5
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-44941 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-44942 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-44942 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-44942 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-48863 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-48863 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-9149 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-9149 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-9149 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-9150 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-9150 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves seven vulnerabilities, contains three features and has 14
security fixes can now be installed.

## Description:

This update for libsolv, libzypp, zypper fixes the following issues

* CVE-2026-9149: Heap buffer overflow in libsolv repo_add_solv via negative
maxsize from crafted .solv file (bsc#1265935).
* CVE-2026-9150: Stack-based buffer overflow in libsolv's Debian metadata
parser when handling SHA384/SHA512 checksums (bsc#1265938).
* CVE-2026-25707: Handcrafted repo metadata may cause arbitrary local files to
be overwritten (bsc#1259802).
* CVE-2026-44933: scan of the Mandatory signature verification plugin support
(bsc#1265223).
* CVE-2026-44941: path traversal via "keyhint" (bsc#1267426).
* CVE-2026-44942: .repo files can have an optional path which can lead to path
traversal attacks (bsc#1267874).
* CVE-2026-48863: Fix buffer overflow when parsing EdDSA signature
(bsc#1266039).

Changes in libzypp:

Updated to version 17.38.13 (35):

* A .repo files "path=" entry must not refer to a location outside the repo
(bsc#1267874, CVE-2026-44942) A "path=" entry may solely denote a sub-
directory of the baseurl where the metadata are located. A relative path
trying to access data outside the baseurl is reported and sanitized.
* Fix potential crash on malformed or malicious repository metadata (fixes
#740)
* Repo metadata: discard entries referring to a location outside the repo
(bsc#1259802, CVE-2026-25707) Mirroring those data locally would refer to a
location outside the repo's local cache directory. Those data entries are
reported and discarded.
* zypp.conf: Allow [env] section to add environment variables. This feature is
designed to enable environment-specific settings or debugging options over
an extended period. See zypp.conf(5).
* Prevent configured scripts from escaping the sigcheck directory
(bsc#1265223, CVE-2026-44933)
* StringV: guard hasPrefix/hasPrefixCI against reading past the view end
(fixes #735)
* Mandatory signature verification plugin support (PED#11922)
* Fix purge-kernel -rc kernel handling (bsc#1239718)
* Explicitly_set_pool_DISTTYPE_RPM (fixes #726)
* Check for trusted key updates when updating the general keyring
(bsc#1259706)
* Support multiple MirroredOrigin authorities (bsc#1253193)
* Workaround doxygen bug: doxygen/doxygen#12057
* libzypp.spec: Add missing graphviz-gd BuildRequires (boo#1259842)
* Fix preloader not caching packages from arch specific subrepos (bsc#1253740)
* Deprioritize invalid mirrors (fixes openSUSE/zypper#636)
* Fix Product::referencePackage lookup (bsc#1259311) Use a provided
autoproduct() as hint to the package name of the release package. It might
be that not just multiple versions of the same release package provide the
same product version, but also different release packages.
* specfile: on fedora use %{_prefix}/share as zyppconfdir if %{_distconfdir}
is undefined (fixes #693) This will set '-DZYPPCONFDIR=%{zyppconfdir}' for
cmake.
* Fall back to a writable location when precaching packages without root
(bsc#1247948)
* Prepare a legacy /etc/zypp/zypp.conf to be installed on old distros. See the
ZYPP.CONF(5) man page for details.
* Fix runtime check for broken rpm --runposttrans (bsc#1257068)
* Avoid libcurl-mini4 when building as it does not support ftp protocol.
* Translation: updated .pot file.
* zypp.conf: follow the UAPI configuration file specification (PED-14658) In
short terms it means we will no longer ship an /etc/zypp/zypp.conf, but
store our own defaults in /usr/etc/zypp/zypp.conf. The systems administrator
may choose to keep a full copy in /etc/zypp/zypp.conf ignoring our config
file settings completely, or - the preferred way - to overwrite specific
settings via /etc/zypp/zypp.conf.d/*.conf overlay files. See the
ZYPP.CONF(5) man page for details.
* cmake: correctly detect rpm6 (fixes #689)
* Use 'zypp.tmp' as temp directory component to ease setting up SELinux
policies (bsc#1249435)
* zyppng: Update Provider to current MediaCurl2 download approach, drop
Metalink ( fixes #682 )

Changes in libsolv:

Updated to version 0.7.39:

* fix solv_chksum_free segfault when called with a NULL pointer
* made repo_add_solv more robust against corrupt files [bsc#1265935]
[CVE-2026-9149]
* fix potential buffer overflow when verifying EdDSA signatures [bsc#1266039]
[CVE-2026-48863]
* added limit checks in multiple places to catch overflows
* reduce the size of the language id cache
* fixed Debian canon selection
* fixed dbpath detection in repo_rpmdb_librpm
* reduced stack usage in repo page compression (needed for musl)
* fix parsing of sha512 checksums in debian repositories [bsc#1265938]
[CVE-2026-9150]
* improve speed of dirpool_add_dir makeing parsing of filelists.xml twice as
fast
* fix parsing of recommends in the old Mandriva synthesis format
* respect the "default" attribute in environment optionlist in the comps
parser
* support suse namespace deps in boolean dependencies [bsc#1258193]
* support for the Elbrus2000 (e2k) architecture
* support language() suse namespace rewriting

Changes in zypper:

Update to version 1.14.98:

* Transactional systems: Delegate rw-commands to transactional-wrapper if
available (jsc#PED-13680, jsc#PED-15607) On a transactional system where the
root filesystem is mounted read-only, zypper commands that modify the system
cannot be executed directly. If the system provides a transactional-wrapper
utility, zypper will automatically attempt to invoke it. The wrapper
transparently executes the zypper command within a new, writable snapshot
and manages the lifecycle of that snapshot based on the command's exit
status. On transactional systems lacking a transactional-wrapper, users must
manually invoke specialized tools -such as transactional-update- to install,
update, or remove software.
* Add --filter-version-change to zypper lu. Adds filtering by version change
significance to reduce noise in update listings. Supports levels: rebuild
(hides rebuild-only changes) and package (hides all release-only changes).
* Autorefresh ris-services the way as plugin-services (bsc#1246504) It's
actually wrong to treat service refreshes different depending on the service
type. For the purpose of a service it makes no difference how the data about
the repos to use are acquired.
* Report download progress for command line rpms (fixes #613)
* Hint to '-vv ref' to see the mirrors used to download the metadata
(bsc#1257882)
* Service: Allow "zypper ls SERVICE ..." to test whether a service with this
alias is defined (bsc#1252744) The command prints an abstract of all
services passed on the command line. It returns
3-ZYPPER_EXIT_ERR_INVALID_ARGS if some argument does not name an existing
service.
* Keep repo data when updating the service settings (bsc#1252744)
* info: Enhance pattern content table (bsc#1158038) Alternatives (multiple
packages providing the same requirement) are now listed as a single entry in
the content table. The entry shows either the installed package which
satisfies the requirement or the requirement itself as type 'Provides'.
Listing all potential alternatives was miss leading, especially if the
alternatives were mutual exclusive. It looked like an installed pattern had
not-installed requirements and it was not possible to install all
requirements at the same time.

Original description from SUSE:Maintenance:44536:

This update for libsolv, libzypp fixes the following issues

Security issues:

* CVE-2026-9149: Heap buffer overflow in libsolv repo_add_solv via negative
maxsize from crafted .solv file (bsc#1265935).
* CVE-2026-9150: Stack-based buffer overflow in libsolv's Debian metadata
parser when handling SHA384/SHA512 checksums (bsc#1265938).
* CVE-2026-25707: Handcrafted repo metadata may cause arbitrary local files to
be overwritten (bsc#1259802).
* CVE-2026-44933: scan of the Mandatory signature verification plugin support
(bsc#1265223).
* CVE-2026-44942: .repo files can have an optional path which can lead to path
traversal attacks (bsc#1267874).
* CVE-2026-48863: Fix bufffer overflow when parsing EdDSA signature
(bsc#1266039).

Changes in libzypp:

Updated to version 17.38.13 (35):

* Fix potential crash on malformed or malicious repository metadata (fixes
#740)
* Repo metadata: discard entries referring to a location outside the repo
(bsc#1259802, CVE-2026-25707) Mirroring those data locally would refer to a
location outside the repo's local cache directory. Those data entries are
reported and discarded.
* zypp.conf: Allow [env] section to add environment variables. This feature is
designed to enable environment-specific settings or debugging options over
an extended period. See zypp.conf(5).
* Prevent configured scripts from escaping the sigcheck directory
(bsc#1265223, CVE-2026-44933)
* StringV: guard hasPrefix/hasPrefixCI against reading past the view end
(fixes #735)
* Mandatory signature verification plugin support (PED#11922)
* Fix purge-kernel -rc kernel handling (bsc#1239718)
* Explicitly_set_pool_DISTTYPE_RPM (fixes #726)
* Check for trusted key updates when updating the general keyring
(bsc#1259706)
* Support multiple MirroredOrigin authorities (bsc#1253193)
* Workaround doxygen bug: doxygen/doxygen#12057
* libzypp.spec: Add missing graphviz-gd BuildRequires (boo#1259842)
* Fix preloader not caching packages from arch specific subrepos (bsc#1253740)
* Deprioritize invalid mirrors (fixes openSUSE/zypper#636)
* Fix Product::referencePackage lookup (bsc#1259311) Use a provided
autoproduct() as hint to the package name of the release package. It might
be that not just multiple versions of the same release package provide the
same product version, but also different release packages.
* specfile: on fedora use %{_prefix}/share as zyppconfdir if %{_distconfdir}
is undefined (fixes #693) This will set '-DZYPPCONFDIR=%{zyppconfdir}' for
cmake.
* Fall back to a writable location when precaching packages without root
(bsc#1247948)
* Prepare a legacy /etc/zypp/zypp.conf to be installed on old distros. See the
ZYPP.CONF(5) man page for details.
* Fix runtime check for broken rpm --runposttrans (bsc#1257068)
* Avoid libcurl-mini4 when building as it does not support ftp protocol.
* Translation: updated .pot file.
* zypp.conf: follow the UAPI configuration file specification (PED-14658) In
short terms it means we will no longer ship an /etc/zypp/zypp.conf, but
store our own defaults in /usr/etc/zypp/zypp.conf. The systems administrator
may choose to keep a full copy in /etc/zypp/zypp.conf ignoring our config
file settings completely, or - the preferred way - to overwrite specific
settings via /etc/zypp/zypp.conf.d/*.conf overlay files. See the
ZYPP.CONF(5) man page for details.
* cmake: correctly detect rpm6 (fixes #689)
* Use 'zypp.tmp' as temp directory component to ease setting up SELinux
policies (bsc#1249435)
* zyppng: Update Provider to current MediaCurl2 download approach, drop
Metalink ( fixes #682 )

Changes in libsolv:

Updated to version 0.7.39:

* fix solv_chksum_free segfault when called with a NULL pointer
* made repo_add_solv more robust against corrupt files [bsc#1265935]
[CVE-2026-9149]
* fix potential buffer overflow when verifying EdDSA signatures [bsc#1266039]
[CVE-2026-48863]
* added limit checks in multiple places to catch overflows
* reduce the size of the language id cache
* fixed Debian canon selection
* fixed dbpath detection in repo_rpmdb_librpm
* reduced stack usage in repo page compression (needed for musl)
* fix parsing of sha512 checksums in debian repositories [bsc#1265938]
[CVE-2026-9150]
* improve speed of dirpool_add_dir makeing parsing of filelists.xml twice as
fast
* fix parsing of recommends in the old Mandriva synthesis format
* respect the "default" attribute in environment optionlist in the comps
parser
* support suse namespace deps in boolean dependencies [bsc#1258193]
* support for the Elbrus2000 (e2k) architecture
* support language() suse namespace rewriting

Update to version 1.14.98:

* Transactional systems: Delegate rw-commands to transactional-wrapper if
available (jsc#PED-13680, jsc#PED-15607) On a transactional system where the
root filesystem is mounted read-only, zypper commands that modify the system
cannot be executed directly. If the system provides a transactional-wrapper
utility, zypper will automatically attempt to invoke it. The wrapper
transparently executes the zypper command within a new, writable snapshot
and manages the lifecycle of that snapshot based on the command's exit
status. On transactional systems lacking a transactional-wrapper, users must
manually invoke specialized tools -such as transactional-update- to install,
update, or remove software.
* Add --filter-version-change to zypper lu. Adds filtering by version change
significance to reduce noise in update listings. Supports levels: rebuild
(hides rebuild-only changes) and package (hides all release-only changes).
* Autorefresh ris-services the way as plugin-services (bsc#1246504) It's
actually wrong to treat service refreshes different depending on the service
type. For the purpose of a service it makes no difference how the data about
the repos to use are acquired.
* Report download progress for command line rpms (fixes #613)
* Hint to '-vv ref' to see the mirrors used to download the metadata
(bsc#1257882)
* Service: Allow "zypper ls SERVICE ..." to test whether a service with this
alias is defined (bsc#1252744) The command prints an abstract of all
services passed on the command line. It returns
3-ZYPPER_EXIT_ERR_INVALID_ARGS if some argument does not name an existing
service.
* Keep repo data when updating the service settings (bsc#1252744)
* info: Enhance pattern content table (bsc#1158038) Alternatives (multiple
packages providing the same requirement) are now listed as a single entry in
the content table. The entry shows either the installed package which
satisfies the requirement or the requirement itself as type 'Provides'.
Listing all potential alternatives was miss leading, especially if the
alternatives were mutual exclusive. It looked like an installed pattern had
not-installed requirements and it was not possible to install all
requirements at the same time.

## Special Instructions and Notes:

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2575=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-2575=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2575=1 SUSE-SLE-
INSTALLER-15-SP5-2026-2575=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2575=1

* SUSE Linux Enterprise Server 15 SP5
zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-2575=1

* SUSE Linux Enterprise High Performance Computing 15 SP5
zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-2575=1

* SUSE Linux Enterprise Desktop 15 SP5
zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-2575=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2575=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2575=1

## Package List:

* SUSE Linux Enterprise High Performance Computing 15 SP5 (aarch64 x86_64)
* libsolv-tools-base-0.7.39-150500.6.17.1
* libzypp-17.38.13-150500.6.74.1
* libsolv-tools-0.7.39-150500.6.17.1
* SUSE Linux Enterprise Desktop 15 SP5 (x86_64)
* libsolv-tools-base-0.7.39-150500.6.17.1
* libzypp-17.38.13-150500.6.74.1
* libsolv-tools-0.7.39-150500.6.17.1
* SUSE Linux Enterprise Server 15 SP5 (aarch64 ppc64le s390x x86_64)
* libsolv-tools-base-0.7.39-150500.6.17.1
* libzypp-17.38.13-150500.6.74.1
* libsolv-tools-0.7.39-150500.6.17.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libzypp-devel-17.38.13-150500.6.74.1
* libzypp-17.38.13-150500.6.74.1
* python3-solv-0.7.39-150500.6.17.1
* libzypp-debugsource-17.38.13-150500.6.74.1
* libsolv-tools-debuginfo-0.7.39-150500.6.17.1
* ruby-solv-0.7.39-150500.6.17.1
* ruby-solv-debuginfo-0.7.39-150500.6.17.1
* perl-solv-debuginfo-0.7.39-150500.6.17.1
* libsolv-debugsource-0.7.39-150500.6.17.1
* libsolv-tools-0.7.39-150500.6.17.1
* perl-solv-0.7.39-150500.6.17.1
* zypper-debuginfo-1.14.98-150500.6.45.1
* libsolv-tools-base-debuginfo-0.7.39-150500.6.17.1
* libsolv-devel-debuginfo-0.7.39-150500.6.17.1
* libsolv-debuginfo-0.7.39-150500.6.17.1
* zypper-debugsource-1.14.98-150500.6.45.1
* libsolv-devel-0.7.39-150500.6.17.1
* zypper-1.14.98-150500.6.45.1
* libsolv-tools-base-0.7.39-150500.6.17.1
* libzypp-debuginfo-17.38.13-150500.6.74.1
* python3-solv-debuginfo-0.7.39-150500.6.17.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* zypper-needs-restarting-1.14.98-150500.6.45.1
* zypper-log-1.14.98-150500.6.45.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libzypp-devel-17.38.13-150500.6.74.1
* libzypp-17.38.13-150500.6.74.1
* python3-solv-0.7.39-150500.6.17.1
* libzypp-debugsource-17.38.13-150500.6.74.1
* libsolv-tools-debuginfo-0.7.39-150500.6.17.1
* ruby-solv-0.7.39-150500.6.17.1
* ruby-solv-debuginfo-0.7.39-150500.6.17.1
* perl-solv-debuginfo-0.7.39-150500.6.17.1
* libsolv-debugsource-0.7.39-150500.6.17.1
* libsolv-tools-0.7.39-150500.6.17.1
* perl-solv-0.7.39-150500.6.17.1
* zypper-debuginfo-1.14.98-150500.6.45.1
* libsolv-tools-base-debuginfo-0.7.39-150500.6.17.1
* libsolv-devel-debuginfo-0.7.39-150500.6.17.1
* libsolv-debuginfo-0.7.39-150500.6.17.1
* zypper-debugsource-1.14.98-150500.6.45.1
* libsolv-devel-0.7.39-150500.6.17.1
* zypper-1.14.98-150500.6.45.1
* libsolv-tools-base-0.7.39-150500.6.17.1
* libzypp-debuginfo-17.38.13-150500.6.74.1
* python3-solv-debuginfo-0.7.39-150500.6.17.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* zypper-needs-restarting-1.14.98-150500.6.45.1
* zypper-log-1.14.98-150500.6.45.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libzypp-devel-17.38.13-150500.6.74.1
* libzypp-17.38.13-150500.6.74.1
* python3-solv-0.7.39-150500.6.17.1
* libzypp-debugsource-17.38.13-150500.6.74.1
* libsolv-tools-debuginfo-0.7.39-150500.6.17.1
* ruby-solv-0.7.39-150500.6.17.1
* ruby-solv-debuginfo-0.7.39-150500.6.17.1
* perl-solv-debuginfo-0.7.39-150500.6.17.1
* libsolv-debugsource-0.7.39-150500.6.17.1
* libsolv-tools-0.7.39-150500.6.17.1
* perl-solv-0.7.39-150500.6.17.1
* zypper-debuginfo-1.14.98-150500.6.45.1
* libsolv-tools-base-debuginfo-0.7.39-150500.6.17.1
* libsolv-devel-debuginfo-0.7.39-150500.6.17.1
* libsolv-debuginfo-0.7.39-150500.6.17.1
* zypper-debugsource-1.14.98-150500.6.45.1
* libsolv-devel-0.7.39-150500.6.17.1
* zypper-1.14.98-150500.6.45.1
* libsolv-tools-base-0.7.39-150500.6.17.1
* libzypp-debuginfo-17.38.13-150500.6.74.1
* python3-solv-debuginfo-0.7.39-150500.6.17.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* zypper-needs-restarting-1.14.98-150500.6.45.1
* zypper-log-1.14.98-150500.6.45.1
* openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64)
* libzypp-devel-17.38.13-150500.6.74.1
* libsolv-demo-debuginfo-0.7.39-150500.6.17.1
* libzypp-17.38.13-150500.6.74.1
* python3-solv-0.7.39-150500.6.17.1
* libsolv-demo-0.7.39-150500.6.17.1
* libzypp-debugsource-17.38.13-150500.6.74.1
* python311-solv-0.7.39-150500.6.17.1
* python311-solv-debuginfo-0.7.39-150500.6.17.1
* libsolv-tools-debuginfo-0.7.39-150500.6.17.1
* ruby-solv-0.7.39-150500.6.17.1
* ruby-solv-debuginfo-0.7.39-150500.6.17.1
* perl-solv-debuginfo-0.7.39-150500.6.17.1
* libsolv-debugsource-0.7.39-150500.6.17.1
* libsolv-tools-0.7.39-150500.6.17.1
* perl-solv-0.7.39-150500.6.17.1
* zypper-debuginfo-1.14.98-150500.6.45.1
* libsolv-tools-base-debuginfo-0.7.39-150500.6.17.1
* libsolv-devel-debuginfo-0.7.39-150500.6.17.1
* libsolv-debuginfo-0.7.39-150500.6.17.1
* zypper-debugsource-1.14.98-150500.6.45.1
* libsolv-devel-0.7.39-150500.6.17.1
* zypper-1.14.98-150500.6.45.1
* libsolv-tools-base-0.7.39-150500.6.17.1
* libzypp-debuginfo-17.38.13-150500.6.74.1
* libzypp-devel-doc-17.38.13-150500.6.74.1
* python3-solv-debuginfo-0.7.39-150500.6.17.1
* openSUSE Leap 15.5 (noarch)
* zypper-needs-restarting-1.14.98-150500.6.45.1
* zypper-aptitude-1.14.98-150500.6.45.1
* zypper-log-1.14.98-150500.6.45.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libsolv-debugsource-0.7.39-150500.6.17.1
* libsolv-debuginfo-0.7.39-150500.6.17.1
* libsolv-tools-0.7.39-150500.6.17.1
* zypper-debugsource-1.14.98-150500.6.45.1
* zypper-1.14.98-150500.6.45.1
* zypper-debuginfo-1.14.98-150500.6.45.1
* libzypp-debugsource-17.38.13-150500.6.74.1
* libsolv-tools-base-0.7.39-150500.6.17.1
* libzypp-17.38.13-150500.6.74.1
* libsolv-tools-debuginfo-0.7.39-150500.6.17.1
* libzypp-debuginfo-17.38.13-150500.6.74.1
* libsolv-tools-base-debuginfo-0.7.39-150500.6.17.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* zypper-needs-restarting-1.14.98-150500.6.45.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libzypp-devel-17.38.13-150500.6.74.1
* libzypp-17.38.13-150500.6.74.1
* python3-solv-0.7.39-150500.6.17.1
* libzypp-debugsource-17.38.13-150500.6.74.1
* libsolv-tools-debuginfo-0.7.39-150500.6.17.1
* ruby-solv-0.7.39-150500.6.17.1
* ruby-solv-debuginfo-0.7.39-150500.6.17.1
* perl-solv-debuginfo-0.7.39-150500.6.17.1
* libsolv-debugsource-0.7.39-150500.6.17.1
* libsolv-tools-0.7.39-150500.6.17.1
* perl-solv-0.7.39-150500.6.17.1
* zypper-debuginfo-1.14.98-150500.6.45.1
* libsolv-tools-base-debuginfo-0.7.39-150500.6.17.1
* libsolv-devel-debuginfo-0.7.39-150500.6.17.1
* libsolv-debuginfo-0.7.39-150500.6.17.1
* zypper-debugsource-1.14.98-150500.6.45.1
* libsolv-devel-0.7.39-150500.6.17.1
* zypper-1.14.98-150500.6.45.1
* libsolv-tools-base-0.7.39-150500.6.17.1
* libzypp-debuginfo-17.38.13-150500.6.74.1
* python3-solv-debuginfo-0.7.39-150500.6.17.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* zypper-needs-restarting-1.14.98-150500.6.45.1
* zypper-log-1.14.98-150500.6.45.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25707.html
* https://www.suse.com/security/cve/CVE-2026-44933.html
* https://www.suse.com/security/cve/CVE-2026-44941.html
* https://www.suse.com/security/cve/CVE-2026-44942.html
* https://www.suse.com/security/cve/CVE-2026-48863.html
* https://www.suse.com/security/cve/CVE-2026-9149.html
* https://www.suse.com/security/cve/CVE-2026-9150.html
* https://bugzilla.suse.com/show_bug.cgi?id=1158038
* https://bugzilla.suse.com/show_bug.cgi?id=1239718
* https://bugzilla.suse.com/show_bug.cgi?id=1246504
* https://bugzilla.suse.com/show_bug.cgi?id=1247948
* https://bugzilla.suse.com/show_bug.cgi?id=1249435
* https://bugzilla.suse.com/show_bug.cgi?id=1252744
* https://bugzilla.suse.com/show_bug.cgi?id=1253193
* https://bugzilla.suse.com/show_bug.cgi?id=1253740
* https://bugzilla.suse.com/show_bug.cgi?id=1257068
* https://bugzilla.suse.com/show_bug.cgi?id=1257882
* https://bugzilla.suse.com/show_bug.cgi?id=1258193
* https://bugzilla.suse.com/show_bug.cgi?id=1259311
* https://bugzilla.suse.com/show_bug.cgi?id=1259706
* https://bugzilla.suse.com/show_bug.cgi?id=1259802
* https://bugzilla.suse.com/show_bug.cgi?id=1259842
* https://bugzilla.suse.com/show_bug.cgi?id=1265223
* https://bugzilla.suse.com/show_bug.cgi?id=1265935
* https://bugzilla.suse.com/show_bug.cgi?id=1265938
* https://bugzilla.suse.com/show_bug.cgi?id=1266039
* https://bugzilla.suse.com/show_bug.cgi?id=1267426
* https://bugzilla.suse.com/show_bug.cgi?id=1267874
* https://jira.suse.com/browse/PED-13680
* https://jira.suse.com/browse/PED-14658
* https://jira.suse.com/browse/PED-15607

SUSE-SU-2026:2580-1: important: Security update for ImageMagick

# Security update for ImageMagick

Announcement ID: SUSE-SU-2026:2580-1
Release Date: 2026-06-23T13:25:39Z
Rating: important
References:

* bsc#1262146
* bsc#1262147
* bsc#1262148
* bsc#1262150
* bsc#1262152
* bsc#1262154
* bsc#1262155
* bsc#1262156
* bsc#1265048
* bsc#1268092
* bsc#1268094
* bsc#1268095
* bsc#1268096
* bsc#1268101
* bsc#1268103
* bsc#1268105
* bsc#1268108
* bsc#1268110
* bsc#1268111
* bsc#1268112
* bsc#1268113
* bsc#1268114
* bsc#1268117
* bsc#1268120
* bsc#1268121
* bsc#1268122
* bsc#1268124
* bsc#1268125
* bsc#1268126

Cross-References:

* CVE-2026-33899
* CVE-2026-33900
* CVE-2026-33901
* CVE-2026-33908
* CVE-2026-34238
* CVE-2026-40169
* CVE-2026-40310
* CVE-2026-40311
* CVE-2026-42050
* CVE-2026-42326
* CVE-2026-45031
* CVE-2026-45359
* CVE-2026-45624
* CVE-2026-45664
* CVE-2026-46520
* CVE-2026-46521
* CVE-2026-46522
* CVE-2026-46523
* CVE-2026-46559
* CVE-2026-46692
* CVE-2026-46693
* CVE-2026-47165
* CVE-2026-47166
* CVE-2026-48734
* CVE-2026-48994
* CVE-2026-49218
* CVE-2026-53460
* CVE-2026-53463
* CVE-2026-53464

CVSS scores:

* CVE-2026-33899 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-33899 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-33899 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-33900 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33900 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33900 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33900 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33901 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33901 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33901 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33908 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33908 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33908 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34238 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34238 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-34238 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-34238 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40169 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-40169 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40169 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40169 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40310 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-40310 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-40310 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-40310 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-40311 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-40311 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-40311 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-40311 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-42050 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-42050 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-42326 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-42326 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
* CVE-2026-42326 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-45031 ( SUSE ): 4.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-45031 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-45031 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-45359 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-45359 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-45359 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-45624 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-45624 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-45624 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-45664 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-45664 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-45664 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-46520 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46520 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-46520 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46521 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46521 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-46521 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-46522 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46522 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-46522 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46523 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46523 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-46523 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46559 ( SUSE ): 4.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-46559 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-46559 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-46692 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46692 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46692 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46693 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46693 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-46693 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-47165 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-47165 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-47165 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-47166 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-47166 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-47166 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-48734 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-48734 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-48734 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-48994 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-48994 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-48994 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-49218 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-49218 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-49218 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-53460 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-53460 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-53460 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-53463 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-53463 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-53463 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-53464 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-53464 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-53464 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* Desktop Applications Module 15-SP7
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves 29 vulnerabilities can now be installed.

## Description:

This update for ImageMagick fixes the following issues

This update for ImageMagick fixes the following issues

* CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing
(bsc#1262154).
* CVE-2026-33900: Denial of Service via integer truncation in viff encoder
(bsc#1262156).
* CVE-2026-33901: Denial of Service due to heap buffer overflow in MVG decoder
(bsc#1262155).
* CVE-2026-33908: Denial of Service via deeply nested XML file processing
(bsc#1262152).
* CVE-2026-34238: Denial of Service via integer overflow in despeckle
operation (bsc#1262147).
* CVE-2026-40169: Denial of Service via crafted image leading to out-of-bounds
write (bsc#1262150).
* CVE-2026-40310: Denial of service via heap out-of-bounds write in JP2
encoder (bsc#1262148).
* CVE-2026-40311: Denial of Service via heap use-after-free in XMP profile
processing (bsc#1262146).
* CVE-2026-42050: Stack buffer overflow in XTileImage (bsc#1265048).
* CVE-2026-42326: Information disclosure via malicious IPTC input file
(bsc#1268092).
* CVE-2026-45031: Denial of Service due to resource policy bypass in PSD
decoder (bsc#1268094).
* CVE-2026-45359: Information Disclosure via Invalid Connected-Components
Value (bsc#1268095).
* CVE-2026-45624: Data exposure due to image processing vulnerability
(bsc#1268096).
* CVE-2026-45664: Denial of Service due to excessive resource use in MNG coder
(bsc#1268101).
* CVE-2026-46520: Denial of Service via out-of-bounds write when processing
multiple images (bsc#1268112).
* CVE-2026-46521: out of bounds write can occur due to a missing check when
using LZMA compression in the MIFF encoder (bsc#1268124).
* CVE-2026-46522: denial of service via crafted MIFF file due to a missing
check in the MIFF decoder (bsc#1268126).
* CVE-2026-46523: heap-use-after-free via a crafted MSL image (bsc#1268125).
* CVE-2026-46559: heap buffer over-write of a single byte when specifying
certain options due to n incorrect check in the JP2 (bsc#1268121).
* CVE-2026-46692: heap buffer over-write in the server process via an attacker
who can connect to a magick -distribute- cache service (bsc#1268120).
* CVE-2026-46693: file descriptor hijacking in the server process when a race
condition is met via an attacker who can connect to a magick -distribute-
cache service (bsc#1268117).
* CVE-2026-47165: distributed pixel cache was originally designed to operate
without a challenge--response authentication model (bsc#1268114).
* CVE-2026-47166: heap buffer over-read in the server process via an attacker
who can connect to a magick -distribute- cache service (bsc#1268113).
* CVE-2026-48734: Stack Overflow in MVG decoder (bsc#1268122).
* CVE-2026-48994: heap buffer over-write due to a missing check of a return
value in the MAT decoder on 32-bit systems (bsc#1268111).
* CVE-2026-49218: denial of service due to a missing check in the DCM decoder
(bsc#1268110).
* CVE-2026-53460: out-of-Memory condition due to a missing check for maximum
memory request in AcquireAlignedMemory (bsc#1268108).
* CVE-2026-53463: null pointer deference due to passing incorrect arguments in
the distort operation (bsc#1268105).
* CVE-2026-53464: small memory leak due to providing invalid options to the
wand option parser (bsc#1268103).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2580=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2580=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2580=1

* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-2580=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2580=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2580=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2580=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2580=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2580=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2580=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2580=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2580=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.87.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.87.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.87.1
* ImageMagick-7.1.0.9-150400.6.87.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.87.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.87.1
* perl-PerlMagick-7.1.0.9-150400.6.87.1
* ImageMagick-devel-7.1.0.9-150400.6.87.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.87.1
* libMagick++-devel-7.1.0.9-150400.6.87.1
* ImageMagick-debugsource-7.1.0.9-150400.6.87.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.87.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.87.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.87.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.87.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.87.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.87.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.87.1
* ImageMagick-7.1.0.9-150400.6.87.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.87.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.87.1
* perl-PerlMagick-7.1.0.9-150400.6.87.1
* ImageMagick-devel-7.1.0.9-150400.6.87.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.87.1
* libMagick++-devel-7.1.0.9-150400.6.87.1
* ImageMagick-debugsource-7.1.0.9-150400.6.87.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.87.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.87.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.87.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.87.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.87.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.87.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.87.1
* ImageMagick-7.1.0.9-150400.6.87.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.87.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.87.1
* perl-PerlMagick-7.1.0.9-150400.6.87.1
* ImageMagick-devel-7.1.0.9-150400.6.87.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.87.1
* libMagick++-devel-7.1.0.9-150400.6.87.1
* ImageMagick-debugsource-7.1.0.9-150400.6.87.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.87.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.87.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.87.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.87.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.87.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.87.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.87.1
* ImageMagick-extra-debuginfo-7.1.0.9-150400.6.87.1
* ImageMagick-7.1.0.9-150400.6.87.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.87.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.87.1
* perl-PerlMagick-7.1.0.9-150400.6.87.1
* ImageMagick-devel-7.1.0.9-150400.6.87.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.87.1
* libMagick++-devel-7.1.0.9-150400.6.87.1
* ImageMagick-debugsource-7.1.0.9-150400.6.87.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.87.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.87.1
* ImageMagick-extra-7.1.0.9-150400.6.87.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.87.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.87.1
* openSUSE Leap 15.4 (x86_64)
* libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.87.1
* ImageMagick-devel-32bit-7.1.0.9-150400.6.87.1
* libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.87.1
* libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.87.1
* libMagick++-devel-32bit-7.1.0.9-150400.6.87.1
* libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.87.1
* libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.87.1
* libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.87.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.0.9-150400.6.87.1
* libMagickCore-7_Q16HDRI10-64bit-7.1.0.9-150400.6.87.1
* libMagick++-7_Q16HDRI5-64bit-7.1.0.9-150400.6.87.1
* libMagickWand-7_Q16HDRI10-64bit-7.1.0.9-150400.6.87.1
* libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.87.1
* libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.87.1
* libMagick++-devel-64bit-7.1.0.9-150400.6.87.1
* ImageMagick-devel-64bit-7.1.0.9-150400.6.87.1
* openSUSE Leap 15.4 (noarch)
* ImageMagick-doc-7.1.0.9-150400.6.87.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.87.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.87.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.87.1
* ImageMagick-7.1.0.9-150400.6.87.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.87.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.87.1
* perl-PerlMagick-7.1.0.9-150400.6.87.1
* ImageMagick-devel-7.1.0.9-150400.6.87.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.87.1
* libMagick++-devel-7.1.0.9-150400.6.87.1
* ImageMagick-debugsource-7.1.0.9-150400.6.87.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.87.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.87.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.87.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.87.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.87.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.87.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.87.1
* ImageMagick-7.1.0.9-150400.6.87.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.87.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.87.1
* perl-PerlMagick-7.1.0.9-150400.6.87.1
* ImageMagick-devel-7.1.0.9-150400.6.87.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.87.1
* libMagick++-devel-7.1.0.9-150400.6.87.1
* ImageMagick-debugsource-7.1.0.9-150400.6.87.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.87.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.87.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.87.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.87.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.87.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.87.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.87.1
* ImageMagick-7.1.0.9-150400.6.87.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.87.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.87.1
* perl-PerlMagick-7.1.0.9-150400.6.87.1
* ImageMagick-devel-7.1.0.9-150400.6.87.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.87.1
* libMagick++-devel-7.1.0.9-150400.6.87.1
* ImageMagick-debugsource-7.1.0.9-150400.6.87.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.87.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.87.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.87.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.87.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* ImageMagick-debugsource-7.1.0.9-150400.6.87.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.87.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.87.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.87.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.87.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.87.1
* ImageMagick-7.1.0.9-150400.6.87.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.87.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.87.1
* perl-PerlMagick-7.1.0.9-150400.6.87.1
* ImageMagick-devel-7.1.0.9-150400.6.87.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.87.1
* libMagick++-devel-7.1.0.9-150400.6.87.1
* ImageMagick-debugsource-7.1.0.9-150400.6.87.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.87.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.87.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.87.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.87.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* ImageMagick-debugsource-7.1.0.9-150400.6.87.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.87.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.87.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.87.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.87.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.87.1
* ImageMagick-7.1.0.9-150400.6.87.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.87.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.87.1
* perl-PerlMagick-7.1.0.9-150400.6.87.1
* ImageMagick-devel-7.1.0.9-150400.6.87.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.87.1
* libMagick++-devel-7.1.0.9-150400.6.87.1
* ImageMagick-debugsource-7.1.0.9-150400.6.87.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.87.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.87.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.87.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.87.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* ImageMagick-debugsource-7.1.0.9-150400.6.87.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.87.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.87.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33899.html
* https://www.suse.com/security/cve/CVE-2026-33900.html
* https://www.suse.com/security/cve/CVE-2026-33901.html
* https://www.suse.com/security/cve/CVE-2026-33908.html
* https://www.suse.com/security/cve/CVE-2026-34238.html
* https://www.suse.com/security/cve/CVE-2026-40169.html
* https://www.suse.com/security/cve/CVE-2026-40310.html
* https://www.suse.com/security/cve/CVE-2026-40311.html
* https://www.suse.com/security/cve/CVE-2026-42050.html
* https://www.suse.com/security/cve/CVE-2026-42326.html
* https://www.suse.com/security/cve/CVE-2026-45031.html
* https://www.suse.com/security/cve/CVE-2026-45359.html
* https://www.suse.com/security/cve/CVE-2026-45624.html
* https://www.suse.com/security/cve/CVE-2026-45664.html
* https://www.suse.com/security/cve/CVE-2026-46520.html
* https://www.suse.com/security/cve/CVE-2026-46521.html
* https://www.suse.com/security/cve/CVE-2026-46522.html
* https://www.suse.com/security/cve/CVE-2026-46523.html
* https://www.suse.com/security/cve/CVE-2026-46559.html
* https://www.suse.com/security/cve/CVE-2026-46692.html
* https://www.suse.com/security/cve/CVE-2026-46693.html
* https://www.suse.com/security/cve/CVE-2026-47165.html
* https://www.suse.com/security/cve/CVE-2026-47166.html
* https://www.suse.com/security/cve/CVE-2026-48734.html
* https://www.suse.com/security/cve/CVE-2026-48994.html
* https://www.suse.com/security/cve/CVE-2026-49218.html
* https://www.suse.com/security/cve/CVE-2026-53460.html
* https://www.suse.com/security/cve/CVE-2026-53463.html
* https://www.suse.com/security/cve/CVE-2026-53464.html
* https://bugzilla.suse.com/show_bug.cgi?id=1262146
* https://bugzilla.suse.com/show_bug.cgi?id=1262147
* https://bugzilla.suse.com/show_bug.cgi?id=1262148
* https://bugzilla.suse.com/show_bug.cgi?id=1262150
* https://bugzilla.suse.com/show_bug.cgi?id=1262152
* https://bugzilla.suse.com/show_bug.cgi?id=1262154
* https://bugzilla.suse.com/show_bug.cgi?id=1262155
* https://bugzilla.suse.com/show_bug.cgi?id=1262156
* https://bugzilla.suse.com/show_bug.cgi?id=1265048
* https://bugzilla.suse.com/show_bug.cgi?id=1268092
* https://bugzilla.suse.com/show_bug.cgi?id=1268094
* https://bugzilla.suse.com/show_bug.cgi?id=1268095
* https://bugzilla.suse.com/show_bug.cgi?id=1268096
* https://bugzilla.suse.com/show_bug.cgi?id=1268101
* https://bugzilla.suse.com/show_bug.cgi?id=1268103
* https://bugzilla.suse.com/show_bug.cgi?id=1268105
* https://bugzilla.suse.com/show_bug.cgi?id=1268108
* https://bugzilla.suse.com/show_bug.cgi?id=1268110
* https://bugzilla.suse.com/show_bug.cgi?id=1268111
* https://bugzilla.suse.com/show_bug.cgi?id=1268112
* https://bugzilla.suse.com/show_bug.cgi?id=1268113
* https://bugzilla.suse.com/show_bug.cgi?id=1268114
* https://bugzilla.suse.com/show_bug.cgi?id=1268117
* https://bugzilla.suse.com/show_bug.cgi?id=1268120
* https://bugzilla.suse.com/show_bug.cgi?id=1268121
* https://bugzilla.suse.com/show_bug.cgi?id=1268122
* https://bugzilla.suse.com/show_bug.cgi?id=1268124
* https://bugzilla.suse.com/show_bug.cgi?id=1268125
* https://bugzilla.suse.com/show_bug.cgi?id=1268126

SUSE-SU-2026:2584-1: moderate: Security update for exiv2

# Security update for exiv2

Announcement ID: SUSE-SU-2026:2584-1
Release Date: 2026-06-23T13:27:50Z
Rating: moderate
References:

* bsc#1189338
* bsc#1259083
* bsc#1259084
* bsc#1259085

Cross-References:

* CVE-2021-34334
* CVE-2026-25884
* CVE-2026-27596
* CVE-2026-27631

CVSS scores:

* CVE-2021-34334 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2021-34334 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-25884 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-25884 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-25884 ( NVD ): 2.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25884 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
* CVE-2026-27596 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-27596 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-27596 ( NVD ): 2.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-27596 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-27631 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-27631 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-27631 ( NVD ): 2.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-27631 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products:

* Desktop Applications Module 15-SP7
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves four vulnerabilities can now be installed.

## Description:

This update for exiv2 fixes the following issues

* CVE-2021-34334: DoS due to integer overflow in loop counter (bsc#1189338).
* CVE-2026-25884: out-of-bounds read in `CrwMap: decode0x0805` (bsc#1259083).
* CVE-2026-27596: integer overflow in `LoaderNative: getData()` leads to out-
of-bounds read (bsc#1259084).
* CVE-2026-27631: crash due to uncaught exception when trying to create `std:
vector` larger than `max_size()` (bsc#1259085).

Changes for exiv2:

* Minor bugs and fixes
* Other improvements
* exivsimple has array index errors when stripping quotes form TIFF
parser,Binary array elements should be decoded using the Add option -K Key
(--key Key) to specify one or more keys to "exiv2 -eX" followed by "exiv2
-iX" produces invalid XMP
* This release introduces support for Postscript (EPS) images. XMP metadata
can be read and written from/to EPS images and previews are accessible.
Further it includes a new build environment for MSVC 64 bit
* fix build with gcc 4.3 (upstream backport)
* Fix "Since v0.14 the version check macro doesn't work in a precompiler

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2584=1

* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-2584=1

## Package List:

* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* libexiv2-xmp-static-0.27.5-150400.15.7.1
* exiv2-debugsource-0.27.5-150400.15.7.1
* exiv2-debuginfo-0.27.5-150400.15.7.1
* libexiv2-27-debuginfo-0.27.5-150400.15.7.1
* libexiv2-27-0.27.5-150400.15.7.1
* exiv2-0.27.5-150400.15.7.1
* libexiv2-devel-0.27.5-150400.15.7.1
* openSUSE Leap 15.4 (noarch)
* exiv2-lang-0.27.5-150400.15.7.1
* openSUSE Leap 15.4 (x86_64)
* libexiv2-27-32bit-0.27.5-150400.15.7.1
* libexiv2-27-32bit-debuginfo-0.27.5-150400.15.7.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libexiv2-27-64bit-debuginfo-0.27.5-150400.15.7.1
* libexiv2-27-64bit-0.27.5-150400.15.7.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libexiv2-xmp-static-0.27.5-150400.15.7.1
* exiv2-debugsource-0.27.5-150400.15.7.1
* exiv2-debuginfo-0.27.5-150400.15.7.1
* libexiv2-27-debuginfo-0.27.5-150400.15.7.1
* libexiv2-27-0.27.5-150400.15.7.1
* libexiv2-devel-0.27.5-150400.15.7.1

## References:

* https://www.suse.com/security/cve/CVE-2021-34334.html
* https://www.suse.com/security/cve/CVE-2026-25884.html
* https://www.suse.com/security/cve/CVE-2026-27596.html
* https://www.suse.com/security/cve/CVE-2026-27631.html
* https://bugzilla.suse.com/show_bug.cgi?id=1189338
* https://bugzilla.suse.com/show_bug.cgi?id=1259083
* https://bugzilla.suse.com/show_bug.cgi?id=1259084
* https://bugzilla.suse.com/show_bug.cgi?id=1259085

SUSE-SU-2026:2590-1: important: Security update for libsolv, libzypp, zypper

# Security update for libsolv, libzypp, zypper

Announcement ID: SUSE-SU-2026:2590-1
Release Date: 2026-06-23T14:09:43Z
Rating: important
References:

* bsc#1158038
* bsc#1239718
* bsc#1246504
* bsc#1247948
* bsc#1249435
* bsc#1252744
* bsc#1253193
* bsc#1253740
* bsc#1257068
* bsc#1257882
* bsc#1258193
* bsc#1259311
* bsc#1259706
* bsc#1259802
* bsc#1259842
* bsc#1265223
* bsc#1265935
* bsc#1265938
* bsc#1266039
* bsc#1267426
* bsc#1267874
* jsc#PED-13680
* jsc#PED-14658
* jsc#PED-15607

Cross-References:

* CVE-2026-25707
* CVE-2026-44933
* CVE-2026-44941
* CVE-2026-44942
* CVE-2026-48863
* CVE-2026-9149
* CVE-2026-9150

CVSS scores:

* CVE-2026-25707 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-44933 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-44933 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-44933 ( NVD ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-44933 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-44941 ( SUSE ): 7.5
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-44941 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-44942 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-44942 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-44942 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-48863 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-48863 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-9149 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-9149 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-9149 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-9150 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-9150 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves seven vulnerabilities, contains three features and has 14
security fixes can now be installed.

## Description:

This update for libsolv, libzypp, zypper fixes the following issues

* CVE-2026-9149: Heap buffer overflow in libsolv repo_add_solv via negative
maxsize from crafted .solv file (bsc#1265935).
* CVE-2026-9150: Stack-based buffer overflow in libsolv's Debian metadata
parser when handling SHA384/SHA512 checksums (bsc#1265938).
* CVE-2026-25707: Handcrafted repo metadata may cause arbitrary local files to
be overwritten (bsc#1259802).
* CVE-2026-44933: scan of the Mandatory signature verification plugin support
(bsc#1265223).
* CVE-2026-44941: path traversal via "keyhint" (bsc#1267426).
* CVE-2026-44942: .repo files can have an optional path which can lead to path
traversal attacks (bsc#1267874).
* CVE-2026-48863: Fix buffer overflow when parsing EdDSA signature
(bsc#1266039).

Changes in libzypp:

Updated to version 17.38.13 (35):

* A .repo files "path=" entry must not refer to a location outside the repo
(bsc#1267874, CVE-2026-44942) A "path=" entry may solely denote a sub-
directory of the baseurl where the metadata are located. A relative path
trying to access data outside the baseurl is reported and sanitized.
* Fix potential crash on malformed or malicious repository metadata (fixes
#740)
* Repo metadata: discard entries referring to a location outside the repo
(bsc#1259802, CVE-2026-25707) Mirroring those data locally would refer to a
location outside the repo's local cache directory. Those data entries are
reported and discarded.
* zypp.conf: Allow [env] section to add environment variables. This feature is
designed to enable environment-specific settings or debugging options over
an extended period. See zypp.conf(5).
* Prevent configured scripts from escaping the sigcheck directory
(bsc#1265223, CVE-2026-44933)
* StringV: guard hasPrefix/hasPrefixCI against reading past the view end
(fixes #735)
* Mandatory signature verification plugin support (PED#11922)
* Fix purge-kernel -rc kernel handling (bsc#1239718)
* Explicitly_set_pool_DISTTYPE_RPM (fixes #726)
* Check for trusted key updates when updating the general keyring
(bsc#1259706)
* Support multiple MirroredOrigin authorities (bsc#1253193)
* Workaround doxygen bug: doxygen/doxygen#12057
* libzypp.spec: Add missing graphviz-gd BuildRequires (boo#1259842)
* Fix preloader not caching packages from arch specific subrepos (bsc#1253740)
* Deprioritize invalid mirrors (fixes openSUSE/zypper#636)
* Fix Product::referencePackage lookup (bsc#1259311) Use a provided
autoproduct() as hint to the package name of the release package. It might
be that not just multiple versions of the same release package provide the
same product version, but also different release packages.
* specfile: on fedora use %{_prefix}/share as zyppconfdir if %{_distconfdir}
is undefined (fixes #693) This will set '-DZYPPCONFDIR=%{zyppconfdir}' for
cmake.
* Fall back to a writable location when precaching packages without root
(bsc#1247948)
* Prepare a legacy /etc/zypp/zypp.conf to be installed on old distros. See the
ZYPP.CONF(5) man page for details.
* Fix runtime check for broken rpm --runposttrans (bsc#1257068)
* Avoid libcurl-mini4 when building as it does not support ftp protocol.
* Translation: updated .pot file.
* zypp.conf: follow the UAPI configuration file specification (PED-14658) In
short terms it means we will no longer ship an /etc/zypp/zypp.conf, but
store our own defaults in /usr/etc/zypp/zypp.conf. The systems administrator
may choose to keep a full copy in /etc/zypp/zypp.conf ignoring our config
file settings completely, or - the preferred way - to overwrite specific
settings via /etc/zypp/zypp.conf.d/*.conf overlay files. See the
ZYPP.CONF(5) man page for details.
* cmake: correctly detect rpm6 (fixes #689)
* Use 'zypp.tmp' as temp directory component to ease setting up SELinux
policies (bsc#1249435)
* zyppng: Update Provider to current MediaCurl2 download approach, drop
Metalink ( fixes #682 )

Changes in libsolv:

Updated to version 0.7.39:

* fix solv_chksum_free segfault when called with a NULL pointer
* made repo_add_solv more robust against corrupt files [bsc#1265935]
[CVE-2026-9149]
* fix potential buffer overflow when verifying EdDSA signatures [bsc#1266039]
[CVE-2026-48863]
* added limit checks in multiple places to catch overflows
* reduce the size of the language id cache
* fixed Debian canon selection
* fixed dbpath detection in repo_rpmdb_librpm
* reduced stack usage in repo page compression (needed for musl)
* fix parsing of sha512 checksums in debian repositories [bsc#1265938]
[CVE-2026-9150]
* improve speed of dirpool_add_dir makeing parsing of filelists.xml twice as
fast
* fix parsing of recommends in the old Mandriva synthesis format
* respect the "default" attribute in environment optionlist in the comps
parser
* support suse namespace deps in boolean dependencies [bsc#1258193]
* support for the Elbrus2000 (e2k) architecture
* support language() suse namespace rewriting

Changes in zypper:

Update to version 1.14.98:

* Transactional systems: Delegate rw-commands to transactional-wrapper if
available (jsc#PED-13680, jsc#PED-15607) On a transactional system where the
root filesystem is mounted read-only, zypper commands that modify the system
cannot be executed directly. If the system provides a transactional-wrapper
utility, zypper will automatically attempt to invoke it. The wrapper
transparently executes the zypper command within a new, writable snapshot
and manages the lifecycle of that snapshot based on the command's exit
status. On transactional systems lacking a transactional-wrapper, users must
manually invoke specialized tools -such as transactional-update- to install,
update, or remove software.
* Add --filter-version-change to zypper lu. Adds filtering by version change
significance to reduce noise in update listings. Supports levels: rebuild
(hides rebuild-only changes) and package (hides all release-only changes).
* Autorefresh ris-services the way as plugin-services (bsc#1246504) It's
actually wrong to treat service refreshes different depending on the service
type. For the purpose of a service it makes no difference how the data about
the repos to use are acquired.
* Report download progress for command line rpms (fixes #613)
* Hint to '-vv ref' to see the mirrors used to download the metadata
(bsc#1257882)
* Service: Allow "zypper ls SERVICE ..." to test whether a service with this
alias is defined (bsc#1252744) The command prints an abstract of all
services passed on the command line. It returns
3-ZYPPER_EXIT_ERR_INVALID_ARGS if some argument does not name an existing
service.
* Keep repo data when updating the service settings (bsc#1252744)
* info: Enhance pattern content table (bsc#1158038) Alternatives (multiple
packages providing the same requirement) are now listed as a single entry in
the content table. The entry shows either the installed package which
satisfies the requirement or the requirement itself as type 'Provides'.
Listing all potential alternatives was miss leading, especially if the
alternatives were mutual exclusive. It looked like an installed pattern had
not-installed requirements and it was not possible to install all
requirements at the same time.

## Special Instructions and Notes:

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-INSTALLER-15-SP6-2026-2590=1 SUSE-SLE-Product-
SLES_SAP-15-SP6-2026-2590=1

* SUSE Linux Enterprise High Performance Computing 15 SP6
zypper in -t patch SUSE-SLE-INSTALLER-15-SP6-2026-2590=1

* SUSE Linux Enterprise Desktop 15 SP6
zypper in -t patch SUSE-SLE-INSTALLER-15-SP6-2026-2590=1

* SUSE Linux Enterprise Server 15 SP6
zypper in -t patch SUSE-SLE-INSTALLER-15-SP6-2026-2590=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2590=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2590=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* zypper-1.14.98-150600.10.55.1
* python311-solv-0.7.39-150600.8.24.1
* libsolv-tools-base-0.7.39-150600.8.24.1
* libsolv-tools-debuginfo-0.7.39-150600.8.24.1
* libzypp-devel-17.38.13-150600.3.92.1
* libsolv-tools-0.7.39-150600.8.24.1
* libzypp-17.38.13-150600.3.92.1
* libsolv-devel-debuginfo-0.7.39-150600.8.24.1
* zypper-debuginfo-1.14.98-150600.10.55.1
* ruby-solv-debuginfo-0.7.39-150600.8.24.1
* perl-solv-0.7.39-150600.8.24.1
* libsolv-debugsource-0.7.39-150600.8.24.1
* python3-solv-debuginfo-0.7.39-150600.8.24.1
* libsolv-debuginfo-0.7.39-150600.8.24.1
* zypper-debugsource-1.14.98-150600.10.55.1
* libzypp-debugsource-17.38.13-150600.3.92.1
* perl-solv-debuginfo-0.7.39-150600.8.24.1
* libzypp-debuginfo-17.38.13-150600.3.92.1
* libsolv-devel-0.7.39-150600.8.24.1
* python3-solv-0.7.39-150600.8.24.1
* ruby-solv-0.7.39-150600.8.24.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* zypper-log-1.14.98-150600.10.55.1
* zypper-needs-restarting-1.14.98-150600.10.55.1
* SUSE Linux Enterprise High Performance Computing 15 SP6 (aarch64 x86_64)
* libsolv-tools-0.7.39-150600.8.24.1
* libzypp-17.38.13-150600.3.92.1
* libsolv-tools-base-0.7.39-150600.8.24.1
* SUSE Linux Enterprise Desktop 15 SP6 (x86_64)
* libsolv-tools-0.7.39-150600.8.24.1
* libzypp-17.38.13-150600.3.92.1
* libsolv-tools-base-0.7.39-150600.8.24.1
* SUSE Linux Enterprise Server 15 SP6 (aarch64 ppc64le s390x x86_64)
* libsolv-tools-0.7.39-150600.8.24.1
* libzypp-17.38.13-150600.3.92.1
* libsolv-tools-base-0.7.39-150600.8.24.1
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* zypper-1.14.98-150600.10.55.1
* python311-solv-0.7.39-150600.8.24.1
* libsolv-tools-base-0.7.39-150600.8.24.1
* libsolv-tools-base-debuginfo-0.7.39-150600.8.24.1
* libsolv-tools-debuginfo-0.7.39-150600.8.24.1
* libzypp-devel-17.38.13-150600.3.92.1
* python311-solv-debuginfo-0.7.39-150600.8.24.1
* libsolv-tools-0.7.39-150600.8.24.1
* libzypp-17.38.13-150600.3.92.1
* libsolv-devel-debuginfo-0.7.39-150600.8.24.1
* zypper-debuginfo-1.14.98-150600.10.55.1
* ruby-solv-debuginfo-0.7.39-150600.8.24.1
* perl-solv-0.7.39-150600.8.24.1
* libsolv-debugsource-0.7.39-150600.8.24.1
* python3-solv-debuginfo-0.7.39-150600.8.24.1
* libsolv-debuginfo-0.7.39-150600.8.24.1
* zypper-debugsource-1.14.98-150600.10.55.1
* libzypp-debugsource-17.38.13-150600.3.92.1
* perl-solv-debuginfo-0.7.39-150600.8.24.1
* libsolv-demo-0.7.39-150600.8.24.1
* libzypp-debuginfo-17.38.13-150600.3.92.1
* libsolv-devel-0.7.39-150600.8.24.1
* python3-solv-0.7.39-150600.8.24.1
* ruby-solv-0.7.39-150600.8.24.1
* libsolv-demo-debuginfo-0.7.39-150600.8.24.1
* libzypp-devel-doc-17.38.13-150600.3.92.1
* openSUSE Leap 15.6 (noarch)
* zypper-aptitude-1.14.98-150600.10.55.1
* zypper-log-1.14.98-150600.10.55.1
* zypper-needs-restarting-1.14.98-150600.10.55.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* zypper-1.14.98-150600.10.55.1
* python311-solv-0.7.39-150600.8.24.1
* libsolv-tools-base-0.7.39-150600.8.24.1
* libsolv-tools-debuginfo-0.7.39-150600.8.24.1
* libzypp-devel-17.38.13-150600.3.92.1
* libsolv-tools-0.7.39-150600.8.24.1
* libzypp-17.38.13-150600.3.92.1
* libsolv-devel-debuginfo-0.7.39-150600.8.24.1
* zypper-debuginfo-1.14.98-150600.10.55.1
* ruby-solv-debuginfo-0.7.39-150600.8.24.1
* perl-solv-0.7.39-150600.8.24.1
* libsolv-debugsource-0.7.39-150600.8.24.1
* python3-solv-debuginfo-0.7.39-150600.8.24.1
* libsolv-debuginfo-0.7.39-150600.8.24.1
* zypper-debugsource-1.14.98-150600.10.55.1
* libzypp-debugsource-17.38.13-150600.3.92.1
* perl-solv-debuginfo-0.7.39-150600.8.24.1
* libzypp-debuginfo-17.38.13-150600.3.92.1
* libsolv-devel-0.7.39-150600.8.24.1
* python3-solv-0.7.39-150600.8.24.1
* ruby-solv-0.7.39-150600.8.24.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* zypper-log-1.14.98-150600.10.55.1
* zypper-needs-restarting-1.14.98-150600.10.55.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25707.html
* https://www.suse.com/security/cve/CVE-2026-44933.html
* https://www.suse.com/security/cve/CVE-2026-44941.html
* https://www.suse.com/security/cve/CVE-2026-44942.html
* https://www.suse.com/security/cve/CVE-2026-48863.html
* https://www.suse.com/security/cve/CVE-2026-9149.html
* https://www.suse.com/security/cve/CVE-2026-9150.html
* https://bugzilla.suse.com/show_bug.cgi?id=1158038
* https://bugzilla.suse.com/show_bug.cgi?id=1239718
* https://bugzilla.suse.com/show_bug.cgi?id=1246504
* https://bugzilla.suse.com/show_bug.cgi?id=1247948
* https://bugzilla.suse.com/show_bug.cgi?id=1249435
* https://bugzilla.suse.com/show_bug.cgi?id=1252744
* https://bugzilla.suse.com/show_bug.cgi?id=1253193
* https://bugzilla.suse.com/show_bug.cgi?id=1253740
* https://bugzilla.suse.com/show_bug.cgi?id=1257068
* https://bugzilla.suse.com/show_bug.cgi?id=1257882
* https://bugzilla.suse.com/show_bug.cgi?id=1258193
* https://bugzilla.suse.com/show_bug.cgi?id=1259311
* https://bugzilla.suse.com/show_bug.cgi?id=1259706
* https://bugzilla.suse.com/show_bug.cgi?id=1259802
* https://bugzilla.suse.com/show_bug.cgi?id=1259842
* https://bugzilla.suse.com/show_bug.cgi?id=1265223
* https://bugzilla.suse.com/show_bug.cgi?id=1265935
* https://bugzilla.suse.com/show_bug.cgi?id=1265938
* https://bugzilla.suse.com/show_bug.cgi?id=1266039
* https://bugzilla.suse.com/show_bug.cgi?id=1267426
* https://bugzilla.suse.com/show_bug.cgi?id=1267874
* https://jira.suse.com/browse/PED-13680
* https://jira.suse.com/browse/PED-14658
* https://jira.suse.com/browse/PED-15607

SUSE-SU-2026:2595-1: important: Security update for rekor

# Security update for rekor

Announcement ID: SUSE-SU-2026:2595-1
Release Date: 2026-06-23T15:38:14Z
Rating: important
References:

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that can now be installed.

## Description:

This update for rekor rebuilds it against the current go security release.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2595=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2595=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2595=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2595=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2595=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2595=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2595=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2595=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2595=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2595=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2595=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2595=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* rekor-1.4.3-150400.4.34.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* rekor-1.4.3-150400.4.34.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* rekor-1.4.3-150400.4.34.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* rekor-debuginfo-1.4.3-150400.4.34.1
* rekor-1.4.3-150400.4.34.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* rekor-1.4.3-150400.4.34.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* rekor-1.4.3-150400.4.34.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* rekor-1.4.3-150400.4.34.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* rekor-debuginfo-1.4.3-150400.4.34.1
* rekor-1.4.3-150400.4.34.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* rekor-1.4.3-150400.4.34.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* rekor-debuginfo-1.4.3-150400.4.34.1
* rekor-1.4.3-150400.4.34.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* rekor-1.4.3-150400.4.34.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* rekor-debuginfo-1.4.3-150400.4.34.1
* rekor-1.4.3-150400.4.34.1

SUSE-SU-2026:2597-1: important: Security update for podman

# Security update for podman

Announcement ID: SUSE-SU-2026:2597-1
Release Date: 2026-06-23T15:38:59Z
Rating: important
References:

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that can now be installed.

## Description:

This update for podman rebuilds it against the current go security release.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2597=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2597=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2597=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2597=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2597=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2597=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2597=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2597=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2597=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* podman-debuginfo-4.9.5-150400.4.71.1
* podman-remote-4.9.5-150400.4.71.1
* podman-4.9.5-150400.4.71.1
* podman-remote-debuginfo-4.9.5-150400.4.71.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* podman-docker-4.9.5-150400.4.71.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* podman-debuginfo-4.9.5-150400.4.71.1
* podman-remote-4.9.5-150400.4.71.1
* podman-4.9.5-150400.4.71.1
* podman-remote-debuginfo-4.9.5-150400.4.71.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* podman-docker-4.9.5-150400.4.71.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* podman-debuginfo-4.9.5-150400.4.71.1
* podman-remote-4.9.5-150400.4.71.1
* podman-4.9.5-150400.4.71.1
* podman-remote-debuginfo-4.9.5-150400.4.71.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* podman-docker-4.9.5-150400.4.71.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* podmansh-4.9.5-150400.4.71.1
* podman-remote-4.9.5-150400.4.71.1
* podman-debuginfo-4.9.5-150400.4.71.1
* podman-4.9.5-150400.4.71.1
* podman-remote-debuginfo-4.9.5-150400.4.71.1
* openSUSE Leap 15.4 (noarch)
* podman-docker-4.9.5-150400.4.71.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* podman-debuginfo-4.9.5-150400.4.71.1
* podman-remote-4.9.5-150400.4.71.1
* podman-4.9.5-150400.4.71.1
* podman-remote-debuginfo-4.9.5-150400.4.71.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* podman-debuginfo-4.9.5-150400.4.71.1
* podman-remote-4.9.5-150400.4.71.1
* podman-4.9.5-150400.4.71.1
* podman-remote-debuginfo-4.9.5-150400.4.71.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* podman-debuginfo-4.9.5-150400.4.71.1
* podman-remote-4.9.5-150400.4.71.1
* podman-4.9.5-150400.4.71.1
* podman-remote-debuginfo-4.9.5-150400.4.71.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* podman-debuginfo-4.9.5-150400.4.71.1
* podman-remote-4.9.5-150400.4.71.1
* podman-4.9.5-150400.4.71.1
* podman-remote-debuginfo-4.9.5-150400.4.71.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* podman-debuginfo-4.9.5-150400.4.71.1
* podman-remote-4.9.5-150400.4.71.1
* podman-4.9.5-150400.4.71.1
* podman-remote-debuginfo-4.9.5-150400.4.71.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* podman-docker-4.9.5-150400.4.71.1

SUSE-SU-2026:2596-1: important: Security update for podman

# Security update for podman

Announcement ID: SUSE-SU-2026:2596-1
Release Date: 2026-06-23T15:38:26Z
Rating: important
References:

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Server 15 SP3

An update that can now be installed.

## Description:

This update for podman rebuilds it against the current go security release.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-2596=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2026-2596=1

## Package List:

* openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64)
* podman-4.9.5-150300.9.75.1
* podman-remote-4.9.5-150300.9.75.1
* podman-debuginfo-4.9.5-150300.9.75.1
* podmansh-4.9.5-150300.9.75.1
* podman-remote-debuginfo-4.9.5-150300.9.75.1
* openSUSE Leap 15.3 (noarch)
* podman-docker-4.9.5-150300.9.75.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* podman-debuginfo-4.9.5-150300.9.75.1
* podman-4.9.5-150300.9.75.1

SUSE-SU-2026:2598-1: important: Security update for openssl-3

# Security update for openssl-3

Announcement ID: SUSE-SU-2026:2598-1
Release Date: 2026-06-23T15:39:55Z
Rating: important
References:

* bsc#1266340
* bsc#1266341
* bsc#1266342
* bsc#1266349
* bsc#1266353
* bsc#1266355
* bsc#1266356
* bsc#1266357

Cross-References:

* CVE-2026-34180
* CVE-2026-42766
* CVE-2026-42770
* CVE-2026-45445
* CVE-2026-45446
* CVE-2026-45447
* CVE-2026-7383
* CVE-2026-9076

CVSS scores:

* CVE-2026-34180 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-34180 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-34180 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42766 ( SUSE ): 6.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42766 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-42766 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42770 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42770 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N
* CVE-2026-42770 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-45445 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-45445 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-45445 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-45446 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-45446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-45446 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-45447 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45447 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45447 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-7383 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-7383 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-7383 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-9076 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-9076 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-9076 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for openssl-3 fixes the following issues

* CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String
Conversion (bsc#1266340).
* CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption
(bsc#1266341).
* CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing
(bsc#1266342).
* CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption
(bsc#1266349).
* CVE-2026-42770: FFC-DH Peer Validation Uses Attacker-Supplied q
(bsc#1266353).
* CVE-2026-45445: AES-OCB IV Ignored on EVP_Cipher() Path (bsc#1266355).
* CVE-2026-45446: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV
and AES-SIV modes (bsc#1266356).
* CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify() (bsc#1266357).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2598=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2598=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2598=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2598=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2598=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2598=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2598=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2598=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2598=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* openssl-3-debugsource-3.0.8-150400.4.87.1
* openssl-3-debuginfo-3.0.8-150400.4.87.1
* libopenssl3-3.0.8-150400.4.87.1
* openssl-3-3.0.8-150400.4.87.1
* libopenssl-3-devel-3.0.8-150400.4.87.1
* libopenssl3-debuginfo-3.0.8-150400.4.87.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* openssl-3-debugsource-3.0.8-150400.4.87.1
* openssl-3-debuginfo-3.0.8-150400.4.87.1
* libopenssl3-3.0.8-150400.4.87.1
* openssl-3-3.0.8-150400.4.87.1
* libopenssl-3-devel-3.0.8-150400.4.87.1
* libopenssl3-debuginfo-3.0.8-150400.4.87.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* openssl-3-debugsource-3.0.8-150400.4.87.1
* openssl-3-debuginfo-3.0.8-150400.4.87.1
* libopenssl3-3.0.8-150400.4.87.1
* openssl-3-3.0.8-150400.4.87.1
* libopenssl-3-devel-3.0.8-150400.4.87.1
* libopenssl3-debuginfo-3.0.8-150400.4.87.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.87.1
* openssl-3-debuginfo-3.0.8-150400.4.87.1
* libopenssl3-3.0.8-150400.4.87.1
* openssl-3-3.0.8-150400.4.87.1
* libopenssl-3-devel-3.0.8-150400.4.87.1
* libopenssl3-debuginfo-3.0.8-150400.4.87.1
* openSUSE Leap 15.4 (x86_64)
* libopenssl3-32bit-3.0.8-150400.4.87.1
* libopenssl-3-devel-32bit-3.0.8-150400.4.87.1
* libopenssl3-32bit-debuginfo-3.0.8-150400.4.87.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libopenssl3-64bit-debuginfo-3.0.8-150400.4.87.1
* libopenssl3-64bit-3.0.8-150400.4.87.1
* libopenssl-3-devel-64bit-3.0.8-150400.4.87.1
* openSUSE Leap 15.4 (noarch)
* openssl-3-doc-3.0.8-150400.4.87.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libopenssl3-3.0.8-150400.4.87.1
* openssl-3-debugsource-3.0.8-150400.4.87.1
* libopenssl3-debuginfo-3.0.8-150400.4.87.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libopenssl3-3.0.8-150400.4.87.1
* openssl-3-debugsource-3.0.8-150400.4.87.1
* libopenssl3-debuginfo-3.0.8-150400.4.87.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libopenssl3-3.0.8-150400.4.87.1
* openssl-3-debugsource-3.0.8-150400.4.87.1
* libopenssl3-debuginfo-3.0.8-150400.4.87.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libopenssl3-3.0.8-150400.4.87.1
* openssl-3-debugsource-3.0.8-150400.4.87.1
* libopenssl3-debuginfo-3.0.8-150400.4.87.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.87.1
* openssl-3-debuginfo-3.0.8-150400.4.87.1
* libopenssl3-3.0.8-150400.4.87.1
* openssl-3-3.0.8-150400.4.87.1
* libopenssl-3-devel-3.0.8-150400.4.87.1
* libopenssl3-debuginfo-3.0.8-150400.4.87.1

## References:

* https://www.suse.com/security/cve/CVE-2026-34180.html
* https://www.suse.com/security/cve/CVE-2026-42766.html
* https://www.suse.com/security/cve/CVE-2026-42770.html
* https://www.suse.com/security/cve/CVE-2026-45445.html
* https://www.suse.com/security/cve/CVE-2026-45446.html
* https://www.suse.com/security/cve/CVE-2026-45447.html
* https://www.suse.com/security/cve/CVE-2026-7383.html
* https://www.suse.com/security/cve/CVE-2026-9076.html
* https://bugzilla.suse.com/show_bug.cgi?id=1266340
* https://bugzilla.suse.com/show_bug.cgi?id=1266341
* https://bugzilla.suse.com/show_bug.cgi?id=1266342
* https://bugzilla.suse.com/show_bug.cgi?id=1266349
* https://bugzilla.suse.com/show_bug.cgi?id=1266353
* https://bugzilla.suse.com/show_bug.cgi?id=1266355
* https://bugzilla.suse.com/show_bug.cgi?id=1266356
* https://bugzilla.suse.com/show_bug.cgi?id=1266357

SUSE-SU-2026:2599-1: important: Security update for libarchive

# Security update for libarchive

Announcement ID: SUSE-SU-2026:2599-1
Release Date: 2026-06-23T15:41:10Z
Rating: important
References:

* bsc#1253088
* bsc#1259635
* bsc#1259928
* bsc#1259931
* bsc#1261186

Cross-References:

* CVE-2025-60753
* CVE-2026-4111
* CVE-2026-4424
* CVE-2026-4426
* CVE-2026-5121

CVSS scores:

* CVE-2025-60753 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-60753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-60753 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-4111 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-4111 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4111 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4424 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-4424 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-4424 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-4426 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-4426 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-4426 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-5121 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-5121 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
* CVE-2026-5121 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-5121 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves five vulnerabilities can now be installed.

## Description:

This update for libarchive fixes the following issues

* CVE-2025-60753: bsdtar hangs and OOMs with zero-length pattern matches
(bsc#1253088).
* CVE-2026-4111: logical deadlock the RAR5 filter subsystem and the half-
window output limiter leads to infinite loop and DoS (bsc#1259635).
* CVE-2026-4424: information disclosure via heap out-of-bounds read in RAR
archive processing (bsc#1259928).
* CVE-2026-4426: undefined behavior due to unvalidated operand in shift
expression of the zisofs decompression code (bsc#1259931).
* CVE-2026-5121: arbitrary code execution via integer overflow in ISO9660
image processing (bsc#1261186).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2599=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2599=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2599=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2599=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2599=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2599=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2599=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2599=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2599=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2599=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2599=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2599=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-2599=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2599=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* bsdtar-debuginfo-3.5.1-150400.3.24.1
* bsdtar-3.5.1-150400.3.24.1
* libarchive13-3.5.1-150400.3.24.1
* libarchive-debugsource-3.5.1-150400.3.24.1
* libarchive-devel-3.5.1-150400.3.24.1
* libarchive13-debuginfo-3.5.1-150400.3.24.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* bsdtar-debuginfo-3.5.1-150400.3.24.1
* bsdtar-3.5.1-150400.3.24.1
* libarchive13-3.5.1-150400.3.24.1
* libarchive-debugsource-3.5.1-150400.3.24.1
* libarchive-devel-3.5.1-150400.3.24.1
* libarchive13-debuginfo-3.5.1-150400.3.24.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* bsdtar-debuginfo-3.5.1-150400.3.24.1
* bsdtar-3.5.1-150400.3.24.1
* libarchive13-3.5.1-150400.3.24.1
* libarchive-debugsource-3.5.1-150400.3.24.1
* libarchive-devel-3.5.1-150400.3.24.1
* libarchive13-debuginfo-3.5.1-150400.3.24.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* bsdtar-debuginfo-3.5.1-150400.3.24.1
* bsdtar-3.5.1-150400.3.24.1
* libarchive13-3.5.1-150400.3.24.1
* libarchive-debugsource-3.5.1-150400.3.24.1
* libarchive-devel-3.5.1-150400.3.24.1
* libarchive13-debuginfo-3.5.1-150400.3.24.1
* openSUSE Leap 15.4 (x86_64)
* libarchive13-32bit-debuginfo-3.5.1-150400.3.24.1
* libarchive13-32bit-3.5.1-150400.3.24.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libarchive13-64bit-3.5.1-150400.3.24.1
* libarchive13-64bit-debuginfo-3.5.1-150400.3.24.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libarchive-debugsource-3.5.1-150400.3.24.1
* libarchive13-3.5.1-150400.3.24.1
* libarchive13-debuginfo-3.5.1-150400.3.24.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libarchive-debugsource-3.5.1-150400.3.24.1
* libarchive13-3.5.1-150400.3.24.1
* libarchive13-debuginfo-3.5.1-150400.3.24.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* bsdtar-debuginfo-3.5.1-150400.3.24.1
* bsdtar-3.5.1-150400.3.24.1
* libarchive13-3.5.1-150400.3.24.1
* libarchive-debugsource-3.5.1-150400.3.24.1
* libarchive-devel-3.5.1-150400.3.24.1
* libarchive13-debuginfo-3.5.1-150400.3.24.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* bsdtar-debuginfo-3.5.1-150400.3.24.1
* bsdtar-3.5.1-150400.3.24.1
* libarchive13-3.5.1-150400.3.24.1
* libarchive-debugsource-3.5.1-150400.3.24.1
* libarchive-devel-3.5.1-150400.3.24.1
* libarchive13-debuginfo-3.5.1-150400.3.24.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* bsdtar-debuginfo-3.5.1-150400.3.24.1
* bsdtar-3.5.1-150400.3.24.1
* libarchive13-3.5.1-150400.3.24.1
* libarchive-debugsource-3.5.1-150400.3.24.1
* libarchive-devel-3.5.1-150400.3.24.1
* libarchive13-debuginfo-3.5.1-150400.3.24.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libarchive-debugsource-3.5.1-150400.3.24.1
* libarchive13-3.5.1-150400.3.24.1
* libarchive13-debuginfo-3.5.1-150400.3.24.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libarchive-debugsource-3.5.1-150400.3.24.1
* libarchive13-3.5.1-150400.3.24.1
* libarchive13-debuginfo-3.5.1-150400.3.24.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libarchive-debugsource-3.5.1-150400.3.24.1
* libarchive13-3.5.1-150400.3.24.1
* libarchive13-debuginfo-3.5.1-150400.3.24.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* bsdtar-debuginfo-3.5.1-150400.3.24.1
* bsdtar-3.5.1-150400.3.24.1
* libarchive13-3.5.1-150400.3.24.1
* libarchive-debugsource-3.5.1-150400.3.24.1
* libarchive-devel-3.5.1-150400.3.24.1
* libarchive13-debuginfo-3.5.1-150400.3.24.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* bsdtar-debuginfo-3.5.1-150400.3.24.1
* bsdtar-3.5.1-150400.3.24.1
* libarchive13-3.5.1-150400.3.24.1
* libarchive-debugsource-3.5.1-150400.3.24.1
* libarchive-devel-3.5.1-150400.3.24.1
* libarchive13-debuginfo-3.5.1-150400.3.24.1

## References:

* https://www.suse.com/security/cve/CVE-2025-60753.html
* https://www.suse.com/security/cve/CVE-2026-4111.html
* https://www.suse.com/security/cve/CVE-2026-4424.html
* https://www.suse.com/security/cve/CVE-2026-4426.html
* https://www.suse.com/security/cve/CVE-2026-5121.html
* https://bugzilla.suse.com/show_bug.cgi?id=1253088
* https://bugzilla.suse.com/show_bug.cgi?id=1259635
* https://bugzilla.suse.com/show_bug.cgi?id=1259928
* https://bugzilla.suse.com/show_bug.cgi?id=1259931
* https://bugzilla.suse.com/show_bug.cgi?id=1261186

SUSE-SU-2026:2571-1: important: Security update for the Linux Kernel (Live Patch 39 for SUSE Linux Enterprise 15 SP5)

# Security update for the Linux Kernel (Live Patch 39 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:2571-1
Release Date: 2026-06-23T15:35:23Z
Rating: important
References:

* bsc#1261640
* bsc#1263088
* bsc#1263902
* bsc#1266229
* bsc#1268282

Cross-References:

* CVE-2026-31402
* CVE-2026-31504
* CVE-2026-31694
* CVE-2026-43503
* CVE-2026-46323

CVSS scores:

* CVE-2026-31402 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-31402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31504 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43503 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.163 fixes
various security issues

The following security issues were fixed:

* CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
(bsc#1261640).
* CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race
(bsc#1263088).
* CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
* CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
* CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-2593=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2026-2572=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2026-2586=1 SUSE-SLE-Module-Live-Patching-15-SP5-2026-2573=1
SUSE-SLE-Module-Live-Patching-15-SP5-2026-2574=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2026-2576=1 SUSE-SLE-Module-Live-Patching-15-SP5-2026-2577=1
SUSE-SLE-Module-Live-Patching-15-SP5-2026-2587=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2593=1 SUSE-2026-2572=1 SUSE-2026-2586=1
SUSE-2026-2573=1 SUSE-2026-2574=1 SUSE-2026-2576=1 SUSE-2026-2577=1
SUSE-2026-2587=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2571=1 SUSE-2026-2570=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2571=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2026-2570=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_194-default-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_200-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_194-default-debuginfo-7-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_48-debugsource-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_200-default-debuginfo-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_50-debugsource-5-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_194-default-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_200-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_194-default-debuginfo-7-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_48-debugsource-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_200-default-debuginfo-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_50-debugsource-5-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_127-default-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_127-default-debuginfo-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-9-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_37-debugsource-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_136-default-8-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_35-debugsource-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_136-default-debuginfo-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_130-default-debuginfo-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_163-default-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_144-default-debuginfo-5-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_39-debugsource-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_36-debugsource-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_121-default-14-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_30-debugsource-14-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_32-debugsource-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_141-default-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_130-default-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_163-default-debuginfo-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_144-default-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_141-default-debuginfo-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_133-default-9-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_34-debugsource-9-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_33-debugsource-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_121-default-debuginfo-14-150500.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_127-default-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_127-default-debuginfo-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-9-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_37-debugsource-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_136-default-8-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_35-debugsource-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_136-default-debuginfo-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_130-default-debuginfo-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_163-default-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_144-default-debuginfo-5-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_39-debugsource-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_36-debugsource-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_121-default-14-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_30-debugsource-14-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_32-debugsource-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_141-default-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_130-default-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_163-default-debuginfo-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_144-default-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_141-default-debuginfo-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_133-default-9-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_34-debugsource-9-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_33-debugsource-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_121-default-debuginfo-14-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-31402.html
* https://www.suse.com/security/cve/CVE-2026-31504.html
* https://www.suse.com/security/cve/CVE-2026-31694.html
* https://www.suse.com/security/cve/CVE-2026-43503.html
* https://www.suse.com/security/cve/CVE-2026-46323.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261640
* https://bugzilla.suse.com/show_bug.cgi?id=1263088
* https://bugzilla.suse.com/show_bug.cgi?id=1263902
* https://bugzilla.suse.com/show_bug.cgi?id=1266229
* https://bugzilla.suse.com/show_bug.cgi?id=1268282

SUSE-SU-2026:2588-1: important: Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6)

# Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:2588-1
Release Date: 2026-06-23T13:38:27Z
Rating: important
References:

* bsc#1260907
* bsc#1261640
* bsc#1263088
* bsc#1263902
* bsc#1266229
* bsc#1267625
* bsc#1268282

Cross-References:

* CVE-2026-23278
* CVE-2026-31402
* CVE-2026-31504
* CVE-2026-31694
* CVE-2026-43503
* CVE-2026-46323

CVSS scores:

* CVE-2026-23278 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31402 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-31402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31504 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43503 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves six vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.81 fixes
various security issues

The following security issues were fixed:

* CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall
elements (bsc#1260907).
* CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
(bsc#1261640).
* CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race
(bsc#1263088).
* CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
* CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
* CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
* net/sched: fix pedit partial COW leading to page cache (bsc#1267625).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-2589=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2026-2588=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2588=1 SUSE-2026-2589=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_81-default-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_73-default-10-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_16-debugsource-10-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_18-debugsource-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-10-150600.2.1
* kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-8-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_81-default-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_73-default-10-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_16-debugsource-10-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_18-debugsource-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-10-150600.2.1
* kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-8-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-23278.html
* https://www.suse.com/security/cve/CVE-2026-31402.html
* https://www.suse.com/security/cve/CVE-2026-31504.html
* https://www.suse.com/security/cve/CVE-2026-31694.html
* https://www.suse.com/security/cve/CVE-2026-43503.html
* https://www.suse.com/security/cve/CVE-2026-46323.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260907
* https://bugzilla.suse.com/show_bug.cgi?id=1261640
* https://bugzilla.suse.com/show_bug.cgi?id=1263088
* https://bugzilla.suse.com/show_bug.cgi?id=1263902
* https://bugzilla.suse.com/show_bug.cgi?id=1266229
* https://bugzilla.suse.com/show_bug.cgi?id=1267625
* https://bugzilla.suse.com/show_bug.cgi?id=1268282

Libarchive update for Slackware Linux

Bvncserver, Libnfs, and Libcap2 updates for Ubuntu

Kernel Live Patches, OpenSSL and ImageMagick updates for SUSE

SUSE-SU-2026:2496-1: important: Security update for the Linux Kernel (Live Patch 52 for SUSE Linux Enterprise 15 SP4)

SUSE-SU-2026:2520-1: important: Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise 15 SP7)

SUSE-SU-2026:2511-1: important: Security update for the Linux Kernel (Live Patch 53 for SUSE Linux Enterprise 15 SP4)

openSUSE-SU-2026:0212-1: important: Security update for hamlib

SUSE-SU-2026:2523-1: important: Security update for libinput

SUSE-SU-2026:2530-1: important: Security update for libinput

SUSE-SU-2026:2529-1: important: Security update for libinput

SUSE-SU-2026:2553-1: important: Security update for the Linux Kernel (Live Patch 26 for SUSE Linux Enterprise 15 SP6)

SUSE-SU-2026:2532-1: important: Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP7)

SUSE-SU-2026:2567-1: important: Security update for the Linux Kernel (Live Patch 31 for SUSE Linux Enterprise 15 SP5)

SUSE-SU-2026:2559-1: important: Security update for the Linux Kernel (Live Patch 25 for SUSE Linux Enterprise 15 SP6)

openSUSE-SU-2026:20965-1: important: Security update for the Linux Kernel

openSUSE-SU-2026:20966-1: moderate: Security update for editorconfig-core-c

openSUSE-SU-2026:20967-1: low: Security update for opensc

openSUSE-SU-2026:11079-1: moderate: ghc-crypton-asn1-parse-0.10.0-1.1 on GA media

openSUSE-SU-2026:11078-1: moderate: ghc-crypton-asn1-encoding-0.10.0-1.1 on GA media

openSUSE-SU-2026:11075-1: moderate: docker-stable-24.0.9_ce-18.1 on GA media

openSUSE-SU-2026:11077-1: moderate: ghc-aws-0.25.2-1.1 on GA media

openSUSE-SU-2026:11081-1: moderate: ghc-crypton-pem-0.3.0-1.1 on GA media

openSUSE-SU-2026:11074-1: moderate: containerized-data-importer1.65-api-1.65.0-1.1 on GA media

openSUSE-SU-2026:11073-1: moderate: bitcoin-qt6-31.0-2.1 on GA media

openSUSE-SU-2026:11080-1: moderate: ghc-crypton-asn1-types-0.4.1-1.1 on GA media

openSUSE-SU-2026:11076-1: moderate: dracut-110+suse.35.g9834432-1.1 on GA media

SUSE-SU-2026:2575-1: important: Security update for libsolv, libzypp, zypper

SUSE-SU-2026:2580-1: important: Security update for ImageMagick

SUSE-SU-2026:2584-1: moderate: Security update for exiv2

SUSE-SU-2026:2590-1: important: Security update for libsolv, libzypp, zypper

SUSE-SU-2026:2595-1: important: Security update for rekor

SUSE-SU-2026:2597-1: important: Security update for podman

SUSE-SU-2026:2596-1: important: Security update for podman

SUSE-SU-2026:2598-1: important: Security update for openssl-3

SUSE-SU-2026:2599-1: important: Security update for libarchive

SUSE-SU-2026:2571-1: important: Security update for the Linux Kernel (Live Patch 39 for SUSE Linux Enterprise 15 SP5)

SUSE-SU-2026:2588-1: important: Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6)

Windows

Linux

macOS

Community