Kernel, OpenSSL, Python, Libcap-Devel, GraphicsMagick updates for SUSE

SUSE 5618 Published by

SUSE released multiple important security advisories for their Linux operating system. Most of these updates focus on the Linux Kernel and are delivered as Live Patches for Service Packs ranging from version four to six. Users must also apply separate critical fixes targeting OpenSSL, Python versions, and GraphicsMagick to maintain system integrity. A few moderate severity notices are listed specifically for openSUSE distribution media regarding specific packages like biopython and libcap development files.

SUSE-SU-2026:1261-1: important: Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:1258-1: important: Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2026:1259-1: important: Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:1263-1: important: Security update for the Linux Kernel (Live Patch 25 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2026:1265-1: important: Security update for the Linux Kernel (Live Patch 46 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2026:1266-1: important: Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:1268-1: important: Security update for the Linux Kernel (Live Patch 38 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2026:1270-1: important: Security update for the Linux Kernel (Live Patch 33 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2026:1269-1: important: Security update for the Linux Kernel (Live Patch 37 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2026:1271-1: important: Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:1280-1: important: Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2026:1272-1: important: Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:1274-1: important: Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:1283-1: important: Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:1281-1: important: Security update for the Linux Kernel (Live Patch 42 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2026:1290-1: important: Security update for openssl-1_1
SUSE-SU-2026:1292-1: important: Security update for python312
SUSE-SU-2026:1291-1: important: Security update for openssl-1_0_0
SUSE-SU-2026:1296-1: important: Security update for python39
openSUSE-SU-2026:10537-1: moderate: python311-biopython-1.87-1.1 on GA media
openSUSE-SU-2026:10536-1: moderate: libcap-devel-2.78-1.1 on GA media
SUSE-SU-2026:1300-1: important: Security update for GraphicsMagick




SUSE-SU-2026:1261-1: important: Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise 15 SP6)


# Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:1261-1
Release Date: 2026-04-10T19:34:47Z
Rating: important
References:

* bsc#1253404
* bsc#1256780
* bsc#1257238
* bsc#1258051
* bsc#1258183
* bsc#1258784

Cross-References:

* CVE-2025-40159
* CVE-2025-71120
* CVE-2026-22999
* CVE-2026-23074
* CVE-2026-23111
* CVE-2026-23209

CVSS scores:

* CVE-2025-40159 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71120 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22999 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23074 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Live Patching 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.78 fixes
various security issues

The following security issues were fixed:

* CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation
(bsc#1253404).
* CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length
gss_token in gss_read_proxy_verf (bsc#1256780).
* CVE-2026-22999: net/sched: sch_qfq: do not free existing class in
qfq_change_class() (bsc#1257238).
* CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc
(bsc#1258051).
* CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in
nft_map_catchall_activate() (bsc#1258183).
* CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink()
(bsc#1258784).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1261=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1260=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1260=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150700_53_22-default-debuginfo-3-150700.2.1
* kernel-livepatch-SLE15-SP7_Update_6-debugsource-3-150700.2.1
* kernel-livepatch-6_4_0-150700_53_22-default-3-150700.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_78-default-3-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_17-debugsource-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-3-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_78-default-3-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_17-debugsource-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-3-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-40159.html
* https://www.suse.com/security/cve/CVE-2025-71120.html
* https://www.suse.com/security/cve/CVE-2026-22999.html
* https://www.suse.com/security/cve/CVE-2026-23074.html
* https://www.suse.com/security/cve/CVE-2026-23111.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://bugzilla.suse.com/show_bug.cgi?id=1253404
* https://bugzilla.suse.com/show_bug.cgi?id=1256780
* https://bugzilla.suse.com/show_bug.cgi?id=1257238
* https://bugzilla.suse.com/show_bug.cgi?id=1258051
* https://bugzilla.suse.com/show_bug.cgi?id=1258183
* https://bugzilla.suse.com/show_bug.cgi?id=1258784



SUSE-SU-2026:1258-1: important: Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise 15 SP5)


# Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:1258-1
Release Date: 2026-04-10T17:35:09Z
Rating: important
References:

* bsc#1258051
* bsc#1258784

Cross-References:

* CVE-2026-23074
* CVE-2026-23209

CVSS scores:

* CVE-2026-23074 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.136 fixes
various security issues

The following security issues were fixed:

* CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc
(bsc#1258051).
* CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink()
(bsc#1258784).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1258=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1258=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_136-default-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_35-debugsource-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_136-default-debuginfo-3-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_136-default-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_35-debugsource-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_136-default-debuginfo-3-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-23074.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258051
* https://bugzilla.suse.com/show_bug.cgi?id=1258784



SUSE-SU-2026:1259-1: important: Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP6)


# Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:1259-1
Release Date: 2026-04-10T17:35:16Z
Rating: important
References:

* bsc#1252036
* bsc#1252689
* bsc#1253404
* bsc#1256780
* bsc#1257238
* bsc#1258051
* bsc#1258183
* bsc#1258784

Cross-References:

* CVE-2025-39973
* CVE-2025-40018
* CVE-2025-40159
* CVE-2025-71120
* CVE-2026-22999
* CVE-2026-23074
* CVE-2026-23111
* CVE-2026-23209

CVSS scores:

* CVE-2025-39973 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40018 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40159 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71120 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22999 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23074 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.42 fixes
various security issues

The following security issues were fixed:

* CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
* CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup
(bsc#1252689).
* CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation
(bsc#1253404).
* CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length
gss_token in gss_read_proxy_verf (bsc#1256780).
* CVE-2026-22999: net/sched: sch_qfq: do not free existing class in
qfq_change_class() (bsc#1257238).
* CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc
(bsc#1258051).
* CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in
nft_map_catchall_activate() (bsc#1258183).
* CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink()
(bsc#1258784).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1259=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1259=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_9-debugsource-16-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-16-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-16-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_9-debugsource-16-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-16-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-16-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-39973.html
* https://www.suse.com/security/cve/CVE-2025-40018.html
* https://www.suse.com/security/cve/CVE-2025-40159.html
* https://www.suse.com/security/cve/CVE-2025-71120.html
* https://www.suse.com/security/cve/CVE-2026-22999.html
* https://www.suse.com/security/cve/CVE-2026-23074.html
* https://www.suse.com/security/cve/CVE-2026-23111.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252036
* https://bugzilla.suse.com/show_bug.cgi?id=1252689
* https://bugzilla.suse.com/show_bug.cgi?id=1253404
* https://bugzilla.suse.com/show_bug.cgi?id=1256780
* https://bugzilla.suse.com/show_bug.cgi?id=1257238
* https://bugzilla.suse.com/show_bug.cgi?id=1258051
* https://bugzilla.suse.com/show_bug.cgi?id=1258183
* https://bugzilla.suse.com/show_bug.cgi?id=1258784



SUSE-SU-2026:1263-1: important: Security update for the Linux Kernel (Live Patch 25 for SUSE Linux Enterprise 15 SP5)


# Security update for the Linux Kernel (Live Patch 25 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:1263-1
Release Date: 2026-04-11T03:36:25Z
Rating: important
References:

* bsc#1252036
* bsc#1252689
* bsc#1256780
* bsc#1257238
* bsc#1258051
* bsc#1258784

Cross-References:

* CVE-2025-39973
* CVE-2025-40018
* CVE-2025-71120
* CVE-2026-22999
* CVE-2026-23074
* CVE-2026-23209

CVSS scores:

* CVE-2025-39973 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40018 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71120 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22999 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23074 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.100 fixes
various security issues

The following security issues were fixed:

* CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
* CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup
(bsc#1252689).
* CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length
gss_token in gss_read_proxy_verf (bsc#1256780).
* CVE-2026-22999: net/sched: sch_qfq: do not free existing class in
qfq_change_class() (bsc#1257238).
* CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc
(bsc#1258051).
* CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink()
(bsc#1258784).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1263=1 SUSE-2026-1264=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1263=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2026-1264=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-16-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-16-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-16-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_25-debugsource-16-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-16-150500.2.1
* kernel-livepatch-5_14_21-150500_55_100-default-16-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-16-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-16-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-16-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_25-debugsource-16-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-16-150500.2.1
* kernel-livepatch-5_14_21-150500_55_100-default-16-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-39973.html
* https://www.suse.com/security/cve/CVE-2025-40018.html
* https://www.suse.com/security/cve/CVE-2025-71120.html
* https://www.suse.com/security/cve/CVE-2026-22999.html
* https://www.suse.com/security/cve/CVE-2026-23074.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252036
* https://bugzilla.suse.com/show_bug.cgi?id=1252689
* https://bugzilla.suse.com/show_bug.cgi?id=1256780
* https://bugzilla.suse.com/show_bug.cgi?id=1257238
* https://bugzilla.suse.com/show_bug.cgi?id=1258051
* https://bugzilla.suse.com/show_bug.cgi?id=1258784



SUSE-SU-2026:1265-1: important: Security update for the Linux Kernel (Live Patch 46 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 46 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:1265-1
Release Date: 2026-04-11T04:34:33Z
Rating: important
References:

* bsc#1256780
* bsc#1257238
* bsc#1258051
* bsc#1258784

Cross-References:

* CVE-2025-71120
* CVE-2026-22999
* CVE-2026-23074
* CVE-2026-23209

CVSS scores:

* CVE-2025-71120 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22999 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23074 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.184 fixes
various security issues

The following security issues were fixed:

* CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length
gss_token in gss_read_proxy_verf (bsc#1256780).
* CVE-2026-22999: net/sched: sch_qfq: do not free existing class in
qfq_change_class() (bsc#1257238).
* CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc
(bsc#1258051).
* CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink()
(bsc#1258784).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1265=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1265=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_184-default-debuginfo-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_46-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_184-default-4-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_184-default-debuginfo-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_46-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_184-default-4-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-71120.html
* https://www.suse.com/security/cve/CVE-2026-22999.html
* https://www.suse.com/security/cve/CVE-2026-23074.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256780
* https://bugzilla.suse.com/show_bug.cgi?id=1257238
* https://bugzilla.suse.com/show_bug.cgi?id=1258051
* https://bugzilla.suse.com/show_bug.cgi?id=1258784



SUSE-SU-2026:1266-1: important: Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise 15 SP6)


# Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:1266-1
Release Date: 2026-04-11T11:04:41Z
Rating: important
References:

* bsc#1258051
* bsc#1258183
* bsc#1258784
* bsc#1259896
* bsc#1259962

Cross-References:

* CVE-2026-23074
* CVE-2026-23111
* CVE-2026-23209

CVSS scores:

* CVE-2026-23074 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities and has two security fixes can now
be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.87 fixes
various security issues

The following security issues were fixed:

* CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc
(bsc#1258051).
* CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in
nft_map_catchall_activate() (bsc#1258183).
* CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink()
(bsc#1258784).

The following non security issue was fixed:

* Fix NULL pointer dereference in smb2_query_server_interfaces Livepatch for
to restore a null check of server->ops->query_server_interfaces that was
dropped by mistake. (bsc#1259896 bsc#1259962).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1266=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1266=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_87-default-2-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_20-debugsource-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-2-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_87-default-2-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_20-debugsource-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-2-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-23074.html
* https://www.suse.com/security/cve/CVE-2026-23111.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258051
* https://bugzilla.suse.com/show_bug.cgi?id=1258183
* https://bugzilla.suse.com/show_bug.cgi?id=1258784
* https://bugzilla.suse.com/show_bug.cgi?id=1259896
* https://bugzilla.suse.com/show_bug.cgi?id=1259962



SUSE-SU-2026:1268-1: important: Security update for the Linux Kernel (Live Patch 38 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 38 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:1268-1
Release Date: 2026-04-11T14:04:52Z
Rating: important
References:

* bsc#1252036
* bsc#1252689
* bsc#1256780
* bsc#1257238
* bsc#1258051
* bsc#1258784

Cross-References:

* CVE-2025-39973
* CVE-2025-40018
* CVE-2025-71120
* CVE-2026-22999
* CVE-2026-23074
* CVE-2026-23209

CVSS scores:

* CVE-2025-39973 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40018 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71120 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22999 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23074 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.158 fixes
various security issues

The following security issues were fixed:

* CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
* CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup
(bsc#1252689).
* CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length
gss_token in gss_read_proxy_verf (bsc#1256780).
* CVE-2026-22999: net/sched: sch_qfq: do not free existing class in
qfq_change_class() (bsc#1257238).
* CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc
(bsc#1258051).
* CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink()
(bsc#1258784).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1267=1 SUSE-2026-1268=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1267=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2026-1268=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_158-default-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-16-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_39-debugsource-16-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_38-debugsource-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-16-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_158-default-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-16-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_39-debugsource-16-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_38-debugsource-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-16-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-39973.html
* https://www.suse.com/security/cve/CVE-2025-40018.html
* https://www.suse.com/security/cve/CVE-2025-71120.html
* https://www.suse.com/security/cve/CVE-2026-22999.html
* https://www.suse.com/security/cve/CVE-2026-23074.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252036
* https://bugzilla.suse.com/show_bug.cgi?id=1252689
* https://bugzilla.suse.com/show_bug.cgi?id=1256780
* https://bugzilla.suse.com/show_bug.cgi?id=1257238
* https://bugzilla.suse.com/show_bug.cgi?id=1258051
* https://bugzilla.suse.com/show_bug.cgi?id=1258784



SUSE-SU-2026:1270-1: important: Security update for the Linux Kernel (Live Patch 33 for SUSE Linux Enterprise 15 SP5)


# Security update for the Linux Kernel (Live Patch 33 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:1270-1
Release Date: 2026-04-11T16:34:14Z
Rating: important
References:

* bsc#1256780
* bsc#1257238
* bsc#1258051
* bsc#1258784

Cross-References:

* CVE-2025-71120
* CVE-2026-22999
* CVE-2026-23074
* CVE-2026-23209

CVSS scores:

* CVE-2025-71120 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22999 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23074 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.130 fixes
various security issues

The following security issues were fixed:

* CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length
gss_token in gss_read_proxy_verf (bsc#1256780).
* CVE-2026-22999: net/sched: sch_qfq: do not free existing class in
qfq_change_class() (bsc#1257238).
* CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc
(bsc#1258051).
* CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink()
(bsc#1258784).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1270=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1270=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_130-default-debuginfo-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_130-default-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_33-debugsource-4-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_130-default-debuginfo-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_130-default-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_33-debugsource-4-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-71120.html
* https://www.suse.com/security/cve/CVE-2026-22999.html
* https://www.suse.com/security/cve/CVE-2026-23074.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256780
* https://bugzilla.suse.com/show_bug.cgi?id=1257238
* https://bugzilla.suse.com/show_bug.cgi?id=1258051
* https://bugzilla.suse.com/show_bug.cgi?id=1258784



SUSE-SU-2026:1269-1: important: Security update for the Linux Kernel (Live Patch 37 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 37 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:1269-1
Release Date: 2026-04-11T16:04:45Z
Rating: important
References:

* bsc#1252036
* bsc#1252689
* bsc#1256780
* bsc#1257238
* bsc#1258051
* bsc#1258784

Cross-References:

* CVE-2025-39973
* CVE-2025-40018
* CVE-2025-71120
* CVE-2026-22999
* CVE-2026-23074
* CVE-2026-23209

CVSS scores:

* CVE-2025-39973 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40018 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71120 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22999 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23074 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.153 fixes
various security issues

The following security issues were fixed:

* CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
* CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup
(bsc#1252689).
* CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length
gss_token in gss_read_proxy_verf (bsc#1256780).
* CVE-2026-22999: net/sched: sch_qfq: do not free existing class in
qfq_change_class() (bsc#1257238).
* CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc
(bsc#1258051).
* CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink()
(bsc#1258784).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1269=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1269=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-17-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_37-debugsource-17-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-17-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-17-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_37-debugsource-17-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-17-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-39973.html
* https://www.suse.com/security/cve/CVE-2025-40018.html
* https://www.suse.com/security/cve/CVE-2025-71120.html
* https://www.suse.com/security/cve/CVE-2026-22999.html
* https://www.suse.com/security/cve/CVE-2026-23074.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252036
* https://bugzilla.suse.com/show_bug.cgi?id=1252689
* https://bugzilla.suse.com/show_bug.cgi?id=1256780
* https://bugzilla.suse.com/show_bug.cgi?id=1257238
* https://bugzilla.suse.com/show_bug.cgi?id=1258051
* https://bugzilla.suse.com/show_bug.cgi?id=1258784



SUSE-SU-2026:1271-1: important: Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6)


# Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:1271-1
Release Date: 2026-04-11T18:04:43Z
Rating: important
References:

* bsc#1252036
* bsc#1252689
* bsc#1253404
* bsc#1256780
* bsc#1257238
* bsc#1258051
* bsc#1258183
* bsc#1258784

Cross-References:

* CVE-2025-39973
* CVE-2025-40018
* CVE-2025-40159
* CVE-2025-71120
* CVE-2026-22999
* CVE-2026-23074
* CVE-2026-23111
* CVE-2026-23209

CVSS scores:

* CVE-2025-39973 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40018 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40159 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71120 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22999 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23074 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.65 fixes
various security issues

The following security issues were fixed:

* CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
* CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup
(bsc#1252689).
* CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation
(bsc#1253404).
* CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length
gss_token in gss_read_proxy_verf (bsc#1256780).
* CVE-2026-22999: net/sched: sch_qfq: do not free existing class in
qfq_change_class() (bsc#1257238).
* CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc
(bsc#1258051).
* CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in
nft_map_catchall_activate() (bsc#1258183).
* CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink()
(bsc#1258784).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1271=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1271=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_65-default-8-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_14-debugsource-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-8-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_65-default-8-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_14-debugsource-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-8-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-39973.html
* https://www.suse.com/security/cve/CVE-2025-40018.html
* https://www.suse.com/security/cve/CVE-2025-40159.html
* https://www.suse.com/security/cve/CVE-2025-71120.html
* https://www.suse.com/security/cve/CVE-2026-22999.html
* https://www.suse.com/security/cve/CVE-2026-23074.html
* https://www.suse.com/security/cve/CVE-2026-23111.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252036
* https://bugzilla.suse.com/show_bug.cgi?id=1252689
* https://bugzilla.suse.com/show_bug.cgi?id=1253404
* https://bugzilla.suse.com/show_bug.cgi?id=1256780
* https://bugzilla.suse.com/show_bug.cgi?id=1257238
* https://bugzilla.suse.com/show_bug.cgi?id=1258051
* https://bugzilla.suse.com/show_bug.cgi?id=1258183
* https://bugzilla.suse.com/show_bug.cgi?id=1258784



SUSE-SU-2026:1280-1: important: Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:1280-1
Release Date: 2026-04-12T02:04:37Z
Rating: important
References:

* bsc#1252036
* bsc#1252689
* bsc#1256780
* bsc#1257238
* bsc#1258051
* bsc#1258784

Cross-References:

* CVE-2025-39973
* CVE-2025-40018
* CVE-2025-71120
* CVE-2026-22999
* CVE-2026-23074
* CVE-2026-23209

CVSS scores:

* CVE-2025-39973 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40018 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71120 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22999 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23074 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.167 fixes
various security issues

The following security issues were fixed:

* CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
* CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup
(bsc#1252689).
* CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length
gss_token in gss_read_proxy_verf (bsc#1256780).
* CVE-2026-22999: net/sched: sch_qfq: do not free existing class in
qfq_change_class() (bsc#1257238).
* CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc
(bsc#1258051).
* CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink()
(bsc#1258784).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1280=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1280=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-15-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-15-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-15-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-15-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-39973.html
* https://www.suse.com/security/cve/CVE-2025-40018.html
* https://www.suse.com/security/cve/CVE-2025-71120.html
* https://www.suse.com/security/cve/CVE-2026-22999.html
* https://www.suse.com/security/cve/CVE-2026-23074.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252036
* https://bugzilla.suse.com/show_bug.cgi?id=1252689
* https://bugzilla.suse.com/show_bug.cgi?id=1256780
* https://bugzilla.suse.com/show_bug.cgi?id=1257238
* https://bugzilla.suse.com/show_bug.cgi?id=1258051
* https://bugzilla.suse.com/show_bug.cgi?id=1258784



SUSE-SU-2026:1272-1: important: Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6)


# Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:1272-1
Release Date: 2026-04-11T18:04:50Z
Rating: important
References:

* bsc#1256780
* bsc#1257238
* bsc#1258051
* bsc#1258183
* bsc#1258784

Cross-References:

* CVE-2025-71120
* CVE-2026-22999
* CVE-2026-23074
* CVE-2026-23111
* CVE-2026-23209

CVSS scores:

* CVE-2025-71120 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22999 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23074 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.81 fixes
various security issues

The following security issues were fixed:

* CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length
gss_token in gss_read_proxy_verf (bsc#1256780).
* CVE-2026-22999: net/sched: sch_qfq: do not free existing class in
qfq_change_class() (bsc#1257238).
* CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc
(bsc#1258051).
* CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in
nft_map_catchall_activate() (bsc#1258183).
* CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink()
(bsc#1258784).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1272=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1272=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_81-default-3-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_18-debugsource-3-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_81-default-3-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_18-debugsource-3-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-71120.html
* https://www.suse.com/security/cve/CVE-2026-22999.html
* https://www.suse.com/security/cve/CVE-2026-23074.html
* https://www.suse.com/security/cve/CVE-2026-23111.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256780
* https://bugzilla.suse.com/show_bug.cgi?id=1257238
* https://bugzilla.suse.com/show_bug.cgi?id=1258051
* https://bugzilla.suse.com/show_bug.cgi?id=1258183
* https://bugzilla.suse.com/show_bug.cgi?id=1258784



SUSE-SU-2026:1274-1: important: Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise 15 SP6)


# Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:1274-1
Release Date: 2026-04-11T20:04:33Z
Rating: important
References:

* bsc#1256780
* bsc#1257238
* bsc#1258051
* bsc#1258183
* bsc#1258784
* bsc#1259896
* bsc#1259962

Cross-References:

* CVE-2025-71120
* CVE-2026-22999
* CVE-2026-23074
* CVE-2026-23111
* CVE-2026-23209

CVSS scores:

* CVE-2025-71120 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22999 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23074 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves five vulnerabilities and has two security fixes can now be
installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.84 fixes
various security issues

The following security issues were fixed:

* CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length
gss_token in gss_read_proxy_verf (bsc#1256780).
* CVE-2026-22999: net/sched: sch_qfq: do not free existing class in
qfq_change_class() (bsc#1257238).
* CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc
(bsc#1258051).
* CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in
nft_map_catchall_activate() (bsc#1258183).
* CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink()
(bsc#1258784).

The following non security issue was fixed:

* Fix NULL pointer dereference in smb2_query_server_interfaces Livepatch for
to restore a null check of server->ops->query_server_interfaces that was
dropped by mistake. (bsc#1259896 bsc#1259962).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1274=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1274=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_84-default-3-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_19-debugsource-3-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_84-default-3-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_19-debugsource-3-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-71120.html
* https://www.suse.com/security/cve/CVE-2026-22999.html
* https://www.suse.com/security/cve/CVE-2026-23074.html
* https://www.suse.com/security/cve/CVE-2026-23111.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256780
* https://bugzilla.suse.com/show_bug.cgi?id=1257238
* https://bugzilla.suse.com/show_bug.cgi?id=1258051
* https://bugzilla.suse.com/show_bug.cgi?id=1258183
* https://bugzilla.suse.com/show_bug.cgi?id=1258784
* https://bugzilla.suse.com/show_bug.cgi?id=1259896
* https://bugzilla.suse.com/show_bug.cgi?id=1259962



SUSE-SU-2026:1283-1: important: Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise 15 SP6)


# Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:1283-1
Release Date: 2026-04-12T10:34:05Z
Rating: important
References:

* bsc#1252036
* bsc#1252689
* bsc#1253404
* bsc#1256780
* bsc#1257238
* bsc#1258051
* bsc#1258183
* bsc#1258784

Cross-References:

* CVE-2025-39973
* CVE-2025-40018
* CVE-2025-40159
* CVE-2025-71120
* CVE-2026-22999
* CVE-2026-23074
* CVE-2026-23111
* CVE-2026-23209

CVSS scores:

* CVE-2025-39973 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40018 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40159 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71120 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22999 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23074 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Live Patching 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.60 fixes
various security issues

The following security issues were fixed:

* CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
* CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup
(bsc#1252689).
* CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation
(bsc#1253404).
* CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length
gss_token in gss_read_proxy_verf (bsc#1256780).
* CVE-2026-22999: net/sched: sch_qfq: do not free existing class in
qfq_change_class() (bsc#1257238).
* CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc
(bsc#1258051).
* CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in
nft_map_catchall_activate() (bsc#1258183).
* CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink()
(bsc#1258784).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1283=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1282=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1282=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150700_51-default-13-150700.3.36.1
* kernel-livepatch-6_4_0-150700_51-default-debuginfo-13-150700.3.36.1
* kernel-livepatch-SLE15-SP7_Update_0-debugsource-13-150700.3.36.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_13-debugsource-12-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-12-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-12-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_13-debugsource-12-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-12-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-12-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-39973.html
* https://www.suse.com/security/cve/CVE-2025-40018.html
* https://www.suse.com/security/cve/CVE-2025-40159.html
* https://www.suse.com/security/cve/CVE-2025-71120.html
* https://www.suse.com/security/cve/CVE-2026-22999.html
* https://www.suse.com/security/cve/CVE-2026-23074.html
* https://www.suse.com/security/cve/CVE-2026-23111.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252036
* https://bugzilla.suse.com/show_bug.cgi?id=1252689
* https://bugzilla.suse.com/show_bug.cgi?id=1253404
* https://bugzilla.suse.com/show_bug.cgi?id=1256780
* https://bugzilla.suse.com/show_bug.cgi?id=1257238
* https://bugzilla.suse.com/show_bug.cgi?id=1258051
* https://bugzilla.suse.com/show_bug.cgi?id=1258183
* https://bugzilla.suse.com/show_bug.cgi?id=1258784



SUSE-SU-2026:1281-1: important: Security update for the Linux Kernel (Live Patch 42 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 42 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:1281-1
Release Date: 2026-04-12T08:35:33Z
Rating: important
References:

* bsc#1252036
* bsc#1252689
* bsc#1256780
* bsc#1257238
* bsc#1258051
* bsc#1258784

Cross-References:

* CVE-2025-39973
* CVE-2025-40018
* CVE-2025-71120
* CVE-2026-22999
* CVE-2026-23074
* CVE-2026-23209

CVSS scores:

* CVE-2025-39973 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40018 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71120 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22999 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23074 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.170 fixes
various security issues

The following security issues were fixed:

* CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
* CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup
(bsc#1252689).
* CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length
gss_token in gss_read_proxy_verf (bsc#1256780).
* CVE-2026-22999: net/sched: sch_qfq: do not free existing class in
qfq_change_class() (bsc#1257238).
* CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc
(bsc#1258051).
* CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink()
(bsc#1258784).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1281=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1281=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_170-default-14-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-14-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_170-default-14-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-14-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-39973.html
* https://www.suse.com/security/cve/CVE-2025-40018.html
* https://www.suse.com/security/cve/CVE-2025-71120.html
* https://www.suse.com/security/cve/CVE-2026-22999.html
* https://www.suse.com/security/cve/CVE-2026-23074.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252036
* https://bugzilla.suse.com/show_bug.cgi?id=1252689
* https://bugzilla.suse.com/show_bug.cgi?id=1256780
* https://bugzilla.suse.com/show_bug.cgi?id=1257238
* https://bugzilla.suse.com/show_bug.cgi?id=1258051
* https://bugzilla.suse.com/show_bug.cgi?id=1258784



SUSE-SU-2026:1290-1: important: Security update for openssl-1_1


# Security update for openssl-1_1

Announcement ID: SUSE-SU-2026:1290-1
Release Date: 2026-04-13T08:08:55Z
Rating: important
References:

* bsc#1260441
* bsc#1260442
* bsc#1260443
* bsc#1260444

Cross-References:

* CVE-2026-28387
* CVE-2026-28388
* CVE-2026-28389
* CVE-2026-31789

CVSS scores:

* CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves four vulnerabilities can now be installed.

## Description:

This update for openssl-1_1 fixes the following issues:

* CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
* CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL
(bsc#1260442).
* CVE-2026-28389: Possible NULL dereference when processing CMS
KeyAgreeRecipientInfo (bsc#1260443).
* CVE-2026-31789: Heap buffer overflow in hexadecimal conversion
(bsc#1260444).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1290=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-1290=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1290=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1290=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1290=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1290=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1
* openssl-1_1-debugsource-1.1.1l-150500.17.51.1
* libopenssl1_1-1.1.1l-150500.17.51.1
* openssl-1_1-1.1.1l-150500.17.51.1
* libopenssl-1_1-devel-1.1.1l-150500.17.51.1
* libopenssl1_1-hmac-1.1.1l-150500.17.51.1
* openssl-1_1-debuginfo-1.1.1l-150500.17.51.1
* openSUSE Leap 15.5 (x86_64)
* libopenssl1_1-32bit-1.1.1l-150500.17.51.1
* libopenssl-1_1-devel-32bit-1.1.1l-150500.17.51.1
* libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.51.1
* libopenssl1_1-hmac-32bit-1.1.1l-150500.17.51.1
* openSUSE Leap 15.5 (noarch)
* openssl-1_1-doc-1.1.1l-150500.17.51.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* libopenssl1_1-64bit-1.1.1l-150500.17.51.1
* libopenssl1_1-64bit-debuginfo-1.1.1l-150500.17.51.1
* libopenssl1_1-hmac-64bit-1.1.1l-150500.17.51.1
* libopenssl-1_1-devel-64bit-1.1.1l-150500.17.51.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1
* openssl-1_1-debugsource-1.1.1l-150500.17.51.1
* libopenssl1_1-1.1.1l-150500.17.51.1
* openssl-1_1-1.1.1l-150500.17.51.1
* libopenssl-1_1-devel-1.1.1l-150500.17.51.1
* libopenssl1_1-hmac-1.1.1l-150500.17.51.1
* openssl-1_1-debuginfo-1.1.1l-150500.17.51.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1
* openssl-1_1-debugsource-1.1.1l-150500.17.51.1
* libopenssl1_1-1.1.1l-150500.17.51.1
* openssl-1_1-1.1.1l-150500.17.51.1
* libopenssl-1_1-devel-1.1.1l-150500.17.51.1
* libopenssl1_1-hmac-1.1.1l-150500.17.51.1
* openssl-1_1-debuginfo-1.1.1l-150500.17.51.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64)
* libopenssl1_1-32bit-1.1.1l-150500.17.51.1
* libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.51.1
* libopenssl1_1-hmac-32bit-1.1.1l-150500.17.51.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1
* openssl-1_1-debugsource-1.1.1l-150500.17.51.1
* libopenssl1_1-1.1.1l-150500.17.51.1
* openssl-1_1-1.1.1l-150500.17.51.1
* libopenssl-1_1-devel-1.1.1l-150500.17.51.1
* libopenssl1_1-hmac-1.1.1l-150500.17.51.1
* openssl-1_1-debuginfo-1.1.1l-150500.17.51.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64)
* libopenssl1_1-32bit-1.1.1l-150500.17.51.1
* libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.51.1
* libopenssl1_1-hmac-32bit-1.1.1l-150500.17.51.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1
* openssl-1_1-debugsource-1.1.1l-150500.17.51.1
* libopenssl1_1-1.1.1l-150500.17.51.1
* openssl-1_1-1.1.1l-150500.17.51.1
* libopenssl-1_1-devel-1.1.1l-150500.17.51.1
* libopenssl1_1-hmac-1.1.1l-150500.17.51.1
* openssl-1_1-debuginfo-1.1.1l-150500.17.51.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
* libopenssl1_1-32bit-1.1.1l-150500.17.51.1
* libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.51.1
* libopenssl1_1-hmac-32bit-1.1.1l-150500.17.51.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1
* openssl-1_1-debugsource-1.1.1l-150500.17.51.1
* libopenssl1_1-1.1.1l-150500.17.51.1
* openssl-1_1-1.1.1l-150500.17.51.1
* libopenssl-1_1-devel-1.1.1l-150500.17.51.1
* libopenssl1_1-hmac-1.1.1l-150500.17.51.1
* openssl-1_1-debuginfo-1.1.1l-150500.17.51.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* libopenssl1_1-32bit-1.1.1l-150500.17.51.1
* libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.51.1
* libopenssl1_1-hmac-32bit-1.1.1l-150500.17.51.1

## References:

* https://www.suse.com/security/cve/CVE-2026-28387.html
* https://www.suse.com/security/cve/CVE-2026-28388.html
* https://www.suse.com/security/cve/CVE-2026-28389.html
* https://www.suse.com/security/cve/CVE-2026-31789.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260441
* https://bugzilla.suse.com/show_bug.cgi?id=1260442
* https://bugzilla.suse.com/show_bug.cgi?id=1260443
* https://bugzilla.suse.com/show_bug.cgi?id=1260444



SUSE-SU-2026:1292-1: important: Security update for python312


# Security update for python312

Announcement ID: SUSE-SU-2026:1292-1
Release Date: 2026-04-13T08:10:53Z
Rating: important
References:

* bsc#1259611
* bsc#1259734
* bsc#1259735
* bsc#1259989
* bsc#1260026

Cross-References:

* CVE-2025-13462
* CVE-2026-3479
* CVE-2026-3644
* CVE-2026-4224
* CVE-2026-4519

CVSS scores:

* CVE-2025-13462 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-13462 ( NVD ): 2.0
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-3479 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-3479 ( NVD ): 0.0
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-3644 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-3644 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-4224 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4224 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-4519 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N
* CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N
* CVE-2026-4519 ( NVD ): 7.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves five vulnerabilities can now be installed.

## Description:

This update for python312 fixes the following issues:

* CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type
AREGTYPE are combined can lead to misinterpretation of tar archives
(bsc#1259611).
* CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()`
can lead to path traversal (bsc#1259989).
* CVE-2026-3644: incomplete control character validation in http.cookies can
lead to input validation bypass (bsc#1259734).
* CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to
C stack overflow (bsc#1259735).
* CVE-2026-4519: failure to sanitize leading dashes in URLs in the
`webbrowser.open()` API can lead to web browser command line option
injection (bsc#1260026).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1292=1 openSUSE-SLE-15.6-2026-1292=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1292=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1292=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* python312-core-debugsource-3.12.13-150600.3.53.1
* python312-tk-debuginfo-3.12.13-150600.3.53.1
* python312-curses-debuginfo-3.12.13-150600.3.53.1
* python312-tools-3.12.13-150600.3.53.1
* libpython3_12-1_0-debuginfo-3.12.13-150600.3.53.1
* python312-base-3.12.13-150600.3.53.1
* python312-devel-3.12.13-150600.3.53.1
* python312-dbm-debuginfo-3.12.13-150600.3.53.1
* python312-base-debuginfo-3.12.13-150600.3.53.1
* python312-debugsource-3.12.13-150600.3.53.1
* python312-3.12.13-150600.3.53.1
* python312-debuginfo-3.12.13-150600.3.53.1
* python312-dbm-3.12.13-150600.3.53.1
* python312-doc-3.12.13-150600.3.53.1
* python312-testsuite-3.12.13-150600.3.53.1
* python312-testsuite-debuginfo-3.12.13-150600.3.53.1
* python312-idle-3.12.13-150600.3.53.1
* python312-tk-3.12.13-150600.3.53.1
* python312-doc-devhelp-3.12.13-150600.3.53.1
* python312-curses-3.12.13-150600.3.53.1
* libpython3_12-1_0-3.12.13-150600.3.53.1
* openSUSE Leap 15.6 (x86_64)
* python312-32bit-debuginfo-3.12.13-150600.3.53.1
* libpython3_12-1_0-32bit-debuginfo-3.12.13-150600.3.53.1
* python312-32bit-3.12.13-150600.3.53.1
* python312-base-32bit-debuginfo-3.12.13-150600.3.53.1
* libpython3_12-1_0-32bit-3.12.13-150600.3.53.1
* python312-base-32bit-3.12.13-150600.3.53.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libpython3_12-1_0-64bit-3.12.13-150600.3.53.1
* python312-base-64bit-3.12.13-150600.3.53.1
* python312-base-64bit-debuginfo-3.12.13-150600.3.53.1
* python312-64bit-debuginfo-3.12.13-150600.3.53.1
* python312-64bit-3.12.13-150600.3.53.1
* libpython3_12-1_0-64bit-debuginfo-3.12.13-150600.3.53.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* python312-base-debuginfo-3.12.13-150600.3.53.1
* python312-dbm-debuginfo-3.12.13-150600.3.53.1
* python312-curses-debuginfo-3.12.13-150600.3.53.1
* python312-tools-3.12.13-150600.3.53.1
* python312-idle-3.12.13-150600.3.53.1
* libpython3_12-1_0-debuginfo-3.12.13-150600.3.53.1
* python312-base-3.12.13-150600.3.53.1
* python312-core-debugsource-3.12.13-150600.3.53.1
* python312-tk-3.12.13-150600.3.53.1
* python312-debugsource-3.12.13-150600.3.53.1
* python312-tk-debuginfo-3.12.13-150600.3.53.1
* python312-3.12.13-150600.3.53.1
* python312-dbm-3.12.13-150600.3.53.1
* python312-debuginfo-3.12.13-150600.3.53.1
* python312-devel-3.12.13-150600.3.53.1
* python312-curses-3.12.13-150600.3.53.1
* libpython3_12-1_0-3.12.13-150600.3.53.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* python312-base-debuginfo-3.12.13-150600.3.53.1
* python312-dbm-debuginfo-3.12.13-150600.3.53.1
* python312-curses-debuginfo-3.12.13-150600.3.53.1
* python312-tools-3.12.13-150600.3.53.1
* python312-idle-3.12.13-150600.3.53.1
* libpython3_12-1_0-debuginfo-3.12.13-150600.3.53.1
* python312-base-3.12.13-150600.3.53.1
* python312-core-debugsource-3.12.13-150600.3.53.1
* python312-tk-3.12.13-150600.3.53.1
* python312-debugsource-3.12.13-150600.3.53.1
* python312-tk-debuginfo-3.12.13-150600.3.53.1
* python312-3.12.13-150600.3.53.1
* python312-dbm-3.12.13-150600.3.53.1
* python312-debuginfo-3.12.13-150600.3.53.1
* python312-devel-3.12.13-150600.3.53.1
* python312-curses-3.12.13-150600.3.53.1
* libpython3_12-1_0-3.12.13-150600.3.53.1

## References:

* https://www.suse.com/security/cve/CVE-2025-13462.html
* https://www.suse.com/security/cve/CVE-2026-3479.html
* https://www.suse.com/security/cve/CVE-2026-3644.html
* https://www.suse.com/security/cve/CVE-2026-4224.html
* https://www.suse.com/security/cve/CVE-2026-4519.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259611
* https://bugzilla.suse.com/show_bug.cgi?id=1259734
* https://bugzilla.suse.com/show_bug.cgi?id=1259735
* https://bugzilla.suse.com/show_bug.cgi?id=1259989
* https://bugzilla.suse.com/show_bug.cgi?id=1260026



SUSE-SU-2026:1291-1: important: Security update for openssl-1_0_0


# Security update for openssl-1_0_0

Announcement ID: SUSE-SU-2026:1291-1
Release Date: 2026-04-13T08:10:19Z
Rating: important
References:

* bsc#1260441
* bsc#1260442
* bsc#1260443
* bsc#1260444
* bsc#1260445

Cross-References:

* CVE-2026-28387
* CVE-2026-28388
* CVE-2026-28389
* CVE-2026-31789
* CVE-2026-31790

CVSS scores:

* CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* Legacy Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves five vulnerabilities can now be installed.

## Description:

This update for openssl-1_0_0 fixes the following issues:

* CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
* CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL
(bsc#1260442).
* CVE-2026-28389: Possible NULL dereference when processing CMS
KeyAgreeRecipientInfo (bsc#1260443).
* CVE-2026-31789: Heap buffer overflow in hexadecimal conversion
(bsc#1260444).
* CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation
(bsc#1260445).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Legacy Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2026-1291=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1291=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1291=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1291=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1291=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1291=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1291=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1291=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1291=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1291=1

## Package List:

* Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libopenssl1_0_0-1.0.2p-150000.3.105.1
* libopenssl10-debuginfo-1.0.2p-150000.3.105.1
* libopenssl10-1.0.2p-150000.3.105.1
* libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1
* openssl-1_0_0-1.0.2p-150000.3.105.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libopenssl1_0_0-1.0.2p-150000.3.105.1
* libopenssl10-debuginfo-1.0.2p-150000.3.105.1
* libopenssl10-1.0.2p-150000.3.105.1
* libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1
* openssl-1_0_0-1.0.2p-150000.3.105.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libopenssl1_0_0-1.0.2p-150000.3.105.1
* libopenssl10-debuginfo-1.0.2p-150000.3.105.1
* libopenssl10-1.0.2p-150000.3.105.1
* libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1
* openssl-1_0_0-1.0.2p-150000.3.105.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libopenssl1_0_0-1.0.2p-150000.3.105.1
* libopenssl10-debuginfo-1.0.2p-150000.3.105.1
* libopenssl10-1.0.2p-150000.3.105.1
* libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1
* openssl-1_0_0-1.0.2p-150000.3.105.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libopenssl1_0_0-1.0.2p-150000.3.105.1
* libopenssl10-debuginfo-1.0.2p-150000.3.105.1
* libopenssl10-1.0.2p-150000.3.105.1
* libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1
* openssl-1_0_0-1.0.2p-150000.3.105.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libopenssl1_0_0-1.0.2p-150000.3.105.1
* libopenssl10-debuginfo-1.0.2p-150000.3.105.1
* libopenssl10-1.0.2p-150000.3.105.1
* libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1
* openssl-1_0_0-1.0.2p-150000.3.105.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libopenssl1_0_0-1.0.2p-150000.3.105.1
* libopenssl10-debuginfo-1.0.2p-150000.3.105.1
* libopenssl10-1.0.2p-150000.3.105.1
* libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1
* openssl-1_0_0-1.0.2p-150000.3.105.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libopenssl1_0_0-1.0.2p-150000.3.105.1
* libopenssl10-debuginfo-1.0.2p-150000.3.105.1
* libopenssl10-1.0.2p-150000.3.105.1
* libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1
* openssl-1_0_0-1.0.2p-150000.3.105.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libopenssl1_0_0-1.0.2p-150000.3.105.1
* libopenssl10-debuginfo-1.0.2p-150000.3.105.1
* libopenssl10-1.0.2p-150000.3.105.1
* libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1
* openssl-1_0_0-1.0.2p-150000.3.105.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* libopenssl1_0_0-steam-1.0.2p-150000.3.105.1
* openssl-1_0_0-cavs-1.0.2p-150000.3.105.1
* libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.105.1
* libopenssl1_0_0-1.0.2p-150000.3.105.1
* openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.105.1
* libopenssl10-debuginfo-1.0.2p-150000.3.105.1
* libopenssl10-1.0.2p-150000.3.105.1
* libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1
* openssl-1_0_0-1.0.2p-150000.3.105.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1
* openSUSE Leap 15.6 (x86_64)
* libopenssl1_0_0-32bit-1.0.2p-150000.3.105.1
* libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.105.1
* libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.105.1
* libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.105.1
* libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.105.1
* libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.105.1
* openSUSE Leap 15.6 (noarch)
* openssl-1_0_0-doc-1.0.2p-150000.3.105.1

## References:

* https://www.suse.com/security/cve/CVE-2026-28387.html
* https://www.suse.com/security/cve/CVE-2026-28388.html
* https://www.suse.com/security/cve/CVE-2026-28389.html
* https://www.suse.com/security/cve/CVE-2026-31789.html
* https://www.suse.com/security/cve/CVE-2026-31790.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260441
* https://bugzilla.suse.com/show_bug.cgi?id=1260442
* https://bugzilla.suse.com/show_bug.cgi?id=1260443
* https://bugzilla.suse.com/show_bug.cgi?id=1260444
* https://bugzilla.suse.com/show_bug.cgi?id=1260445



SUSE-SU-2026:1296-1: important: Security update for python39


# Security update for python39

Announcement ID: SUSE-SU-2026:1296-1
Release Date: 2026-04-13T12:32:58Z
Rating: important
References:

* bsc#1259611
* bsc#1259734
* bsc#1259735
* bsc#1260026

Cross-References:

* CVE-2025-13462
* CVE-2026-3644
* CVE-2026-4224
* CVE-2026-4519

CVSS scores:

* CVE-2025-13462 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-13462 ( NVD ): 2.0
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-3644 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-3644 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-4224 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4224 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-4519 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N
* CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N
* CVE-2026-4519 ( NVD ): 7.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.3
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves four vulnerabilities can now be installed.

## Description:

This update for python39 fixes the following issues:

* CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type
AREGTYPE are combined can lead to misinterpretation of tar archives
(bsc#1259611).
* CVE-2026-3644: incomplete control character validation in http.cookies can
lead to input validation bypass (bsc#1259734).
* CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to
C stack overflow (bsc#1259735).
* CVE-2026-4519: failure to sanitize leading dashes in URLs in the
`webbrowser.open()` API can lead to web browser command line option
injection (bsc#1260026).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1296=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1296=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-1296=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1296=1

## Package List:

* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* python39-curses-3.9.25-150300.4.99.1
* python39-base-3.9.25-150300.4.99.1
* python39-3.9.25-150300.4.99.1
* python39-dbm-3.9.25-150300.4.99.1
* libpython3_9-1_0-3.9.25-150300.4.99.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* python39-curses-3.9.25-150300.4.99.1
* python39-base-3.9.25-150300.4.99.1
* python39-3.9.25-150300.4.99.1
* python39-dbm-3.9.25-150300.4.99.1
* libpython3_9-1_0-3.9.25-150300.4.99.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* python39-dbm-debuginfo-3.9.25-150300.4.99.1
* python39-doc-devhelp-3.9.25-150300.4.99.1
* python39-base-debuginfo-3.9.25-150300.4.99.1
* python39-debuginfo-3.9.25-150300.4.99.1
* libpython3_9-1_0-3.9.25-150300.4.99.1
* python39-tk-3.9.25-150300.4.99.1
* python39-curses-debuginfo-3.9.25-150300.4.99.1
* python39-base-3.9.25-150300.4.99.1
* python39-testsuite-debuginfo-3.9.25-150300.4.99.1
* python39-doc-3.9.25-150300.4.99.1
* libpython3_9-1_0-debuginfo-3.9.25-150300.4.99.1
* python39-core-debugsource-3.9.25-150300.4.99.1
* python39-curses-3.9.25-150300.4.99.1
* python39-dbm-3.9.25-150300.4.99.1
* python39-tk-debuginfo-3.9.25-150300.4.99.1
* python39-3.9.25-150300.4.99.1
* python39-tools-3.9.25-150300.4.99.1
* python39-debugsource-3.9.25-150300.4.99.1
* python39-idle-3.9.25-150300.4.99.1
* python39-testsuite-3.9.25-150300.4.99.1
* python39-devel-3.9.25-150300.4.99.1
* openSUSE Leap 15.3 (x86_64)
* python39-32bit-3.9.25-150300.4.99.1
* libpython3_9-1_0-32bit-debuginfo-3.9.25-150300.4.99.1
* python39-32bit-debuginfo-3.9.25-150300.4.99.1
* python39-base-32bit-debuginfo-3.9.25-150300.4.99.1
* libpython3_9-1_0-32bit-3.9.25-150300.4.99.1
* python39-base-32bit-3.9.25-150300.4.99.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* python39-base-64bit-3.9.25-150300.4.99.1
* python39-64bit-3.9.25-150300.4.99.1
* python39-64bit-debuginfo-3.9.25-150300.4.99.1
* libpython3_9-1_0-64bit-3.9.25-150300.4.99.1
* python39-base-64bit-debuginfo-3.9.25-150300.4.99.1
* libpython3_9-1_0-64bit-debuginfo-3.9.25-150300.4.99.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python39-dbm-debuginfo-3.9.25-150300.4.99.1
* python39-doc-devhelp-3.9.25-150300.4.99.1
* python39-base-debuginfo-3.9.25-150300.4.99.1
* python39-debuginfo-3.9.25-150300.4.99.1
* libpython3_9-1_0-3.9.25-150300.4.99.1
* python39-tk-3.9.25-150300.4.99.1
* python39-curses-debuginfo-3.9.25-150300.4.99.1
* python39-base-3.9.25-150300.4.99.1
* python39-testsuite-debuginfo-3.9.25-150300.4.99.1
* python39-doc-3.9.25-150300.4.99.1
* libpython3_9-1_0-debuginfo-3.9.25-150300.4.99.1
* python39-core-debugsource-3.9.25-150300.4.99.1
* python39-curses-3.9.25-150300.4.99.1
* python39-dbm-3.9.25-150300.4.99.1
* python39-tk-debuginfo-3.9.25-150300.4.99.1
* python39-3.9.25-150300.4.99.1
* python39-tools-3.9.25-150300.4.99.1
* python39-debugsource-3.9.25-150300.4.99.1
* python39-idle-3.9.25-150300.4.99.1
* python39-testsuite-3.9.25-150300.4.99.1
* python39-devel-3.9.25-150300.4.99.1
* openSUSE Leap 15.6 (x86_64)
* python39-32bit-3.9.25-150300.4.99.1
* libpython3_9-1_0-32bit-debuginfo-3.9.25-150300.4.99.1
* python39-32bit-debuginfo-3.9.25-150300.4.99.1
* python39-base-32bit-debuginfo-3.9.25-150300.4.99.1
* libpython3_9-1_0-32bit-3.9.25-150300.4.99.1
* python39-base-32bit-3.9.25-150300.4.99.1

## References:

* https://www.suse.com/security/cve/CVE-2025-13462.html
* https://www.suse.com/security/cve/CVE-2026-3644.html
* https://www.suse.com/security/cve/CVE-2026-4224.html
* https://www.suse.com/security/cve/CVE-2026-4519.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259611
* https://bugzilla.suse.com/show_bug.cgi?id=1259734
* https://bugzilla.suse.com/show_bug.cgi?id=1259735
* https://bugzilla.suse.com/show_bug.cgi?id=1260026



openSUSE-SU-2026:10537-1: moderate: python311-biopython-1.87-1.1 on GA media


# python311-biopython-1.87-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10537-1
Rating: moderate

Cross-References:

* CVE-2025-68463

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-biopython-1.87-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-biopython 1.87-1.1
* python313-biopython 1.87-1.1
* python314-biopython 1.87-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-68463.html



openSUSE-SU-2026:10536-1: moderate: libcap-devel-2.78-1.1 on GA media


# libcap-devel-2.78-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10536-1
Rating: moderate

Cross-References:

* CVE-2026-4878

CVSS scores:

* CVE-2026-4878 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4878 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libcap-devel-2.78-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libcap-devel 2.78-1.1
* libcap-progs 2.78-1.1
* libcap2 2.78-1.1
* libcap2-32bit 2.78-1.1
* libpsx2 2.78-1.1
* libpsx2-32bit 2.78-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-4878.html



SUSE-SU-2026:1300-1: important: Security update for GraphicsMagick


# Security update for GraphicsMagick

Announcement ID: SUSE-SU-2026:1300-1
Release Date: 2026-04-13T15:58:01Z
Rating: important
References:

* bsc#1258765
* bsc#1259456

Cross-References:

* CVE-2026-26284
* CVE-2026-28690

CVSS scores:

* CVE-2026-26284 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-26284 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-26284 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-26284 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-28690 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-28690 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-28690 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
* CVE-2026-28690 ( NVD ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves two vulnerabilities can now be installed.

## Description:

This update for GraphicsMagick fixes the following issues:

* CVE-2026-26284: heap overflow in pcd decoder leads to out of bounds read
(bsc#1258765).
* CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack
buffer overflow (bsc#1259456).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1300=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1300=1

## Package List:

* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* GraphicsMagick-devel-1.3.42-150600.3.18.1
* libGraphicsMagick++-devel-1.3.42-150600.3.18.1
* libGraphicsMagick-Q16-3-debuginfo-1.3.42-150600.3.18.1
* libGraphicsMagick++-Q16-12-1.3.42-150600.3.18.1
* GraphicsMagick-debuginfo-1.3.42-150600.3.18.1
* libGraphicsMagickWand-Q16-2-debuginfo-1.3.42-150600.3.18.1
* perl-GraphicsMagick-debuginfo-1.3.42-150600.3.18.1
* libGraphicsMagick3-config-1.3.42-150600.3.18.1
* GraphicsMagick-1.3.42-150600.3.18.1
* perl-GraphicsMagick-1.3.42-150600.3.18.1
* GraphicsMagick-debugsource-1.3.42-150600.3.18.1
* libGraphicsMagickWand-Q16-2-1.3.42-150600.3.18.1
* libGraphicsMagick++-Q16-12-debuginfo-1.3.42-150600.3.18.1
* libGraphicsMagick-Q16-3-1.3.42-150600.3.18.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* GraphicsMagick-devel-1.3.42-150600.3.18.1
* libGraphicsMagick++-devel-1.3.42-150600.3.18.1
* libGraphicsMagick-Q16-3-debuginfo-1.3.42-150600.3.18.1
* libGraphicsMagick++-Q16-12-1.3.42-150600.3.18.1
* GraphicsMagick-debuginfo-1.3.42-150600.3.18.1
* libGraphicsMagickWand-Q16-2-debuginfo-1.3.42-150600.3.18.1
* perl-GraphicsMagick-debuginfo-1.3.42-150600.3.18.1
* libGraphicsMagick3-config-1.3.42-150600.3.18.1
* GraphicsMagick-1.3.42-150600.3.18.1
* perl-GraphicsMagick-1.3.42-150600.3.18.1
* GraphicsMagick-debugsource-1.3.42-150600.3.18.1
* libGraphicsMagickWand-Q16-2-1.3.42-150600.3.18.1
* libGraphicsMagick++-Q16-12-debuginfo-1.3.42-150600.3.18.1
* libGraphicsMagick-Q16-3-1.3.42-150600.3.18.1

## References:

* https://www.suse.com/security/cve/CVE-2026-26284.html
* https://www.suse.com/security/cve/CVE-2026-28690.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258765
* https://bugzilla.suse.com/show_bug.cgi?id=1259456


Libarchive update for Slackware

RetroArch, Vim, Kernel, and more updates for Ubuntu

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...