Kernel, OpenSSL, TigerVNC, and more updates for SUSE Linux

SUSE 5615 Published by

New security advisories have been released for both SUSE Linux Enterprise and openSUSE systems to address various vulnerabilities. Critical kernel live patches are available for multiple service pack levels including the latest updates for SP4 through SP6. Administrators must apply important fixes to specific packages like openssl, tigervnc, and various Python Django versions found on general media immediately. Moderate severity warnings also exist for openSUSE software releases that need attention too.

SUSE-SU-2026:1237-1: important: Security update for the Linux Kernel (Live Patch 47 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2026:1239-1: important: Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:1254-1: important: Security update for the Linux Kernel (Live Patch 32 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2026:1257-1: important: Security update for openssl-1_1
SUSE-SU-2026:1252-1: important: Security update for tigervnc
SUSE-SU-2026:1248-1: important: Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise 15 SP5)
openSUSE-SU-2026:10514-1: moderate: go1.25-1.25.9-1.1 on GA media
openSUSE-SU-2026:10517-1: moderate: python313-Django6-6.0.4-1.1 on GA media
openSUSE-SU-2026:10513-1: moderate: fontforge-20251009-6.1 on GA media
openSUSE-SU-2026:10516-1: moderate: python311-Django4-4.2.30-1.1 on GA media
openSUSE-SU-2026:10511-1: moderate: MozillaFirefox-149.0.2-1.1 on GA media
openSUSE-SU-2026:10510-1: moderate: sudo-1.9.17p2-2.1 on GA media
SUSE-SU-2026:1242-1: important: Security update for the Linux Kernel (Live Patch 45 for SUSE Linux Enterprise 15 SP4)




SUSE-SU-2026:1237-1: important: Security update for the Linux Kernel (Live Patch 47 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 47 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:1237-1
Release Date: 2026-04-09T17:05:00Z
Rating: important
References:

* bsc#1256780
* bsc#1257238
* bsc#1258051
* bsc#1258784

Cross-References:

* CVE-2025-71120
* CVE-2026-22999
* CVE-2026-23074
* CVE-2026-23209

CVSS scores:

* CVE-2025-71120 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22999 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23074 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.187 fixes
various security issues

The following security issues were fixed:

* CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length
gss_token in gss_read_proxy_verf (bsc#1256780).
* CVE-2026-22999: net/sched: sch_qfq: do not free existing class in
qfq_change_class() (bsc#1257238).
* CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc
(bsc#1258051).
* CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink()
(bsc#1258784).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1237=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1237=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_187-default-debuginfo-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_187-default-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_47-debugsource-4-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_187-default-debuginfo-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_187-default-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_47-debugsource-4-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-71120.html
* https://www.suse.com/security/cve/CVE-2026-22999.html
* https://www.suse.com/security/cve/CVE-2026-23074.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256780
* https://bugzilla.suse.com/show_bug.cgi?id=1257238
* https://bugzilla.suse.com/show_bug.cgi?id=1258051
* https://bugzilla.suse.com/show_bug.cgi?id=1258784



SUSE-SU-2026:1239-1: important: Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP6)


# Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:1239-1
Release Date: 2026-04-09T19:04:34Z
Rating: important
References:

* bsc#1252036
* bsc#1252689
* bsc#1253404
* bsc#1256780
* bsc#1257238
* bsc#1258051
* bsc#1258183
* bsc#1258784

Cross-References:

* CVE-2025-39973
* CVE-2025-40018
* CVE-2025-40159
* CVE-2025-71120
* CVE-2026-22999
* CVE-2026-23074
* CVE-2026-23111
* CVE-2026-23209

CVSS scores:

* CVE-2025-39973 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40018 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40159 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71120 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22999 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23074 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.47 fixes
various security issues

The following security issues were fixed:

* CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
* CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup
(bsc#1252689).
* CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation
(bsc#1253404).
* CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length
gss_token in gss_read_proxy_verf (bsc#1256780).
* CVE-2026-22999: net/sched: sch_qfq: do not free existing class in
qfq_change_class() (bsc#1257238).
* CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc
(bsc#1258051).
* CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in
nft_map_catchall_activate() (bsc#1258183).
* CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink()
(bsc#1258784).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1239=1 SUSE-2026-1238=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1239=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2026-1238=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-14-150600.2.1
* kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-15-150600.2.1
* kernel-livepatch-6_4_0-150600_23_50-default-14-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_10-debugsource-15-150600.2.1
* kernel-livepatch-6_4_0-150600_23_47-default-15-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_11-debugsource-14-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-14-150600.2.1
* kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-15-150600.2.1
* kernel-livepatch-6_4_0-150600_23_50-default-14-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_10-debugsource-15-150600.2.1
* kernel-livepatch-6_4_0-150600_23_47-default-15-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_11-debugsource-14-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-39973.html
* https://www.suse.com/security/cve/CVE-2025-40018.html
* https://www.suse.com/security/cve/CVE-2025-40159.html
* https://www.suse.com/security/cve/CVE-2025-71120.html
* https://www.suse.com/security/cve/CVE-2026-22999.html
* https://www.suse.com/security/cve/CVE-2026-23074.html
* https://www.suse.com/security/cve/CVE-2026-23111.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252036
* https://bugzilla.suse.com/show_bug.cgi?id=1252689
* https://bugzilla.suse.com/show_bug.cgi?id=1253404
* https://bugzilla.suse.com/show_bug.cgi?id=1256780
* https://bugzilla.suse.com/show_bug.cgi?id=1257238
* https://bugzilla.suse.com/show_bug.cgi?id=1258051
* https://bugzilla.suse.com/show_bug.cgi?id=1258183
* https://bugzilla.suse.com/show_bug.cgi?id=1258784



SUSE-SU-2026:1254-1: important: Security update for the Linux Kernel (Live Patch 32 for SUSE Linux Enterprise 15 SP5)


# Security update for the Linux Kernel (Live Patch 32 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:1254-1
Release Date: 2026-04-10T14:04:42Z
Rating: important
References:

* bsc#1256780
* bsc#1257238
* bsc#1258051
* bsc#1258784

Cross-References:

* CVE-2025-71120
* CVE-2026-22999
* CVE-2026-23074
* CVE-2026-23209

CVSS scores:

* CVE-2025-71120 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22999 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23074 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.127 fixes
various security issues

The following security issues were fixed:

* CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length
gss_token in gss_read_proxy_verf (bsc#1256780).
* CVE-2026-22999: net/sched: sch_qfq: do not free existing class in
qfq_change_class() (bsc#1257238).
* CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc
(bsc#1258051).
* CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink()
(bsc#1258784).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1254=1 SUSE-2026-1253=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1254=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2026-1253=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_34-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_127-default-debuginfo-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_133-default-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_127-default-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_32-debugsource-4-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_34-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_127-default-debuginfo-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_133-default-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_127-default-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_32-debugsource-4-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-71120.html
* https://www.suse.com/security/cve/CVE-2026-22999.html
* https://www.suse.com/security/cve/CVE-2026-23074.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256780
* https://bugzilla.suse.com/show_bug.cgi?id=1257238
* https://bugzilla.suse.com/show_bug.cgi?id=1258051
* https://bugzilla.suse.com/show_bug.cgi?id=1258784



SUSE-SU-2026:1257-1: important: Security update for openssl-1_1


# Security update for openssl-1_1

Announcement ID: SUSE-SU-2026:1257-1
Release Date: 2026-04-10T15:06:44Z
Rating: important
References:

* bsc#1260441
* bsc#1260442
* bsc#1260443
* bsc#1260444
* bsc#1260445

Cross-References:

* CVE-2026-28387
* CVE-2026-28388
* CVE-2026-28389
* CVE-2026-31789
* CVE-2026-31790

CVSS scores:

* CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves five vulnerabilities can now be installed.

## Description:

This update for openssl-1_1 fixes the following issues:

* CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
* CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL
(bsc#1260442).
* CVE-2026-28389: Possible NULL dereference when processing CMS
KeyAgreeRecipientInfo (bsc#1260443).
* CVE-2026-31789: Heap buffer overflow in hexadecimal conversion
(bsc#1260444).
* CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation
(bsc#1260445).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1257=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1257=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1257=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1257=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1257=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1257=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1257=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1257=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1257=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* openssl-1_1-debugsource-1.1.1l-150400.7.90.1
* libopenssl1_1-1.1.1l-150400.7.90.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1
* libopenssl-1_1-devel-1.1.1l-150400.7.90.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.90.1
* openssl-1_1-1.1.1l-150400.7.90.1
* libopenssl1_1-hmac-1.1.1l-150400.7.90.1
* openSUSE Leap 15.4 (x86_64)
* libopenssl1_1-hmac-32bit-1.1.1l-150400.7.90.1
* libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.90.1
* libopenssl-1_1-devel-32bit-1.1.1l-150400.7.90.1
* libopenssl1_1-32bit-1.1.1l-150400.7.90.1
* openSUSE Leap 15.4 (noarch)
* openssl-1_1-doc-1.1.1l-150400.7.90.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libopenssl1_1-64bit-1.1.1l-150400.7.90.1
* libopenssl-1_1-devel-64bit-1.1.1l-150400.7.90.1
* libopenssl1_1-hmac-64bit-1.1.1l-150400.7.90.1
* libopenssl1_1-64bit-debuginfo-1.1.1l-150400.7.90.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.90.1
* libopenssl1_1-1.1.1l-150400.7.90.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1
* libopenssl-1_1-devel-1.1.1l-150400.7.90.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.90.1
* openssl-1_1-1.1.1l-150400.7.90.1
* libopenssl1_1-hmac-1.1.1l-150400.7.90.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.90.1
* libopenssl1_1-1.1.1l-150400.7.90.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1
* libopenssl-1_1-devel-1.1.1l-150400.7.90.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.90.1
* openssl-1_1-1.1.1l-150400.7.90.1
* libopenssl1_1-hmac-1.1.1l-150400.7.90.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.90.1
* libopenssl1_1-1.1.1l-150400.7.90.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1
* libopenssl-1_1-devel-1.1.1l-150400.7.90.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.90.1
* openssl-1_1-1.1.1l-150400.7.90.1
* libopenssl1_1-hmac-1.1.1l-150400.7.90.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.90.1
* libopenssl1_1-1.1.1l-150400.7.90.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1
* libopenssl-1_1-devel-1.1.1l-150400.7.90.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.90.1
* openssl-1_1-1.1.1l-150400.7.90.1
* libopenssl1_1-hmac-1.1.1l-150400.7.90.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.90.1
* libopenssl1_1-1.1.1l-150400.7.90.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1
* libopenssl-1_1-devel-1.1.1l-150400.7.90.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.90.1
* openssl-1_1-1.1.1l-150400.7.90.1
* libopenssl1_1-hmac-1.1.1l-150400.7.90.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* libopenssl1_1-hmac-32bit-1.1.1l-150400.7.90.1
* libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.90.1
* libopenssl-1_1-devel-32bit-1.1.1l-150400.7.90.1
* libopenssl1_1-32bit-1.1.1l-150400.7.90.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.90.1
* libopenssl1_1-1.1.1l-150400.7.90.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1
* libopenssl-1_1-devel-1.1.1l-150400.7.90.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.90.1
* openssl-1_1-1.1.1l-150400.7.90.1
* libopenssl1_1-hmac-1.1.1l-150400.7.90.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* libopenssl1_1-hmac-32bit-1.1.1l-150400.7.90.1
* libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.90.1
* libopenssl-1_1-devel-32bit-1.1.1l-150400.7.90.1
* libopenssl1_1-32bit-1.1.1l-150400.7.90.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.90.1
* libopenssl1_1-1.1.1l-150400.7.90.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1
* libopenssl-1_1-devel-1.1.1l-150400.7.90.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.90.1
* openssl-1_1-1.1.1l-150400.7.90.1
* libopenssl1_1-hmac-1.1.1l-150400.7.90.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
* libopenssl1_1-hmac-32bit-1.1.1l-150400.7.90.1
* libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.90.1
* libopenssl-1_1-devel-32bit-1.1.1l-150400.7.90.1
* libopenssl1_1-32bit-1.1.1l-150400.7.90.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.90.1
* libopenssl1_1-1.1.1l-150400.7.90.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1
* libopenssl-1_1-devel-1.1.1l-150400.7.90.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.90.1
* openssl-1_1-1.1.1l-150400.7.90.1
* libopenssl1_1-hmac-1.1.1l-150400.7.90.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* libopenssl1_1-hmac-32bit-1.1.1l-150400.7.90.1
* libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.90.1
* libopenssl-1_1-devel-32bit-1.1.1l-150400.7.90.1
* libopenssl1_1-32bit-1.1.1l-150400.7.90.1

## References:

* https://www.suse.com/security/cve/CVE-2026-28387.html
* https://www.suse.com/security/cve/CVE-2026-28388.html
* https://www.suse.com/security/cve/CVE-2026-28389.html
* https://www.suse.com/security/cve/CVE-2026-31789.html
* https://www.suse.com/security/cve/CVE-2026-31790.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260441
* https://bugzilla.suse.com/show_bug.cgi?id=1260442
* https://bugzilla.suse.com/show_bug.cgi?id=1260443
* https://bugzilla.suse.com/show_bug.cgi?id=1260444
* https://bugzilla.suse.com/show_bug.cgi?id=1260445



SUSE-SU-2026:1252-1: important: Security update for tigervnc


# Security update for tigervnc

Announcement ID: SUSE-SU-2026:1252-1
Release Date: 2026-04-10T11:37:03Z
Rating: important
References:

* bsc#1260871

Cross-References:

* CVE-2026-34352

CVSS scores:

* CVE-2026-34352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
* CVE-2026-34352 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-34352 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for tigervnc fixes the following issues:

* CVE-2026-34352: Fixed permissions to prevent other users from observing the
screen, or modifying what is sent to the client. (bsc#1260871)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1252=1 openSUSE-SLE-15.6-2026-1252=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1252=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1252=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libXvnc1-debuginfo-1.13.1-150600.4.3.1
* tigervnc-debugsource-1.13.1-150600.4.3.1
* libXvnc1-1.13.1-150600.4.3.1
* xorg-x11-Xvnc-1.13.1-150600.4.3.1
* libXvnc-devel-1.13.1-150600.4.3.1
* xorg-x11-Xvnc-debuginfo-1.13.1-150600.4.3.1
* tigervnc-1.13.1-150600.4.3.1
* tigervnc-debuginfo-1.13.1-150600.4.3.1
* openSUSE Leap 15.6 (noarch)
* tigervnc-x11vnc-1.13.1-150600.4.3.1
* xorg-x11-Xvnc-novnc-1.13.1-150600.4.3.1
* xorg-x11-Xvnc-java-1.13.1-150600.4.3.1
* openSUSE Leap 15.6 (aarch64 ppc64le x86_64 i586)
* xorg-x11-Xvnc-module-1.13.1-150600.4.3.1
* xorg-x11-Xvnc-module-debuginfo-1.13.1-150600.4.3.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libXvnc1-debuginfo-1.13.1-150600.4.3.1
* tigervnc-debugsource-1.13.1-150600.4.3.1
* libXvnc1-1.13.1-150600.4.3.1
* xorg-x11-Xvnc-1.13.1-150600.4.3.1
* libXvnc-devel-1.13.1-150600.4.3.1
* xorg-x11-Xvnc-debuginfo-1.13.1-150600.4.3.1
* tigervnc-1.13.1-150600.4.3.1
* tigervnc-debuginfo-1.13.1-150600.4.3.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le x86_64)
* xorg-x11-Xvnc-module-1.13.1-150600.4.3.1
* xorg-x11-Xvnc-module-debuginfo-1.13.1-150600.4.3.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* xorg-x11-Xvnc-novnc-1.13.1-150600.4.3.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libXvnc1-debuginfo-1.13.1-150600.4.3.1
* tigervnc-debugsource-1.13.1-150600.4.3.1
* libXvnc1-1.13.1-150600.4.3.1
* xorg-x11-Xvnc-module-1.13.1-150600.4.3.1
* xorg-x11-Xvnc-1.13.1-150600.4.3.1
* libXvnc-devel-1.13.1-150600.4.3.1
* xorg-x11-Xvnc-debuginfo-1.13.1-150600.4.3.1
* xorg-x11-Xvnc-module-debuginfo-1.13.1-150600.4.3.1
* tigervnc-1.13.1-150600.4.3.1
* tigervnc-debuginfo-1.13.1-150600.4.3.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* xorg-x11-Xvnc-novnc-1.13.1-150600.4.3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-34352.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260871



SUSE-SU-2026:1248-1: important: Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise 15 SP5)


# Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:1248-1
Release Date: 2026-04-10T11:04:25Z
Rating: important
References:

* bsc#1252036
* bsc#1252689
* bsc#1256780
* bsc#1257238
* bsc#1258051
* bsc#1258784

Cross-References:

* CVE-2025-39973
* CVE-2025-40018
* CVE-2025-71120
* CVE-2026-22999
* CVE-2026-23074
* CVE-2026-23209

CVSS scores:

* CVE-2025-39973 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40018 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71120 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22999 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23074 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.113 fixes
various security issues

The following security issues were fixed:

* CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
* CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup
(bsc#1252689).
* CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length
gss_token in gss_read_proxy_verf (bsc#1256780).
* CVE-2026-22999: net/sched: sch_qfq: do not free existing class in
qfq_change_class() (bsc#1257238).
* CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc
(bsc#1258051).
* CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink()
(bsc#1258784).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1246=1 SUSE-2026-1248=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1246=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2026-1248=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_28-debugsource-14-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-14-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_29-debugsource-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-14-150500.2.1
* kernel-livepatch-5_14_21-150500_55_116-default-12-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_28-debugsource-14-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-14-150500.2.1
* kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-14-150500.2.1
* kernel-livepatch-5_14_21-150500_55_116-default-12-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x)
* kernel-livepatch-SLE15-SP5_Update_29-debugsource-12-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-39973.html
* https://www.suse.com/security/cve/CVE-2025-40018.html
* https://www.suse.com/security/cve/CVE-2025-71120.html
* https://www.suse.com/security/cve/CVE-2026-22999.html
* https://www.suse.com/security/cve/CVE-2026-23074.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252036
* https://bugzilla.suse.com/show_bug.cgi?id=1252689
* https://bugzilla.suse.com/show_bug.cgi?id=1256780
* https://bugzilla.suse.com/show_bug.cgi?id=1257238
* https://bugzilla.suse.com/show_bug.cgi?id=1258051
* https://bugzilla.suse.com/show_bug.cgi?id=1258784



openSUSE-SU-2026:10514-1: moderate: go1.25-1.25.9-1.1 on GA media


# go1.25-1.25.9-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10514-1
Rating: moderate

Cross-References:

* CVE-2026-27140
* CVE-2026-27143
* CVE-2026-27144
* CVE-2026-32280
* CVE-2026-32281
* CVE-2026-32282
* CVE-2026-32283
* CVE-2026-32288
* CVE-2026-32289

CVSS scores:

* CVE-2026-27143 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-27144 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-32282 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-32288 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-32289 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 9 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the go1.25-1.25.9-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* go1.25 1.25.9-1.1
* go1.25-doc 1.25.9-1.1
* go1.25-libstd 1.25.9-1.1
* go1.25-race 1.25.9-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-27140.html
* https://www.suse.com/security/cve/CVE-2026-27143.html
* https://www.suse.com/security/cve/CVE-2026-27144.html
* https://www.suse.com/security/cve/CVE-2026-32280.html
* https://www.suse.com/security/cve/CVE-2026-32281.html
* https://www.suse.com/security/cve/CVE-2026-32282.html
* https://www.suse.com/security/cve/CVE-2026-32283.html
* https://www.suse.com/security/cve/CVE-2026-32288.html
* https://www.suse.com/security/cve/CVE-2026-32289.html



openSUSE-SU-2026:10517-1: moderate: python313-Django6-6.0.4-1.1 on GA media


# python313-Django6-6.0.4-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10517-1
Rating: moderate

Cross-References:

* CVE-2026-33033
* CVE-2026-33034
* CVE-2026-3902
* CVE-2026-4277
* CVE-2026-4292

CVSS scores:

* CVE-2026-33033 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-33033 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-33034 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-3902 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-3902 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-4277 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-4292 ( SUSE ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 5 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the python313-Django6-6.0.4-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python313-Django6 6.0.4-1.1
* python314-Django6 6.0.4-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33033.html
* https://www.suse.com/security/cve/CVE-2026-33034.html
* https://www.suse.com/security/cve/CVE-2026-3902.html
* https://www.suse.com/security/cve/CVE-2026-4277.html
* https://www.suse.com/security/cve/CVE-2026-4292.html



openSUSE-SU-2026:10513-1: moderate: fontforge-20251009-6.1 on GA media


# fontforge-20251009-6.1 on GA media

Announcement ID: openSUSE-SU-2026:10513-1
Rating: moderate

Cross-References:

* CVE-2025-15270

CVSS scores:

* CVE-2025-15270 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the fontforge-20251009-6.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* fontforge 20251009-6.1
* fontforge-devel 20251009-6.1
* fontforge-doc 20251009-6.1

## References:

* https://www.suse.com/security/cve/CVE-2025-15270.html



openSUSE-SU-2026:10516-1: moderate: python311-Django4-4.2.30-1.1 on GA media


# python311-Django4-4.2.30-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10516-1
Rating: moderate

Cross-References:

* CVE-2026-33033
* CVE-2026-33034
* CVE-2026-3902
* CVE-2026-4277
* CVE-2026-4292

CVSS scores:

* CVE-2026-33033 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-33033 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-33034 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-3902 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-3902 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-4277 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-4292 ( SUSE ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 5 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the python311-Django4-4.2.30-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-Django4 4.2.30-1.1
* python313-Django4 4.2.30-1.1
* python314-Django4 4.2.30-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33033.html
* https://www.suse.com/security/cve/CVE-2026-33034.html
* https://www.suse.com/security/cve/CVE-2026-3902.html
* https://www.suse.com/security/cve/CVE-2026-4277.html
* https://www.suse.com/security/cve/CVE-2026-4292.html



openSUSE-SU-2026:10511-1: moderate: MozillaFirefox-149.0.2-1.1 on GA media


# MozillaFirefox-149.0.2-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10511-1
Rating: moderate

Cross-References:

* CVE-2026-5731
* CVE-2026-5732
* CVE-2026-5733
* CVE-2026-5734
* CVE-2026-5735

CVSS scores:

* CVE-2026-5731 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-5732 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-5733 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-5734 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-5735 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 5 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the MozillaFirefox-149.0.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* MozillaFirefox 149.0.2-1.1
* MozillaFirefox-branding-upstream 149.0.2-1.1
* MozillaFirefox-devel 149.0.2-1.1
* MozillaFirefox-translations-common 149.0.2-1.1
* MozillaFirefox-translations-other 149.0.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-5731.html
* https://www.suse.com/security/cve/CVE-2026-5732.html
* https://www.suse.com/security/cve/CVE-2026-5733.html
* https://www.suse.com/security/cve/CVE-2026-5734.html
* https://www.suse.com/security/cve/CVE-2026-5735.html



openSUSE-SU-2026:10510-1: moderate: sudo-1.9.17p2-2.1 on GA media


# sudo-1.9.17p2-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10510-1
Rating: moderate

Cross-References:

* CVE-2026-35535

CVSS scores:

* CVE-2026-35535 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-35535 ( SUSE ): 7.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the sudo-1.9.17p2-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* sudo 1.9.17p2-2.1
* sudo-devel 1.9.17p2-2.1
* sudo-plugin-python 1.9.17p2-2.1
* sudo-policy-sudo-auth-self 1.9.17p2-2.1
* sudo-policy-wheel-auth-self 1.9.17p2-2.1
* sudo-test 1.9.17p2-2.1
* system-group-sudo 1.9.17p2-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-35535.html



SUSE-SU-2026:1242-1: important: Security update for the Linux Kernel (Live Patch 45 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 45 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:1242-1
Release Date: 2026-04-10T07:04:48Z
Rating: important
References:

* bsc#1252036
* bsc#1252689
* bsc#1256780
* bsc#1257238
* bsc#1258051
* bsc#1258784

Cross-References:

* CVE-2025-39973
* CVE-2025-40018
* CVE-2025-71120
* CVE-2026-22999
* CVE-2026-23074
* CVE-2026-23209

CVSS scores:

* CVE-2025-39973 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40018 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71120 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22999 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23074 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.179 fixes
various security issues

The following security issues were fixed:

* CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
* CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup
(bsc#1252689).
* CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length
gss_token in gss_read_proxy_verf (bsc#1256780).
* CVE-2026-22999: net/sched: sch_qfq: do not free existing class in
qfq_change_class() (bsc#1257238).
* CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc
(bsc#1258051).
* CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink()
(bsc#1258784).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1241=1 SUSE-2026-1242=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1242=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2026-1241=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1240=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1240=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_24-debugsource-17-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-17-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_27-debugsource-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-17-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-15-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_24-debugsource-17-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-17-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_27-debugsource-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-17-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-15-150500.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_45-debugsource-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_179-default-debuginfo-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_179-default-8-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_45-debugsource-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_179-default-debuginfo-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_179-default-8-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-39973.html
* https://www.suse.com/security/cve/CVE-2025-40018.html
* https://www.suse.com/security/cve/CVE-2025-71120.html
* https://www.suse.com/security/cve/CVE-2026-22999.html
* https://www.suse.com/security/cve/CVE-2026-23074.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252036
* https://bugzilla.suse.com/show_bug.cgi?id=1252689
* https://bugzilla.suse.com/show_bug.cgi?id=1256780
* https://bugzilla.suse.com/show_bug.cgi?id=1257238
* https://bugzilla.suse.com/show_bug.cgi?id=1258051
* https://bugzilla.suse.com/show_bug.cgi?id=1258784


GIT-LFS, LibTIFF, Grafana updates for Rocky Linux

MongoDB and QEMU updates for Ubuntu

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...