Kernel, Python-Requests, Xen, openCryptoki, Sed, Dnsdist updates for SUSE

SUSE 5634 Published by

SUSE rolled out a batch of security advisories to patch vulnerabilities across its enterprise Linux distributions and several core software packages. The highest priority update focuses on the Linux Kernel, where fourteen separate flaws were resolved to prevent potential local privilege escalation and system crashes. Other moderate fixes address memory management bugs and race conditions within python-requests, xen, openCryptoki, sed, and dnsdist. IT teams need to apply these patches through standard package managers right away, though they should plan for a mandatory server restart after installing the kernel or Xen components.

SUSE-SU-2026:1643-1: important: Security update for the Linux Kernel
SUSE-SU-2026:1644-1: moderate: Security update for python-requests
SUSE-SU-2026:1647-1: moderate: Security update for python-requests
SUSE-SU-2026:1657-1: important: Security update for xen
SUSE-SU-2026:1658-1: moderate: Security update for openCryptoki
SUSE-SU-2026:1659-1: moderate: Security update for sed
openSUSE-SU-2026:10632-1: moderate: dnsdist-2.0.5-1.1 on GA media




SUSE-SU-2026:1643-1: important: Security update for the Linux Kernel


# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2026:1643-1
Release Date: 2026-04-28T13:27:24Z
Rating: important
References:

* bsc#1252073
* bsc#1253122
* bsc#1257506
* bsc#1257773
* bsc#1259188
* bsc#1259461
* bsc#1259580
* bsc#1259707
* bsc#1259797
* bsc#1259998
* bsc#1260005
* bsc#1260009
* bsc#1260347
* bsc#1260471
* bsc#1260486
* bsc#1260562
* bsc#1260730
* bsc#1261412
* bsc#1261498

Cross-References:

* CVE-2025-39998
* CVE-2026-23103
* CVE-2026-23231
* CVE-2026-23243
* CVE-2026-23272
* CVE-2026-23274
* CVE-2026-23278
* CVE-2026-23293
* CVE-2026-23317
* CVE-2026-23381
* CVE-2026-23398
* CVE-2026-23412
* CVE-2026-23413
* CVE-2026-31788

CVSS scores:

* CVE-2025-39998 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-23103 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23231 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23231 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23243 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23272 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23278 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23293 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23317 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23381 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23398 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23398 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23412 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23412 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23412 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23412 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23413 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23413 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23413 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise High Availability Extension 15 SP6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves 14 vulnerabilities and has five security fixes can now be
installed.

## Description:

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security
issues

The following security issues were fixed:

* CVE-2025-39998: scsi: target: target_core_configfs: Add length check to
avoid buffer overflow (bsc#1252073).
* CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).
* CVE-2026-23231: netfilter: nf_tables: fix use-after-free in
nf_tables_addchain() (bsc#1259188).
* CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write
(bsc#1259797).
* CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems
before insertion (bsc#1260009).
* CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer
labels (bsc#1260005).
* CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall
elements (bsc#1259998).
* CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is
disabled (bsc#1260486).
* CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr
functions (bsc#1260562).
* CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is
disabled (bsc#1260471).
* CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation()
(bsc#1260730).
* CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers
are done (bsc#1261412).
* CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback
asymmetry (bsc#1261498).
* CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU
(bsc#1259707).

The following non security issues were fixed:

* KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE
(bsc#1259461).
* KVM: x86/mmu: Retry fault before acquiring mmu_lock if mapping is changing
(bsc#1253122).
* net: mana: fix use-after-free in add_adev() error path (git-fixes).
* net: mana: Trigger VF reset/recovery on health check failure due to HWC
timeout (bsc#1259580).
* x86/platform/uv: Handle deconfigured sockets (bsc#1260347).
* xen/privcmd: unregister xenstore notifier on module exit (git-fixes).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1643=1

* SUSE Linux Enterprise High Availability Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-1643=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1643=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1643=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1643=1

## Package List:

* openSUSE Leap 15.6 (noarch nosrc)
* kernel-docs-6.4.0-150600.23.95.1
* openSUSE Leap 15.6 (noarch)
* kernel-docs-html-6.4.0-150600.23.95.1
* kernel-source-6.4.0-150600.23.95.1
* kernel-macros-6.4.0-150600.23.95.1
* kernel-source-vanilla-6.4.0-150600.23.95.1
* kernel-devel-6.4.0-150600.23.95.1
* openSUSE Leap 15.6 (nosrc ppc64le x86_64)
* kernel-debug-6.4.0-150600.23.95.1
* openSUSE Leap 15.6 (ppc64le x86_64)
* kernel-debug-devel-6.4.0-150600.23.95.1
* kernel-debug-debuginfo-6.4.0-150600.23.95.1
* kernel-debug-devel-debuginfo-6.4.0-150600.23.95.1
* kernel-debug-debugsource-6.4.0-150600.23.95.1
* openSUSE Leap 15.6 (x86_64)
* kernel-default-vdso-6.4.0-150600.23.95.1
* kernel-kvmsmall-vdso-debuginfo-6.4.0-150600.23.95.1
* kernel-default-vdso-debuginfo-6.4.0-150600.23.95.1
* kernel-debug-vdso-6.4.0-150600.23.95.1
* kernel-debug-vdso-debuginfo-6.4.0-150600.23.95.1
* kernel-kvmsmall-vdso-6.4.0-150600.23.95.1
* openSUSE Leap 15.6 (aarch64 ppc64le x86_64)
* kernel-kvmsmall-devel-debuginfo-6.4.0-150600.23.95.1
* kernel-kvmsmall-debugsource-6.4.0-150600.23.95.1
* kernel-default-base-6.4.0-150600.23.95.1.150600.12.44.1
* kernel-kvmsmall-devel-6.4.0-150600.23.95.1
* kernel-kvmsmall-debuginfo-6.4.0-150600.23.95.1
* kernel-default-base-rebuild-6.4.0-150600.23.95.1.150600.12.44.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* kernel-default-optional-6.4.0-150600.23.95.1
* cluster-md-kmp-default-debuginfo-6.4.0-150600.23.95.1
* kernel-default-devel-6.4.0-150600.23.95.1
* gfs2-kmp-default-6.4.0-150600.23.95.1
* reiserfs-kmp-default-debuginfo-6.4.0-150600.23.95.1
* kernel-default-extra-6.4.0-150600.23.95.1
* cluster-md-kmp-default-6.4.0-150600.23.95.1
* kernel-default-livepatch-6.4.0-150600.23.95.1
* kernel-default-debugsource-6.4.0-150600.23.95.1
* kernel-default-devel-debuginfo-6.4.0-150600.23.95.1
* kernel-default-optional-debuginfo-6.4.0-150600.23.95.1
* kselftests-kmp-default-debuginfo-6.4.0-150600.23.95.1
* kernel-obs-build-debugsource-6.4.0-150600.23.95.1
* kernel-obs-qa-6.4.0-150600.23.95.1
* dlm-kmp-default-6.4.0-150600.23.95.1
* kselftests-kmp-default-6.4.0-150600.23.95.1
* kernel-default-extra-debuginfo-6.4.0-150600.23.95.1
* kernel-obs-build-6.4.0-150600.23.95.1
* dlm-kmp-default-debuginfo-6.4.0-150600.23.95.1
* ocfs2-kmp-default-debuginfo-6.4.0-150600.23.95.1
* ocfs2-kmp-default-6.4.0-150600.23.95.1
* gfs2-kmp-default-debuginfo-6.4.0-150600.23.95.1
* reiserfs-kmp-default-6.4.0-150600.23.95.1
* kernel-default-debuginfo-6.4.0-150600.23.95.1
* kernel-syms-6.4.0-150600.23.95.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-6.4.0-150600.23.95.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_95-default-debuginfo-1-150600.13.3.1
* kernel-livepatch-6_4_0-150600_23_95-default-1-150600.13.3.1
* kernel-default-livepatch-devel-6.4.0-150600.23.95.1
* kernel-livepatch-SLE15-SP6_Update_22-debugsource-1-150600.13.3.1
* openSUSE Leap 15.6 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-6.4.0-150600.23.95.1
* openSUSE Leap 15.6 (nosrc s390x)
* kernel-zfcpdump-6.4.0-150600.23.95.1
* openSUSE Leap 15.6 (s390x)
* kernel-zfcpdump-debugsource-6.4.0-150600.23.95.1
* kernel-zfcpdump-debuginfo-6.4.0-150600.23.95.1
* openSUSE Leap 15.6 (nosrc)
* dtb-aarch64-6.4.0-150600.23.95.1
* openSUSE Leap 15.6 (aarch64)
* kernel-64kb-devel-6.4.0-150600.23.95.1
* dtb-nvidia-6.4.0-150600.23.95.1
* dtb-broadcom-6.4.0-150600.23.95.1
* kernel-64kb-devel-debuginfo-6.4.0-150600.23.95.1
* kernel-64kb-optional-6.4.0-150600.23.95.1
* dtb-socionext-6.4.0-150600.23.95.1
* dtb-hisilicon-6.4.0-150600.23.95.1
* kernel-64kb-debuginfo-6.4.0-150600.23.95.1
* kselftests-kmp-64kb-6.4.0-150600.23.95.1
* dtb-arm-6.4.0-150600.23.95.1
* reiserfs-kmp-64kb-debuginfo-6.4.0-150600.23.95.1
* dtb-amd-6.4.0-150600.23.95.1
* dtb-apm-6.4.0-150600.23.95.1
* dtb-cavium-6.4.0-150600.23.95.1
* kselftests-kmp-64kb-debuginfo-6.4.0-150600.23.95.1
* kernel-64kb-debugsource-6.4.0-150600.23.95.1
* gfs2-kmp-64kb-debuginfo-6.4.0-150600.23.95.1
* dtb-rockchip-6.4.0-150600.23.95.1
* dtb-altera-6.4.0-150600.23.95.1
* dtb-sprd-6.4.0-150600.23.95.1
* dtb-apple-6.4.0-150600.23.95.1
* cluster-md-kmp-64kb-debuginfo-6.4.0-150600.23.95.1
* dtb-mediatek-6.4.0-150600.23.95.1
* dtb-freescale-6.4.0-150600.23.95.1
* dtb-renesas-6.4.0-150600.23.95.1
* ocfs2-kmp-64kb-6.4.0-150600.23.95.1
* dtb-exynos-6.4.0-150600.23.95.1
* kernel-64kb-optional-debuginfo-6.4.0-150600.23.95.1
* dlm-kmp-64kb-6.4.0-150600.23.95.1
* kernel-64kb-extra-debuginfo-6.4.0-150600.23.95.1
* dtb-allwinner-6.4.0-150600.23.95.1
* dtb-qcom-6.4.0-150600.23.95.1
* dtb-amazon-6.4.0-150600.23.95.1
* dtb-lg-6.4.0-150600.23.95.1
* gfs2-kmp-64kb-6.4.0-150600.23.95.1
* kernel-64kb-extra-6.4.0-150600.23.95.1
* dlm-kmp-64kb-debuginfo-6.4.0-150600.23.95.1
* reiserfs-kmp-64kb-6.4.0-150600.23.95.1
* ocfs2-kmp-64kb-debuginfo-6.4.0-150600.23.95.1
* dtb-marvell-6.4.0-150600.23.95.1
* dtb-amlogic-6.4.0-150600.23.95.1
* cluster-md-kmp-64kb-6.4.0-150600.23.95.1
* dtb-xilinx-6.4.0-150600.23.95.1
* openSUSE Leap 15.6 (aarch64 nosrc)
* kernel-64kb-6.4.0-150600.23.95.1
* SUSE Linux Enterprise High Availability Extension 15 SP6 (nosrc)
* kernel-default-6.4.0-150600.23.95.1
* SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le
s390x x86_64)
* kernel-default-debugsource-6.4.0-150600.23.95.1
* kernel-default-debuginfo-6.4.0-150600.23.95.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* dlm-kmp-default-debuginfo-6.4.0-150600.23.95.1
* kernel-obs-build-6.4.0-150600.23.95.1
* ocfs2-kmp-default-debuginfo-6.4.0-150600.23.95.1
* cluster-md-kmp-default-debuginfo-6.4.0-150600.23.95.1
* ocfs2-kmp-default-6.4.0-150600.23.95.1
* dlm-kmp-default-6.4.0-150600.23.95.1
* gfs2-kmp-default-debuginfo-6.4.0-150600.23.95.1
* gfs2-kmp-default-6.4.0-150600.23.95.1
* kernel-default-debugsource-6.4.0-150600.23.95.1
* kernel-default-devel-6.4.0-150600.23.95.1
* kernel-default-devel-debuginfo-6.4.0-150600.23.95.1
* reiserfs-kmp-default-6.4.0-150600.23.95.1
* reiserfs-kmp-default-debuginfo-6.4.0-150600.23.95.1
* kernel-obs-build-debugsource-6.4.0-150600.23.95.1
* kernel-default-debuginfo-6.4.0-150600.23.95.1
* cluster-md-kmp-default-6.4.0-150600.23.95.1
* kernel-syms-6.4.0-150600.23.95.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 nosrc)
* kernel-64kb-6.4.0-150600.23.95.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64)
* kernel-64kb-debuginfo-6.4.0-150600.23.95.1
* kernel-64kb-debugsource-6.4.0-150600.23.95.1
* kernel-64kb-devel-6.4.0-150600.23.95.1
* kernel-64kb-devel-debuginfo-6.4.0-150600.23.95.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64
nosrc)
* kernel-default-6.4.0-150600.23.95.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le x86_64)
* kernel-default-base-6.4.0-150600.23.95.1.150600.12.44.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* kernel-macros-6.4.0-150600.23.95.1
* kernel-source-6.4.0-150600.23.95.1
* kernel-devel-6.4.0-150600.23.95.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch nosrc)
* kernel-docs-6.4.0-150600.23.95.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (nosrc s390x)
* kernel-zfcpdump-6.4.0-150600.23.95.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (s390x)
* kernel-zfcpdump-debugsource-6.4.0-150600.23.95.1
* kernel-zfcpdump-debuginfo-6.4.0-150600.23.95.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* dlm-kmp-default-debuginfo-6.4.0-150600.23.95.1
* kernel-default-base-6.4.0-150600.23.95.1.150600.12.44.1
* kernel-obs-build-6.4.0-150600.23.95.1
* ocfs2-kmp-default-debuginfo-6.4.0-150600.23.95.1
* cluster-md-kmp-default-debuginfo-6.4.0-150600.23.95.1
* ocfs2-kmp-default-6.4.0-150600.23.95.1
* dlm-kmp-default-6.4.0-150600.23.95.1
* gfs2-kmp-default-debuginfo-6.4.0-150600.23.95.1
* gfs2-kmp-default-6.4.0-150600.23.95.1
* kernel-default-debugsource-6.4.0-150600.23.95.1
* kernel-default-devel-6.4.0-150600.23.95.1
* kernel-default-devel-debuginfo-6.4.0-150600.23.95.1
* reiserfs-kmp-default-6.4.0-150600.23.95.1
* reiserfs-kmp-default-debuginfo-6.4.0-150600.23.95.1
* kernel-obs-build-debugsource-6.4.0-150600.23.95.1
* kernel-default-debuginfo-6.4.0-150600.23.95.1
* cluster-md-kmp-default-6.4.0-150600.23.95.1
* kernel-syms-6.4.0-150600.23.95.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (nosrc ppc64le
x86_64)
* kernel-default-6.4.0-150600.23.95.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* kernel-macros-6.4.0-150600.23.95.1
* kernel-source-6.4.0-150600.23.95.1
* kernel-devel-6.4.0-150600.23.95.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch nosrc)
* kernel-docs-6.4.0-150600.23.95.1
* SUSE Linux Enterprise Live Patching 15-SP6 (nosrc)
* kernel-default-6.4.0-150600.23.95.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_22-debugsource-1-150600.13.3.1
* kernel-livepatch-6_4_0-150600_23_95-default-debuginfo-1-150600.13.3.1
* kernel-default-livepatch-6.4.0-150600.23.95.1
* kernel-default-livepatch-devel-6.4.0-150600.23.95.1
* kernel-livepatch-6_4_0-150600_23_95-default-1-150600.13.3.1
* kernel-default-debugsource-6.4.0-150600.23.95.1
* kernel-default-debuginfo-6.4.0-150600.23.95.1

## References:

* https://www.suse.com/security/cve/CVE-2025-39998.html
* https://www.suse.com/security/cve/CVE-2026-23103.html
* https://www.suse.com/security/cve/CVE-2026-23231.html
* https://www.suse.com/security/cve/CVE-2026-23243.html
* https://www.suse.com/security/cve/CVE-2026-23272.html
* https://www.suse.com/security/cve/CVE-2026-23274.html
* https://www.suse.com/security/cve/CVE-2026-23278.html
* https://www.suse.com/security/cve/CVE-2026-23293.html
* https://www.suse.com/security/cve/CVE-2026-23317.html
* https://www.suse.com/security/cve/CVE-2026-23381.html
* https://www.suse.com/security/cve/CVE-2026-23398.html
* https://www.suse.com/security/cve/CVE-2026-23412.html
* https://www.suse.com/security/cve/CVE-2026-23413.html
* https://www.suse.com/security/cve/CVE-2026-31788.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252073
* https://bugzilla.suse.com/show_bug.cgi?id=1253122
* https://bugzilla.suse.com/show_bug.cgi?id=1257506
* https://bugzilla.suse.com/show_bug.cgi?id=1257773
* https://bugzilla.suse.com/show_bug.cgi?id=1259188
* https://bugzilla.suse.com/show_bug.cgi?id=1259461
* https://bugzilla.suse.com/show_bug.cgi?id=1259580
* https://bugzilla.suse.com/show_bug.cgi?id=1259707
* https://bugzilla.suse.com/show_bug.cgi?id=1259797
* https://bugzilla.suse.com/show_bug.cgi?id=1259998
* https://bugzilla.suse.com/show_bug.cgi?id=1260005
* https://bugzilla.suse.com/show_bug.cgi?id=1260009
* https://bugzilla.suse.com/show_bug.cgi?id=1260347
* https://bugzilla.suse.com/show_bug.cgi?id=1260471
* https://bugzilla.suse.com/show_bug.cgi?id=1260486
* https://bugzilla.suse.com/show_bug.cgi?id=1260562
* https://bugzilla.suse.com/show_bug.cgi?id=1260730
* https://bugzilla.suse.com/show_bug.cgi?id=1261412
* https://bugzilla.suse.com/show_bug.cgi?id=1261498



SUSE-SU-2026:1644-1: moderate: Security update for python-requests


# Security update for python-requests

Announcement ID: SUSE-SU-2026:1644-1
Release Date: 2026-04-28T13:31:55Z
Rating: moderate
References:

* bsc#1260589

Cross-References:

* CVE-2026-25645

CVSS scores:

* CVE-2026-25645 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-25645 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-25645 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
* CVE-2026-25645 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.3
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for python-requests fixes the following issues:

* CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when
extracting files from zip archives and reuses target files that already
exist without validation (bsc#1260589).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-1644=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1644=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1644=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1644=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1644=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-1644=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1644=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1644=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1644=1

## Package List:

* openSUSE Leap 15.3 (noarch)
* python3-requests-2.25.1-150300.3.21.1
* python2-requests-2.25.1-150300.3.21.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
* python3-requests-2.25.1-150300.3.21.1
* SUSE Linux Enterprise Micro 5.3 (noarch)
* python3-requests-2.25.1-150300.3.21.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
* python3-requests-2.25.1-150300.3.21.1
* SUSE Linux Enterprise Micro 5.4 (noarch)
* python3-requests-2.25.1-150300.3.21.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* python3-requests-2.25.1-150300.3.21.1
* Basesystem Module 15-SP7 (noarch)
* python3-requests-2.25.1-150300.3.21.1
* SUSE Linux Enterprise Micro 5.2 (noarch)
* python3-requests-2.25.1-150300.3.21.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (noarch)
* python3-requests-2.25.1-150300.3.21.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25645.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260589



SUSE-SU-2026:1647-1: moderate: Security update for python-requests


# Security update for python-requests

Announcement ID: SUSE-SU-2026:1647-1
Release Date: 2026-04-28T18:03:12Z
Rating: moderate
References:

* bsc#1260589

Cross-References:

* CVE-2026-25645

CVSS scores:

* CVE-2026-25645 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-25645 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-25645 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
* CVE-2026-25645 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6
* Public Cloud Module 15-SP4
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for python-requests fixes the following issues:

* CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when
extracting files from zip archives and reuses target files that already
exist without validation (bsc#1260589).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1647=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1647=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1647=1

* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1647=1

## Package List:

* openSUSE Leap 15.4 (noarch)
* python311-requests-2.31.0-150400.6.21.1
* openSUSE Leap 15.6 (noarch)
* python311-requests-2.31.0-150400.6.21.1
* Public Cloud Module 15-SP4 (noarch)
* python311-requests-2.31.0-150400.6.21.1
* Python 3 Module 15-SP7 (noarch)
* python311-requests-2.31.0-150400.6.21.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25645.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260589



SUSE-SU-2026:1657-1: important: Security update for xen


# Security update for xen

Announcement ID: SUSE-SU-2026:1657-1
Release Date: 2026-04-29T11:06:54Z
Rating: important
References:

* bsc#1262178
* bsc#1262180
* bsc#1262428

Cross-References:

* CVE-2025-54505
* CVE-2026-23557
* CVE-2026-23558

CVSS scores:

* CVE-2025-54505 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
* CVE-2025-54505 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-54505 ( NVD ): 2.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-23557 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2026-23558 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23558 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves three vulnerabilities can now be installed.

## Description:

This update for xen fixes the following issues:

* CVE-2025-54505: floating point divider state sampling on AMD CPUs AMD-
SN-7053 (bsc#1262428).
* CVE-2026-23557: Xenstored DoS via XS_RESET_WATCHES command (bsc#1262178).
* CVE-2026-23558: grant table v2 race in status page mapping (bsc#1262180).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1657=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-1657=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1657=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1657=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1657=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1657=1

## Package List:

* openSUSE Leap 15.5 (aarch64 x86_64 i586)
* xen-debugsource-4.17.6_08-150500.3.65.1
* xen-libs-4.17.6_08-150500.3.65.1
* xen-tools-domU-debuginfo-4.17.6_08-150500.3.65.1
* xen-libs-debuginfo-4.17.6_08-150500.3.65.1
* xen-tools-domU-4.17.6_08-150500.3.65.1
* xen-devel-4.17.6_08-150500.3.65.1
* openSUSE Leap 15.5 (x86_64)
* xen-libs-32bit-debuginfo-4.17.6_08-150500.3.65.1
* xen-libs-32bit-4.17.6_08-150500.3.65.1
* openSUSE Leap 15.5 (aarch64 x86_64)
* xen-doc-html-4.17.6_08-150500.3.65.1
* xen-4.17.6_08-150500.3.65.1
* xen-tools-4.17.6_08-150500.3.65.1
* xen-tools-debuginfo-4.17.6_08-150500.3.65.1
* openSUSE Leap 15.5 (noarch)
* xen-tools-xendomains-wait-disk-4.17.6_08-150500.3.65.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* xen-libs-64bit-debuginfo-4.17.6_08-150500.3.65.1
* xen-libs-64bit-4.17.6_08-150500.3.65.1
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* xen-libs-debuginfo-4.17.6_08-150500.3.65.1
* xen-libs-4.17.6_08-150500.3.65.1
* xen-debugsource-4.17.6_08-150500.3.65.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64)
* xen-debugsource-4.17.6_08-150500.3.65.1
* xen-tools-4.17.6_08-150500.3.65.1
* xen-4.17.6_08-150500.3.65.1
* xen-libs-4.17.6_08-150500.3.65.1
* xen-tools-domU-debuginfo-4.17.6_08-150500.3.65.1
* xen-libs-debuginfo-4.17.6_08-150500.3.65.1
* xen-tools-debuginfo-4.17.6_08-150500.3.65.1
* xen-tools-domU-4.17.6_08-150500.3.65.1
* xen-devel-4.17.6_08-150500.3.65.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* xen-tools-xendomains-wait-disk-4.17.6_08-150500.3.65.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64)
* xen-debugsource-4.17.6_08-150500.3.65.1
* xen-tools-4.17.6_08-150500.3.65.1
* xen-4.17.6_08-150500.3.65.1
* xen-libs-4.17.6_08-150500.3.65.1
* xen-tools-domU-debuginfo-4.17.6_08-150500.3.65.1
* xen-libs-debuginfo-4.17.6_08-150500.3.65.1
* xen-tools-debuginfo-4.17.6_08-150500.3.65.1
* xen-tools-domU-4.17.6_08-150500.3.65.1
* xen-devel-4.17.6_08-150500.3.65.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* xen-tools-xendomains-wait-disk-4.17.6_08-150500.3.65.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
* xen-debugsource-4.17.6_08-150500.3.65.1
* xen-tools-4.17.6_08-150500.3.65.1
* xen-4.17.6_08-150500.3.65.1
* xen-libs-4.17.6_08-150500.3.65.1
* xen-tools-domU-debuginfo-4.17.6_08-150500.3.65.1
* xen-libs-debuginfo-4.17.6_08-150500.3.65.1
* xen-tools-debuginfo-4.17.6_08-150500.3.65.1
* xen-tools-domU-4.17.6_08-150500.3.65.1
* xen-devel-4.17.6_08-150500.3.65.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* xen-tools-xendomains-wait-disk-4.17.6_08-150500.3.65.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* xen-debugsource-4.17.6_08-150500.3.65.1
* xen-tools-4.17.6_08-150500.3.65.1
* xen-4.17.6_08-150500.3.65.1
* xen-libs-4.17.6_08-150500.3.65.1
* xen-tools-domU-debuginfo-4.17.6_08-150500.3.65.1
* xen-libs-debuginfo-4.17.6_08-150500.3.65.1
* xen-tools-debuginfo-4.17.6_08-150500.3.65.1
* xen-tools-domU-4.17.6_08-150500.3.65.1
* xen-devel-4.17.6_08-150500.3.65.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* xen-tools-xendomains-wait-disk-4.17.6_08-150500.3.65.1

## References:

* https://www.suse.com/security/cve/CVE-2025-54505.html
* https://www.suse.com/security/cve/CVE-2026-23557.html
* https://www.suse.com/security/cve/CVE-2026-23558.html
* https://bugzilla.suse.com/show_bug.cgi?id=1262178
* https://bugzilla.suse.com/show_bug.cgi?id=1262180
* https://bugzilla.suse.com/show_bug.cgi?id=1262428



SUSE-SU-2026:1658-1: moderate: Security update for openCryptoki


# Security update for openCryptoki

Announcement ID: SUSE-SU-2026:1658-1
Release Date: 2026-04-29T11:08:07Z
Rating: moderate
References:

* bsc#1262283

Cross-References:

* CVE-2026-40253

CVSS scores:

* CVE-2026-40253 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-40253 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-40253 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-40253 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise Micro 5.5

An update that solves one vulnerability can now be installed.

## Description:

This update for openCryptoki fixes the following issue:

* CVE-2026-40253: malformed BER-encoded cryptographic objects can lead to
information disclosure and denial of service (bsc#1262283).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1658=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-1658=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* openCryptoki-3.23.0-150500.3.15.1
* openCryptoki-devel-3.23.0-150500.3.15.1
* openCryptoki-devel-debuginfo-3.23.0-150500.3.15.1
* openCryptoki-debuginfo-3.23.0-150500.3.15.1
* openCryptoki-debugsource-3.23.0-150500.3.15.1
* openSUSE Leap 15.5 (i586)
* openCryptoki-32bit-3.23.0-150500.3.15.1
* openCryptoki-32bit-debuginfo-3.23.0-150500.3.15.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* openCryptoki-64bit-debuginfo-3.23.0-150500.3.15.1
* openCryptoki-64bit-3.23.0-150500.3.15.1
* SUSE Linux Enterprise Micro 5.5 (s390x)
* openCryptoki-3.23.0-150500.3.15.1
* openCryptoki-debugsource-3.23.0-150500.3.15.1
* openCryptoki-debuginfo-3.23.0-150500.3.15.1

## References:

* https://www.suse.com/security/cve/CVE-2026-40253.html
* https://bugzilla.suse.com/show_bug.cgi?id=1262283



SUSE-SU-2026:1659-1: moderate: Security update for sed


# Security update for sed

Announcement ID: SUSE-SU-2026:1659-1
Release Date: 2026-04-29T11:09:24Z
Rating: moderate
References:

* bsc#1262144

Cross-References:

* CVE-2026-5958

CVSS scores:

* CVE-2026-5958 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
* CVE-2026-5958 ( SUSE ): 6.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
* CVE-2026-5958 ( NVD ): 2.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves one vulnerability can now be installed.

## Description:

This update for sed fixes the following issues:

* CVE-2026-5958: TOCTOU race allows write of user-controlled content to
unintended files and can lead to arbitrary file overwrite (bsc#1262144).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-1659=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1659=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1659=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1659=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1659=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-1659=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1659=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1659=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* sed-debugsource-4.4-150300.13.6.1
* sed-debuginfo-4.4-150300.13.6.1
* sed-4.4-150300.13.6.1
* openSUSE Leap 15.3 (noarch)
* sed-lang-4.4-150300.13.6.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* sed-debugsource-4.4-150300.13.6.1
* sed-debuginfo-4.4-150300.13.6.1
* sed-4.4-150300.13.6.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* sed-debugsource-4.4-150300.13.6.1
* sed-debuginfo-4.4-150300.13.6.1
* sed-4.4-150300.13.6.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* sed-debugsource-4.4-150300.13.6.1
* sed-debuginfo-4.4-150300.13.6.1
* sed-4.4-150300.13.6.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* sed-debugsource-4.4-150300.13.6.1
* sed-debuginfo-4.4-150300.13.6.1
* sed-4.4-150300.13.6.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* sed-debugsource-4.4-150300.13.6.1
* sed-debuginfo-4.4-150300.13.6.1
* sed-4.4-150300.13.6.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* sed-debugsource-4.4-150300.13.6.1
* sed-debuginfo-4.4-150300.13.6.1
* sed-4.4-150300.13.6.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* sed-debugsource-4.4-150300.13.6.1
* sed-debuginfo-4.4-150300.13.6.1
* sed-4.4-150300.13.6.1

## References:

* https://www.suse.com/security/cve/CVE-2026-5958.html
* https://bugzilla.suse.com/show_bug.cgi?id=1262144



openSUSE-SU-2026:10632-1: moderate: dnsdist-2.0.5-1.1 on GA media


# dnsdist-2.0.5-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10632-1
Rating: moderate

Cross-References:

* CVE-2026-33254
* CVE-2026-33257
* CVE-2026-33260
* CVE-2026-33593
* CVE-2026-33594
* CVE-2026-33595
* CVE-2026-33596
* CVE-2026-33597
* CVE-2026-33598
* CVE-2026-33599
* CVE-2026-33602

CVSS scores:

* CVE-2026-33257 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-33260 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Tumbleweed

An update that solves 11 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the dnsdist-2.0.5-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* dnsdist 2.0.5-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33254.html
* https://www.suse.com/security/cve/CVE-2026-33257.html
* https://www.suse.com/security/cve/CVE-2026-33260.html
* https://www.suse.com/security/cve/CVE-2026-33593.html
* https://www.suse.com/security/cve/CVE-2026-33594.html
* https://www.suse.com/security/cve/CVE-2026-33595.html
* https://www.suse.com/security/cve/CVE-2026-33596.html
* https://www.suse.com/security/cve/CVE-2026-33597.html
* https://www.suse.com/security/cve/CVE-2026-33598.html
* https://www.suse.com/security/cve/CVE-2026-33599.html
* https://www.suse.com/security/cve/CVE-2026-33602.html


Python3.11, LibXML2, LibRaw, Xorg-X11 updates for Rocky Linux

.NET, Python, Wheel, PackageKit, OpenSSH, Kernel, Roundcube updates for Ubuntu

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...