SUSE-SU-2026:1555-1: important: Security update for libraw
SUSE-SU-2026:1556-1: important: Security update for libraw
SUSE-SU-2026:1558-1: important: Security update for tomcat11
openSUSE-SU-2026:20609-1: important: Security update for google-guest-agent
openSUSE-SU-2026:20607-1: important: Security update for erlang
openSUSE-SU-2026:20612-1: important: Security update for tomcat10
openSUSE-SU-2026:20611-1: important: Security update for tomcat
openSUSE-SU-2026:20606-1: important: Security update for ImageMagick
openSUSE-SU-2026:20605-1: important: Security update for openexr
openSUSE-SU-2026:20603-1: important: Security update for ignition
openSUSE-SU-2026:20601-1: moderate: Security update for giflib
SUSE-SU-2026:1562-1: moderate: Security update for openssl-1_1
SUSE-SU-2026:1563-1: important: Security update for the Linux Kernel
SUSE-SU-2026:1565-1: moderate: Security update for libssh
SUSE-SU-2026:1560-1: important: Security update for the Linux Kernel (Live Patch 32 for SUSE Linux Enterprise 15 SP5)
openSUSE-SU-2026:0145-1: moderate: Security update for ocaml-patch, opam
openSUSE-SU-2026:0147-1: moderate: Security update for tor
openSUSE-SU-2026:10599-1: moderate: cacti-1.2.30+git306.82d5aef5-1.1 on GA media
openSUSE-SU-2026:10600-1: moderate: csync2-2.0+git.1600444747.83b3644-3.1 on GA media
openSUSE-SU-2026:10598-1: moderate: libtree-sitter0_26-0.26.8-1.1 on GA media
openSUSE-SU-2026:0151-1: critical: Security update for rclone
openSUSE-SU-2026:0150-1: important: Security update for flannel
openSUSE-SU-2026:0149-1: important: Security update for flannel
openSUSE-SU-2026:0148-1: critical: Security update for cacti, cacti-spine
SUSE-SU-2026:1568-1: moderate: Security update for haproxy
SUSE-SU-2026:1574-1: important: Security update for the Linux Kernel
SUSE-SU-2026:1577-1: important: Security update for openssl-1_1
SUSE-SU-2026:1576-1: important: Security update for gdk-pixbuf
SUSE-SU-2026:1555-1: important: Security update for libraw
# Security update for libraw
Announcement ID: SUSE-SU-2026:1555-1
Release Date: 2026-04-22T16:23:21Z
Rating: important
References:
* bsc#1261499
* bsc#1261671
* bsc#1261672
* bsc#1261673
* bsc#1261674
* bsc#1261675
* bsc#1261676
Cross-References:
* CVE-2026-20884
* CVE-2026-20889
* CVE-2026-20911
* CVE-2026-21413
* CVE-2026-24450
* CVE-2026-24660
* CVE-2026-5342
CVSS scores:
* CVE-2026-20884 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-20884 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-20884 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-20884 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-20889 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-20889 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-20889 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-20911 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-20911 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-20911 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-21413 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-21413 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-21413 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-24450 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-24450 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-24450 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-24450 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-24660 ( SUSE ): 7.5
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-24660 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-24660 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-24660 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-5342 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-5342 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-5342 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-5342 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
* Desktop Applications Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Linux Enterprise Workstation Extension 15 SP7
* SUSE Package Hub 15 15-SP7
An update that solves seven vulnerabilities can now be installed.
## Description:
This update for libraw fixes the following issues:
* CVE-2026-5342: out-of-bounds read via `LibRaw::nikon_load_padded_packed_raw`
(bsc#1261499).
* CVE-2026-20884: integer overflow and heap buffer overflow via
`deflate_dng_load_raw` (bsc#1261671).
* CVE-2026-20889: heap-based buffer overflow in
`x3f_thumb_loader`(bsc#1261672).
* CVE-2026-20911: heap-based buffer overflow in
`HuffTable::initval`(bsc#1261673).
* CVE-2026-21413: heap-based buffer overflow in `lossless_jpeg_load_raw`
(bsc#1261674).
* CVE-2026-24450: integer overflow and heap buffer overflow via
`uncompressed_fp_dng_load_raw` (bsc#1261675).
* CVE-2026-24660: heap-based buffer overflow in `x3f_load_huffman`
(bsc#1261676).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1555=1
* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1555=1
* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1555=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1555=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1555=1
* SUSE Linux Enterprise Workstation Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1555=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libraw-debugsource-0.21.1-150600.3.10.1
* libraw-tools-0.21.1-150600.3.10.1
* libraw-devel-0.21.1-150600.3.10.1
* libraw23-0.21.1-150600.3.10.1
* libraw23-debuginfo-0.21.1-150600.3.10.1
* libraw-tools-debuginfo-0.21.1-150600.3.10.1
* libraw-devel-static-0.21.1-150600.3.10.1
* openSUSE Leap 15.6 (x86_64)
* libraw23-32bit-0.21.1-150600.3.10.1
* libraw23-32bit-debuginfo-0.21.1-150600.3.10.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libraw23-64bit-0.21.1-150600.3.10.1
* libraw23-64bit-debuginfo-0.21.1-150600.3.10.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libraw-debugsource-0.21.1-150600.3.10.1
* libraw23-debuginfo-0.21.1-150600.3.10.1
* libraw23-0.21.1-150600.3.10.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x)
* libraw-debugsource-0.21.1-150600.3.10.1
* libraw-tools-0.21.1-150600.3.10.1
* libraw-devel-0.21.1-150600.3.10.1
* libraw-tools-debuginfo-0.21.1-150600.3.10.1
* libraw-devel-static-0.21.1-150600.3.10.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libraw-debugsource-0.21.1-150600.3.10.1
* libraw23-debuginfo-0.21.1-150600.3.10.1
* libraw23-0.21.1-150600.3.10.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libraw-debugsource-0.21.1-150600.3.10.1
* libraw23-debuginfo-0.21.1-150600.3.10.1
* libraw23-0.21.1-150600.3.10.1
* SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64)
* libraw-debugsource-0.21.1-150600.3.10.1
* libraw-devel-0.21.1-150600.3.10.1
## References:
* https://www.suse.com/security/cve/CVE-2026-20884.html
* https://www.suse.com/security/cve/CVE-2026-20889.html
* https://www.suse.com/security/cve/CVE-2026-20911.html
* https://www.suse.com/security/cve/CVE-2026-21413.html
* https://www.suse.com/security/cve/CVE-2026-24450.html
* https://www.suse.com/security/cve/CVE-2026-24660.html
* https://www.suse.com/security/cve/CVE-2026-5342.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261499
* https://bugzilla.suse.com/show_bug.cgi?id=1261671
* https://bugzilla.suse.com/show_bug.cgi?id=1261672
* https://bugzilla.suse.com/show_bug.cgi?id=1261673
* https://bugzilla.suse.com/show_bug.cgi?id=1261674
* https://bugzilla.suse.com/show_bug.cgi?id=1261675
* https://bugzilla.suse.com/show_bug.cgi?id=1261676
SUSE-SU-2026:1556-1: important: Security update for libraw
# Security update for libraw
Announcement ID: SUSE-SU-2026:1556-1
Release Date: 2026-04-22T16:24:03Z
Rating: important
References:
* bsc#1261499
* bsc#1261671
* bsc#1261672
* bsc#1261673
* bsc#1261674
* bsc#1261676
Cross-References:
* CVE-2026-20884
* CVE-2026-20889
* CVE-2026-20911
* CVE-2026-21413
* CVE-2026-24660
* CVE-2026-5342
CVSS scores:
* CVE-2026-20884 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-20884 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-20884 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-20884 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-20889 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-20889 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-20889 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-20911 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-20911 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-20911 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-21413 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-21413 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-21413 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-24660 ( SUSE ): 7.5
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-24660 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-24660 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-24660 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-5342 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-5342 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-5342 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-5342 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves six vulnerabilities can now be installed.
## Description:
This update for libraw fixes the following issues:
* CVE-2026-5342: out-of-bounds read via `LibRaw::nikon_load_padded_packed_raw`
(bsc#1261499).
* CVE-2026-20884: integer overflow and heap buffer overflow via
`deflate_dng_load_raw` (bsc#1261671).
* CVE-2026-20889: heap-based buffer overflow in
`x3f_thumb_loader`(bsc#1261672).
* CVE-2026-20911: heap-based buffer overflow in
`HuffTable::initval`(bsc#1261673).
* CVE-2026-21413: heap-based buffer overflow in `lossless_jpeg_load_raw`
(bsc#1261674).
* CVE-2026-24660: heap-based buffer overflow in `x3f_load_huffman`
(bsc#1261676).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1556=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1556=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1556=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1556=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1556=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1556=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1556=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1556=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1556=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libraw-devel-static-0.20.2-150400.3.21.1
* libraw-tools-debuginfo-0.20.2-150400.3.21.1
* libraw20-0.20.2-150400.3.21.1
* libraw-debugsource-0.20.2-150400.3.21.1
* libraw-devel-0.20.2-150400.3.21.1
* libraw-tools-0.20.2-150400.3.21.1
* libraw20-debuginfo-0.20.2-150400.3.21.1
* openSUSE Leap 15.4 (x86_64)
* libraw20-32bit-debuginfo-0.20.2-150400.3.21.1
* libraw20-32bit-0.20.2-150400.3.21.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libraw20-64bit-0.20.2-150400.3.21.1
* libraw20-64bit-debuginfo-0.20.2-150400.3.21.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libraw20-0.20.2-150400.3.21.1
* libraw20-debuginfo-0.20.2-150400.3.21.1
* libraw-debugsource-0.20.2-150400.3.21.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libraw20-0.20.2-150400.3.21.1
* libraw20-debuginfo-0.20.2-150400.3.21.1
* libraw-debugsource-0.20.2-150400.3.21.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libraw20-0.20.2-150400.3.21.1
* libraw20-debuginfo-0.20.2-150400.3.21.1
* libraw-debugsource-0.20.2-150400.3.21.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libraw20-0.20.2-150400.3.21.1
* libraw20-debuginfo-0.20.2-150400.3.21.1
* libraw-debugsource-0.20.2-150400.3.21.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libraw20-0.20.2-150400.3.21.1
* libraw20-debuginfo-0.20.2-150400.3.21.1
* libraw-debugsource-0.20.2-150400.3.21.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libraw20-0.20.2-150400.3.21.1
* libraw20-debuginfo-0.20.2-150400.3.21.1
* libraw-debugsource-0.20.2-150400.3.21.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libraw20-0.20.2-150400.3.21.1
* libraw20-debuginfo-0.20.2-150400.3.21.1
* libraw-debugsource-0.20.2-150400.3.21.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libraw20-0.20.2-150400.3.21.1
* libraw20-debuginfo-0.20.2-150400.3.21.1
* libraw-debugsource-0.20.2-150400.3.21.1
## References:
* https://www.suse.com/security/cve/CVE-2026-20884.html
* https://www.suse.com/security/cve/CVE-2026-20889.html
* https://www.suse.com/security/cve/CVE-2026-20911.html
* https://www.suse.com/security/cve/CVE-2026-21413.html
* https://www.suse.com/security/cve/CVE-2026-24660.html
* https://www.suse.com/security/cve/CVE-2026-5342.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261499
* https://bugzilla.suse.com/show_bug.cgi?id=1261671
* https://bugzilla.suse.com/show_bug.cgi?id=1261672
* https://bugzilla.suse.com/show_bug.cgi?id=1261673
* https://bugzilla.suse.com/show_bug.cgi?id=1261674
* https://bugzilla.suse.com/show_bug.cgi?id=1261676
SUSE-SU-2026:1558-1: important: Security update for tomcat11
# Security update for tomcat11
Announcement ID: SUSE-SU-2026:1558-1
Release Date: 2026-04-22T16:24:40Z
Rating: important
References:
* bsc#1258371
* bsc#1261850
* bsc#1261851
* bsc#1261852
* bsc#1261853
* bsc#1261854
* bsc#1261855
* bsc#1261856
* bsc#1261857
Cross-References:
* CVE-2025-66614
* CVE-2026-24880
* CVE-2026-25854
* CVE-2026-29129
* CVE-2026-29145
* CVE-2026-29146
* CVE-2026-32990
* CVE-2026-34483
* CVE-2026-34486
* CVE-2026-34487
* CVE-2026-34500
CVSS scores:
* CVE-2025-66614 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-66614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-66614 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
* CVE-2025-66614 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-24880 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-24880 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-24880 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-25854 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-25854 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-25854 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-29129 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-29129 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-29129 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-29145 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-29145 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-29145 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-29146 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-29146 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-29146 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-32990 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-34483 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34483 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-34483 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-34486 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34486 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-34486 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-34487 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34487 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-34487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-34500 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34500 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-34500 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* Web and Scripting Module 15-SP7
An update that solves 11 vulnerabilities can now be installed.
## Description:
This update for tomcat11 fixes the following issues:
Security fixes:
* CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850).
* CVE-2026-25854: Occasionally open redirect (bsc#1261851).
* CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852).
* CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is
disabled (bsc#1261853).
* CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor
(bsc#1261854).
* CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855).
* CVE-2026-34487: Cloud membership for clustering component exposed the
Kubernetes bearer token (bsc#1261856).
* CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail
is disabled (bsc#1261857).
* CVE-2026-32990: The fix for CVE-2025-66614 was incomplete, so this CVE
completes it (bsc#1258371).
Other fixes:
* Update to Tomcat 11.0.21
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1558=1
* Web and Scripting Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-1558=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1558=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1558=1
## Package List:
* openSUSE Leap 15.6 (noarch)
* tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1
* tomcat11-webapps-11.0.21-150600.13.18.1
* tomcat11-embed-11.0.21-150600.13.18.1
* tomcat11-jsvc-11.0.21-150600.13.18.1
* tomcat11-lib-11.0.21-150600.13.18.1
* tomcat11-doc-11.0.21-150600.13.18.1
* tomcat11-11.0.21-150600.13.18.1
* tomcat11-docs-webapp-11.0.21-150600.13.18.1
* tomcat11-admin-webapps-11.0.21-150600.13.18.1
* tomcat11-el-6_0-api-11.0.21-150600.13.18.1
* tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1
* Web and Scripting Module 15-SP7 (noarch)
* tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1
* tomcat11-webapps-11.0.21-150600.13.18.1
* tomcat11-lib-11.0.21-150600.13.18.1
* tomcat11-11.0.21-150600.13.18.1
* tomcat11-admin-webapps-11.0.21-150600.13.18.1
* tomcat11-el-6_0-api-11.0.21-150600.13.18.1
* tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1
* tomcat11-webapps-11.0.21-150600.13.18.1
* tomcat11-lib-11.0.21-150600.13.18.1
* tomcat11-11.0.21-150600.13.18.1
* tomcat11-admin-webapps-11.0.21-150600.13.18.1
* tomcat11-el-6_0-api-11.0.21-150600.13.18.1
* tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1
* tomcat11-webapps-11.0.21-150600.13.18.1
* tomcat11-lib-11.0.21-150600.13.18.1
* tomcat11-11.0.21-150600.13.18.1
* tomcat11-admin-webapps-11.0.21-150600.13.18.1
* tomcat11-el-6_0-api-11.0.21-150600.13.18.1
* tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1
## References:
* https://www.suse.com/security/cve/CVE-2025-66614.html
* https://www.suse.com/security/cve/CVE-2026-24880.html
* https://www.suse.com/security/cve/CVE-2026-25854.html
* https://www.suse.com/security/cve/CVE-2026-29129.html
* https://www.suse.com/security/cve/CVE-2026-29145.html
* https://www.suse.com/security/cve/CVE-2026-29146.html
* https://www.suse.com/security/cve/CVE-2026-32990.html
* https://www.suse.com/security/cve/CVE-2026-34483.html
* https://www.suse.com/security/cve/CVE-2026-34486.html
* https://www.suse.com/security/cve/CVE-2026-34487.html
* https://www.suse.com/security/cve/CVE-2026-34500.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258371
* https://bugzilla.suse.com/show_bug.cgi?id=1261850
* https://bugzilla.suse.com/show_bug.cgi?id=1261851
* https://bugzilla.suse.com/show_bug.cgi?id=1261852
* https://bugzilla.suse.com/show_bug.cgi?id=1261853
* https://bugzilla.suse.com/show_bug.cgi?id=1261854
* https://bugzilla.suse.com/show_bug.cgi?id=1261855
* https://bugzilla.suse.com/show_bug.cgi?id=1261856
* https://bugzilla.suse.com/show_bug.cgi?id=1261857
openSUSE-SU-2026:20609-1: important: Security update for google-guest-agent
openSUSE security update: security update for google-guest-agent
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:20609-1
Rating: important
References:
* bsc#1234563
* bsc#1236533
* bsc#1239763
* bsc#1239866
* bsc#1243254
* bsc#1243505
Cross-References:
* CVE-2023-45288
* CVE-2024-45337
CVSS scores:
* CVE-2023-45288 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-45288 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-45337 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 2 vulnerabilities and has 6 bug fixes can now be installed.
Description:
This update for google-guest-agent fixes the following issues:
Update to version 20250506.01 (bsc#1243254, bsc#1243505).
Security issues fixed:
- CVE-2024-45337: golang.org/x/crypto/ssh: misuse of the ServerConfig.PublicKeyCallback callback can lead to
authorization bypass in applications (bsc#1234563).
- CVE-2023-45288: golang.org/x/net/http2: no limit set for number of HTTP/2 CONTINUATION frames that can be read for an
HTTP/2 request can lead to excessive CPU consumption and a DoS (bsc#1236533).
Other updates and bugfixes:
- Version 20250506.01:
* Make sure agent added connections are activated by NM (#534)
- Version 20250506.00:
* Wrap NSS cache refresh in a goroutine (#533)
- Version 20250502.01:
* Wicked: Only reload interfaces for which configurations are written or changed. (#524)
- Version 20250502.00:
* Add AuthorizedKeysCompat to windows packaging (#530)
* Remove error messages from gce_workload_cert_refresh and metadata script runner (#527)
* Update guest-logging-go dependency (#526)
* Add 'created-by' metadata, and pass it as option to logging library (#508)
* Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523)
* Re-enable disabled services if the core plugin was enabled (#522)
* Enable guest services on package upgrade (#519)
* oslogin: Correctly handle newlines at the end of modified files (#520)
* Fix core plugin path (#518)
* Fix package build issues (#517)
* Fix dependencies ran go mod tidy -v (#515)
* Fix debian build path (#514)
* Bundle compat metadata script runner binary in package (#513)
* Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
* Update startup/shutdown services to launch compat manager (#503)
* Bundle new gce metadata script runner binary in agent package (#502)
* Revert "Revert bundling new binaries in the package (#509)" (#511)
- Version 20250418.00:
* Re-enable disabled services if the core plugin was enabled (#521)
- Version 20250414.00:
* Add AuthorizedKeysCompat to windows packaging (#530)
* Remove error messages from gce_workload_cert_refresh and metadata script runner (#527)
* Update guest-logging-go dependency (#526)
* Add 'created-by' metadata, and pass it as option to logging library (#508)
* Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523)
* Re-enable disabled services if the core plugin was enabled (#522)
* Enable guest services on package upgrade (#519)
* oslogin: Correctly handle newlines at the end of modified files (#520)
* Fix core plugin path (#518)
* Fix package build issues (#517)
* Fix dependencies ran go mod tidy -v (#515)
* Fix debian build path (#514)
* Bundle compat metadata script runner binary in package (#513)
* Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
* Update startup/shutdown services to launch compat manager (#503)
* Bundle new gce metadata script runner binary in agent package (#502)
* Revert "Revert bundling new binaries in the package (#509)" (#511)
- Version 20250327.01 (bsc#1239763, bsc#1239866):
* Remove error messages from gce_workload_cert_refresh and
metadata script runner (#527)
- Version 20250327.00:
* Update guest-logging-go dependency (#526)
* Add 'created-by' metadata, and pass it as option to logging library (#508)
* Revert "oslogin: Correctly handle newlines at the end of
modified files (#520)" (#523)
* Re-enable disabled services if the core plugin was enabled (#522)
* Enable guest services on package upgrade (#519)
* oslogin: Correctly handle newlines at the end of modified files (#520)
* Fix core plugin path (#518)
* Fix package build issues (#517)
* Fix dependencies ran go mod tidy -v (#515)
* Fix debian build path (#514)
* Bundle compat metadata script runner binary in package (#513)
* Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
* Update startup/shutdown services to launch compat manager (#503)
* Bundle new gce metadata script runner binary in agent package (#502)
* Revert "Revert bundling new binaries in the package (#509)" (#511)
- Version 20250326.00:
* Re-enable disabled services if the core plugin was enabled (#521)
- Version 20250324.00:
* Enable guest services on package upgrade (#519)
* oslogin: Correctly handle newlines at the end of modified files (#520)
* Fix core plugin path (#518)
* Fix package build issues (#517)
* Fix dependencies ran go mod tidy -v (#515)
* Fix debian build path (#514)
* Bundle compat metadata script runner binary in package (#513)
* Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
* Update startup/shutdown services to launch compat manager (#503)
* Bundle new gce metadata script runner binary in agent package (#502)
* Revert "Revert bundling new binaries in the package (#509)" (#511)
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- Version 20250317.00:
* Revert "Revert bundling new binaries in the package (#509)" (#511)
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- Version 20250312.00:
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- Version 20250305.00:
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- Version 20250304.01:
* Fix typo in windows build script (#501)
- Version 20250214.01:
* Include core plugin binary for all packages (#500)
- Version 20250212.00:
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
- Version 20250211.00:
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- Version 20250207.00:
* vlan: toggle vlan configuration in debian packaging (#495)
* vlan: move config out of unstable section (#494)
* Add clarification to comments regarding invalid NICs and the
`invalid` tag. (#493)
* Include interfaces in lists even if it has an invalid MAC. (#489)
* Fix windows package build failures (#491)
* vlan: don't index based on the vlan ID (#486)
* Revert PR #482 (#488)
* Remove Amy and Zach from OWNERS (#487)
* Skip interfaces in interfaceNames() instead of erroring if there is an (#482)
* Fix Debian packaging if guest agent manager is not checked out (#485)
- Version 20250204.02:
* force concourse to move version forward.
- Version 20250204.01:
* vlan: toggle vlan configuration in debian packaging (#495)
- Version 20250204.00:
* vlan: move config out of unstable section (#494)
* Add clarification to comments regarding invalid NICs and the
`invalid` tag. (#493)
- Version 20250203.01:
* Include interfaces in lists even if it has an invalid MAC. (#489)
- Version 20250203.00:
* Fix windows package build failures (#491)
* vlan: don't index based on the vlan ID (#486)
* Revert PR #482 (#488)
* Remove Amy and Zach from OWNERS (#487)
* Skip interfaces in interfaceNames() instead of erroring if there is an (#482)
* Fix Debian packaging if guest agent manager is not checked out (#485)
- Version 20250122.00:
* networkd(vlan): remove the interface in addition to config (#468)
* Implement support for vlan dynamic removal, update dhclient to
remove only if configured (#465)
* Update logging library (#479)
* Remove Pat from owners file. (#478)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-621=1
Package List:
- openSUSE Leap 16.0:
google-guest-agent-20250506.01-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2023-45288.html
* https://www.suse.com/security/cve/CVE-2024-45337.html
openSUSE-SU-2026:20607-1: important: Security update for erlang
openSUSE security update: security update for erlang
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:20607-1
Rating: important
References:
* bsc#1258663
* bsc#1259681
* bsc#1259682
* bsc#1259687
* bsc#1261726
* bsc#1261728
* bsc#1261734
* bsc#1262288
Cross-References:
* CVE-2026-21620
* CVE-2026-23941
* CVE-2026-23942
* CVE-2026-23943
* CVE-2026-28808
* CVE-2026-28810
* CVE-2026-32144
CVSS scores:
* CVE-2026-21620 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-21620 ( SUSE ): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-23941 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-23941 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-23942 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-23942 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-23943 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-23943 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-28808 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-28808 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-28810 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-28810 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-32144 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2026-32144 ( SUSE ): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 7 vulnerabilities and has 8 bug fixes can now be installed.
Description:
This update for erlang fixes the following issues:
Security issues fixed:
- CVE-2026-21620: improper isolation and compartmentalization can lead to TFTP relative path traversal and remote
arbitrary reads/writes (bsc#1258663).
- CVE-2026-23941: improper handling of duplicate Content-Length headers in Erlang OTP can lead to HTTP request
smuggling (bsc#1259687).
- CVE-2026-23942: improper limitation of a pathname to a restricted directory in the SFTP server can lead to path
traversal (bsc#1259681).
- CVE-2026-23943: improper handling of highly compressed data in Erlang OTP ssh can lead to denial of service
(bsc#1259682).
- CVE-2026-28808: incorrect authorization can lead to unauthenticated access to protected CGI scripts (bsc#1261728).
- CVE-2026-28810: predictable DNS transaction IDs can lead to DNS cache poisoning (bsc#1261726).
- CVE-2026-32144: missing signature verification can lead to OCSP authorization bypass and information disclosure
(bsc#1261734).
Other updates and bugfixes:
- jinterface: allow to build determenistic OtpErlang.jar (bsc#1262288).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-619=1
Package List:
- openSUSE Leap 16.0:
erlang-27.1.3-160000.4.1
erlang-debugger-27.1.3-160000.4.1
erlang-debugger-src-27.1.3-160000.4.1
erlang-dialyzer-27.1.3-160000.4.1
erlang-dialyzer-src-27.1.3-160000.4.1
erlang-diameter-27.1.3-160000.4.1
erlang-diameter-src-27.1.3-160000.4.1
erlang-doc-27.1.3-160000.4.1
erlang-epmd-27.1.3-160000.4.1
erlang-et-27.1.3-160000.4.1
erlang-et-src-27.1.3-160000.4.1
erlang-jinterface-27.1.3-160000.4.1
erlang-jinterface-src-27.1.3-160000.4.1
erlang-observer-27.1.3-160000.4.1
erlang-observer-src-27.1.3-160000.4.1
erlang-reltool-27.1.3-160000.4.1
erlang-reltool-src-27.1.3-160000.4.1
erlang-src-27.1.3-160000.4.1
erlang-wx-27.1.3-160000.4.1
erlang-wx-src-27.1.3-160000.4.1
References:
* https://www.suse.com/security/cve/CVE-2026-21620.html
* https://www.suse.com/security/cve/CVE-2026-23941.html
* https://www.suse.com/security/cve/CVE-2026-23942.html
* https://www.suse.com/security/cve/CVE-2026-23943.html
* https://www.suse.com/security/cve/CVE-2026-28808.html
* https://www.suse.com/security/cve/CVE-2026-28810.html
* https://www.suse.com/security/cve/CVE-2026-32144.html
openSUSE-SU-2026:20612-1: important: Security update for tomcat10
openSUSE security update: security update for tomcat10
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:20612-1
Rating: important
References:
* bsc#1258371
* bsc#1261850
* bsc#1261851
* bsc#1261852
* bsc#1261853
* bsc#1261854
* bsc#1261855
* bsc#1261856
* bsc#1261857
Cross-References:
* CVE-2025-66614
* CVE-2026-24880
* CVE-2026-25854
* CVE-2026-29129
* CVE-2026-29145
* CVE-2026-29146
* CVE-2026-32990
* CVE-2026-34483
* CVE-2026-34486
* CVE-2026-34487
* CVE-2026-34500
CVSS scores:
* CVE-2025-66614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-66614 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-24880 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-24880 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-25854 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-25854 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-29129 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-29129 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-29145 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-29145 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-29146 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-29146 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34483 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-34483 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34486 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-34486 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34487 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-34487 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34500 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-34500 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 11 vulnerabilities and has 9 bug fixes can now be installed.
Description:
This update for tomcat10 fixes the following issues:
- Update to Tomcat 10.1.54
- CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850).
- CVE-2026-25854: Occasionally open redirect (bsc#1261851).
- CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852).
- CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853).
- CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854).
- CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855).
- CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856).
- CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857).
- CVE-2026-32990: The fix for CVE-2025-66614 was incomplete. (bsc#1258371)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-624=1
Package List:
- openSUSE Leap 16.0:
tomcat10-10.1.54-160000.1.1
tomcat10-admin-webapps-10.1.54-160000.1.1
tomcat10-doc-10.1.54-160000.1.1
tomcat10-docs-webapp-10.1.54-160000.1.1
tomcat10-el-5_0-api-10.1.54-160000.1.1
tomcat10-embed-10.1.54-160000.1.1
tomcat10-jsp-3_1-api-10.1.54-160000.1.1
tomcat10-jsvc-10.1.54-160000.1.1
tomcat10-lib-10.1.54-160000.1.1
tomcat10-servlet-6_0-api-10.1.54-160000.1.1
tomcat10-webapps-10.1.54-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2025-66614.html
* https://www.suse.com/security/cve/CVE-2026-24880.html
* https://www.suse.com/security/cve/CVE-2026-25854.html
* https://www.suse.com/security/cve/CVE-2026-29129.html
* https://www.suse.com/security/cve/CVE-2026-29145.html
* https://www.suse.com/security/cve/CVE-2026-29146.html
* https://www.suse.com/security/cve/CVE-2026-32990.html
* https://www.suse.com/security/cve/CVE-2026-34483.html
* https://www.suse.com/security/cve/CVE-2026-34486.html
* https://www.suse.com/security/cve/CVE-2026-34487.html
* https://www.suse.com/security/cve/CVE-2026-34500.html
openSUSE-SU-2026:20611-1: important: Security update for tomcat
openSUSE security update: security update for tomcat
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:20611-1
Rating: important
References:
* bsc#1258371
* bsc#1261850
* bsc#1261851
* bsc#1261852
* bsc#1261853
* bsc#1261854
* bsc#1261855
* bsc#1261856
* bsc#1261857
Cross-References:
* CVE-2025-66614
* CVE-2026-24880
* CVE-2026-25854
* CVE-2026-29129
* CVE-2026-29145
* CVE-2026-29146
* CVE-2026-32990
* CVE-2026-34483
* CVE-2026-34486
* CVE-2026-34487
* CVE-2026-34500
CVSS scores:
* CVE-2025-66614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-66614 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-24880 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-24880 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-25854 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-25854 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-29129 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-29129 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-29145 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-29145 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-29146 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-29146 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34483 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-34483 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34486 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-34486 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34487 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-34487 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34500 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-34500 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 11 vulnerabilities and has 9 bug fixes can now be installed.
Description:
This update for tomcat fixes the following issues:
- CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850).
- CVE-2026-25854: Occasionally open redirect (bsc#1261851).
- CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852).
- CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853).
- CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854).
- CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855).
- CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856).
- CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857).
- CVE-2026-32990: The fix for CVE-2025-66614 was incomplete. (bsc#1258371)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-623=1
Package List:
- openSUSE Leap 16.0:
tomcat-9.0.117-160000.1.1
tomcat-admin-webapps-9.0.117-160000.1.1
tomcat-docs-webapp-9.0.117-160000.1.1
tomcat-el-3_0-api-9.0.117-160000.1.1
tomcat-embed-9.0.117-160000.1.1
tomcat-javadoc-9.0.117-160000.1.1
tomcat-jsp-2_3-api-9.0.117-160000.1.1
tomcat-jsvc-9.0.117-160000.1.1
tomcat-lib-9.0.117-160000.1.1
tomcat-servlet-4_0-api-9.0.117-160000.1.1
tomcat-webapps-9.0.117-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2025-66614.html
* https://www.suse.com/security/cve/CVE-2026-24880.html
* https://www.suse.com/security/cve/CVE-2026-25854.html
* https://www.suse.com/security/cve/CVE-2026-29129.html
* https://www.suse.com/security/cve/CVE-2026-29145.html
* https://www.suse.com/security/cve/CVE-2026-29146.html
* https://www.suse.com/security/cve/CVE-2026-32990.html
* https://www.suse.com/security/cve/CVE-2026-34483.html
* https://www.suse.com/security/cve/CVE-2026-34486.html
* https://www.suse.com/security/cve/CVE-2026-34487.html
* https://www.suse.com/security/cve/CVE-2026-34500.html
openSUSE-SU-2026:20606-1: important: Security update for ImageMagick
openSUSE security update: security update for imagemagick
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:20606-1
Rating: important
References:
* bsc#1259612
* bsc#1259872
* bsc#1260874
* bsc#1260879
* bsc#1262097
* bsc#1262145
* bsc#1262146
* bsc#1262147
* bsc#1262148
* bsc#1262149
* bsc#1262150
* bsc#1262152
* bsc#1262153
* bsc#1262154
* bsc#1262155
* bsc#1262156
Cross-References:
* CVE-2026-32259
* CVE-2026-32636
* CVE-2026-33535
* CVE-2026-33536
* CVE-2026-33899
* CVE-2026-33900
* CVE-2026-33901
* CVE-2026-33902
* CVE-2026-33905
* CVE-2026-33908
* CVE-2026-34238
* CVE-2026-40169
* CVE-2026-40183
* CVE-2026-40310
* CVE-2026-40311
* CVE-2026-40312
CVSS scores:
* CVE-2026-32259 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-32259 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-32636 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-32636 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-33535 ( SUSE ): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-33536 ( SUSE ): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-33536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33899 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-33899 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-33900 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33900 ( SUSE ): 6 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33901 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33901 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33902 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-33902 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33905 ( SUSE ): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-33905 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33908 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33908 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34238 ( SUSE ): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-34238 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-40169 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40169 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-40183 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-40183 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-40310 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-40310 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-40311 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-40311 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-40312 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40312 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 16 vulnerabilities and has 16 bug fixes can now be installed.
Description:
This update for ImageMagick fixes the following issues:
- CVE-2026-32259: stack out-of-bounds write due to a memory allocation failure in the sixel encoder can lead to a crash
(bsc#1259612).
- CVE-2026-32636: out-of-bounds write of a single zero byte due to bug the `NewXMLTree` method can lead to denial of
service (bsc#1259872).
- CVE-2026-33535: out-of-bounds write of a zero byte in X11 `display` interaction path can lead to a crash
(bsc#1260874).
- CVE-2026-33536: stack out-of-bounds write due to incorrect return value on certain platforms can lead to a denial of
service (bsc#1260879).
- CVE-2026-33899: out-of-bounds write of single zero byte in XML parsing can lead to a denial of service (bsc#1262154).
- CVE-2026-33900: heap out-of-bounds write due to integer truncation in viff encoder can lead to a crash (bsc#1262156).
- CVE-2026-33901: heap buffer overflow in the MVG decoder can lead to memory corruption or a crash (bsc#1262155).
- CVE-2026-33902: stack buffer overflow in the FX expression parser can lead to a process crash (bsc#1262153).
- CVE-2026-33905: out-of-bounds read in `-sample` operation can lead to a denial of service (bsc#1262097).
- CVE-2026-33908: recursive execution with no depth limit imposed when processing XML files can lead to resource
exhaustion and a denial of service (bsc#1262152).
- CVE-2026-34238: heap buffer overflow due to integer overflow in the despeckle operation can lead to a denial of
service (bsc#1262147).
- CVE-2026-40169: out-of-bounds heap write when processing a crafted image and writing a YAML or JSON output can lead
to a crash (bsc#1262150).
- CVE-2026-40183: heap out-of-bounds write in the JXL encoder can lead to a denial of service (bsc#1262145).
- CVE-2026-40310: heap out-of-bounds write in the JP2 encoder can lead to a denial of service (bsc#1262148).
- CVE-2026-40311: heap use-after-free when reading and printing values from an invalid XMP profile can lead to a denial
of service (bsc#1262146).
- CVE-2026-40312: off-by-one error in the MSL decoder can lead to a crash (bsc#1262149).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-618=1
Package List:
- openSUSE Leap 16.0:
ImageMagick-7.1.2.0-160000.8.1
ImageMagick-config-7-SUSE-7.1.2.0-160000.8.1
ImageMagick-config-7-upstream-limited-7.1.2.0-160000.8.1
ImageMagick-config-7-upstream-open-7.1.2.0-160000.8.1
ImageMagick-config-7-upstream-secure-7.1.2.0-160000.8.1
ImageMagick-config-7-upstream-websafe-7.1.2.0-160000.8.1
ImageMagick-devel-7.1.2.0-160000.8.1
ImageMagick-doc-7.1.2.0-160000.8.1
ImageMagick-extra-7.1.2.0-160000.8.1
libMagick++-7_Q16HDRI5-7.1.2.0-160000.8.1
libMagick++-devel-7.1.2.0-160000.8.1
libMagickCore-7_Q16HDRI10-7.1.2.0-160000.8.1
libMagickWand-7_Q16HDRI10-7.1.2.0-160000.8.1
perl-PerlMagick-7.1.2.0-160000.8.1
References:
* https://www.suse.com/security/cve/CVE-2026-32259.html
* https://www.suse.com/security/cve/CVE-2026-32636.html
* https://www.suse.com/security/cve/CVE-2026-33535.html
* https://www.suse.com/security/cve/CVE-2026-33536.html
* https://www.suse.com/security/cve/CVE-2026-33899.html
* https://www.suse.com/security/cve/CVE-2026-33900.html
* https://www.suse.com/security/cve/CVE-2026-33901.html
* https://www.suse.com/security/cve/CVE-2026-33902.html
* https://www.suse.com/security/cve/CVE-2026-33905.html
* https://www.suse.com/security/cve/CVE-2026-33908.html
* https://www.suse.com/security/cve/CVE-2026-34238.html
* https://www.suse.com/security/cve/CVE-2026-40169.html
* https://www.suse.com/security/cve/CVE-2026-40183.html
* https://www.suse.com/security/cve/CVE-2026-40310.html
* https://www.suse.com/security/cve/CVE-2026-40311.html
* https://www.suse.com/security/cve/CVE-2026-40312.html
openSUSE-SU-2026:20605-1: important: Security update for openexr
openSUSE security update: security update for openexr
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:20605-1
Rating: important
References:
* bsc#1261621
* bsc#1261622
* bsc#1261624
* bsc#1261634
Cross-References:
* CVE-2026-34379
* CVE-2026-34380
* CVE-2026-34588
* CVE-2026-34589
CVSS scores:
* CVE-2026-34379 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
* CVE-2026-34379 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34380 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2026-34380 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34588 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-34588 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34589 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-34589 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 4 vulnerabilities and has 4 bug fixes can now be installed.
Description:
This update for openexr fixes the following issues:
- CVE-2026-34379: misaligned memory write during file decoding can cause a denial of service (bsc#1261621).
- CVE-2026-34380: lack of proper check can lead to integer overflow in image decoding (bsc#1261622).
- CVE-2026-34588: crafted EXR file can lead to out of bound read and write (bsc#1261624).
- CVE-2026-34589: crafted scanline DWAA file can lead to arbitrary code execution or denial of service (bsc#1261634).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-617=1
Package List:
- openSUSE Leap 16.0:
libIex-3_2-31-3.2.2-160000.6.1
libIex-3_2-31-x86-64-v3-3.2.2-160000.6.1
libIlmThread-3_2-31-3.2.2-160000.6.1
libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.6.1
libOpenEXR-3_2-31-3.2.2-160000.6.1
libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.6.1
libOpenEXRCore-3_2-31-3.2.2-160000.6.1
libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.6.1
libOpenEXRUtil-3_2-31-3.2.2-160000.6.1
libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.6.1
openexr-3.2.2-160000.6.1
openexr-devel-3.2.2-160000.6.1
openexr-doc-3.2.2-160000.6.1
References:
* https://www.suse.com/security/cve/CVE-2026-34379.html
* https://www.suse.com/security/cve/CVE-2026-34380.html
* https://www.suse.com/security/cve/CVE-2026-34588.html
* https://www.suse.com/security/cve/CVE-2026-34589.html
openSUSE-SU-2026:20603-1: important: Security update for ignition
openSUSE security update: security update for ignition
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:20603-1
Rating: important
References:
* bsc#1260251
Cross-References:
* CVE-2026-33186
CVSS scores:
* CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves one vulnerability and has one bug fix can now be installed.
Description:
This update for ignition fixes the following issue:
- CVE-2026-33186: Fixed an authorization bypass due to improper validation of the HTTP/2: path pseudo-header (bsc#1260251).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-615=1
Package List:
- openSUSE Leap 16.0:
ignition-2.21.0-160000.3.1
References:
* https://www.suse.com/security/cve/CVE-2026-33186.html
openSUSE-SU-2026:20601-1: moderate: Security update for giflib
openSUSE security update: security update for giflib
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:20601-1
Rating: moderate
References:
* bsc#1259502
Cross-References:
* CVE-2026-23868
CVSS scores:
* CVE-2026-23868 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2026-23868 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves one vulnerability and has one bug fix can now be installed.
Description:
This update for giflib fixes the following issue:
- CVE-2026-23868: double-free result of a shallow copy can lead to memory corruption (bsc#1259502).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-612=1
Package List:
- openSUSE Leap 16.0:
giflib-devel-5.2.2-160000.3.1
giflib-progs-5.2.2-160000.3.1
libgif7-5.2.2-160000.3.1
References:
* https://www.suse.com/security/cve/CVE-2026-23868.html
SUSE-SU-2026:1562-1: moderate: Security update for openssl-1_1
# Security update for openssl-1_1
Announcement ID: SUSE-SU-2026:1562-1
Release Date: 2026-04-23T07:06:13Z
Rating: moderate
References:
* bsc#1261678
Cross-References:
* CVE-2026-28390
CVSS scores:
* CVE-2026-28390 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves one vulnerability can now be installed.
## Description:
This update for openssl-1_1 fixes the following issues:
* CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS
EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1562=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1562=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1562=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1562=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1562=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1562=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1562=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1562=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1562=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* openssl-1_1-debugsource-1.1.1l-150400.7.93.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.93.1
* libopenssl1_1-hmac-1.1.1l-150400.7.93.1
* openssl-1_1-1.1.1l-150400.7.93.1
* libopenssl-1_1-devel-1.1.1l-150400.7.93.1
* libopenssl1_1-1.1.1l-150400.7.93.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.93.1
* openSUSE Leap 15.4 (x86_64)
* libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.93.1
* libopenssl-1_1-devel-32bit-1.1.1l-150400.7.93.1
* libopenssl1_1-hmac-32bit-1.1.1l-150400.7.93.1
* libopenssl1_1-32bit-1.1.1l-150400.7.93.1
* openSUSE Leap 15.4 (noarch)
* openssl-1_1-doc-1.1.1l-150400.7.93.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libopenssl1_1-64bit-1.1.1l-150400.7.93.1
* libopenssl1_1-hmac-64bit-1.1.1l-150400.7.93.1
* libopenssl-1_1-devel-64bit-1.1.1l-150400.7.93.1
* libopenssl1_1-64bit-debuginfo-1.1.1l-150400.7.93.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.93.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.93.1
* libopenssl1_1-hmac-1.1.1l-150400.7.93.1
* openssl-1_1-1.1.1l-150400.7.93.1
* libopenssl-1_1-devel-1.1.1l-150400.7.93.1
* libopenssl1_1-1.1.1l-150400.7.93.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.93.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.93.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.93.1
* libopenssl1_1-hmac-1.1.1l-150400.7.93.1
* openssl-1_1-1.1.1l-150400.7.93.1
* libopenssl-1_1-devel-1.1.1l-150400.7.93.1
* libopenssl1_1-1.1.1l-150400.7.93.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.93.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.93.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.93.1
* libopenssl1_1-hmac-1.1.1l-150400.7.93.1
* openssl-1_1-1.1.1l-150400.7.93.1
* libopenssl-1_1-devel-1.1.1l-150400.7.93.1
* libopenssl1_1-1.1.1l-150400.7.93.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.93.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.93.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.93.1
* libopenssl1_1-hmac-1.1.1l-150400.7.93.1
* openssl-1_1-1.1.1l-150400.7.93.1
* libopenssl-1_1-devel-1.1.1l-150400.7.93.1
* libopenssl1_1-1.1.1l-150400.7.93.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.93.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.93.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.93.1
* libopenssl1_1-hmac-1.1.1l-150400.7.93.1
* openssl-1_1-1.1.1l-150400.7.93.1
* libopenssl-1_1-devel-1.1.1l-150400.7.93.1
* libopenssl1_1-1.1.1l-150400.7.93.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.93.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* libopenssl1_1-hmac-32bit-1.1.1l-150400.7.93.1
* libopenssl-1_1-devel-32bit-1.1.1l-150400.7.93.1
* libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.93.1
* libopenssl1_1-32bit-1.1.1l-150400.7.93.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.93.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.93.1
* libopenssl1_1-hmac-1.1.1l-150400.7.93.1
* openssl-1_1-1.1.1l-150400.7.93.1
* libopenssl-1_1-devel-1.1.1l-150400.7.93.1
* libopenssl1_1-1.1.1l-150400.7.93.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.93.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* libopenssl1_1-hmac-32bit-1.1.1l-150400.7.93.1
* libopenssl-1_1-devel-32bit-1.1.1l-150400.7.93.1
* libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.93.1
* libopenssl1_1-32bit-1.1.1l-150400.7.93.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.93.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.93.1
* libopenssl1_1-hmac-1.1.1l-150400.7.93.1
* openssl-1_1-1.1.1l-150400.7.93.1
* libopenssl-1_1-devel-1.1.1l-150400.7.93.1
* libopenssl1_1-1.1.1l-150400.7.93.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.93.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
* libopenssl1_1-hmac-32bit-1.1.1l-150400.7.93.1
* libopenssl-1_1-devel-32bit-1.1.1l-150400.7.93.1
* libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.93.1
* libopenssl1_1-32bit-1.1.1l-150400.7.93.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.93.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.93.1
* libopenssl1_1-hmac-1.1.1l-150400.7.93.1
* openssl-1_1-1.1.1l-150400.7.93.1
* libopenssl-1_1-devel-1.1.1l-150400.7.93.1
* libopenssl1_1-1.1.1l-150400.7.93.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.93.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* libopenssl1_1-hmac-32bit-1.1.1l-150400.7.93.1
* libopenssl-1_1-devel-32bit-1.1.1l-150400.7.93.1
* libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.93.1
* libopenssl1_1-32bit-1.1.1l-150400.7.93.1
## References:
* https://www.suse.com/security/cve/CVE-2026-28390.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261678
SUSE-SU-2026:1563-1: important: Security update for the Linux Kernel
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2026:1563-1
Release Date: 2026-04-23T07:08:11Z
Rating: important
References:
* bsc#1246057
* bsc#1256504
* bsc#1256675
* bsc#1257773
* bsc#1259797
* bsc#1260005
* bsc#1260009
Cross-References:
* CVE-2025-38234
* CVE-2025-68818
* CVE-2026-23103
* CVE-2026-23243
* CVE-2026-23272
* CVE-2026-23274
CVSS scores:
* CVE-2025-38234 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38234 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38234 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68818 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23103 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23243 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23272 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves six vulnerabilities and has one security fix can now be
installed.
## Description:
The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security
issues
The following security issues were fixed:
* CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057).
* CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).
* CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write
(bsc#1259797).
* CVE-2026-23272: netfilter: nf_tables: unconditionally bump set-nelems before
insertion (bsc#1260009).
* CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer
labels (bsc#1260005).
The following non security issue was fixed:
* watchdog/perf: properly initialize the turbo mode timestamp and rearm
counter (bsc#1256504).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1563=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1563=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1563=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1563=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1563=1
* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2026-1563=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1563=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1563=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1563=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1563=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1563=1
## Package List:
* openSUSE Leap 15.4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.200.1
* openSUSE Leap 15.4 (noarch)
* kernel-docs-html-5.14.21-150400.24.200.1
* kernel-macros-5.14.21-150400.24.200.1
* kernel-devel-5.14.21-150400.24.200.1
* kernel-source-vanilla-5.14.21-150400.24.200.1
* kernel-source-5.14.21-150400.24.200.1
* openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
* kernel-kvmsmall-devel-5.14.21-150400.24.200.1
* kernel-default-base-rebuild-5.14.21-150400.24.200.1.150400.24.102.1
* kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.200.1
* kernel-kvmsmall-debuginfo-5.14.21-150400.24.200.1
* kernel-default-base-5.14.21-150400.24.200.1.150400.24.102.1
* kernel-kvmsmall-debugsource-5.14.21-150400.24.200.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-debuginfo-5.14.21-150400.24.200.1
* ocfs2-kmp-default-5.14.21-150400.24.200.1
* kernel-syms-5.14.21-150400.24.200.1
* kernel-default-optional-debuginfo-5.14.21-150400.24.200.1
* kselftests-kmp-default-5.14.21-150400.24.200.1
* dlm-kmp-default-5.14.21-150400.24.200.1
* kernel-default-extra-5.14.21-150400.24.200.1
* kernel-default-debugsource-5.14.21-150400.24.200.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.200.1
* kernel-default-devel-5.14.21-150400.24.200.1
* kselftests-kmp-default-debuginfo-5.14.21-150400.24.200.1
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.200.1
* kernel-default-debuginfo-5.14.21-150400.24.200.1
* kernel-default-livepatch-5.14.21-150400.24.200.1
* dlm-kmp-default-debuginfo-5.14.21-150400.24.200.1
* cluster-md-kmp-default-5.14.21-150400.24.200.1
* gfs2-kmp-default-5.14.21-150400.24.200.1
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.200.1
* kernel-obs-build-5.14.21-150400.24.200.1
* kernel-default-optional-5.14.21-150400.24.200.1
* reiserfs-kmp-default-5.14.21-150400.24.200.1
* kernel-obs-build-debugsource-5.14.21-150400.24.200.1
* kernel-obs-qa-5.14.21-150400.24.200.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.200.1
* kernel-default-extra-debuginfo-5.14.21-150400.24.200.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150400.24.200.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_200-default-1-150400.9.3.1
* kernel-livepatch-5_14_21-150400_24_200-default-debuginfo-1-150400.9.3.1
* kernel-default-livepatch-devel-5.14.21-150400.24.200.1
* kernel-livepatch-SLE15-SP4_Update_50-debugsource-1-150400.9.3.1
* openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150400.24.200.1
* openSUSE Leap 15.4 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.200.1
* openSUSE Leap 15.4 (s390x)
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.200.1
* kernel-zfcpdump-debugsource-5.14.21-150400.24.200.1
* openSUSE Leap 15.4 (nosrc)
* dtb-aarch64-5.14.21-150400.24.200.1
* openSUSE Leap 15.4 (aarch64)
* dtb-altera-5.14.21-150400.24.200.1
* dlm-kmp-64kb-5.14.21-150400.24.200.1
* kernel-64kb-debuginfo-5.14.21-150400.24.200.1
* dtb-amazon-5.14.21-150400.24.200.1
* dtb-nvidia-5.14.21-150400.24.200.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.200.1
* dtb-lg-5.14.21-150400.24.200.1
* kernel-64kb-optional-debuginfo-5.14.21-150400.24.200.1
* dtb-apple-5.14.21-150400.24.200.1
* gfs2-kmp-64kb-5.14.21-150400.24.200.1
* kernel-64kb-optional-5.14.21-150400.24.200.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.200.1
* dtb-xilinx-5.14.21-150400.24.200.1
* kernel-64kb-devel-5.14.21-150400.24.200.1
* dtb-exynos-5.14.21-150400.24.200.1
* kselftests-kmp-64kb-5.14.21-150400.24.200.1
* kernel-64kb-debugsource-5.14.21-150400.24.200.1
* dtb-freescale-5.14.21-150400.24.200.1
* dtb-socionext-5.14.21-150400.24.200.1
* cluster-md-kmp-64kb-5.14.21-150400.24.200.1
* kernel-64kb-extra-debuginfo-5.14.21-150400.24.200.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.200.1
* ocfs2-kmp-64kb-5.14.21-150400.24.200.1
* dtb-amd-5.14.21-150400.24.200.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.200.1
* dtb-cavium-5.14.21-150400.24.200.1
* dtb-renesas-5.14.21-150400.24.200.1
* kernel-64kb-extra-5.14.21-150400.24.200.1
* dtb-rockchip-5.14.21-150400.24.200.1
* dtb-broadcom-5.14.21-150400.24.200.1
* dtb-mediatek-5.14.21-150400.24.200.1
* dtb-allwinner-5.14.21-150400.24.200.1
* dtb-marvell-5.14.21-150400.24.200.1
* dtb-amlogic-5.14.21-150400.24.200.1
* dtb-sprd-5.14.21-150400.24.200.1
* dlm-kmp-64kb-debuginfo-5.14.21-150400.24.200.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.200.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.200.1
* dtb-apm-5.14.21-150400.24.200.1
* reiserfs-kmp-64kb-5.14.21-150400.24.200.1
* dtb-arm-5.14.21-150400.24.200.1
* dtb-qcom-5.14.21-150400.24.200.1
* dtb-hisilicon-5.14.21-150400.24.200.1
* openSUSE Leap 15.4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.200.1.150400.24.102.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.200.1
* kernel-default-debugsource-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
* kernel-macros-5.14.21-150400.24.200.1
* kernel-source-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.200.1.150400.24.102.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.200.1
* kernel-default-debugsource-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Micro 5.3 (noarch)
* kernel-macros-5.14.21-150400.24.200.1
* kernel-source-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.200.1.150400.24.102.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.200.1
* kernel-default-debugsource-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
* kernel-macros-5.14.21-150400.24.200.1
* kernel-source-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.200.1.150400.24.102.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.200.1
* kernel-default-debugsource-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Micro 5.4 (noarch)
* kernel-macros-5.14.21-150400.24.200.1
* kernel-source-5.14.21-150400.24.200.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.200.1
* kernel-default-debuginfo-5.14.21-150400.24.200.1
* dlm-kmp-default-debuginfo-5.14.21-150400.24.200.1
* ocfs2-kmp-default-5.14.21-150400.24.200.1
* cluster-md-kmp-default-5.14.21-150400.24.200.1
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.200.1
* dlm-kmp-default-5.14.21-150400.24.200.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.200.1
* gfs2-kmp-default-5.14.21-150400.24.200.1
* kernel-default-debugsource-5.14.21-150400.24.200.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc)
* kernel-default-5.14.21-150400.24.200.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
nosrc)
* kernel-64kb-5.14.21-150400.24.200.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64)
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.200.1
* kernel-64kb-debuginfo-5.14.21-150400.24.200.1
* kernel-64kb-devel-5.14.21-150400.24.200.1
* kernel-64kb-debugsource-5.14.21-150400.24.200.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc
x86_64)
* kernel-default-5.14.21-150400.24.200.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.200.1
* kernel-default-debuginfo-5.14.21-150400.24.200.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.200.1
* kernel-default-devel-5.14.21-150400.24.200.1
* kernel-default-base-5.14.21-150400.24.200.1.150400.24.102.1
* kernel-obs-build-debugsource-5.14.21-150400.24.200.1
* kernel-syms-5.14.21-150400.24.200.1
* reiserfs-kmp-default-5.14.21-150400.24.200.1
* kernel-obs-build-5.14.21-150400.24.200.1
* kernel-default-debugsource-5.14.21-150400.24.200.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* kernel-macros-5.14.21-150400.24.200.1
* kernel-devel-5.14.21-150400.24.200.1
* kernel-source-5.14.21-150400.24.200.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.200.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.200.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64)
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.200.1
* kernel-64kb-debuginfo-5.14.21-150400.24.200.1
* kernel-64kb-devel-5.14.21-150400.24.200.1
* kernel-64kb-debugsource-5.14.21-150400.24.200.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc
x86_64)
* kernel-default-5.14.21-150400.24.200.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.200.1
* kernel-default-debuginfo-5.14.21-150400.24.200.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.200.1
* kernel-default-devel-5.14.21-150400.24.200.1
* kernel-default-base-5.14.21-150400.24.200.1.150400.24.102.1
* kernel-obs-build-debugsource-5.14.21-150400.24.200.1
* kernel-syms-5.14.21-150400.24.200.1
* reiserfs-kmp-default-5.14.21-150400.24.200.1
* kernel-obs-build-5.14.21-150400.24.200.1
* kernel-default-debugsource-5.14.21-150400.24.200.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* kernel-macros-5.14.21-150400.24.200.1
* kernel-devel-5.14.21-150400.24.200.1
* kernel-source-5.14.21-150400.24.200.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64)
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.200.1
* kernel-64kb-debuginfo-5.14.21-150400.24.200.1
* kernel-64kb-devel-5.14.21-150400.24.200.1
* kernel-64kb-debugsource-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64
nosrc)
* kernel-default-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150400.24.200.1.150400.24.102.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.200.1
* kernel-default-debuginfo-5.14.21-150400.24.200.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.200.1
* kernel-default-devel-5.14.21-150400.24.200.1
* kernel-syms-5.14.21-150400.24.200.1
* kernel-obs-build-debugsource-5.14.21-150400.24.200.1
* reiserfs-kmp-default-5.14.21-150400.24.200.1
* kernel-obs-build-5.14.21-150400.24.200.1
* kernel-default-debugsource-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* kernel-macros-5.14.21-150400.24.200.1
* kernel-devel-5.14.21-150400.24.200.1
* kernel-source-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch nosrc)
* kernel-docs-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (s390x)
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.200.1
* kernel-zfcpdump-debugsource-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc ppc64le
x86_64)
* kernel-default-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.200.1
* kernel-default-debuginfo-5.14.21-150400.24.200.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.200.1
* kernel-default-devel-5.14.21-150400.24.200.1
* kernel-default-base-5.14.21-150400.24.200.1.150400.24.102.1
* kernel-obs-build-debugsource-5.14.21-150400.24.200.1
* kernel-syms-5.14.21-150400.24.200.1
* reiserfs-kmp-default-5.14.21-150400.24.200.1
* kernel-obs-build-5.14.21-150400.24.200.1
* kernel-default-debugsource-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* kernel-macros-5.14.21-150400.24.200.1
* kernel-devel-5.14.21-150400.24.200.1
* kernel-source-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Live Patching 15-SP4 (nosrc)
* kernel-default-5.14.21-150400.24.200.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_200-default-1-150400.9.3.1
* kernel-default-debuginfo-5.14.21-150400.24.200.1
* kernel-default-livepatch-5.14.21-150400.24.200.1
* kernel-livepatch-SLE15-SP4_Update_50-debugsource-1-150400.9.3.1
* kernel-livepatch-5_14_21-150400_24_200-default-debuginfo-1-150400.9.3.1
* kernel-default-livepatch-devel-5.14.21-150400.24.200.1
* kernel-default-debugsource-5.14.21-150400.24.200.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38234.html
* https://www.suse.com/security/cve/CVE-2025-68818.html
* https://www.suse.com/security/cve/CVE-2026-23103.html
* https://www.suse.com/security/cve/CVE-2026-23243.html
* https://www.suse.com/security/cve/CVE-2026-23272.html
* https://www.suse.com/security/cve/CVE-2026-23274.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246057
* https://bugzilla.suse.com/show_bug.cgi?id=1256504
* https://bugzilla.suse.com/show_bug.cgi?id=1256675
* https://bugzilla.suse.com/show_bug.cgi?id=1257773
* https://bugzilla.suse.com/show_bug.cgi?id=1259797
* https://bugzilla.suse.com/show_bug.cgi?id=1260005
* https://bugzilla.suse.com/show_bug.cgi?id=1260009
SUSE-SU-2026:1565-1: moderate: Security update for libssh
# Security update for libssh
Announcement ID: SUSE-SU-2026:1565-1
Release Date: 2026-04-23T07:08:39Z
Rating: moderate
References:
* bsc#1258045
* bsc#1258049
* bsc#1258054
* bsc#1258080
* bsc#1258081
* bsc#1259377
Cross-References:
* CVE-2026-0964
* CVE-2026-0965
* CVE-2026-0966
* CVE-2026-0967
* CVE-2026-0968
* CVE-2026-3731
CVSS scores:
* CVE-2026-0964 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-0964 ( NVD ): 5.0 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-0965 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-0965 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-0966 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-0966 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-0967 ( SUSE ): 1.0
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-0967 ( SUSE ): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-0967 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-0967 ( NVD ): 2.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-0968 ( SUSE ): 2.1
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-0968 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L
* CVE-2026-0968 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-0968 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-0968 ( NVD ): 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-3731 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-3731 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-3731 ( NVD ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-3731 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-3731 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
An update that solves six vulnerabilities can now be installed.
## Description:
This update for libssh fixes the following issues:
* CVE-2026-0964: improper sanitation of paths received from SCP servers can
cause path traversal (bsc#1258049).
* CVE-2026-0965: possible denial of service when parsing unexpected
configuration files (bsc#1258045).
* CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input
(bsc#1258054).
* CVE-2026-0967: specially crafted patterns could cause denial of service
(bsc#1258081).
* CVE-2026-0968: malformed SFTP message can lead to out of bound read
(bsc#1258080).
* CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension
name handler (bsc#1259377).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1565=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1565=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1565=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1565=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1565=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-1565=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libssh4-debuginfo-0.9.8-150400.3.17.1
* libssh-config-0.9.8-150400.3.17.1
* libssh4-0.9.8-150400.3.17.1
* libssh-devel-0.9.8-150400.3.17.1
* libssh-debugsource-0.9.8-150400.3.17.1
* openSUSE Leap 15.4 (x86_64)
* libssh4-32bit-debuginfo-0.9.8-150400.3.17.1
* libssh4-32bit-0.9.8-150400.3.17.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libssh4-64bit-debuginfo-0.9.8-150400.3.17.1
* libssh4-64bit-0.9.8-150400.3.17.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libssh4-debuginfo-0.9.8-150400.3.17.1
* libssh-debugsource-0.9.8-150400.3.17.1
* libssh-config-0.9.8-150400.3.17.1
* libssh4-0.9.8-150400.3.17.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libssh4-debuginfo-0.9.8-150400.3.17.1
* libssh-debugsource-0.9.8-150400.3.17.1
* libssh-config-0.9.8-150400.3.17.1
* libssh4-0.9.8-150400.3.17.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libssh4-debuginfo-0.9.8-150400.3.17.1
* libssh-debugsource-0.9.8-150400.3.17.1
* libssh-config-0.9.8-150400.3.17.1
* libssh4-0.9.8-150400.3.17.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libssh4-debuginfo-0.9.8-150400.3.17.1
* libssh-debugsource-0.9.8-150400.3.17.1
* libssh-config-0.9.8-150400.3.17.1
* libssh4-0.9.8-150400.3.17.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libssh4-debuginfo-0.9.8-150400.3.17.1
* libssh-debugsource-0.9.8-150400.3.17.1
* libssh-config-0.9.8-150400.3.17.1
* libssh4-0.9.8-150400.3.17.1
## References:
* https://www.suse.com/security/cve/CVE-2026-0964.html
* https://www.suse.com/security/cve/CVE-2026-0965.html
* https://www.suse.com/security/cve/CVE-2026-0966.html
* https://www.suse.com/security/cve/CVE-2026-0967.html
* https://www.suse.com/security/cve/CVE-2026-0968.html
* https://www.suse.com/security/cve/CVE-2026-3731.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258045
* https://bugzilla.suse.com/show_bug.cgi?id=1258049
* https://bugzilla.suse.com/show_bug.cgi?id=1258054
* https://bugzilla.suse.com/show_bug.cgi?id=1258080
* https://bugzilla.suse.com/show_bug.cgi?id=1258081
* https://bugzilla.suse.com/show_bug.cgi?id=1259377
SUSE-SU-2026:1560-1: important: Security update for the Linux Kernel (Live Patch 32 for SUSE Linux Enterprise 15 SP5)
# Security update for the Linux Kernel (Live Patch 32 for SUSE Linux Enterprise
15 SP5)
Announcement ID: SUSE-SU-2026:1560-1
Release Date: 2026-04-23T05:47:33Z
Rating: important
References:
* bsc#1258396
* bsc#1259859
Cross-References:
* CVE-2026-23191
* CVE-2026-23268
CVSS scores:
* CVE-2026-23191 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves two vulnerabilities can now be installed.
## Description:
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.127 fixes
various security issues
The following security issues were fixed:
* CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396).
* CVE-2026-23268: apparmor: fix unprivileged local user can do privileged
policy management (bsc#1259859).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1560=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1560=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_127-default-debuginfo-5-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_32-debugsource-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_127-default-5-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_127-default-debuginfo-5-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_32-debugsource-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_127-default-5-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2026-23191.html
* https://www.suse.com/security/cve/CVE-2026-23268.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258396
* https://bugzilla.suse.com/show_bug.cgi?id=1259859
openSUSE-SU-2026:0145-1: moderate: Security update for ocaml-patch, opam
openSUSE Security Update: Security update for ocaml-patch, opam
_______________________________
Announcement ID: openSUSE-SU-2026:0145-1
Rating: moderate
References: #1262281
Cross-References: CVE-2026-41082
CVSS scores:
CVE-2026-41082 (SUSE): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________
An update that fixes one vulnerability is now available.
Description:
This update for ocaml-patch, opam fixes the following issues:
Changes in opam:
- Update to version 2.5.1 (CVE-2026-41082 boo#1262281) see included
CHANGES file for details
- Update to version 2.5.0 see included CHANGES file for details
- Update to version 2.4.1 see included CHANGES file for details
- Update to version 2.4.0 see included CHANGES file for details
Changes in ocaml-patch:
- Relax requirement for ocaml-rpm-macros, remove ExclusiveArch
- Update to version 3.1.0 see included CHANGES.md file for details
- Initial version 3.0.0
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-145=1
Package List:
- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):
ocaml-patch-3.1.0-bp157.2.1
ocaml-patch-debuginfo-3.1.0-bp157.2.1
ocaml-patch-devel-3.1.0-bp157.2.1
- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64):
opam-2.5.1-bp157.2.3.1
opam-devel-2.5.1-bp157.2.3.1
opam-installer-2.5.1-bp157.2.3.1
References:
https://www.suse.com/security/cve/CVE-2026-41082.html
https://bugzilla.suse.com/1262281
openSUSE-SU-2026:0147-1: moderate: Security update for tor
openSUSE Security Update: Security update for tor
_______________________________
Announcement ID: openSUSE-SU-2026:0147-1
Rating: moderate
References: #1262301 #1262302
Affected Products:
openSUSE Backports SLE-15-SP6
openSUSE Backports SLE-15-SP7
_______________________________
An update that contains security fixes can now be installed.
Description:
This update for tor fixes the following issues:
- update to 0.4.8.23:
* Fix a memory compare using the wrong length. This could lead to a
remote crash when using the conflux subsystem (TROVE-2026-004,
boo#1262302)
* Fix a series of defense in depth security issues found across the
codebase
* Regenerate fallback directories generated on March 25, 2026.
* Update the geoip files to match the IPFire Location Database, as
retrieved on 2026/03/25.
- includes changes from 0.4.8.22:
* Avoid an out-of-bounds read error that could occur with V1-formatted
EXTEND cells (TROVE-2025-016, boo#1262301)
* Allow old clients to fetch the consensus even if they use version 0 of
the SENDME protocol
* Do not check for compression bombs for buffers smaller than 5MB
(increased from 64 KB)
* Improvements to directory server statistics
- update to 0.4.8.21:
* This release is a continuation of the previous one and addresses
additional Conflux-related issues identified through further testing
and feedback from relay operators. We strongly recommend upgrading as
soon as possible.
* Major bugfixes (conflux, exit):
- When dequeuing out-of-order conflux cells, the circuit could be
close in between two dequeue which could lead to a mishandling of a
NULL pointer. Fixes bug 41162;
* Add -mbranch-protection=standard for arm64.
* Regenerate fallback directories generated on November
* Update the geoip files to match the IPFire Location Database, as
retrieved on 2025/11/17.
* Fix a bug causing the initial tor process to hang intead of exiting
with RunAsDaemon, when pluggable transports are used.
- 0.4.8.20
* Add a new hardening compiler flag -fcf-protection=full
* Fix the root cause of some conflux fragile asserts
* Fix a series of conflux edge cases
- 0.4.8.19
* Fix some clients not being able to connect to LibreSSL relays
* Improve stream flow control performance
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-147=1
- openSUSE Backports SLE-15-SP6:
zypper in -t patch openSUSE-2026-147=1
Package List:
- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64):
tor-0.4.8.23-bp157.2.6.1
tor-debuginfo-0.4.8.23-bp157.2.6.1
tor-debugsource-0.4.8.23-bp157.2.6.1
- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le s390x x86_64):
tor-0.4.8.23-bp156.2.6.1
References:
https://bugzilla.suse.com/1262301
https://bugzilla.suse.com/1262302
openSUSE-SU-2026:10599-1: moderate: cacti-1.2.30+git306.82d5aef5-1.1 on GA media
# cacti-1.2.30+git306.82d5aef5-1.1 on GA media
Announcement ID: openSUSE-SU-2026:10599-1
Rating: moderate
Cross-References:
* CVE-2026-0540
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the cacti-1.2.30+git306.82d5aef5-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* cacti 1.2.30+git306.82d5aef5-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-0540.html
openSUSE-SU-2026:10600-1: moderate: csync2-2.0+git.1600444747.83b3644-3.1 on GA media
# csync2-2.0+git.1600444747.83b3644-3.1 on GA media
Announcement ID: openSUSE-SU-2026:10600-1
Rating: moderate
Cross-References:
* CVE-2026-41051
CVSS scores:
* CVE-2026-41051 ( SUSE ): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-41051 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the csync2-2.0+git.1600444747.83b3644-3.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* csync2 2.0+git.1600444747.83b3644-3.1
## References:
* https://www.suse.com/security/cve/CVE-2026-41051.html
openSUSE-SU-2026:10598-1: moderate: libtree-sitter0_26-0.26.8-1.1 on GA media
# libtree-sitter0_26-0.26.8-1.1 on GA media
Announcement ID: openSUSE-SU-2026:10598-1
Rating: moderate
Cross-References:
* CVE-2026-34945
CVSS scores:
* CVE-2026-34945 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2026-34945 ( SUSE ): 7 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the libtree-sitter0_26-0.26.8-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* libtree-sitter0_26 0.26.8-1.1
* libtree-sitter0_26-x86-64-v3 0.26.8-1.1
* tree-sitter 0.26.8-1.1
* tree-sitter-devel 0.26.8-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-34945.html
openSUSE-SU-2026:0151-1: critical: Security update for rclone
openSUSE Security Update: Security update for rclone
_______________________________
Announcement ID: openSUSE-SU-2026:0151-1
Rating: critical
References: #1140423 #1232964 #1233422 #1262438 #1262439
Cross-References: CVE-2023-45286 CVE-2023-45288 CVE-2023-48795
CVE-2024-24786 CVE-2024-45337 CVE-2024-45338
CVE-2024-51744 CVE-2024-52522 CVE-2025-22869
CVE-2025-22870 CVE-2025-30204 CVE-2025-58181
CVE-2025-68121 CVE-2026-1229 CVE-2026-27141
CVE-2026-33186 CVE-2026-41176 CVE-2026-41179
CVSS scores:
CVE-2023-45288 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CVE-2023-48795 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2024-24786 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2024-45337 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2024-45338 (SUSE): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVE-2024-51744 (SUSE): 2.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CVE-2025-22869 (SUSE): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVE-2025-22870 (SUSE): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
CVE-2025-30204 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVE-2025-58181 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CVE-2025-68121 (SUSE): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CVE-2026-27141 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVE-2026-33186 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products:
openSUSE Backports SLE-15-SP6
openSUSE Backports SLE-15-SP7
_______________________________
An update that fixes 18 vulnerabilities is now available.
Description:
This update for rclone fixes the following issues:
- Update to version 1.73.5: (boo#1262439 boo#1262438)
* operations: add AuthRequired to operations/fsinfo to prevent backend
creation CVE-2026-41179
* rc: snapshot NoAuth at startup to prevent runtime auth bypass
CVE-2026-41176
* rc: add AuthRequired to options/set to prevent auth bypass
CVE-2026-41176
* s3: fix empty delimiter parameter rejected by Archiware P5 server
* azureblob/auth: add Microsoft Partner Network User-Agent prefix
* drime: fix User.EntryPermissions JSON unmarshalling
* filter: fix debug logs that fire before logger is configured - fixes
#9291
* s3: fix TencentCOS CDN endpoint failing on bucket check
* iclouddrive: fix 'directory not found' error when the directory
contains accent marks
* Start v1.73.5-DEV development
- Update to version 1.73.4:
* Version v1.73.4
* Update to go 1.25.9 to fix multiple CVEs
* build: fix Denial of Service due to Panic in AWS SDK for Go v2 SDK
EventStream Decoder
* docs: fix markdown issues in mount docs
* docs: fix header level for metadata option
* fix(docs): Fix link to not be language specific
* filen: update SDK version
* build(deps): bump golang.org/x/image from 0.36.0 to 0.38.0
* docs: note macOS 10.15 (Catalina) support with version v1.70.3
* Start v1.73.4-DEV development
- Update to version 1.73.3: (CVE-2026-33186 GHSA-6g7g-w4f8-9c9x)
* Version v1.73.3
* build(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2
* docs/jottacloud: fix broken link
* docs: clarify Filen password change requires updating both password
and API key in rclone config
* docs: note that Filen API key changes on password change
* build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3
* s3: add multi tenant support for Cubbit
* lib/rest: fix URLPathEscapeAll breaking WebDAV servers (eg nzbdav)
with strict path matching
* list: fix nil pointer panic in Sorter when temp file creation fails
* docs: update RELEASE procedure to avoid mistakes
* docs: added text to the label showing version-introduced info
* Start v1.73.3-DEV development
* docs: update sponsors
- Update to version 1.73.2:
* Version v1.73.2
* Update to go 1.25.8 to fix multiple CVEs
* build: update to golang.org/x/net v0.51.0 to fix CVE-2026-27141 #9220
* docs: fix new drive flag typo in changelog
* webdav: add missing headers for CORS
* docs: Document unsupported S3 object keys with double slashes
* docs: note that --use-server-modtime only works on some backends
* internxt: fix Entry doesn't belong in directory errors on windows
* drime: fix chunk-uploaded files ignoring workspace ID
* docs: Fix headers hierarchy for mount.md
* webdav: escape reserved characters in URL path segments
* bisync: add group Sync to the bisync command
* archive: extract: strip "./" prefix from tar entry paths
* docs: add instructions on how to update Go version
* buid: update github.com/cloudflare/circl to v1.6.3 to fix CVE-2026-1229
* Start v1.73.2-DEV development
- Update to version 1.73.1:
* Version v1.73.1
* build: fix build using go 1.26.0 instead of go 1.25.7
* fs/march: fix runtime: program exceeds 10000-thread limit
* accounting: fix missing server side stats from core/stats rc
* pacer: re-read the sleep time as it may be stale
* pacer: fix deadlock between pacer token and --max-connections
* build: fix CVE-2025-68121 by updating go to 1.25.7 or later - fixes
#9167
* drime: fix files and directories being created in the default workspace
* docs: update sponsors
* copyurl: Extend copyurl docs with an example of CSV FILENAMEs starting
with a path.
* internxt: implement re-login under refresh logic, improve retry logic
- fixes #9174
* docs: add ExchangeRate-API as a sponsor
* build: bump github.com/go-chi/chi/v5 from 5.2.3 to 5.2.5 to fix
GO-2026-4316
* Set list_version to 2 for FileLu S3 configuration
* filelu: add multipart upload support with configurable cutoff
* filelu: add multipart init response type
* filelu: add comment for response body wrapping
* filelu: avoid buffering entire file in memory
* docs: update sponsor logos
* filen: fix potential panic in case of error during upload
* filen: fix 32 bit targets not being able to list directories Fixes
#9142
* Start v1.73.1-DEV development
- Update to version 1.73.0:
* Version v1.73.0
* drive: fix crash when trying to creating shortcut to a Google doc
* azureblob,azurefiles: factor the common auth into a library
* test: allow backends to return fs.ErrorCantListRoot to skip Root tests
* build: add privatebeta Makefile target
* docs: add Internxt as a sponsor
* internxt: remove use of CVE laden github.com/disintegration/imaging
* docs: fix Internxt docs after merge
* docs: update making a new backend docs
* docs: build overview page from the backend data
* docs: add tiering to the documentation - fixes #8873
* docs: add data about each backend in YAML format
* docs: add bin/manage_backends.py for managing the backend data files
* internxt: use rclone's http.Client to enable more features
* internxt: fix lint problems
* Add StarHack to contributors
* Add lullius to contributors
* Add jzunigax2 to contributors
* internxt: add Internxt backend - fixes #7610
* drive: add --drive-metadata-force-expansive-access flag - Fixes #8980
* test_all: allow drime more time to complete
* onedrive: fix permissions on onedrive Personal
* onedrive: fix require sign in for Onedrive Personal
* onedrive: Onedrive Personal no longer supports description
* onedrive: fix setting modification time on directories for onedrive
Personal
* onedrive: fix cancelling multipart upload
* docs: fix WinFsp link in mount documentation
* cmount: make work under OpenBSD - fixes #1727
* vfs: make mount tests run on OpenBSD
* docs: improve alignment of icons
* protondrive: update to use forks of upstream modules
* Add hyusap to contributors
* Add Nick Owens to contributors
* Add Mikel Olasagasti Uranga to contributors
* docs: fix googlephotos custom client_id instructions
* cmount: fix OpenBSD mount support.
* fs: fix bwlimit: correctly report minutes
* fs: fix bwlimit: use %d instead of %q for ints
* mega: reverts TLS workaround
* docs: fix formatting
* docs: add faq entry about re-enabling old TLS ciphers
* Add Marc-Philip to contributors
* Add yy to contributors
* filen: swap to blake3 hashes
* docs: fix echo command syntax for password input
* docs: fix typos in comments and messages
* docs: fix use of removed rem macro
* uptobox: remove backend as service is no longer available
* rc: add operations/hashsumfile to sum a single file only
* docs: update sponsor link
* filen: add Filen backend - Fixes #6728
* sftp: fix proxy initialisation
* fstest: skip Copy mutation test with --sftp-copy-is-hardlink
* fstest: Make Copy mutation test work properly
* Add Qingwei Li to contributors
* Add Nicolas Dessart to contributors
* log: fix systemd adding extra newline - fixes #9086
* oracleobjectstorage, sftp: eliminate unnecessary heap allocation
* sftp,ftp: add http proxy authentication support
* Add Drime backend
* lib/rest: add opts.MultipartContentType to explicitly set Content-Type
of attachements
* dircache: allow empty string as root parent id
* docs: update sponsors
* s3: add provider Bizfly Cloud Simple Storage
* docs: update sponsor logos
* Add sys6101 to contributors
* Add darkdragon-001 to contributors
* Add vupn0712 to contributors
* docs: add cloudinary to readme
* docs: fix headers hierarchy in mount docs
* s3: fix Copy ignoring storage class
* serve s3: make errors in --s3-auth-key fatal - fixes #9044
* Add masrlinu to contributors
* pcloud: add support for real-time updates in mount
* memory: add --memory-discard flag for speed testing - fixes #9037
* Add vyv03354 to contributors
* shade: Fix VFS test issues
* docs: mention use of ListR feature in ls docs
* build: bump actions/download-artifact from 6 to 7
* build: bump actions/upload-artifact from 5 to 6
* build: bump actions/cache from 4 to 5
* docs: reflects the fact that pCloud supports ListR
* S3: Linode: updated endpoints to use ISO 3166-1 alpha-2 standard
* sync: fix error propagation in tests (#9025)
* Changelog updates from Version v1.72.1
* s3: add more regions for Selectel
* Add jhasse-shade to contributors
* Add Shade backend
* log: fix backtrace not going to the --log-file #9014
* build: fix lint warning after linter upgrade
* Add Jonas Tingeborn to contributors
* Add Tingsong Xu to contributors
* configfile: add piped config support - fixes #9012
* fs/log: fix PID not included in JSON log output
* build: adjust lint rules to exclude new errors from linter update
* proxy: fix error handling in tests spotted by the linter
* Add Johannes Rothe to contributors
* Add Leo to contributors
* Add Vladislav Tropnikov to contributors
* Add Cliff Frey to contributors
* Add vicerace to contributors
* b2: Fix listing root buckets with unrestricted API key
* googlecloudstorage: improve endpoint parameter docs
* serve webdav: implement download-directory-as-zip
* s3: The ability to specify an IAM role for cross-account interaction
* azureblob: add metadata and tags support across upload and copy paths
* refactor: use strings.Cut to simplify code
* docs: note where a provider has an S3 compatible alternative
* Add Shade as sponsor
* Add Duncan Smart to contributors
* Add Diana to contributors
* docs: Clarify OAuth scopes for readonly Google Drive access
* b2: support authentication with new bucket restricted application keys
* docs: update sponsor logos
* docs: fix lint error in changelog
* Start v1.73.0-DEV development
- Update to version 1.72.1:
* Version v1.72.1
* s3: add more regions for Selectel
* log: fix backtrace not going to the --log-file #9014
* build: fix lint warning after linter upgrade
* configfile: add piped config support - fixes #9012
* fs/log: fix PID not included in JSON log output
* build: adjust lint rules to exclude new errors from linter update
* proxy: fix error handling in tests spotted by the linter
* googlecloudstorage: improve endpoint parameter docs
* docs: note where a provider has an S3 compatible alternative
* Add Shade as sponsor
* docs: Clarify OAuth scopes for readonly Google Drive access
* docs: update sponsor logos
* docs: fix lint error in changelog
* Start v1.72.1-DEV development
- Update to version 1.72.0:
* Version v1.72.0
* rc: fix formatting in job/batch
* test speed: fix formatting of help
* docs: update sponsor logos
* build: bump actions/checkout from 5 to 6
* s3: add multi-part-upload support for If-Match and If-None-Match
* rc: config/unlock: rename parameter to `configPassword` accept old as
well
* rc: correct names of parameters in job/list output
* Add Nikolay Kiryanov to contributors
* rc: add `executeId` to job statuses - fixes #8972
* build: bump golang.org/x/crypto from 0.43.0 to 0.45.0 to fix
CVE-2025-58181
* s3: fix single file copying behavior with low permission - Fixes #8975
* docs: onedrive: note how to backup up any user's data
* Add Dominik Sander to contributors
* Add jijamik to contributors
* box: allow to configure with config file contents
* http: add basic metadata and provide it via serve
* ftp: fix transfers from servers that return 250 ok messages
* b2: allow individual old versions to be deleted with --b2-versions -
fixes #1626
* build: fix tls: failed to verify certificate: x509: negative serial
number
* Add Sean Turner to contributors
* s3: add support for --upload-header If-Match and If-None-Match
* fix: comment typos
* dropbox: fix error moving just created objects - fixes #8881
* s3: add --s3-use-data-integrity-protections to fix BadDigest error in
Alibaba, Tencent
* rc: make sure fatal errors don't crash rclone - fixes #8955
* pacer: factor call stack searching into its own package
* rc: add osVersion, osKernel and osArch to core/version
* build: update all dependencies
* build(deps): bump golangci/golangci-lint-action from 8 to 9
* webdav: fix out of memory with sharepoint-ntlm when uploading large
file
* testserver: fix owncloud test server startup
* Add aliaj1 to contributors
* ulozto: Fix downloads returning HTML error page
* docs: adjust spectra logic example endpoint name
* docs: update version introduced to v1.70 in doi docs
* testserver: fix HDFS server after run.bash adjustments
* testserver: remind developers about allocating a port
* testserver: make run.bash variables less likely to collide with scripts
* testserver: fix seafile servers messing up _connect string
* testserver: make sure TestWebdavInfiniteScale uses an assigned port
* testserver: make sure we don't overwrite the NAME variable set
* Add n4n5 to contributors
* Add Alex to contributors
* Add Copilot to contributors
* docs: update contributing docs regarding backend documentation
* rc: add jobs stats
* docs: fix alignment of some of the icons in the storage system dropdown
* docs: run markdownlint on _index.md
* docs: fix markdownlint issues and other styling improvements in
backend command docs
* docs: fix markdownlint issue md046/code-block-style in backend command
docs
* docs: fix missing punctuation in backend commands short description
* docs: fix markdownlint issues in backend command generated output
* build: improve backend docs autogenerated marker line
* backend/compress: add zstd compression
* sftp: fix zombie SSH processes with --sftp-ssh - Fixes #8929
* testserver: fix tests failing due to stopped servers
* docs: add new integration tester site link
* docs: update the method for running integration tests
* bisync: fix failing tests
* Add SublimePeace to contributors
* b2: fix "expected a FileSseMode but found: ''"
* docs: s3: clarify multipart uploads memory usage
* test_all: fix detection of running servers
* accounting: add AccountReadN for use in cluster
* fs: add NonDefaultRC for discovering options in use
* fs: move tests into correct files
* rc: add NewJobFromBytes for reading jobs from non HTTP transactions
* rc: add job/batch for sending batches of rc commands to run
concurrently
* Add Ted Robertson to contributors
* Add Joseph Brownlee to contributors
* Add fries1234 to contributors
* Add Fawzib Rojas to contributors
* Add Riaz Arbi to contributors
* Add Lukas Krejci to contributors
* Add Adam Dinwoodie to contributors
* Add dulanting to contributors
* docs: add AppArmor restrictions to rclone mount
* check: improved reporting of differences in sizes and contents
* mega: implement 2FA login
* docs: change to light code block style to better match overall theme
* docs: fix various markdownlint issues
* build: restrict the markdown languages to use for code blocks
* docs: fix various markdownlint issues
* docs: fix markdownlint issue md013/line-length
* docs: change syntax hightlighting for command examples from sh to
console
* docs: Clarify remote naming convention
* b2: Add Server-Side encryption support
* Added rclone archive command to create and read archive files
* accounting: add io.Seeker/io.ReaderAt support to accounting.Account
* operations: add ReadAt method to ReOpen
* fstest: add ResetRun to allow the remote to be reset in tests
* gcs: fix --gcs-storage-class to work with server side copy for objects
* ulozto: implement the about functionality
* local: add --skip-specials to ignore special files
* swift: Report disk usage in segment containers
* refactor: use strings.Builder to improve performance
* Archive backend to read archives on cloud storage.
* vfs: remove unecessary import in tests to fix import cycles
* Add Lakshmi-Surekha to contributors
* Add Andrew Gunnerson to contributors
* Add divinity76 to contributors
* build: enable support for aix/ppc64
* rc: fix name of "queue" JSON key in docs for vfs/cache
* cmount: windows: improve error message on missing winfsp
* docs: add the Provider to the options examples in the backend docs
* Add Aneesh Agrawal to contributors
* Add viocha to contributors
* Add reddaisyy to contributors
* fs: remove unnecessary Seek call on log file
* s3: make it easier to add new S3 providers
* build(deps): bump actions/upload-artifact from 4 to 5
* build(deps): bump actions/download-artifact from 5 to 6
* ftp: fix SOCK proxy support - fixes #8892 (#8918)
* webdav: Add Access-Control-Max-Age header for CORS preflight caching -
fixes #5078
* webdav: use SpaceSepList to parse bearer token command
* refactor: use strings.Builder to improve performance
* docs: re-arrange sponsors page
* docs: add Spectra Logic as a sponsor
* Add Oleksandr Redko to contributors
* build: enable all govet checks (except fieldalignment and shadow) and
fix issues.
* march: fix --no-traverse being very slow - fixes #8860
* Add vastonus to contributors
* s3: add new FileLu S5 endpoints
* build: remove obsolete build tag
* azurefiles: add ListP interface - #4788
* dropbox: add ListP interface - #4788
* webdav: add ListP interface - #4788
* pcloud: add ListP interface - #4788
* box: add ListP interface - #4788
* onedrive: add ListP interface - #4788
* drive: add ListP interface - #4788
* Add hunshcn to contributors
* webdav: optimize bearer token fetching with singleflight
* Changelog updates from Version v1.71.2
* lib/http: cleanup indentation and other whitespace in http serve
template
* docs: improve formatting of http serve template parameters
* build: stop markdown linter leaving behind docker containers
* Add Marco Ferretti to contributors
* s3: add cubbit as provider
* s3: add servercore as a provider
* docs: update sponsors
* docs: update sponsor images
* docs: update privacy policy with a section on user data
* Add Dulani Woods to contributors
* Add spiffytech to contributors
* gcs: add region us-east5 - fixes #8863
* jottacloud: refactor service list from map to slice to get predefined
order
* jottacloud: added support for traditional oauth authentication also
for the main service
* oauthutil: improved debug logs from token refresh
* backend: add S3 provider for Hetzner object storage #8183
* jottacloud: improved token refresh handling
* s3: provider reordering
* index: add missing providers
* docs: add missing `
* s3: add rabata as a provider
* mega: fix 402 payment required errors - fixes #8758
* Add Andrew Ruthven to contributors
* Add Microscotch to contributors
* Add iTrooz to contributors
* build: Bump SwiftAIO container to a newer one
* build: Retry stopping the test server
* build: Increase attempts to connect to test server
* swift: If storage_policy isn't set, use the root containers policy
* proton: automated 2FA login with OTP secret key
* serve s3: fix log output to remove the EXTRA messages
* docs/jottacloud: update description of invalid_grant error according
to changes
* jottacloud: add support for MediaMarkt Cloud as a whitelabel service
* s3: add FileLu S5 provider
* docs: fix variants of --user-from-header
* vfs: fix chunker integration test
* test_all: give TestZoho: extra time as it has been timing out
* test_all: give TestCompressDrive: extra time as it has been timing out
* rclone config string: reduce quoting with Human rendering for strings
#8859
* Add juejinyuxitu to contributors
* docs/jottacloud: update documentation with new whitelabel services and
changed configuration flow
* jottacloud: abort attempts to run unsupported rclone authorize command
* jottacloud: minor adjustment of texts in config ui
* jottacloud: add support for Let's Go Cloud (from MediaMarkt) as a
whitelabel service
* jottacloud: fix authentication for whitelabel services from Elkj??p
subsidiaries
* jottacloud: refactor config handling of whitelabel services to use
openid provider configuration
* jottacloud: remove nil error object from error message
* jottacloud: fix legacy authentication
* docs: add remote setup page to main docs dropdown
* docs: update remote setup page
* docs: add link from authorize command docs to remote setup docs
* docs: lowercase internet and web browser instead of Internet browser
* docs: use the term backend name instead of fs name for authorize
command
* add `rclone config string` for making connection strings #8859
* config: add more human readable configmap.Simple output
* serve http: download folders as zip
* s3: reorder providers to be in alphabetical order
* refactor: use strings.FieldsFuncSeq to reduce memory allocations
* accounting: add SetMaxCompletedTransfers method to fix bisync race
#8815
* accounting: add RemoveDoneTransfers method to fix bisync race #8815
* bisync: fix race when CaptureOutput is used concurrently #8815
* build: update all dependencies
* Makefile: remove deprecated go mod usage
* azurefiles: Fix server side copy not waiting for completion - fixes
#8848
* Changelog updates from Version v1.71.1
* test_all: fix branch name in test report
* pacer: fix deadlock with --max-connections
* Revert "azureblob: fix deadlock with --max-connections with
InvalidBlockOrBlob errors"
* Add Youfu Zhang to contributors
* Add Matt LaPaglia to contributors
* smb: optimize smb mount performance by avoiding stat checks during
initialization
* pikpak: fix unnecessary retries by using URL expire parameter - fixes
#8601
* serve http: fix: logging url on start
* docs: fix typo
* b2: fix 1TB+ uploads
* march: fix deadlock when using --fast-list on syncs - fixes #8811
* build: slices.Contains, added in go1.21
* build: use strings.CutPrefix introduced in go1.20
* build: use sequence Split introduced in go1.24
* build: use "for i := range n", added in go1.22
* build: modernize benchmark usage
* build: in tests use t.Context, added in go1.24
* build: replace interface{} by the 'any' type added in go1.18
* build: use the built-in min or max functions added in go1.21
* Add russcoss to contributors
* build: remove x := x made unnecessary by the new semantics of loops in
go1.22
* lib/pool: fix unreliable TestPoolMaxBufferMemory test
* Update S-Pegg1 email
* Add Jean-Christophe Cura to contributors
* pool: fix flaky unreliability test
* copyurl: reworked code, added concurrency and tests
* copyurl: Added --url to read urls from csv file - #8127
* docs: HDFS: erasure coding limitation #8808
* fstest: fix slice bounds out of range error when using -remotes local
* local: fix time zones on tests
* s3: added SpectraLogic as a provider
* local: fix rmdir "Access is denied" on windows - fixes #8363
* bisync: fix error handling for renamed conflicts
* docs: pcloud: update root_folder_id instructions
* operations: fix partial name collisions for non --inplace copies
* drive: docs: update making your own client ID instructions
* swift: add ListP interface - #4788
* memory: add ListP interface - #4788
* oraceobjectstorage: add ListP interface - #4788
* B2: add ListP interface - #4788
* azureblob: add ListP interface - #4788
* googlecloudstorage: add ListP interface - Fixes #8763
* build: bump actions/github-script from 7 to 8
* build: bump actions/setup-go from 5 to 6
* bisync: fix chunker integration tests
* bisync: fix koofr integration tests
* internetarchive: fix server side copy files with spaces
* lib/rest: add URLPathEscapeAll to URL escape as many chars as possible
* Add alternate email for dougal to contributors
* test speed: add command to test a specified remotes speed
* docs: add link to MEGA S4 from MEGA page
* Add Robin Rolf to contributors
* Add anon-pradip to contributors
* s3: Add Intercolo provider
* gendocs: refactor and add logging of skipped command docs
* gendocs: ignore missing rclone_mount.md, rclone_nfsmount.md,
rclone_serve_nfs.md on windows
* bin: add bisync.md generator
* fstest: refactor to decouple package from implementation
* gendocs: ignore missing rclone_mount.md on macOS
* bisync: ignore expected "nothing to transfer" differences on tests
* bisync: fix TestBisyncConcurrent ignoring -case
* bisync: make number of parallel tests configurable
* docs: clarify subcommand description in rclone usage
* docs: fix description of regex syntax of name transform
* docs: add some more details about supported regex syntax
* makefile: fix lib/transform docs not getting updated
* lib/pool: fix flaky test which was causing timeouts
* Add dougal to contributors
* vfs: fix SIGHUP killing serve instead of flushing directory caches
* bisync: use unique stats groups on tests
* fstest: stop errors in test cleanup changing the global stats
* Add Motte to contributors
* Add Claudius Ellsel to contributors
* build: add local markdown linting to make check
* lsf: add support for unix and unixnano time formats
* docs: remove broken links from rc to commands
* hashsum: changed output format when listing algorithms
* docs: add example of how to add date as suffix
* box: fix about after change in API return - fixes #8776
* Add skbeh to contributors
* Add Tilman Vogel to contributors
* docs: fix incorrectly escaped windows path separators
* build: restore error handling in gendocs
* combine: propagate SlowHash feature
* docs/oracleobjectstorage: add introduction before external links and
remove broken link
* docs: fix markdown lint issues in backend docs
* docs: fix markdown lint issues in command docs
* docs: update markdown code block json indent size 2
* mount: do not log successful unmount as an error - fixes #8766
* Start v1.72.0-DEV development
- Update to version 1.71.2:
* Version v1.71.2
* docs: update sponsors
* docs: update sponsor images
* docs: update privacy policy with a section on user data
* gcs: add region us-east5 - fixes #8863
* index: add missing providers
* docs: add missing `
* mega: fix 402 payment required errors - fixes #8758
* docs: fix variants of --user-from-header
* docs: add remote setup page to main docs dropdown
* docs: update remote setup page
* docs: add link from authorize command docs to remote setup docs
* docs: lowercase internet and web browser instead of Internet browser
* docs: use the term backend name instead of fs name for authorize
command
* bisync: fix race when CaptureOutput is used concurrently #8815
* azurefiles: Fix server side copy not waiting for completion - fixes
#8848
* pikpak: fix unnecessary retries by using URL expire parameter - fixes
#8601
* serve http: fix: logging url on start
* docs: fix typo
* b2: fix 1TB+ uploads
* Start v1.71.2-DEV development
- Update to version 1.71.1:
* Version v1.71.1
* pacer: fix deadlock with --max-connections
* Revert "azureblob: fix deadlock with --max-connections with
InvalidBlockOrBlob errors"
* march: fix deadlock when using --fast-list on syncs - fixes #8811
* docs: HDFS: erasure coding limitation #8808
* local: fix rmdir "Access is denied" on windows - fixes #8363
* bisync: fix error handling for renamed conflicts
* docs: pcloud: update root_folder_id instructions
* operations: fix partial name collisions for non --inplace copies
* drive: docs: update making your own client ID instructions
* internetarchive: fix server side copy files with spaces
* lib/rest: add URLPathEscapeAll to URL escape as many chars as possible
* docs: add link to MEGA S4 from MEGA page
* docs: clarify subcommand description in rclone usage
* docs: fix description of regex syntax of name transform
* docs: add some more details about supported regex syntax
* makefile: fix lib/transform docs not getting updated
* vfs: fix SIGHUP killing serve instead of flushing directory caches
* docs: remove broken links from rc to commands
* docs: add example of how to add date as suffix
* box: fix about after change in API return - fixes #8776
* docs: fix incorrectly escaped windows path separators
* build: restore error handling in gendocs
* combine: propagate SlowHash feature
* docs/oracleobjectstorage: add introduction before external links and
remove broken link
* docs: fix markdown lint issues in backend docs
* docs: fix markdown lint issues in command docs
* docs: update markdown code block json indent size 2
* mount: do not log successful unmount as an error - fixes #8766
* Start v1.71.1-DEV development
- Update to version 1.71.0:
* Version v1.71.0
* fs: tls: add --client-pass support for encrypted --client-key files
* ftp: make TLS config default to global TLS config - Fixes #6671
* fshttp: return *Transport rather than http.RoundTripper from
NewTransport
* bisync: release from beta
* bisync: fix markdown formatting issues flagged by linter in docs
* bisync: fix --no-slow-hash settings on path2
* Add cui to contributors
* docs: add code of conduct
* lib/mmap: convert to using unsafe.Slice to avoid deprecated
reflect.SliceHeader
* build: bump golangci/golangci-lint-action from 6 to 8
* build: update golangci-lint configuration
* build: ignore revive lint issue var-naming: avoid meaningless package
names
* build: fix lint issue: should omit type error from declaration
* Revert "build: downgrade linter to use go1.24 until it is fixed for
go1.25"
* build: migrate golangci-lint configuration to v2 format
* s3: add --s3-use-arn-region flag - fixes #8686
* Add Binbin Qian to contributors
* Add Lucas Bremgartner to contributors
* docs: add tips about outdated certificates
* FAQ: specify the availability of SSL_CERT_* env vars
* pikpak: add file name integrity check during upload
* bisync: skip TestBisyncConcurrent on non-local
* internetarchive: fix server side copy files with &
* Revert "s3: set useAlreadyExists to false for Alibaba OSS"
* Add huangnauh to contributors
* smb: improve multithreaded upload performance using multiple
connections
* bisync: fix data races on tests
* bisync: remove unused parameters
* bisync: deglobalize to fix concurrent runs via rc - fixes #8675
* mount: fix identification of symlinks in directory listings
* s3: fix Content-Type: aws-chunked causing upload errors with --metadata
* config: fix problem reading pasted tokens over 4095 bytes
* config: fix test failure on local machine with a config file
* log: add log rotation to --log-file - fixes #2259
* accounting: Fix stats (speed=0 and eta=nil) when starting jobs via rc
* docs: update overview table for oracle object storage
* Add praveen-solanki-oracle to contributors
* oracleobjectstorage: add read only metadata support - Fixes #8705
* doc: sync doesn't symlinks in dest without --link - Fixes #8749
* s3: sort providers in docs
* s3: add docs for Exaba Object Storage
* azureblob: fix double accounting for multipart uploads - fixes #8718
* pool: fix deadlock with --max-buffer-memory
* azureblob: fix deadlock with --max-connections with InvalidBlockOrBlob
errors
* build: downgrade linter to use go1.24 until it is fixed for go1.25
* build: update all dependencies
* build: update to go1.25 and make go1.24 the minimum required version
* Add Timothy Jacobs to contributors
* bisync: fix time.Local data race on tests - fixes #8272
* googlecloudstorage: fix rateLimitExceeded error on bisync tests
* accounting: populate transfer snapshot with "what" value
* build(deps): bump actions/checkout from 4 to 5
* build(deps): bump actions/download-artifact from 4 to 5
* googlecloudstorage: enable bisync integration tests
* fstest: fix parsing of commas in -remotes
* azurefiles: fix hash getting erased when modtime is set
* bisync: disable --sftp-copy-is-hardlink on sftp tests
* local: fix --copy-links on Windows when listing Junction points
* operations: fix too many connections open when using --max-memory
* pool: fix deadlock with --max-memory and multipart transfers
* pool: unify memory between multipart and asyncreader to use one pool
* docs: update links to rcloneui
* docs: add MEGA S4 as a gold sponsor
* about: fix potential overflow of about in various backends
* box: fix about: cannot unmarshal number 1.0e+18 into Go struct field
* oauthutil: fix nil pointer crash when started with expired token
* rc: listremotes should send an empty array instead of nil
* config: add error if RCLONE_CONFIG_PASS was supplied but didn't
decrypt config
* rc: add config/unlock to unlock the config file
* ftp: allow insecure TLS ciphers - fixes #8701
* s3: set useAlreadyExists to false for Alibaba OSS
* docs: update sponsors page
* fs: allow global variables to be overriden or set on backend creation
* fs: allow setting of --http_proxy from command line
* tests: cloudinary: remove test ignore after merging fix from #8707
* Add Antonin Goude to contributors
* Add Yu Xin to contributors
* Add houance to contributors
* Add Florent Vennetier to contributors
* Add n4n5 to contributors
* Add Albin Parou to contributors
* Add liubingrun to contributors
* sync: fix testLoggerVsLsf when backend only reads modtime
* sync: fix testLoggerVsLsf checking wrong fs
* docs: fix make opengraph tags absolute as not all sites understand
relative
* docs: update contributing guide regarding markdown documentation
* build: add markdown linting to workflow
* build: add markdownlint configuration
* docs: minor format cleanup install.md
* docs: fix markdownlint issue md049/emphasis-style
* docs: fix markdownlint issue md036/no-emphasis-as-heading
* docs: fix markdownlint issue md033/no-inline-html
* docs: fix markdownlint issue md025/single-title
* docs: fix markdownlint issue md041/first-line-heading
* docs: fix markdownlint issue md001/heading-increment
* docs: fix markdownlint issue md003/heading-style
* docs: fix markdownlint issue md034/no-bare-urls
* docs: fix markdownlint issue md010/no-hard-tabs
* docs: fix markdownlint issue md013/line-length
* docs: fix markdownlint issue md038/no-space-in-code
* docs: fix markdownlint issue md040/fenced-code-language
* docs: fix markdownlint issue md046/code-block-style
* docs: fix markdownlint issue md037/no-space-in-emphasis
* docs: fix markdownlint issue md059/descriptive-link-text
* docs: fix markdownlint issues md007/ul-indent md004/ul-style
* docs: fix markdownlint issue md012/no-multiple-blanks
* docs: fix markdownlint issue md058/blanks-around-tables
* docs: fix markdownlint issue md022/blanks-around-headings
* docs: fix markdownlint issue md031/blanks-around-fences
* docs: fix markdownlint issue md032/blanks-around-lists
* docs: fix markdownlint issue md009/no-trailing-spaces
* docs: fix markdownlint issue md014/commands-show-output
* docs: fix markdownlint issues md007/ul-indent md004/ul-style
(bin/update-authors.py)
* docs: fix markdownlint issues md007/ul-indent md004/ul-style
(authors.md)
* docs: add opengraph tags for website social media previews
* mount: note that bucket based remotes can use directory markers
* pikpak: add docs for methods to clarify name collision handling and
restrictions
* pikpak: enhance Copy method to handle name collisions and improve
error management
* pikpak: enhance Move for better handling of error and name collision
* accounting: fix incorrect stats with --transfers=1 - fixes #8670
* rc: fix `operations/check` ignoring `oneWay` parameter
* s3: add OVHcloud Object Storage provider
* docs: rc: fix description of how to read local config
* build: limit check for edits of autogenerated files to only commits in
a pull request
* build: extend check for edits of autogenerated files to all commits in
a pull request
* smb: refresh Kerberos credentials when ccache file changes
* s3: fix multipart upload and server side copy when using bucket policy
SSE-C
* backend/s3: Fix memory leak by cloning strings #8683
* purge: exit with a fatal error if filters are set on `rclone purge`
* docs: Add Backblaze as a Platinum sponsor
* Add Sam Pegg to contributors
* googlephotos: added warning for Google Photos compatability-fixes #8672
* test: remove flakey TestChunkerChunk50bYandex: test
* docs: Consolidate entries for Josh Soref in contributors
* docs: remove dead link to example of writing a plugin
* filescom: document that hashes need to be enabled - fixes #8674
* Add Sudipto Baral to contributors
* docs: fix incorrect json syntax in sample output
* docs: ignore author email piyushgarg80
* docs: fix header level for --dump option section
* docs: use stringArray as parameter type
* docs: use consistent markdown heading syntax
* imagekit: remove server side Copy method as it was downloading and
uploading
* imagekit: don't low level retry uploads
* imagekit: return correct error when attempting to upload zero length
files
* smb: add --smb-kerberos-ccache option to set kerberos ccache per smb
backend
* test: fix smb kerberos integration tests
* Changelog updates from Version v1.70.3
* config: make parsing of duration options consistent
* docs: cleanup usage
* docs: break long lines
* docs: add option value type to header where missing
* docs: mention that identifiers in option values are case insensitive
* docs: rewrite dump option examples
* docs: use markdown inline code format for dump option headers that are
real examples
* docs: change spelling from server side to server-side
* docs: cleanup header casing
* docs: rename OSX to macOS
* docs: fix list and code block issue
* docs: consistent markdown list format
* docs: split section with general description of options with that
documenting actual main options
* docs: improve description of option types
* docs: use space instead of equal sign to separate option and value in
headers
* docs: use comma to separate short and long option format in headers
* docs: remove use of uncommon parameter types
* docs: remove use of parameter type FILE
* docs: remove use of parameter type DIR
* docs: remove use of parameter type CONFIG_FILE
* docs: change use of parameter type N and NUMBER to int consistent with
flags and cli help
* docs: change use of parameter type TIME to Duration consistent with
flags and cli help
* docs: change use of parameter type BANDWIDTH_SPEC to BwTimetable
consistent with flags and cli help
* docs: change use of parameter type SIZE to SizeSuffix consistent with
flags and cli help
* docs: cleanup markdown header format
* docs: explain separated list parameters
* azureblob: fix server side copy error "requires exactly one scope"
* test: remove and ignore failing integration tests
* docs: explain the json log format in more detail
* check: fix difference report (was reporting error counts)
* serve sftp: add support for more hashes (crc32, sha256, blake3, xxh3,
xxh128)
* serve sftp: extract function refactoring for handling hashsum commands
* sftp: add support for more hashes (crc32, sha256, blake3, xxh3, xxh128)
* local: configurable supported hashes
* hash: add support for BLAKE3, XXH3, XXH128
* vfs: make integration TestDirEntryModTimeInvalidation test more
reliable
* smb: skip non integration tests when doing integration tests
* seafile: fix integration test errors by adding dot to encoding
* linkbox: fix upload error "user upload file not exist"
* build: remove integration tests which are too slow
* march: fix deadlock when using --no-traverse - fixes #8656
* pikpak: improve error handling for missing links and unrecoverable 500s
* pikpak: rewrite upload to bypass AWS S3 manager - fixes #8629
* test: fix TestSMBKerberos password expiring errors
* Add Vikas Bhansali to contributors
* Add Ross Smith II to contributors
* azureblob,azurefiles: add support for client assertion based
authentication
* webdav: fix setting modtime to that of local object instead of remote
* build: set default shell to bash in build.yml
* docs: fix filescom/filelu link mixup
* Add Davide Bizzarri to contributors
* fix: b2 versionAt read metadata
* test: make TestWebdavInfiniteScale startup more reliable
* test_all: add _connect_delay for slow starting servers
* docs: update link for filescom
* test_all: make TestWebdav InfiniteScale integration tests run
* test_all: make SMB with Kerberos integration tests run properly
* test_all: allow an env parameter to set environment variables
* Changelog updates from Version v1.70.2
* Add Ali Zein Yousuf to contributors
* Add $@M@RTH_ to contributors
* docs: update client ID instructions to current Azure AD portal - fixes
#8027
* s3: add Zata provider
* pacer: fix nil pointer deref in RetryError - fixes #8077
* docs: Remove Warp as a sponsor
* docs: add files.com as a Gold sponsor
* docs: add links to SecureBuild docker image
* Add curlwget to contributors
* convmv: fix moving to unicode-equivalent name - fixes #8634
* transform: add truncate_keep_extension and truncate_bytes
* convmv: make --dry-run logs less noisy
* sync: avoid copying dir metadata to itself
* docs: fix some function names in comments
* combine: fix directory not found errors with ListP interface - Fixes
#8627
* local: fix --skip-links on Windows when skipping Junction points
* Add Marvin R??sch to contributors
* build: bump github.com/go-chi/chi/v5 from 5.2.1 to 5.2.2 to fix
GHSA-vrw8-fxc6-2r93
* copy,copyto,move,moveto: implement logger flags to store result of sync
* log: fix deadlock when using systemd logging - fixes #8621
* docs: googlephotos: detail how to make your own client_id - fixes #8622
* Add necaran to contributors
* mega: fix tls handshake failure - fixes #8565
* Changelog updates from Version v1.70.1
* Add jinjingroad to contributors
* docs: DOI grammar error
* docs: lib/transform: cleanup formatting
* lib/transform: avoid empty charmap entry
* chore: fix function name
* convmv: fix spurious "error running command echo" on Windows
* docs: client-credentials is not support by all backends
* Start v1.71.0-DEV development
- Update to version 1.70.3:
* Version v1.70.3
* azureblob: fix server side copy error "requires exactly one scope"
* docs: explain the json log format in more detail
* check: fix difference report (was reporting error counts)
* linkbox: fix upload error "user upload file not exist"
* march: fix deadlock when using --no-traverse - fixes #8656
* pikpak: improve error handling for missing links and unrecoverable 500s
* webdav: fix setting modtime to that of local object instead of remote
* fix: b2 versionAt read metadata
* Start v1.70.3-DEV development
* docs: fix filescom/filelu link mixup
* docs: update link for filescom
- Update to version 1.70.2:
* Version v1.70.2
* docs: update client ID instructions to current Azure AD portal - fixes
#8027
* mega: fix tls handshake failure - fixes #8565
* pacer: fix nil pointer deref in RetryError - fixes #8077
* convmv: fix moving to unicode-equivalent name - fixes #8634
* convmv: make --dry-run logs less noisy
* sync: avoid copying dir metadata to itself
* combine: fix directory not found errors with ListP interface - Fixes
#8627
* local: fix --skip-links on Windows when skipping Junction points
* build: bump github.com/go-chi/chi/v5 from 5.2.1 to 5.2.2 to fix
GHSA-vrw8-fxc6-2r93
* log: fix deadlock when using systemd logging - fixes #8621
* docs: googlephotos: detail how to make your own client_id - fixes #8622
* pikpak: fix uploads fail with "aws-chunked encoding is not supported"
error
* Start v1.70.2-DEV development
* docs: Remove Warp as a sponsor
* docs: add files.com as a Gold sponsor
* docs: add links to SecureBuild docker image
- Update to version 1.70.1:
* Version v1.70.1
* docs: DOI grammar error
* docs: lib/transform: cleanup formatting
* lib/transform: avoid empty charmap entry
* chore: fix function name
* convmv: fix spurious "error running command echo" on Windows
* docs: client-credentials is not support by all backends
* Start v1.70.1-DEV development
- Update to version 1.70.0:
* Version v1.70.0
* ftp: add --ftp-http-proxy to connect via HTTP CONNECT proxy
* pcloud: fix "Access denied. You do not have permissions to perform
this operation" on large uploads
* operations: fix TransformFile when can't server-side copy/move
* fstest: fix -verbose flag after logging revamp
* googlecloudstorage: fix directory marker after // changes in #5858
* s3: fix directory marker after // changes in #5858
* azureblob: fix directory marker after // changes in #5858
* tests: ignore some more habitually failing tests
* googlephotos: fix typo in error message - Fixes #8600
* s3: MEGA S4 support
* Add Ser-Bul to contributors
* chunker: fix double-transform
* docs: mailru: added note about permissions level choice for the apps
password
* tests: ignore habitually failing tests and backends
* docs: link to asciinema rather than including the js
* docs: must have rel="noopener"
* sync: fix testLoggerVsLsf when dst is local
* docs: fix FileLu docs
* build: update all dependencies
* onedrive: fix crash if no metadata was updated
* Add kingston125 to contributors
* Add Flora Thiebaut to contributors
* Add FileLu cloud storage backend
* doi: add new doi backend
* build: fix check_autogenerated_edits.py flagging up files that didn't
exist
* docs: rc: add more info on how to discover _config and _filter
parameters #8584
* s3: add Exaba provider
* convmv: add convmv command
* lib/transform: add transform library and --name-transform flag
* march: split src and dst
* Add ahxxm to contributors
* Add Nathanael Demacon to contributors
* b2: use file id from listing when not presented in headers - fixes
#8113
* fs: fix goroutine leak and improve stats accounting process
* march: fix syncing with a duplicate file and directory
* Add PrathameshLakawade to contributors
* Add Oleksiy Stashok to contributors
* docs: fix page_facing_up typo next to Lyve Cloud in README.md
* backend/s3: require custom endpoint for Lyve Cloud v2 support
* backend: skip hash calculation when the hashType is None - fixes #8518
* azureblob: fix multipart server side copies of 0 sized files
* Add Jeremy Daer to contributors
* Add wbulot to contributors
* s3: add Pure Storage FlashBlade provider support (#8575)
* backend/gofile: update to use new direct upload endpoint
* log: add --windows-event-log-level to support Windows Event Log
* fs: Remove github.com/sirupsen/logrus and replace with log/slog
* Add fhuber to contributors
* cmd serve s3: fix ListObjectsV2 response
* Changelog updates from Version v1.69.3
* onedrive: re-add --onedrive-upload-cutoff flag
* onedrive: fix "The upload session was not found" errors
* Add Germ??n Casares to contributors
* Add Jeff Geerling to contributors
* googlephotos: update read only and read write scopes to meet Google's
requirements.
* build: update github.com/ebitengine/purego to v0.8.3 to fix mac_amd64
build
* docs: add hint about config touch and config file not found
* docs: add FAQ for dismissing 'rclone.conf not found'
* docs: document how to keep an out of tree backend
* Add Cl??ment Wehrung to contributors
* iclouddrive: fix panic and files potentially downloaded twice
* docs: move --max-connections documentation to the correct place
* Add Ben Boeckel to contributors
* Add Tho Neyugn to contributors
* docs: fix typo in s3/storj docs
* serve s3: remove redundant handler initialization
* Changelog updates from Version 1.69.2
* sftp: add --sftp-http-proxy to connect via HTTP CONNECT proxy
* Add Jugal Kishore to contributors
* docs: correct SSL docs anchor link from #ssl-tls to #tls-ssl
* drive: metadata: fix error when setting
copy-requires-writer-permission on a folder
* docs: Update contributors
* build: bump golang.org/x/net from 0.36.0 to 0.38.0
* Update README.md
* docs: fix typos via codespell
* webdav: add an ownCloud Infinite Scale vendor that enables tus chunked
upload support
* onedrive: fix metadata ordering in permissions
* Add Ben Alex to contributors
* Add simwai to contributors
* iclouddrive: fix so created files are writable
* cmd/authorize: show required arguments in help text
* cloudinary: var naming convention - #8416
* cloudinary: automatically add/remove known media files extensions #8416
* Add Markus Gerstel to contributors
* Add Enduriel to contributors
* Add huanghaojun to contributors
* Add simonmcnair to contributors
* Add Samantha Bowen to contributors
* s3: documentation regression - fixes #8438
* hash: add SHA512 support for file hashes
* vfs: fix inefficient directory caching when directory reads are slow
* docs: update fuse version in docker docs
* fs/config: Read configuration passwords from stdin even when
terminated with EOF - fixes #8480
* cmd/gitannex: Reject unknown layout modes in INITREMOTE
* cmd/gitannex: Add configparse.go and refactor
* cmd/gitannex: Permit remotes with options
* serve ftp: add serve rc interface
* serve sftp: add serve rc interface
* serve restic: add serve rc interface
* serve s3: add serve rc interface
* serve dlna: add serve rc interface
* serve webdav: add serve rc interface - fixes #4505
* serve http: add serve rc interface
* serve nfs: add serve rc interface
* serve: Add rc control for serve commands #4505
* configstruct: add SetAny to parse config from the rc
* rc: In options/info make FieldName contain a "." if it should be nested
* serve restic: convert options to new style
* serve s3: convert options to new style
* serve http: convert options to new style
* serve webdav: convert options to new style
* auth proxy: convert options to new style
* auth proxy: add VFS options parameter for use for default VFS
* serve: make the servers self registering
* lib/http: fix race between Serve() and Shutdown()
* lib/http: add Addr() method to return the first configured server
address
* Add Danny Garside to contributors
* docs: fix minor typo in box docs
* sync: implement --list-cutoff to allow on disk sorting for reduced
memory use
* march: Implement callback based syncing
* list: add ListDirSortedFn for callback oriented directory listing
* list: Implement Sorter to sort directory entries
* cache: mark ListP as not supported yet
* hasher: implement ListP interface
* compress: implement ListP interface
* chunker: mark ListP as not supported yet
* union: mark ListP as not supported yet
* crypt: implement ListP interface
* combine: implement ListP interface
* s3: Implement paged listing interface ListP
* list: add WithListP helper to implement List for ListP backends
* walk: move NewListRHelper into list.Helper to avoid circular dependency
* fs: define ListP interface for paged listing #4788
* accounting: Add listed stat for number of directory entries listed
* walk: factor Listing helpers into their own file and add tests
* serve nfs: make metadata files have special file handles
* serve nfs: change the format of --nfs-cache-type symlink file handles
* vfs: add --vfs-metadata-extension to expose metadata sidecar files
* docs: Add rcloneui.com as Silver Sponsor
* Add Klaas Freitag to contributors
* Add eccoisle to contributors
* Add Fernando Fern??ndez to contributors
* Add alingse to contributors
* Add J??rn Friedrich Dreyer to contributors
* docs: replace option --auto-filename-header with --header-filename
* build: update github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 to fix
CVE-2025-30204
* docs/googlephotos: fix typos
* build: bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2
* operations: fix call fmt.Errorf with wrong err
* webdav: retry propfind on 425 status
* Add --max-connections to control maximum backend concurrency
* rc: fix debug/* commands not being available over unix sockets
* cmd/gitannex: Prevent tests from hanging when assertion fails
* cmd/gitannex: Add explicit timeout for mock stdout reads in tests
* http: correct root if definitely pointing to a file - fixes #8428
* pool: add --max-buffer-memory to limit total buffer memory usage
* filter: Add `--hash-filter` to deterministically select a subset of
files
* build: update golang.org/x/net to 0.36.0. to fix CVE-2025-22869
* rc: add add short parameter to core/stats to not return transferring
and checking
* fs: fix corruption of SizeSuffix with "B" suffix in config (eg
--min-size)
* filters: show --min-size and --max-size in --dump filters
* build: check docs for edits of autogenerated sections
* Add jack to contributors
* docs: fix incorrect mentions of vfs-cache-min-free-size
* fs/object: fix memory object out of bounds Seek
* serve nfs: fix unlikely crash
* docs: update minimum OS requirements for go1.24
* cmd/gitannex: Tweak parsing of "rcloneremotename" config
* cmd/gitannex: Drop var rebindings now that we have go1.23
* docs: add note for using rclone cat for slicing out a byte range from
a file
* rcserver: improve content-type check
* build: modernize Go usage
* build: update all dependencies and fix deprecations
* build: update golang.org/x/crypto to v0.35.0 to fix CVE-2025-22869
* build: make go1.23 the minimum go version
* cmd/gitannex: Add to integration tests
* cmd/gitannex: Simplify verbose failures in tests
* cmd/gitannex: Port unit tests to fstest
* vfs: fix integration test failures
* azureblob: fix errors not being retried when doing single part copy
* azureblob: handle retry error codes more carefully
* touch: make touch obey --transfers
* Add luzpaz to contributors
* Add Dave Vasilevsky to contributors
* docs: fix various typos
* dropbox: Retry link without expiry
* Dropbox: Support Dropbox Paper
* chore: update contributor email
* docs: correct stable release workflow
* Add Lorenz Brun to contributors
* Add Michael Kebe to contributors
* vfs: fix directory cache serving stale data
* build: fix docker plugin build - fixes #8394
* docs: improved sftp limitations
* Changelog updates from Version v1.69.1
* docs: add FileLu as sponsors and tidy sponsor logos
* accounting: fix percentDiff calculation -- fixes #8345
* vfs: fix the cache failing to upload symlinks when --links was
specified
* Add jbagwell-akamai to contributors
* Add ll3006 to contributors
* doc: add note on concurrency of rclone purge
* s3: add latest Linode Object Storage endpoints
* cmd: fix crash if rclone is invoked without any arguments - Fixes #8378
* build: disable docker builds on PRs & add missing dockerfile changes
* sync: copy dir modtimes even when copyEmptySrcDirs is false - fixes
#8317
* sync: add tests to check dir modtimes are kept when syncing
* fix golangci-lint errors
* bisync: fix false positive on integration tests
* s3: split the GCS quirks into -s3-use-x-id and
-s3-sign-accept-encoding #8373
* Add Joel K Biju to contributors
* stats: fix the speed not getting updated after a pause in the
processing
* opendrive: added --opendrive-access flag to handle permissions
* bisync: fix listings missing concurrent modifications - fixes #8359
* Added parallel docker builds and caching for go build in the container
* smb: improve connection pooling efficiency
* lib/oauthutil: fix redirect URL mismatch errors - fixes #8351
* b2: fix "fatal error: concurrent map writes" - fixes #8355
* Add Alexander Minbaev to contributors
* Add Zachary Vorhies to contributors
* Add Jess to contributors
* s3: add IBM IAM signer - fixes #7617
* serve nfs: update docs to note Windows is not supported - fixes #8352
* cmd/config(update remote): introduce --no-output option
* s3: add DigitalOcean regions SFO2, LON1, TOR1, BLR1
* sync: fix cpu spinning when empty directory finding with leading
slashes
* s3: fix handling of objects with // in #5858
* azureblob: fix handling of objects with // in #5858
* fstest: add integration tests objects with // on bucket based backends
#5858
* fs/list: tweak directory listing assertions after allowing // names
* lib/bucket: fix tidying of // in object keys #5858
* lib/bucket: add IsAllSlashes function
* azureblob: remove uncommitted blocks on InvalidBlobOrBlock error
* azureblob: implement multipart server side copy
* azureblob: speed up server side copies for small files #8249
* azureblob: cleanup uncommitted blocks on upload errors
* azureblob: factor readMetaData into readMetaDataAlways returning blob
properties
* Add b-wimmer to contributors
* azurefiles: add --azurefiles-use-az and
--azurefiles-disable-instance-discovery
* onedrive: mark German (de) region as deprecated
* Add Trevor Starick to contributors
* Add hiddenmarten to contributors
* Add Corentin Barreau to contributors
* Add Bruno Fernandes to contributors
* Add Moises Lima to contributors
* Add izouxv to contributors
* Add Robin Schneider to contributors
* Add Tim White to contributors
* Add Christoph Berger to contributors
* azureblob: add support for `x-ms-tags` header
* rc: disable the metrics server when running `rclone rc`
* internetarchive: add --internetarchive-metadata="key=value" for
setting item metadata
* lib/batcher: Deprecate unused option: batch_commit_timeout
* s3: Added new storage class to magalu provider
* http servers: add --user-from-header to use for authentication
* b2: add SkipDestructive handling to backend commands - fixes #8194
* vfs: close the change notify channel on Shutdown
* Docker image: Add label org.opencontainers.image.source for release
notes in Renovate dependency updates
* docs: add OneDrive Impersonate instructions - fixes #5610
* docs: explain the stringArray flag parameter descriptor
* iclouddrive: add notes on ADP and Missing PCS cookies - fixes #8310
* docs: fix typos found by codespell in docs and code comments
* fs: fix confusing "didn't find section in config file" error
* vfs: fix race detected by race detector
* Add Jonathan Giannuzzi to contributors
* Add Spencer McCullough to contributors
* Add Matt Ickstadt to contributors
* smb: add support for kerberos authentication
* drive: added `backend moveid` command
* docs: fix reference to serves3 setting disable_multipart_uploads which
was renamed
* docs: fix link to Rclone Serve S3
* serve s3: fix list objects encoding-type
* build: update gopkg.in/yaml.v2 to v3
* build: update all dependencies
* bisync: fix go vet problems with go1.24
* build: update to go1.24rc1 and make go1.22 the minimum required version
* version: add --deps flag to show dependencies and other build info
* doc: make man page well formed for whatis - fixes #7430
* Start v1.70.0-DEV development
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-151=1
- openSUSE Backports SLE-15-SP6:
zypper in -t patch openSUSE-2026-151=1
Package List:
- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):
rclone-1.73.5-bp157.2.3.1
rclone-debuginfo-1.73.5-bp157.2.3.1
- openSUSE Backports SLE-15-SP7 (noarch):
rclone-bash-completion-1.73.5-bp157.2.3.1
rclone-zsh-completion-1.73.5-bp157.2.3.1
- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):
rclone-1.73.5-bp156.2.6.1
- openSUSE Backports SLE-15-SP6 (noarch):
rclone-bash-completion-1.73.5-bp156.2.6.1
rclone-zsh-completion-1.73.5-bp156.2.6.1
References:
https://www.suse.com/security/cve/CVE-2023-45286.html
https://www.suse.com/security/cve/CVE-2023-45288.html
https://www.suse.com/security/cve/CVE-2023-48795.html
https://www.suse.com/security/cve/CVE-2024-24786.html
https://www.suse.com/security/cve/CVE-2024-45337.html
https://www.suse.com/security/cve/CVE-2024-45338.html
https://www.suse.com/security/cve/CVE-2024-51744.html
https://www.suse.com/security/cve/CVE-2024-52522.html
https://www.suse.com/security/cve/CVE-2025-22869.html
https://www.suse.com/security/cve/CVE-2025-22870.html
https://www.suse.com/security/cve/CVE-2025-30204.html
https://www.suse.com/security/cve/CVE-2025-58181.html
https://www.suse.com/security/cve/CVE-2025-68121.html
https://www.suse.com/security/cve/CVE-2026-1229.html
https://www.suse.com/security/cve/CVE-2026-27141.html
https://www.suse.com/security/cve/CVE-2026-33186.html
https://www.suse.com/security/cve/CVE-2026-41176.html
https://www.suse.com/security/cve/CVE-2026-41179.html
https://bugzilla.suse.com/1140423
https://bugzilla.suse.com/1232964
https://bugzilla.suse.com/1233422
https://bugzilla.suse.com/1262438
https://bugzilla.suse.com/1262439
openSUSE-SU-2026:0150-1: important: Security update for flannel
openSUSE Security Update: Security update for flannel
_______________________________
Announcement ID: openSUSE-SU-2026:0150-1
Rating: important
References: #1260847 #1260853
Cross-References: CVE-2026-33343 CVE-2026-33413
CVSS scores:
CVE-2026-33343 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CVE-2026-33413 (SUSE): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for flannel fixes the following issues:
- Update to version 0.28.4:
* fix go version (don't set patch version) (#2428)
* Bump flannel-cni-plugin to v1.9.1-flannel1 (#2427)
* Bump the other-go-modules group across 1 directory with 3 updates
(#2425)
* Bump the tencent group with 2 updates (#2417)
* Bump the etcd group with 4 updates (#2398), includes fix for
CVE-2026-33413 (boo#1260853) and CVE-2026-33343 (boo#1260847)
* Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 (#2420)
* Bump go to 1.25 (#2424)
* Bump actions/upload-pages-artifact from 4.0.0 to 5.0.0
* Bump docker/build-push-action from 7.0.0 to 7.1.0
* Bump docker/login-action from 4.0.0 to 4.1.0
* Verify the kubectl sha256sum
* Secure makefile (#2414)
* Improve the security of Dockerfile
* Bump github/codeql-action from 4.34.1 to 4.35.1 (#2409)
* Bump actions/deploy-pages from 4.0.5 to 5.0.0
* lease: only print BackendData when json.Marshal succeeds
* vxlan: delete v6 direct route with correct Route struct
* fix: honor --stderrthreshold flag when --logtostderr is enabled
* Bump actions/configure-pages from 5.0.0 to 6.0.0
* Bump actions/setup-go from 6.3.0 to 6.4.0
* don't use unquoted shell vars in extensions backend example
* Don't use shell invocations in extensions backend.
* Bump google.golang.org/grpc from 1.71.1 to 1.79.3
* Bump ossf/scorecard-action from 2.4.1 to 2.4.3
* Bump actions/upload-artifact from 4.6.1 to 7.0.0
* Bump docker/metadata-action from 5.10.0 to 6.0.0
* Bump actions/checkout from 4.2.2 to 6.0.2
* Bump docker/setup-buildx-action from 3.12.0 to 4.0.0
* Bump aquasecurity/trivy-action from 0.33.1 to 0.35.0
* Bump docker/setup-qemu-action from 3.7.0 to 4.0.0
* [StepSecurity] Apply security best practices
* Bump actions/attest-build-provenance from 3.2.0 to 4.1.0
* Fix logic in AddBlackholeV4Route and AddBlackholeV6Route to correctly
check for existing routes
* Added check for nftables before checking br_netfilter module
* Bump golang.org/x/crypto from 0.36.0 to 0.45.0
* Bump k8s deps to v0.32.10
* Bump golang-ci-lint to v2.7.2
* Bump golangci/golangci-lint-action from 6.1.1 to 9.2.0
* Additional check on podCIDR
* ip: improve primary address selection to account for address flags
* Added TAG to fix bin version
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP6:
zypper in -t patch openSUSE-2026-150=1
Package List:
- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):
flannel-0.28.4-bp156.4.6.1
- openSUSE Backports SLE-15-SP6 (noarch):
flannel-k8s-yaml-0.28.4-bp156.4.6.1
References:
https://www.suse.com/security/cve/CVE-2026-33343.html
https://www.suse.com/security/cve/CVE-2026-33413.html
https://bugzilla.suse.com/1260847
https://bugzilla.suse.com/1260853
openSUSE-SU-2026:0149-1: important: Security update for flannel
openSUSE Security Update: Security update for flannel
_______________________________
Announcement ID: openSUSE-SU-2026:0149-1
Rating: important
References: #1260847 #1260853
Cross-References: CVE-2026-33343 CVE-2026-33413
CVSS scores:
CVE-2026-33343 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CVE-2026-33413 (SUSE): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for flannel fixes the following issues:
- Update to version 0.28.4:
* fix go version (don't set patch version) (#2428)
* Bump flannel-cni-plugin to v1.9.1-flannel1 (#2427)
* Bump the other-go-modules group across 1 directory with 3 updates
(#2425)
* Bump the tencent group with 2 updates (#2417)
* Bump the etcd group with 4 updates (#2398), includes fix for
CVE-2026-33413 (boo#1260853) and CVE-2026-33343 (boo#1260847)
* Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 (#2420)
* Bump go to 1.25 (#2424)
* Bump actions/upload-pages-artifact from 4.0.0 to 5.0.0
* Bump docker/build-push-action from 7.0.0 to 7.1.0
* Bump docker/login-action from 4.0.0 to 4.1.0
* Verify the kubectl sha256sum
* Secure makefile (#2414)
* Improve the security of Dockerfile
* Bump github/codeql-action from 4.34.1 to 4.35.1 (#2409)
* Bump actions/deploy-pages from 4.0.5 to 5.0.0
* lease: only print BackendData when json.Marshal succeeds
* vxlan: delete v6 direct route with correct Route struct
* fix: honor --stderrthreshold flag when --logtostderr is enabled
* Bump actions/configure-pages from 5.0.0 to 6.0.0
* Bump actions/setup-go from 6.3.0 to 6.4.0
* don't use unquoted shell vars in extensions backend example
* Don't use shell invocations in extensions backend.
* Bump google.golang.org/grpc from 1.71.1 to 1.79.3
* Bump ossf/scorecard-action from 2.4.1 to 2.4.3
* Bump actions/upload-artifact from 4.6.1 to 7.0.0
* Bump docker/metadata-action from 5.10.0 to 6.0.0
* Bump actions/checkout from 4.2.2 to 6.0.2
* Bump docker/setup-buildx-action from 3.12.0 to 4.0.0
* Bump aquasecurity/trivy-action from 0.33.1 to 0.35.0
* Bump docker/setup-qemu-action from 3.7.0 to 4.0.0
* [StepSecurity] Apply security best practices
* Bump actions/attest-build-provenance from 3.2.0 to 4.1.0
* Fix logic in AddBlackholeV4Route and AddBlackholeV6Route to correctly
check for existing routes
* Added check for nftables before checking br_netfilter module
* Bump golang.org/x/crypto from 0.36.0 to 0.45.0
* Bump k8s deps to v0.32.10
* Bump golang-ci-lint to v2.7.2
* Bump golangci/golangci-lint-action from 6.1.1 to 9.2.0
* Additional check on podCIDR
* ip: improve primary address selection to account for address flags
* Added TAG to fix bin version
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-149=1
Package List:
- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):
flannel-0.28.4-bp157.2.6.1
- openSUSE Backports SLE-15-SP7 (noarch):
flannel-k8s-yaml-0.28.4-bp157.2.6.1
References:
https://www.suse.com/security/cve/CVE-2026-33343.html
https://www.suse.com/security/cve/CVE-2026-33413.html
https://bugzilla.suse.com/1260847
https://bugzilla.suse.com/1260853
openSUSE-SU-2026:0148-1: critical: Security update for cacti, cacti-spine
openSUSE Security Update: Security update for cacti, cacti-spine
_______________________________
Announcement ID: openSUSE-SU-2026:0148-1
Rating: critical
References: #1231027 #1231369 #1231370 #1231371 #1231372
#1236482 #1236486 #1236487 #1236488 #1236489
#1236490
Cross-References: CVE-2024-43362 CVE-2024-43363 CVE-2024-43364
CVE-2024-43365 CVE-2024-45598 CVE-2024-54145
CVE-2024-54146 CVE-2025-22604 CVE-2025-24367
CVE-2025-24368
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________
An update that solves 10 vulnerabilities and has one errata
is now available.
Description:
This update for cacti, cacti-spine fixes the following issues:
cacti 1.2.30:
- Unable to add new users
- When using Automation Rules, specifying graph criteria may cause issues
- When transferring a system from a backup if the poller has not run
recently rrdtool issues are found
- When translating, quotes may cause incorrect text to appear
- When using Boost for the first time, warnings may appear
- When refreshing forms, items may be checked incorrectly by xmacan
cacti 1.2.29:
- CVE-2025-22604 GHSA-c5j8-jxj3-hh36 - Authenticated RCE via multi-line
SNMP responses (bsc#1236488)
- CVE-2025-24368 GHSA-f9c7-7rc3-574c - SQL Injection vulnerability when
using tree rules through Automation API (bsc#1236490)
- CVE-2024-54145 GHSA-fh3x-69rr-qqpp - SQL Injection vulnerability when
request automation devices (bsc#1236487)
- CVE-2025-24367 GHSA-fxrq-fr7h-9rqq - Arbitrary File Creation leading
to RCE (bsc#1236489)
- CVE-2024-45598 GHSA-pv2c-97pp-vxwg - Local File Inclusion (LFI)
Vulnerability via Poller Standard Error Log Path (bsc#1236482)
- CVE-2024-54146 GHSA-vj9g-P7F2-4wqj - SQL Injection vulnerability when
view host template (bsc#1236486)
- issue: Temporary table names may incorrectly think they have a schema
- issue: When using Preset Time to view graphs, it is using a fixed
point rather than relative time
- issue: Fix issue where RRA files are not automatically removed
- issue: Fix invalid help link for Automation Networks
- issue: Unable to disable a tree within the GUI
- issue: When removing graphs, RRA files may be left behind
- issue: Improve compatibility with ping under FreeBSD
- issue: Improve compatibility wtih Slice RRD tool under PHP 8.x
- issue: Allow IPv6 formats to use colons without port
- issue: Update Fortigate, Aruba OSCX and Clearpass templates
- issue: When a plugin is disabled, unable to use GUI to enable it again
- issue: When upgrading, ensure that replication only runs as necessary
- issue: Improve caching and syncing issues with replication
- issue: Improve caching techniques for database calls
- issue: Improve compatibility for Error constants under PHP 8.4
- issue: When running the upgrade database script, cursor is left in the
middle of the row
- issue: Guest page does not automatically refresh
- issue: When installing, conversion of tables may produce collation
errors
- feature: Add HPE Nimble/Alletra template
- feature: When installing, only convert core cacti tables
- Add /srv/www directories to filelist [boo#1231027]
- fix for cacti-cron.timer & cacti-cron.service failing after upgrade has
already removed
- replace cacti-cron.timer & cacti-cron.service with cactid.service to fix
thold & other "sub poller" poller processes not running.
cacti 1.2.28:
- CVE-2024-43365 GHSA-49f2-hwx9-qffr: XSS vulnerability when creating
external links with the consolenewsection parameter (bsc#1231372)
- CVE-2024-43364 GHSA-fgc6-g8gc-wcg5: XSS vulnerability when creating
external links with the title parameter (bsc#1231371)
- CVE-2024-43363 GHSA-gxq4-mv8h-6qj4: RCE vulnerability can be executed
via Log Poisoning (bsc#1231370)
- CVE-2024-43362 GHSA-wh9c-v56x-v77c: XSS vulnerability when creating
external links with the fileurl parameter
- issue: When using LDAP authentication the first time, warnings may
appear in logs
- issue: When installing, a replication loop for plugin_realms may occur
- issue: When installing, remote poller may attempt to sync with other
pollers
- issue: When a Data Query has a space, indexes may not be properly
escaped
- issue: Boost does not always order data source records properly
- issue: Add IP address to the login audit for successful logins by
xmacan
- issue: Undefined variable error may sometimes occur when dealing with
RRD output by MSS970
- issue: When export to CSV, only the first line of notes is included
- issue: When rendering forms, missing default value can cause errors
- issue: Allow hosted content to be executable for the links page
- issue: When closing database connections, some may linger incorrectly
- issue: When changing passwords, an infinite loop may occur by
ddb4github
- issue: When using Cacti Daemon, a "Cron out of sync" message may be
reported
- issue: Add ability to filter/sort users by group or last login time
- issue: When using List View, unable to add Graphs to a Report
- issue: When using SNMPv3, some devices may show polling issues
- issue: Limit table conversion to Cacti core tables
- issue: Fix issues with posix-based kills on Windows
- issue: When installing, password changes may fail on new installations
- issue: When using structured RRD folders, permission issues may be
flagged incorrectly
- issue: When unable to locate a valid theme, new default will be Modern
- issue: Properly cache the data source information for dsstats
processing
- issue: When reindexing, verify all fields may not work as intended
- feature: Add ability to log database connections/disconnections
- feature: Add Ping Method where connection refused assumes host is up
- feature: When displaying graphs, default end time does not show full
24 hour period
- feature: Add --id to remove_device.php
- feature: Add Location and Site to Graph List View
- feature: Add more verbose logging to Boost
- feature: Update jQuery to 3.7.1
- feature: Update jQueryUI to 1.14.0
- feature: Update Purify.js to 3.1.6
- feature: Update billboard.js to 3.13.0
- feature: Improve the performance of the repopulation of the poller
cache
Changes in cacti-spine:
cacti-spine 1.2.30:
- no changes
- Bump/rebuild to match Cacti 1.2.30
cacti-spine 1.2.28:
- When using Ping or SNMP Uptime, host is not always detected properly
- Add Ping Method where connection refused assumes host is up
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-148=1
Package List:
- openSUSE Backports SLE-15-SP7 (noarch):
cacti-1.2.30-bp157.2.3.1
References:
https://www.suse.com/security/cve/CVE-2024-43362.html
https://www.suse.com/security/cve/CVE-2024-43363.html
https://www.suse.com/security/cve/CVE-2024-43364.html
https://www.suse.com/security/cve/CVE-2024-43365.html
https://www.suse.com/security/cve/CVE-2024-45598.html
https://www.suse.com/security/cve/CVE-2024-54145.html
https://www.suse.com/security/cve/CVE-2024-54146.html
https://www.suse.com/security/cve/CVE-2025-22604.html
https://www.suse.com/security/cve/CVE-2025-24367.html
https://www.suse.com/security/cve/CVE-2025-24368.html
https://bugzilla.suse.com/1231027
https://bugzilla.suse.com/1231369
https://bugzilla.suse.com/1231370
https://bugzilla.suse.com/1231371
https://bugzilla.suse.com/1231372
https://bugzilla.suse.com/1236482
https://bugzilla.suse.com/1236486
https://bugzilla.suse.com/1236487
https://bugzilla.suse.com/1236488
https://bugzilla.suse.com/1236489
https://bugzilla.suse.com/1236490
SUSE-SU-2026:1568-1: moderate: Security update for haproxy
# Security update for haproxy
Announcement ID: SUSE-SU-2026:1568-1
Release Date: 2026-04-23T12:11:11Z
Rating: moderate
References:
* bsc#1262103
Cross-References:
* CVE-2026-33555
CVSS scores:
* CVE-2026-33555 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
* CVE-2026-33555 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
* CVE-2026-33555 ( NVD ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Availability Extension 15 SP6
* SUSE Linux Enterprise High Availability Extension 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for haproxy fixes the following issue:
* CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization
(bsc#1262103).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1568=1
* SUSE Linux Enterprise High Availability Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-1568=1
* SUSE Linux Enterprise High Availability Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-HA-15-SP7-2026-1568=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* haproxy-2.8.11+git0.01c1056a4-150600.3.12.1
* haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.12.1
* haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.12.1
* SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le
s390x x86_64)
* haproxy-2.8.11+git0.01c1056a4-150600.3.12.1
* haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.12.1
* haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.12.1
* SUSE Linux Enterprise High Availability Extension 15 SP7 (aarch64 ppc64le
s390x x86_64)
* haproxy-2.8.11+git0.01c1056a4-150600.3.12.1
* haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.12.1
* haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.12.1
## References:
* https://www.suse.com/security/cve/CVE-2026-33555.html
* https://bugzilla.suse.com/show_bug.cgi?id=1262103
SUSE-SU-2026:1574-1: important: Security update for the Linux Kernel
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2026:1574-1
Release Date: 2026-04-23T15:52:59Z
Rating: important
References:
* bsc#1215492
* bsc#1246057
* bsc#1256675
* bsc#1257773
* bsc#1259797
* bsc#1260005
* bsc#1260009
* bsc#1260347
* bsc#1260562
Cross-References:
* CVE-2025-38234
* CVE-2025-68818
* CVE-2026-23103
* CVE-2026-23243
* CVE-2026-23272
* CVE-2026-23274
* CVE-2026-23317
CVSS scores:
* CVE-2025-38234 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38234 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38234 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68818 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23103 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23243 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23272 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23317 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise Micro 5.5
An update that solves seven vulnerabilities and has two security fixes can now
be installed.
## Description:
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various
security bugfixes.
The following security bugs were fixed:
* CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057).
* CVE-2025-68818: scsi: Revert "scsi: qla2xxx: Perform lockless command
completion in abort path" (bsc#1256675).
* CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).
* CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write
(bsc#1259797).
* CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems
before insertion (bsc#1260009).
* CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer
labels (bsc#1260005).
* CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr
functions (bsc#1260562).
The following non-security bugs were fixed:
* PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes).
* PCI: Fix lock symmetry in pci_slot_unlock() (git-fixes).
* PCI: Fix pci_slot_trylock() error handling (git-fixes).
* PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).
* PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert()
(git-fixes).
* nvme-fc: use ctrl state getter (git-fixes bsc#1215492).
* nvme-pci: fix queue unquiesce check on slot_reset (git-fixes).
* nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes).
* x86/platform/uv: Handle deconfigured sockets (bsc#1260347).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1574=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-1574=1
## Package List:
* openSUSE Leap 15.5 (noarch)
* kernel-source-rt-5.14.21-150500.13.127.1
* kernel-devel-rt-5.14.21-150500.13.127.1
* openSUSE Leap 15.5 (x86_64)
* dlm-kmp-rt-5.14.21-150500.13.127.1
* kernel-rt-optional-debuginfo-5.14.21-150500.13.127.1
* kernel-rt-devel-5.14.21-150500.13.127.1
* kernel-rt-optional-5.14.21-150500.13.127.1
* reiserfs-kmp-rt-5.14.21-150500.13.127.1
* kernel-rt_debug-vdso-5.14.21-150500.13.127.1
* kernel-rt-extra-5.14.21-150500.13.127.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.127.1
* kernel-rt-devel-debuginfo-5.14.21-150500.13.127.1
* ocfs2-kmp-rt-5.14.21-150500.13.127.1
* kselftests-kmp-rt-debuginfo-5.14.21-150500.13.127.1
* gfs2-kmp-rt-5.14.21-150500.13.127.1
* kernel-rt-debugsource-5.14.21-150500.13.127.1
* kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.127.1
* reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.127.1
* kernel-syms-rt-5.14.21-150500.13.127.1
* kernel-rt-livepatch-5.14.21-150500.13.127.1
* dlm-kmp-rt-debuginfo-5.14.21-150500.13.127.1
* kernel-rt-debuginfo-5.14.21-150500.13.127.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.127.1
* kselftests-kmp-rt-5.14.21-150500.13.127.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.127.1
* cluster-md-kmp-rt-5.14.21-150500.13.127.1
* gfs2-kmp-rt-debuginfo-5.14.21-150500.13.127.1
* kernel-rt-livepatch-devel-5.14.21-150500.13.127.1
* kernel-rt-vdso-debuginfo-5.14.21-150500.13.127.1
* kernel-rt-vdso-5.14.21-150500.13.127.1
* kernel-rt_debug-devel-5.14.21-150500.13.127.1
* kernel-rt-extra-debuginfo-5.14.21-150500.13.127.1
* kernel-rt_debug-debuginfo-5.14.21-150500.13.127.1
* kernel-rt_debug-debugsource-5.14.21-150500.13.127.1
* openSUSE Leap 15.5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.127.1
* kernel-rt_debug-5.14.21-150500.13.127.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* kernel-source-rt-5.14.21-150500.13.127.1
* kernel-devel-rt-5.14.21-150500.13.127.1
* SUSE Linux Enterprise Micro 5.5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.127.1
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* kernel-rt-debuginfo-5.14.21-150500.13.127.1
* kernel-rt-debugsource-5.14.21-150500.13.127.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38234.html
* https://www.suse.com/security/cve/CVE-2025-68818.html
* https://www.suse.com/security/cve/CVE-2026-23103.html
* https://www.suse.com/security/cve/CVE-2026-23243.html
* https://www.suse.com/security/cve/CVE-2026-23272.html
* https://www.suse.com/security/cve/CVE-2026-23274.html
* https://www.suse.com/security/cve/CVE-2026-23317.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215492
* https://bugzilla.suse.com/show_bug.cgi?id=1246057
* https://bugzilla.suse.com/show_bug.cgi?id=1256675
* https://bugzilla.suse.com/show_bug.cgi?id=1257773
* https://bugzilla.suse.com/show_bug.cgi?id=1259797
* https://bugzilla.suse.com/show_bug.cgi?id=1260005
* https://bugzilla.suse.com/show_bug.cgi?id=1260009
* https://bugzilla.suse.com/show_bug.cgi?id=1260347
* https://bugzilla.suse.com/show_bug.cgi?id=1260562
SUSE-SU-2026:1577-1: important: Security update for openssl-1_1
# Security update for openssl-1_1
Announcement ID: SUSE-SU-2026:1577-1
Release Date: 2026-04-23T15:53:50Z
Rating: important
References:
* bsc#1260441
* bsc#1260442
* bsc#1260443
* bsc#1260444
* bsc#1261678
Cross-References:
* CVE-2026-28387
* CVE-2026-28388
* CVE-2026-28389
* CVE-2026-28390
* CVE-2026-31789
CVSS scores:
* CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-28387 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-28390 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-31789 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves five vulnerabilities can now be installed.
## Description:
This update for openssl-1_1 fixes the following issues:
* CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
* CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL
(bsc#1260442).
* CVE-2026-28389: Possible NULL dereference when processing CMS
KeyAgreeRecipientInfo (bsc#1260443).
* CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS
EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678).
* CVE-2026-31789: Heap buffer overflow in hexadecimal conversion
(bsc#1260444).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1577=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1577=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1577=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* openssl-1_1-debugsource-1.1.1w-150600.5.26.2
* libopenssl1_1-1.1.1w-150600.5.26.2
* openssl-1_1-1.1.1w-150600.5.26.2
* libopenssl-1_1-devel-1.1.1w-150600.5.26.2
* openssl-1_1-debuginfo-1.1.1w-150600.5.26.2
* libopenssl1_1-debuginfo-1.1.1w-150600.5.26.2
* openSUSE Leap 15.6 (x86_64)
* libopenssl1_1-32bit-debuginfo-1.1.1w-150600.5.26.2
* libopenssl-1_1-devel-32bit-1.1.1w-150600.5.26.2
* libopenssl1_1-32bit-1.1.1w-150600.5.26.2
* openSUSE Leap 15.6 (noarch)
* openssl-1_1-doc-1.1.1w-150600.5.26.2
* openSUSE Leap 15.6 (aarch64_ilp32)
* libopenssl-1_1-devel-64bit-1.1.1w-150600.5.26.2
* libopenssl1_1-64bit-debuginfo-1.1.1w-150600.5.26.2
* libopenssl1_1-64bit-1.1.1w-150600.5.26.2
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* openssl-1_1-debugsource-1.1.1w-150600.5.26.2
* libopenssl1_1-1.1.1w-150600.5.26.2
* openssl-1_1-1.1.1w-150600.5.26.2
* libopenssl-1_1-devel-1.1.1w-150600.5.26.2
* openssl-1_1-debuginfo-1.1.1w-150600.5.26.2
* libopenssl1_1-debuginfo-1.1.1w-150600.5.26.2
* SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64)
* libopenssl1_1-32bit-debuginfo-1.1.1w-150600.5.26.2
* libopenssl1_1-32bit-1.1.1w-150600.5.26.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* openssl-1_1-debugsource-1.1.1w-150600.5.26.2
* libopenssl1_1-1.1.1w-150600.5.26.2
* openssl-1_1-1.1.1w-150600.5.26.2
* libopenssl-1_1-devel-1.1.1w-150600.5.26.2
* openssl-1_1-debuginfo-1.1.1w-150600.5.26.2
* libopenssl1_1-debuginfo-1.1.1w-150600.5.26.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64)
* libopenssl1_1-32bit-debuginfo-1.1.1w-150600.5.26.2
* libopenssl1_1-32bit-1.1.1w-150600.5.26.2
## References:
* https://www.suse.com/security/cve/CVE-2026-28387.html
* https://www.suse.com/security/cve/CVE-2026-28388.html
* https://www.suse.com/security/cve/CVE-2026-28389.html
* https://www.suse.com/security/cve/CVE-2026-28390.html
* https://www.suse.com/security/cve/CVE-2026-31789.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260441
* https://bugzilla.suse.com/show_bug.cgi?id=1260442
* https://bugzilla.suse.com/show_bug.cgi?id=1260443
* https://bugzilla.suse.com/show_bug.cgi?id=1260444
* https://bugzilla.suse.com/show_bug.cgi?id=1261678
SUSE-SU-2026:1576-1: important: Security update for gdk-pixbuf
# Security update for gdk-pixbuf
Announcement ID: SUSE-SU-2026:1576-1
Release Date: 2026-04-23T15:53:32Z
Rating: important
References:
* bsc#1261210
Cross-References:
* CVE-2026-5201
CVSS scores:
* CVE-2026-5201 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-5201 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-5201 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for gdk-pixbuf fixes the following issue:
* CVE-2026-5201: Denial of Service via heap-based buffer overflow when
processing a specially crafted JPEG image (bsc#1261210).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1576=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1576=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1576=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1576=1
## Package List:
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libgdk_pixbuf-2_0-0-2.42.12-150600.3.11.1
* gdk-pixbuf-devel-debuginfo-2.42.12-150600.3.11.1
* gdk-pixbuf-debugsource-2.42.12-150600.3.11.1
* gdk-pixbuf-query-loaders-2.42.12-150600.3.11.1
* typelib-1_0-GdkPixbuf-2_0-2.42.12-150600.3.11.1
* gdk-pixbuf-query-loaders-debuginfo-2.42.12-150600.3.11.1
* typelib-1_0-GdkPixdata-2_0-2.42.12-150600.3.11.1
* gdk-pixbuf-devel-2.42.12-150600.3.11.1
* gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150600.3.11.1
* gdk-pixbuf-thumbnailer-2.42.12-150600.3.11.1
* libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150600.3.11.1
* Basesystem Module 15-SP7 (noarch)
* gdk-pixbuf-lang-2.42.12-150600.3.11.1
* Basesystem Module 15-SP7 (x86_64)
* libgdk_pixbuf-2_0-0-32bit-2.42.12-150600.3.11.1
* libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150600.3.11.1
* gdk-pixbuf-query-loaders-32bit-2.42.12-150600.3.11.1
* gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150600.3.11.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libgdk_pixbuf-2_0-0-2.42.12-150600.3.11.1
* gdk-pixbuf-devel-debuginfo-2.42.12-150600.3.11.1
* gdk-pixbuf-debugsource-2.42.12-150600.3.11.1
* gdk-pixbuf-query-loaders-2.42.12-150600.3.11.1
* typelib-1_0-GdkPixbuf-2_0-2.42.12-150600.3.11.1
* gdk-pixbuf-query-loaders-debuginfo-2.42.12-150600.3.11.1
* typelib-1_0-GdkPixdata-2_0-2.42.12-150600.3.11.1
* gdk-pixbuf-devel-2.42.12-150600.3.11.1
* gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150600.3.11.1
* gdk-pixbuf-thumbnailer-2.42.12-150600.3.11.1
* libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150600.3.11.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* gdk-pixbuf-lang-2.42.12-150600.3.11.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64)
* libgdk_pixbuf-2_0-0-32bit-2.42.12-150600.3.11.1
* libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150600.3.11.1
* gdk-pixbuf-query-loaders-32bit-2.42.12-150600.3.11.1
* gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150600.3.11.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libgdk_pixbuf-2_0-0-2.42.12-150600.3.11.1
* gdk-pixbuf-devel-debuginfo-2.42.12-150600.3.11.1
* gdk-pixbuf-debugsource-2.42.12-150600.3.11.1
* gdk-pixbuf-query-loaders-2.42.12-150600.3.11.1
* typelib-1_0-GdkPixbuf-2_0-2.42.12-150600.3.11.1
* gdk-pixbuf-query-loaders-debuginfo-2.42.12-150600.3.11.1
* typelib-1_0-GdkPixdata-2_0-2.42.12-150600.3.11.1
* gdk-pixbuf-devel-2.42.12-150600.3.11.1
* gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150600.3.11.1
* gdk-pixbuf-thumbnailer-2.42.12-150600.3.11.1
* libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150600.3.11.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* gdk-pixbuf-lang-2.42.12-150600.3.11.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64)
* libgdk_pixbuf-2_0-0-32bit-2.42.12-150600.3.11.1
* libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150600.3.11.1
* gdk-pixbuf-query-loaders-32bit-2.42.12-150600.3.11.1
* gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150600.3.11.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libgdk_pixbuf-2_0-0-2.42.12-150600.3.11.1
* gdk-pixbuf-devel-debuginfo-2.42.12-150600.3.11.1
* gdk-pixbuf-debugsource-2.42.12-150600.3.11.1
* gdk-pixbuf-query-loaders-2.42.12-150600.3.11.1
* typelib-1_0-GdkPixbuf-2_0-2.42.12-150600.3.11.1
* gdk-pixbuf-query-loaders-debuginfo-2.42.12-150600.3.11.1
* typelib-1_0-GdkPixdata-2_0-2.42.12-150600.3.11.1
* gdk-pixbuf-devel-2.42.12-150600.3.11.1
* gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150600.3.11.1
* gdk-pixbuf-thumbnailer-2.42.12-150600.3.11.1
* libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150600.3.11.1
* openSUSE Leap 15.6 (x86_64)
* libgdk_pixbuf-2_0-0-32bit-2.42.12-150600.3.11.1
* gdk-pixbuf-devel-32bit-2.42.12-150600.3.11.1
* gdk-pixbuf-query-loaders-32bit-2.42.12-150600.3.11.1
* gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150600.3.11.1
* gdk-pixbuf-devel-32bit-debuginfo-2.42.12-150600.3.11.1
* libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150600.3.11.1
* openSUSE Leap 15.6 (noarch)
* gdk-pixbuf-lang-2.42.12-150600.3.11.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libgdk_pixbuf-2_0-0-64bit-2.42.12-150600.3.11.1
* libgdk_pixbuf-2_0-0-64bit-debuginfo-2.42.12-150600.3.11.1
* gdk-pixbuf-query-loaders-64bit-2.42.12-150600.3.11.1
* gdk-pixbuf-devel-64bit-2.42.12-150600.3.11.1
* gdk-pixbuf-devel-64bit-debuginfo-2.42.12-150600.3.11.1
* gdk-pixbuf-query-loaders-64bit-debuginfo-2.42.12-150600.3.11.1
## References:
* https://www.suse.com/security/cve/CVE-2026-5201.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261210
