Libsoup, Bind, Libsolv, and Jq updates for SUSE

SUSE 5693 Published by

SUSE and openSUSE distributed a batch of security patches to address multiple flaws across their Linux distribution family. The updates resolve critical issues in widely used packages like jq, bind, libsolv, jackson-databind, and ansible-core, with several CVEs scoring above 8.0 on standard vulnerability metrics. Administrators managing openSUSE Leap 15.4, Tumbleweed, and SUSE Linux Enterprise versions 15 SP4 through SP7 need to apply these fixes to block potential remote code execution and memory corruption risks.

SUSE-SU-2026:2669-1: moderate: Security update for libsoup
SUSE-SU-2026:2670-1: moderate: Security update for libsoup2
openSUSE-SU-2026:0223-1: important: Security update for assimp
openSUSE-SU-2026:11141-1: moderate: istioctl-1.30.2-1.1 on GA media
openSUSE-SU-2026:11139-1: moderate: chromedriver-149.0.7827.200-1.1 on GA media
openSUSE-SU-2026:11138-1: moderate: jupyter-jupyterlab-templates-0.5.3-2.1 on GA media
openSUSE-SU-2026:11135-1: moderate: logback-1.5.36-1.1 on GA media
openSUSE-SU-2026:11134-1: moderate: libslirp-devel-4.9.3+4-1.1 on GA media
openSUSE-SU-2026:11133-1: moderate: jq-1.8.2-1.1 on GA media
openSUSE-SU-2026:11136-1: moderate: ocaml-4.14.4-1.1 on GA media
openSUSE-SU-2026:11137-1: moderate: python311-jupyter-ydoc-3.5.0-1.1 on GA media
openSUSE-SU-2026:11140-1: moderate: glibc-2.43-4.1 on GA media
openSUSE-SU-2026:11132-1: moderate: jackson-databind-2.18.8-2.1 on GA media
SUSE-SU-2026:2680-1: important: Security update for ansible-core
SUSE-SU-2026:2681-1: moderate: Security update for libheif
SUSE-SU-2026:2674-1: important: Security update for libsolv, libzypp, zypper
SUSE-SU-2026:2676-1: important: Security update for bind



SUSE-SU-2026:2669-1: moderate: Security update for libsoup


# Security update for libsoup

Announcement ID: SUSE-SU-2026:2669-1
Release Date: 2026-06-29T05:42:15Z
Rating: moderate
References:

* bsc#1257649

Cross-References:

* CVE-2026-1801

CVSS scores:

* CVE-2026-1801 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-1801 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-1801 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-1801 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products:

* openSUSE Leap 15.4

An update that solves one vulnerability can now be installed.

## Description:

This update for libsoup fixes the following issue

* CVE-2026-1801: HTTP Request Smuggling in
soup_filter_input_stream_read_line() (bsc#1257649).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2669=1

## Package List:

* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* libsoup-debugsource-3.0.4-150400.3.43.1
* libsoup-3_0-0-3.0.4-150400.3.43.1
* typelib-1_0-Soup-3_0-3.0.4-150400.3.43.1
* libsoup-3_0-0-debuginfo-3.0.4-150400.3.43.1
* libsoup-devel-3.0.4-150400.3.43.1
* openSUSE Leap 15.4 (x86_64)
* libsoup-devel-32bit-3.0.4-150400.3.43.1
* libsoup-3_0-0-32bit-3.0.4-150400.3.43.1
* libsoup-3_0-0-32bit-debuginfo-3.0.4-150400.3.43.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libsoup-3_0-0-64bit-debuginfo-3.0.4-150400.3.43.1
* libsoup-3_0-0-64bit-3.0.4-150400.3.43.1
* libsoup-devel-64bit-3.0.4-150400.3.43.1
* openSUSE Leap 15.4 (noarch)
* libsoup-lang-3.0.4-150400.3.43.1

## References:

* https://www.suse.com/security/cve/CVE-2026-1801.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257649



SUSE-SU-2026:2670-1: moderate: Security update for libsoup2


# Security update for libsoup2

Announcement ID: SUSE-SU-2026:2670-1
Release Date: 2026-06-29T05:42:42Z
Rating: moderate
References:

* bsc#1257649

Cross-References:

* CVE-2026-1801

CVSS scores:

* CVE-2026-1801 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-1801 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-1801 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-1801 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves one vulnerability can now be installed.

## Description:

This update for libsoup2 fixes the following issue

* CVE-2026-1801: HTTP Request Smuggling in
soup_filter_input_stream_read_line() (bsc#1257649).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2670=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2670=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-2670=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2670=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2670=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2670=1

## Package List:

* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* libsoup2-debugsource-2.74.2-150400.3.37.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.37.1
* libsoup2-devel-2.74.2-150400.3.37.1
* typelib-1_0-Soup-2_4-2.74.2-150400.3.37.1
* libsoup-2_4-1-2.74.2-150400.3.37.1
* openSUSE Leap 15.4 (x86_64)
* libsoup2-devel-32bit-2.74.2-150400.3.37.1
* libsoup-2_4-1-32bit-debuginfo-2.74.2-150400.3.37.1
* libsoup-2_4-1-32bit-2.74.2-150400.3.37.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libsoup2-devel-64bit-2.74.2-150400.3.37.1
* libsoup-2_4-1-64bit-2.74.2-150400.3.37.1
* libsoup-2_4-1-64bit-debuginfo-2.74.2-150400.3.37.1
* openSUSE Leap 15.4 (noarch)
* libsoup2-lang-2.74.2-150400.3.37.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libsoup2-debugsource-2.74.2-150400.3.37.1
* libsoup-2_4-1-2.74.2-150400.3.37.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.37.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libsoup2-debugsource-2.74.2-150400.3.37.1
* libsoup-2_4-1-2.74.2-150400.3.37.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.37.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libsoup2-debugsource-2.74.2-150400.3.37.1
* libsoup-2_4-1-2.74.2-150400.3.37.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.37.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libsoup2-debugsource-2.74.2-150400.3.37.1
* libsoup-2_4-1-2.74.2-150400.3.37.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.37.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libsoup2-debugsource-2.74.2-150400.3.37.1
* libsoup-2_4-1-2.74.2-150400.3.37.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.37.1

## References:

* https://www.suse.com/security/cve/CVE-2026-1801.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257649



openSUSE-SU-2026:0223-1: important: Security update for assimp


openSUSE Security Update: Security update for assimp
_______________________________

Announcement ID: openSUSE-SU-2026:0223-1
Rating: important
References: #1267037
Cross-References: CVE-2026-10232
CVSS scores:
CVE-2026-10232 (SUSE): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for assimp fixes the following issues:

- CVE-2026-10232: heap use-after-free in aiNode::~aiNode due to invalid
node tree when processing malformed ASE files (boo#1267037)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-223=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64):

assimp-devel-5.3.1-bp157.5.3.1
libassimp5-5.3.1-bp157.5.3.1

References:

https://www.suse.com/security/cve/CVE-2026-10232.html
https://bugzilla.suse.com/1267037



openSUSE-SU-2026:11141-1: moderate: istioctl-1.30.2-1.1 on GA media


# istioctl-1.30.2-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11141-1
Rating: moderate

Cross-References:

* CVE-2026-47204
* CVE-2026-47205
* CVE-2026-47207
* CVE-2026-47220
* CVE-2026-47221
* CVE-2026-47692
* CVE-2026-47775
* CVE-2026-47778
* CVE-2026-48042
* CVE-2026-48044
* CVE-2026-48090
* CVE-2026-48497
* CVE-2026-48706
* CVE-2026-48743

Affected Products:

* openSUSE Tumbleweed

An update that solves 14 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the istioctl-1.30.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* istioctl 1.30.2-1.1
* istioctl-bash-completion 1.30.2-1.1
* istioctl-zsh-completion 1.30.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-47204.html
* https://www.suse.com/security/cve/CVE-2026-47205.html
* https://www.suse.com/security/cve/CVE-2026-47207.html
* https://www.suse.com/security/cve/CVE-2026-47220.html
* https://www.suse.com/security/cve/CVE-2026-47221.html
* https://www.suse.com/security/cve/CVE-2026-47692.html
* https://www.suse.com/security/cve/CVE-2026-47775.html
* https://www.suse.com/security/cve/CVE-2026-47778.html
* https://www.suse.com/security/cve/CVE-2026-48042.html
* https://www.suse.com/security/cve/CVE-2026-48044.html
* https://www.suse.com/security/cve/CVE-2026-48090.html
* https://www.suse.com/security/cve/CVE-2026-48497.html
* https://www.suse.com/security/cve/CVE-2026-48706.html
* https://www.suse.com/security/cve/CVE-2026-48743.html



openSUSE-SU-2026:11139-1: moderate: chromedriver-149.0.7827.200-1.1 on GA media


# chromedriver-149.0.7827.200-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11139-1
Rating: moderate

Cross-References:

* CVE-2026-13281
* CVE-2026-13282
* CVE-2026-13283

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the chromedriver-149.0.7827.200-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* chromedriver 149.0.7827.200-1.1
* chromium 149.0.7827.200-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-13281.html
* https://www.suse.com/security/cve/CVE-2026-13282.html
* https://www.suse.com/security/cve/CVE-2026-13283.html



openSUSE-SU-2026:11138-1: moderate: jupyter-jupyterlab-templates-0.5.3-2.1 on GA media


# jupyter-jupyterlab-templates-0.5.3-2.1 on GA media

Announcement ID: openSUSE-SU-2026:11138-1
Rating: moderate

Cross-References:

* CVE-2026-48779

CVSS scores:

* CVE-2026-48779 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-48779 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the jupyter-jupyterlab-templates-0.5.3-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* jupyter-jupyterlab-templates 0.5.3-2.1
* python311-jupyterlab-templates 0.5.3-2.1
* python313-jupyterlab-templates 0.5.3-2.1
* python314-jupyterlab-templates 0.5.3-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-48779.html



openSUSE-SU-2026:11135-1: moderate: logback-1.5.36-1.1 on GA media


# logback-1.5.36-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11135-1
Rating: moderate

Cross-References:

* CVE-2026-13006

CVSS scores:

* CVE-2026-13006 ( SUSE ): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the logback-1.5.36-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* logback 1.5.36-1.1
* logback-access 1.5.36-1.1
* logback-examples 1.5.36-1.1
* logback-javadoc 1.5.36-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-13006.html



openSUSE-SU-2026:11134-1: moderate: libslirp-devel-4.9.3+4-1.1 on GA media


# libslirp-devel-4.9.3+4-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11134-1
Rating: moderate

Cross-References:

* CVE-2026-9539

CVSS scores:

* CVE-2026-9539 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libslirp-devel-4.9.3+4-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libslirp-devel 4.9.3+4-1.1
* libslirp0 4.9.3+4-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-9539.html



openSUSE-SU-2026:11133-1: moderate: jq-1.8.2-1.1 on GA media


# jq-1.8.2-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11133-1
Rating: moderate

Cross-References:

* CVE-2026-47770
* CVE-2026-49839
* CVE-2026-54679

CVSS scores:

* CVE-2026-47770 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-49839 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
* CVE-2026-54679 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-54679 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the jq-1.8.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* jq 1.8.2-1.1
* libjq-devel 1.8.2-1.1
* libjq1 1.8.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-47770.html
* https://www.suse.com/security/cve/CVE-2026-49839.html
* https://www.suse.com/security/cve/CVE-2026-54679.html



openSUSE-SU-2026:11136-1: moderate: ocaml-4.14.4-1.1 on GA media


# ocaml-4.14.4-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11136-1
Rating: moderate

Cross-References:

* CVE-2026-28364
* CVE-2026-34353

CVSS scores:

* CVE-2026-28364 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-28364 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34353 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2026-34353 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the ocaml-4.14.4-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ocaml 4.14.4-1.1
* ocaml-compiler-libs 4.14.4-1.1
* ocaml-compiler-libs-devel 4.14.4-1.1
* ocaml-ocamldoc 4.14.4-1.1
* ocaml-runtime 4.14.4-1.1
* ocaml-source 4.14.4-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-28364.html
* https://www.suse.com/security/cve/CVE-2026-34353.html



openSUSE-SU-2026:11137-1: moderate: python311-jupyter-ydoc-3.5.0-1.1 on GA media


# python311-jupyter-ydoc-3.5.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11137-1
Rating: moderate

Cross-References:

* CVE-2026-48779

CVSS scores:

* CVE-2026-48779 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-48779 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-jupyter-ydoc-3.5.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-jupyter-ydoc 3.5.0-1.1
* python313-jupyter-ydoc 3.5.0-1.1
* python314-jupyter-ydoc 3.5.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-48779.html



openSUSE-SU-2026:11140-1: moderate: glibc-2.43-4.1 on GA media


# glibc-2.43-4.1 on GA media

Announcement ID: openSUSE-SU-2026:11140-1
Rating: moderate

Cross-References:

* CVE-2026-5435
* CVE-2026-6238

CVSS scores:

* CVE-2026-5435 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-5435 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-6238 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-6238 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the glibc-2.43-4.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* glibc 2.43-4.1
* glibc-devel 2.43-4.1
* glibc-devel-static 2.43-4.1
* glibc-extra 2.43-4.1
* glibc-gconv-modules-extra 2.43-4.1
* glibc-html 2.43-4.1
* glibc-i18ndata 2.43-4.1
* glibc-info 2.43-4.1
* glibc-lang 2.43-4.1
* glibc-locale 2.43-4.1
* glibc-locale-base 2.43-4.1
* glibc-profile 2.43-4.1

## References:

* https://www.suse.com/security/cve/CVE-2026-5435.html
* https://www.suse.com/security/cve/CVE-2026-6238.html



openSUSE-SU-2026:11132-1: moderate: jackson-databind-2.18.8-2.1 on GA media


# jackson-databind-2.18.8-2.1 on GA media

Announcement ID: openSUSE-SU-2026:11132-1
Rating: moderate

Cross-References:

* CVE-2026-54512

CVSS scores:

* CVE-2026-54512 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the jackson-databind-2.18.8-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* jackson-databind 2.18.8-2.1
* jackson-databind-javadoc 2.18.8-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-54512.html



SUSE-SU-2026:2680-1: important: Security update for ansible-core


# Security update for ansible-core

Announcement ID: SUSE-SU-2026:2680-1
Release Date: 2026-06-29T13:27:33Z
Rating: important
References:

* bsc#1267822

Cross-References:

* CVE-2026-11332

CVSS scores:

* CVE-2026-11332 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-11332 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7
* Systems Management Module 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for ansible-core fixes the following issues:

* CVE-2026-11332: Argument injection in ansible-galaxy role install leads to
arbitrary code execution (bsc#1267822).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2680=1

* Systems Management Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Systems-Management-15-SP7-2026-2680=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2680=1

## Package List:

* openSUSE Leap 15.4 (noarch)
* ansible-core-2.18.3-150400.9.14.1
* ansible-test-2.18.3-150400.9.14.1
* SUSE Package Hub 15 15-SP7 (noarch)
* ansible-test-2.18.3-150400.9.14.1
* Systems Management Module 15-SP7 (noarch)
* ansible-core-2.18.3-150400.9.14.1

## References:

* https://www.suse.com/security/cve/CVE-2026-11332.html
* https://bugzilla.suse.com/show_bug.cgi?id=1267822



SUSE-SU-2026:2681-1: moderate: Security update for libheif


# Security update for libheif

Announcement ID: SUSE-SU-2026:2681-1
Release Date: 2026-06-29T13:27:52Z
Rating: moderate
References:

* bsc#1261658
* bsc#1265878

Cross-References:

* CVE-2026-32282
* CVE-2026-32814

CVSS scores:

* CVE-2026-32282 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-32282 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-32282 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-32814 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-32814 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-32814 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.4

An update that solves two vulnerabilities can now be installed.

## Description:

This update for libheif fixes the following issues

* CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux
(bsc#1261658).
* CVE-2026-32814: Uninitialized Heap Memory Information Leak via Failed Grid
Tiles (bsc#1265878).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2681=1

## Package List:

* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* libheif-devel-1.12.0-150400.3.20.1
* libheif-debugsource-1.12.0-150400.3.20.1
* gdk-pixbuf-loader-libheif-debuginfo-1.12.0-150400.3.20.1
* libheif1-debuginfo-1.12.0-150400.3.20.1
* gdk-pixbuf-loader-libheif-1.12.0-150400.3.20.1
* libheif1-1.12.0-150400.3.20.1
* openSUSE Leap 15.4 (x86_64)
* libheif1-32bit-debuginfo-1.12.0-150400.3.20.1
* libheif1-32bit-1.12.0-150400.3.20.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libheif1-64bit-debuginfo-1.12.0-150400.3.20.1
* libheif1-64bit-1.12.0-150400.3.20.1

## References:

* https://www.suse.com/security/cve/CVE-2026-32282.html
* https://www.suse.com/security/cve/CVE-2026-32814.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261658
* https://bugzilla.suse.com/show_bug.cgi?id=1265878



SUSE-SU-2026:2674-1: important: Security update for libsolv, libzypp, zypper


# Security update for libsolv, libzypp, zypper

Announcement ID: SUSE-SU-2026:2674-1
Release Date: 2026-06-29T09:41:17Z
Rating: important
References:

* bsc#1158038
* bsc#1239718
* bsc#1246504
* bsc#1247948
* bsc#1249435
* bsc#1252744
* bsc#1253193
* bsc#1253740
* bsc#1257068
* bsc#1257882
* bsc#1258193
* bsc#1259311
* bsc#1259706
* bsc#1259802
* bsc#1259842
* bsc#1265223
* bsc#1265935
* bsc#1265938
* bsc#1266039
* bsc#1267426
* bsc#1267874
* jsc#PED-13680
* jsc#PED-14658
* jsc#PED-15607

Cross-References:

* CVE-2026-25707
* CVE-2026-44933
* CVE-2026-44941
* CVE-2026-44942
* CVE-2026-48863
* CVE-2026-9149
* CVE-2026-9150

CVSS scores:

* CVE-2026-25707 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-25707 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-44933 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-44933 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-44933 ( NVD ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-44933 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-44941 ( SUSE ): 7.5
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-44941 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-44942 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-44942 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-44942 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-48863 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-48863 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-9149 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-9149 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-9149 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-9150 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-9150 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves seven vulnerabilities, contains three features and has 14
security fixes can now be installed.

## Description:

This update for libsolv, libzypp, zypper fixes the following issues

* CVE-2026-9149: Heap buffer overflow in libsolv repo_add_solv via negative
maxsize from crafted .solv file (bsc#1265935).
* CVE-2026-9150: Stack-based buffer overflow in libsolv's Debian metadata
parser when handling SHA384/SHA512 checksums (bsc#1265938).
* CVE-2026-25707: Handcrafted repo metadata may cause arbitrary local files to
be overwritten (bsc#1259802).
* CVE-2026-44933: scan of the Mandatory signature verification plugin support
(bsc#1265223).
* CVE-2026-44941: path traversal via "keyhint" (bsc#1267426).
* CVE-2026-44942: .repo files can have an optional path which can lead to path
traversal attacks (bsc#1267874).
* CVE-2026-48863: Fix buffer overflow when parsing EdDSA signature
(bsc#1266039).

Changes in libzypp:

Updated to version 17.38.13 (35):

* A .repo files "path=" entry must not refer to a location outside the repo
(bsc#1267874, CVE-2026-44942) A "path=" entry may solely denote a sub-
directory of the baseurl where the metadata are located. A relative path
trying to access data outside the baseurl is reported and sanitized.
* Fix potential crash on malformed or malicious repository metadata (fixes
#740)
* Repo metadata: discard entries referring to a location outside the repo
(bsc#1259802, CVE-2026-25707) Mirroring those data locally would refer to a
location outside the repo's local cache directory. Those data entries are
reported and discarded.
* zypp.conf: Allow [env] section to add environment variables. This feature is
designed to enable environment-specific settings or debugging options over
an extended period. See zypp.conf(5).
* Prevent configured scripts from escaping the sigcheck directory
(bsc#1265223, CVE-2026-44933)
* StringV: guard hasPrefix/hasPrefixCI against reading past the view end
(fixes #735)
* Mandatory signature verification plugin support (PED#11922)
* Fix purge-kernel -rc kernel handling (bsc#1239718)
* Explicitly_set_pool_DISTTYPE_RPM (fixes #726)
* Check for trusted key updates when updating the general keyring
(bsc#1259706)
* Support multiple MirroredOrigin authorities (bsc#1253193)
* Workaround doxygen bug: doxygen/doxygen#12057
* libzypp.spec: Add missing graphviz-gd BuildRequires (boo#1259842)
* Fix preloader not caching packages from arch specific subrepos (bsc#1253740)
* Deprioritize invalid mirrors (fixes openSUSE/zypper#636)
* Fix Product::referencePackage lookup (bsc#1259311) Use a provided
autoproduct() as hint to the package name of the release package. It might
be that not just multiple versions of the same release package provide the
same product version, but also different release packages.
* specfile: on fedora use %{_prefix}/share as zyppconfdir if %{_distconfdir}
is undefined (fixes #693) This will set '-DZYPPCONFDIR=%{zyppconfdir}' for
cmake.
* Fall back to a writable location when precaching packages without root
(bsc#1247948)
* Prepare a legacy /etc/zypp/zypp.conf to be installed on old distros. See the
ZYPP.CONF(5) man page for details.
* Fix runtime check for broken rpm --runposttrans (bsc#1257068)
* Avoid libcurl-mini4 when building as it does not support ftp protocol.
* Translation: updated .pot file.
* zypp.conf: follow the UAPI configuration file specification (PED-14658) In
short terms it means we will no longer ship an /etc/zypp/zypp.conf, but
store our own defaults in /usr/etc/zypp/zypp.conf. The systems administrator
may choose to keep a full copy in /etc/zypp/zypp.conf ignoring our config
file settings completely, or - the preferred way - to overwrite specific
settings via /etc/zypp/zypp.conf.d/*.conf overlay files. See the
ZYPP.CONF(5) man page for details.
* cmake: correctly detect rpm6 (fixes #689)
* Use 'zypp.tmp' as temp directory component to ease setting up SELinux
policies (bsc#1249435)
* zyppng: Update Provider to current MediaCurl2 download approach, drop
Metalink ( fixes #682 )

Changes in libsolv:

Updated to version 0.7.39:

* fix solv_chksum_free segfault when called with a NULL pointer
* made repo_add_solv more robust against corrupt files [bsc#1265935]
[CVE-2026-9149]
* fix potential buffer overflow when verifying EdDSA signatures [bsc#1266039]
[CVE-2026-48863]
* added limit checks in multiple places to catch overflows
* reduce the size of the language id cache
* fixed Debian canon selection
* fixed dbpath detection in repo_rpmdb_librpm
* reduced stack usage in repo page compression (needed for musl)
* fix parsing of sha512 checksums in debian repositories [bsc#1265938]
[CVE-2026-9150]
* improve speed of dirpool_add_dir makeing parsing of filelists.xml twice as
fast
* fix parsing of recommends in the old Mandriva synthesis format
* respect the "default" attribute in environment optionlist in the comps
parser
* support suse namespace deps in boolean dependencies [bsc#1258193]
* support for the Elbrus2000 (e2k) architecture
* support language() suse namespace rewriting

Changes in zypper:

Update to version 1.14.98:

* Transactional systems: Delegate rw-commands to transactional-wrapper if
available (jsc#PED-13680, jsc#PED-15607) On a transactional system where the
root filesystem is mounted read-only, zypper commands that modify the system
cannot be executed directly. If the system provides a transactional-wrapper
utility, zypper will automatically attempt to invoke it. The wrapper
transparently executes the zypper command within a new, writable snapshot
and manages the lifecycle of that snapshot based on the command's exit
status. On transactional systems lacking a transactional-wrapper, users must
manually invoke specialized tools -such as transactional-update- to install,
update, or remove software.
* Add --filter-version-change to zypper lu. Adds filtering by version change
significance to reduce noise in update listings. Supports levels: rebuild
(hides rebuild-only changes) and package (hides all release-only changes).
* Autorefresh ris-services the way as plugin-services (bsc#1246504) It's
actually wrong to treat service refreshes different depending on the service
type. For the purpose of a service it makes no difference how the data about
the repos to use are acquired.
* Report download progress for command line rpms (fixes #613)
* Hint to '-vv ref' to see the mirrors used to download the metadata
(bsc#1257882)
* Service: Allow "zypper ls SERVICE ..." to test whether a service with this
alias is defined (bsc#1252744) The command prints an abstract of all
services passed on the command line. It returns
3-ZYPPER_EXIT_ERR_INVALID_ARGS if some argument does not name an existing
service.
* Keep repo data when updating the service settings (bsc#1252744)
* info: Enhance pattern content table (bsc#1158038) Alternatives (multiple
packages providing the same requirement) are now listed as a single entry in
the content table. The entry shows either the installed package which
satisfies the requirement or the requirement itself as type 'Provides'.
Listing all potential alternatives was miss leading, especially if the
alternatives were mutual exclusive. It looked like an installed pattern had
not-installed requirements and it was not possible to install all
requirements at the same time.

## Special Instructions and Notes:

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-2674=1

* SUSE Linux Enterprise Server 15 SP4
zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-2674=1

* SUSE Linux Enterprise High Performance Computing 15 SP4
zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-2674=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2674=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2674=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2674=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2674=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-2674=1 SUSE-SLE-Product-
SLES_SAP-15-SP4-2026-2674=1

* SUSE Linux Enterprise Desktop 15 SP4
zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-2674=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-2674=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-2674=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2674=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2674=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2674=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2674=1

## Package List:

* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* libsolv-tools-base-0.7.39-150400.3.46.1
* libsolv-tools-0.7.39-150400.3.46.1
* libzypp-17.38.13-150400.3.158.1
* SUSE Manager Server 4.3 (ppc64le)
* libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libsolv-devel-debuginfo-0.7.39-150400.3.46.1
* perl-solv-0.7.39-150400.3.46.1
* libsolv-debugsource-0.7.39-150400.3.46.1
* libzypp-devel-17.38.13-150400.3.158.1
* libsolv-tools-0.7.39-150400.3.46.1
* libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1
* libzypp-17.38.13-150400.3.158.1
* libsolv-debuginfo-0.7.39-150400.3.46.1
* libsolv-tools-debuginfo-0.7.39-150400.3.46.1
* libsolv-tools-base-0.7.39-150400.3.46.1
* perl-solv-debuginfo-0.7.39-150400.3.46.1
* ruby-solv-0.7.39-150400.3.46.1
* libzypp-debugsource-17.38.13-150400.3.158.1
* python3-solv-debuginfo-0.7.39-150400.3.46.1
* python3-solv-0.7.39-150400.3.46.1
* zypper-debugsource-1.14.98-150400.3.104.1
* libsolv-devel-0.7.39-150400.3.46.1
* libzypp-debuginfo-17.38.13-150400.3.158.1
* zypper-debuginfo-1.14.98-150400.3.104.1
* zypper-1.14.98-150400.3.104.1
* ruby-solv-debuginfo-0.7.39-150400.3.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* zypper-needs-restarting-1.14.98-150400.3.104.1
* zypper-log-1.14.98-150400.3.104.1
* SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64)
* libsolv-tools-base-0.7.39-150400.3.46.1
* libsolv-tools-0.7.39-150400.3.46.1
* libzypp-17.38.13-150400.3.158.1
* SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64)
* libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1
* SUSE Linux Enterprise Desktop 15 SP4 (x86_64)
* libsolv-tools-base-0.7.39-150400.3.46.1
* libsolv-tools-0.7.39-150400.3.46.1
* libzypp-17.38.13-150400.3.158.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* libsolv-tools-base-0.7.39-150400.3.46.1
* libsolv-tools-0.7.39-150400.3.46.1
* libzypp-17.38.13-150400.3.158.1
* SUSE Manager Proxy 4.3 (x86_64)
* libsolv-tools-base-0.7.39-150400.3.46.1
* libsolv-tools-0.7.39-150400.3.46.1
* libzypp-17.38.13-150400.3.158.1
* SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64)
* libsolv-tools-base-0.7.39-150400.3.46.1
* libsolv-tools-0.7.39-150400.3.46.1
* libzypp-17.38.13-150400.3.158.1
* SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le)
* libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libsolv-devel-debuginfo-0.7.39-150400.3.46.1
* perl-solv-0.7.39-150400.3.46.1
* libsolv-debugsource-0.7.39-150400.3.46.1
* libzypp-devel-17.38.13-150400.3.158.1
* libsolv-tools-0.7.39-150400.3.46.1
* libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1
* libzypp-17.38.13-150400.3.158.1
* libsolv-debuginfo-0.7.39-150400.3.46.1
* libsolv-tools-debuginfo-0.7.39-150400.3.46.1
* libsolv-tools-base-0.7.39-150400.3.46.1
* perl-solv-debuginfo-0.7.39-150400.3.46.1
* ruby-solv-0.7.39-150400.3.46.1
* libzypp-debugsource-17.38.13-150400.3.158.1
* python3-solv-debuginfo-0.7.39-150400.3.46.1
* python3-solv-0.7.39-150400.3.46.1
* zypper-debugsource-1.14.98-150400.3.104.1
* libsolv-devel-0.7.39-150400.3.46.1
* libzypp-debuginfo-17.38.13-150400.3.158.1
* zypper-debuginfo-1.14.98-150400.3.104.1
* zypper-1.14.98-150400.3.104.1
* ruby-solv-debuginfo-0.7.39-150400.3.46.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* zypper-needs-restarting-1.14.98-150400.3.104.1
* zypper-log-1.14.98-150400.3.104.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libsolv-devel-debuginfo-0.7.39-150400.3.46.1
* perl-solv-0.7.39-150400.3.46.1
* libsolv-debugsource-0.7.39-150400.3.46.1
* libzypp-devel-17.38.13-150400.3.158.1
* libsolv-tools-0.7.39-150400.3.46.1
* libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1
* libzypp-17.38.13-150400.3.158.1
* libsolv-debuginfo-0.7.39-150400.3.46.1
* libsolv-tools-debuginfo-0.7.39-150400.3.46.1
* libsolv-tools-base-0.7.39-150400.3.46.1
* perl-solv-debuginfo-0.7.39-150400.3.46.1
* ruby-solv-0.7.39-150400.3.46.1
* libzypp-debugsource-17.38.13-150400.3.158.1
* python3-solv-debuginfo-0.7.39-150400.3.46.1
* python3-solv-0.7.39-150400.3.46.1
* zypper-debugsource-1.14.98-150400.3.104.1
* libsolv-devel-0.7.39-150400.3.46.1
* libzypp-debuginfo-17.38.13-150400.3.158.1
* zypper-debuginfo-1.14.98-150400.3.104.1
* zypper-1.14.98-150400.3.104.1
* ruby-solv-debuginfo-0.7.39-150400.3.46.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* zypper-needs-restarting-1.14.98-150400.3.104.1
* zypper-log-1.14.98-150400.3.104.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* libsolv-devel-debuginfo-0.7.39-150400.3.46.1
* perl-solv-0.7.39-150400.3.46.1
* libsolv-debugsource-0.7.39-150400.3.46.1
* libzypp-devel-17.38.13-150400.3.158.1
* libsolv-tools-0.7.39-150400.3.46.1
* libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1
* libzypp-17.38.13-150400.3.158.1
* libsolv-debuginfo-0.7.39-150400.3.46.1
* libzypp-devel-doc-17.38.13-150400.3.158.1
* libsolv-tools-debuginfo-0.7.39-150400.3.46.1
* libsolv-tools-base-0.7.39-150400.3.46.1
* perl-solv-debuginfo-0.7.39-150400.3.46.1
* python311-solv-debuginfo-0.7.39-150400.3.46.1
* ruby-solv-0.7.39-150400.3.46.1
* libzypp-debugsource-17.38.13-150400.3.158.1
* python3-solv-debuginfo-0.7.39-150400.3.46.1
* python3-solv-0.7.39-150400.3.46.1
* zypper-debugsource-1.14.98-150400.3.104.1
* libsolv-devel-0.7.39-150400.3.46.1
* libzypp-debuginfo-17.38.13-150400.3.158.1
* zypper-debuginfo-1.14.98-150400.3.104.1
* libsolv-demo-0.7.39-150400.3.46.1
* libsolv-demo-debuginfo-0.7.39-150400.3.46.1
* zypper-1.14.98-150400.3.104.1
* ruby-solv-debuginfo-0.7.39-150400.3.46.1
* python311-solv-0.7.39-150400.3.46.1
* openSUSE Leap 15.4 (noarch)
* zypper-needs-restarting-1.14.98-150400.3.104.1
* zypper-log-1.14.98-150400.3.104.1
* zypper-aptitude-1.14.98-150400.3.104.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libzypp-17.38.13-150400.3.158.1
* libzypp-debugsource-17.38.13-150400.3.158.1
* libsolv-debuginfo-0.7.39-150400.3.46.1
* libzypp-debuginfo-17.38.13-150400.3.158.1
* zypper-debuginfo-1.14.98-150400.3.104.1
* libsolv-tools-debuginfo-0.7.39-150400.3.46.1
* libsolv-debugsource-0.7.39-150400.3.46.1
* libsolv-tools-base-0.7.39-150400.3.46.1
* zypper-1.14.98-150400.3.104.1
* libsolv-tools-0.7.39-150400.3.46.1
* libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1
* zypper-debugsource-1.14.98-150400.3.104.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
* zypper-needs-restarting-1.14.98-150400.3.104.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libzypp-17.38.13-150400.3.158.1
* libzypp-debugsource-17.38.13-150400.3.158.1
* libsolv-debuginfo-0.7.39-150400.3.46.1
* libzypp-debuginfo-17.38.13-150400.3.158.1
* zypper-debuginfo-1.14.98-150400.3.104.1
* libsolv-tools-debuginfo-0.7.39-150400.3.46.1
* libsolv-debugsource-0.7.39-150400.3.46.1
* libsolv-tools-base-0.7.39-150400.3.46.1
* zypper-1.14.98-150400.3.104.1
* libsolv-tools-0.7.39-150400.3.46.1
* libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1
* zypper-debugsource-1.14.98-150400.3.104.1
* SUSE Linux Enterprise Micro 5.3 (noarch)
* zypper-needs-restarting-1.14.98-150400.3.104.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libzypp-17.38.13-150400.3.158.1
* libzypp-debugsource-17.38.13-150400.3.158.1
* libsolv-debuginfo-0.7.39-150400.3.46.1
* libzypp-debuginfo-17.38.13-150400.3.158.1
* zypper-debuginfo-1.14.98-150400.3.104.1
* libsolv-tools-debuginfo-0.7.39-150400.3.46.1
* libsolv-debugsource-0.7.39-150400.3.46.1
* libsolv-tools-base-0.7.39-150400.3.46.1
* zypper-1.14.98-150400.3.104.1
* libsolv-tools-0.7.39-150400.3.46.1
* libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1
* zypper-debugsource-1.14.98-150400.3.104.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
* zypper-needs-restarting-1.14.98-150400.3.104.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libzypp-17.38.13-150400.3.158.1
* libzypp-debugsource-17.38.13-150400.3.158.1
* libsolv-debuginfo-0.7.39-150400.3.46.1
* libzypp-debuginfo-17.38.13-150400.3.158.1
* zypper-debuginfo-1.14.98-150400.3.104.1
* libsolv-tools-debuginfo-0.7.39-150400.3.46.1
* libsolv-debugsource-0.7.39-150400.3.46.1
* libsolv-tools-base-0.7.39-150400.3.46.1
* zypper-1.14.98-150400.3.104.1
* libsolv-tools-0.7.39-150400.3.46.1
* libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1
* zypper-debugsource-1.14.98-150400.3.104.1
* SUSE Linux Enterprise Micro 5.4 (noarch)
* zypper-needs-restarting-1.14.98-150400.3.104.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libsolv-devel-debuginfo-0.7.39-150400.3.46.1
* perl-solv-0.7.39-150400.3.46.1
* libsolv-debugsource-0.7.39-150400.3.46.1
* libzypp-devel-17.38.13-150400.3.158.1
* libsolv-tools-0.7.39-150400.3.46.1
* libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1
* libzypp-17.38.13-150400.3.158.1
* libsolv-debuginfo-0.7.39-150400.3.46.1
* libsolv-tools-debuginfo-0.7.39-150400.3.46.1
* libsolv-tools-base-0.7.39-150400.3.46.1
* perl-solv-debuginfo-0.7.39-150400.3.46.1
* ruby-solv-0.7.39-150400.3.46.1
* libzypp-debugsource-17.38.13-150400.3.158.1
* python3-solv-debuginfo-0.7.39-150400.3.46.1
* python3-solv-0.7.39-150400.3.46.1
* zypper-debugsource-1.14.98-150400.3.104.1
* libsolv-devel-0.7.39-150400.3.46.1
* libzypp-debuginfo-17.38.13-150400.3.158.1
* zypper-debuginfo-1.14.98-150400.3.104.1
* zypper-1.14.98-150400.3.104.1
* ruby-solv-debuginfo-0.7.39-150400.3.46.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* zypper-needs-restarting-1.14.98-150400.3.104.1
* zypper-log-1.14.98-150400.3.104.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25707.html
* https://www.suse.com/security/cve/CVE-2026-44933.html
* https://www.suse.com/security/cve/CVE-2026-44941.html
* https://www.suse.com/security/cve/CVE-2026-44942.html
* https://www.suse.com/security/cve/CVE-2026-48863.html
* https://www.suse.com/security/cve/CVE-2026-9149.html
* https://www.suse.com/security/cve/CVE-2026-9150.html
* https://bugzilla.suse.com/show_bug.cgi?id=1158038
* https://bugzilla.suse.com/show_bug.cgi?id=1239718
* https://bugzilla.suse.com/show_bug.cgi?id=1246504
* https://bugzilla.suse.com/show_bug.cgi?id=1247948
* https://bugzilla.suse.com/show_bug.cgi?id=1249435
* https://bugzilla.suse.com/show_bug.cgi?id=1252744
* https://bugzilla.suse.com/show_bug.cgi?id=1253193
* https://bugzilla.suse.com/show_bug.cgi?id=1253740
* https://bugzilla.suse.com/show_bug.cgi?id=1257068
* https://bugzilla.suse.com/show_bug.cgi?id=1257882
* https://bugzilla.suse.com/show_bug.cgi?id=1258193
* https://bugzilla.suse.com/show_bug.cgi?id=1259311
* https://bugzilla.suse.com/show_bug.cgi?id=1259706
* https://bugzilla.suse.com/show_bug.cgi?id=1259802
* https://bugzilla.suse.com/show_bug.cgi?id=1259842
* https://bugzilla.suse.com/show_bug.cgi?id=1265223
* https://bugzilla.suse.com/show_bug.cgi?id=1265935
* https://bugzilla.suse.com/show_bug.cgi?id=1265938
* https://bugzilla.suse.com/show_bug.cgi?id=1266039
* https://bugzilla.suse.com/show_bug.cgi?id=1267426
* https://bugzilla.suse.com/show_bug.cgi?id=1267874
* https://jira.suse.com/browse/PED-13680
* https://jira.suse.com/browse/PED-14658
* https://jira.suse.com/browse/PED-15607



SUSE-SU-2026:2676-1: important: Security update for bind


# Security update for bind

Announcement ID: SUSE-SU-2026:2676-1
Release Date: 2026-06-29T09:53:56Z
Rating: important
References:

* bsc#1265591
* bsc#1265592
* bsc#1265593
* bsc#1265594
* bsc#1265596

Cross-References:

* CVE-2026-3039
* CVE-2026-3592
* CVE-2026-3593
* CVE-2026-5946
* CVE-2026-5950

CVSS scores:

* CVE-2026-3039 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-3039 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-3592 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-3592 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-3593 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-3593 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-3593 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-5946 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-5946 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-5950 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-5950 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves five vulnerabilities can now be installed.

## Description:

This update for bind fixes the following issues

* CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY
negotiation (bsc#1265591).
* CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records
(bsc#1265592).
* CVE-2026-5946: Invalid handling of CLASS != IN (bsc#1265594).
* CVE-2026-5950: Unbounded resend loop in BIND 9 resolver (bsc#1265596).
* CVE-2026-3593: Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS
implementation (bsc#1265593).

Changes for bind:

* Update to release 9.18.49

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2676=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2676=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2676=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* bind-9.18.49-150600.3.26.1
* bind-utils-9.18.49-150600.3.26.1
* bind-debuginfo-9.18.49-150600.3.26.1
* bind-utils-debuginfo-9.18.49-150600.3.26.1
* bind-debugsource-9.18.49-150600.3.26.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* bind-doc-9.18.49-150600.3.26.1
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* bind-9.18.49-150600.3.26.1
* bind-utils-9.18.49-150600.3.26.1
* bind-debuginfo-9.18.49-150600.3.26.1
* bind-utils-debuginfo-9.18.49-150600.3.26.1
* bind-debugsource-9.18.49-150600.3.26.1
* openSUSE Leap 15.6 (noarch)
* bind-doc-9.18.49-150600.3.26.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* bind-9.18.49-150600.3.26.1
* bind-utils-9.18.49-150600.3.26.1
* bind-debuginfo-9.18.49-150600.3.26.1
* bind-utils-debuginfo-9.18.49-150600.3.26.1
* bind-debugsource-9.18.49-150600.3.26.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* bind-doc-9.18.49-150600.3.26.1

## References:

* https://www.suse.com/security/cve/CVE-2026-3039.html
* https://www.suse.com/security/cve/CVE-2026-3592.html
* https://www.suse.com/security/cve/CVE-2026-3593.html
* https://www.suse.com/security/cve/CVE-2026-5946.html
* https://www.suse.com/security/cve/CVE-2026-5950.html
* https://bugzilla.suse.com/show_bug.cgi?id=1265591
* https://bugzilla.suse.com/show_bug.cgi?id=1265592
* https://bugzilla.suse.com/show_bug.cgi?id=1265593
* https://bugzilla.suse.com/show_bug.cgi?id=1265594
* https://bugzilla.suse.com/show_bug.cgi?id=1265596


Perl 5.32 update for Rocky Linux

QEMU qcow2 Regression, NSS Parsing Flaw, SQLite FTS5 Bugs, and libheif HEIF updates for Ubuntu

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...