openSUSE-SU-2026:10056-1: moderate: libwireshark19-4.6.3-1.1 on GA media
openSUSE-SU-2026:10052-1: moderate: avahi-0.8-41.1 on GA media
openSUSE-SU-2026:10055-1: moderate: python311-virtualenv-20.36.1-1.1 on GA media
openSUSE-SU-2026:10051-1: moderate: NetworkManager-applet-l2tp-1.52.0-1.1 on GA media
openSUSE-SU-2026:0016-1: moderate: Security update for zk
openSUSE-SU-2026:0017-1: moderate: Security update for zk
openSUSE-SU-2026:0014-1: moderate: Security update for fluidsynth
openSUSE-SU-2026:10056-1: moderate: libwireshark19-4.6.3-1.1 on GA media
# libwireshark19-4.6.3-1.1 on GA media
Announcement ID: openSUSE-SU-2026:10056-1
Rating: moderate
Cross-References:
* CVE-2026-0959
* CVE-2026-0960
* CVE-2026-0961
* CVE-2026-0962
CVSS scores:
* CVE-2026-0959 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-0959 ( SUSE ): 6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-0960 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-0960 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-0961 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-0961 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-0962 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-0962 ( SUSE ): 6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 4 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the libwireshark19-4.6.3-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* libwireshark19 4.6.3-1.1
* libwiretap16 4.6.3-1.1
* libwsutil17 4.6.3-1.1
* wireshark 4.6.3-1.1
* wireshark-devel 4.6.3-1.1
* wireshark-ui-qt 4.6.3-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-0959.html
* https://www.suse.com/security/cve/CVE-2026-0960.html
* https://www.suse.com/security/cve/CVE-2026-0961.html
* https://www.suse.com/security/cve/CVE-2026-0962.html
openSUSE-SU-2026:10052-1: moderate: avahi-0.8-41.1 on GA media
# avahi-0.8-41.1 on GA media
Announcement ID: openSUSE-SU-2026:10052-1
Rating: moderate
Cross-References:
* CVE-2025-68276
* CVE-2025-68468
* CVE-2025-68471
CVSS scores:
* CVE-2025-68276 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68276 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68468 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-68468 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68471 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-68471 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 3 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the avahi-0.8-41.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* avahi 0.8-41.1
* avahi-autoipd 0.8-41.1
* avahi-compat-howl-devel 0.8-41.1
* avahi-compat-mDNSResponder-devel 0.8-41.1
* avahi-lang 0.8-41.1
* avahi-utils 0.8-41.1
* libavahi-client3 0.8-41.1
* libavahi-client3-32bit 0.8-41.1
* libavahi-common3 0.8-41.1
* libavahi-common3-32bit 0.8-41.1
* libavahi-core7 0.8-41.1
* libavahi-devel 0.8-41.1
* libavahi-libevent1 0.8-41.1
* libdns_sd 0.8-41.1
* libdns_sd-32bit 0.8-41.1
* libhowl0 0.8-41.1
* python311-avahi 0.8-41.1
* python312-avahi 0.8-41.1
* python313-avahi 0.8-41.1
## References:
* https://www.suse.com/security/cve/CVE-2025-68276.html
* https://www.suse.com/security/cve/CVE-2025-68468.html
* https://www.suse.com/security/cve/CVE-2025-68471.html
openSUSE-SU-2026:10055-1: moderate: python311-virtualenv-20.36.1-1.1 on GA media
# python311-virtualenv-20.36.1-1.1 on GA media
Announcement ID: openSUSE-SU-2026:10055-1
Rating: moderate
Cross-References:
* CVE-2025-68146
* CVE-2026-22702
CVSS scores:
* CVE-2025-68146 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-68146 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-22702 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-22702 ( SUSE ): 2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 2 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the python311-virtualenv-20.36.1-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* python311-virtualenv 20.36.1-1.1
* python312-virtualenv 20.36.1-1.1
* python313-virtualenv 20.36.1-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-68146.html
* https://www.suse.com/security/cve/CVE-2026-22702.html
openSUSE-SU-2026:10051-1: moderate: NetworkManager-applet-l2tp-1.52.0-1.1 on GA media
# NetworkManager-applet-l2tp-1.52.0-1.1 on GA media
Announcement ID: openSUSE-SU-2026:10051-1
Rating: moderate
Cross-References:
* CVE-2025-9615
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the NetworkManager-applet-l2tp-1.52.0-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* NetworkManager-applet-l2tp 1.52.0-1.1
* NetworkManager-l2tp 1.52.0-1.1
* NetworkManager-l2tp-lang 1.52.0-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-9615.html
openSUSE-SU-2026:0016-1: moderate: Security update for zk
openSUSE Security Update: Security update for zk
_______________________________
Announcement ID: openSUSE-SU-2026:0016-1
Rating: moderate
References:
Cross-References: CVE-2025-58181
CVSS scores:
CVE-2025-58181 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________
An update that fixes one vulnerability is now available.
Description:
This update for zk fixes the following issues:
- Update to version 0.15.2
* Find notes with missing backlinks using zk list --missing-backlink
* LSP diagnostic for missing backlinks when other notes link to current
note without reciprocal links
* Code action to add missing backlinks
* LSP diagnostic for self-referential links
* Release tarballs now output the program version
* Config path can be set with $ZK_CONFIG_DIR
* bump deps: golang.org/x/crypto v0.45.0 fixes CVE-2025-58181
- Update to version 0.15.0
* fixed LSP crashes when editing code fences and/or working in text
files with code fences
* new feature to set a group path "by name", in that any directory with
the same name can share the same group rules, no matter how deep in
the notebook. See references below.
- Update to version 0.14.2
* Path in .zk/config.toml for the default note template now accepts UNIX
"~/paths"
* Find notes without tags with zk list --tagless
* fix: LSP ignores magnet links as links to notes
* fix: Note titles with double quoted words no longer break json output
* fix: Grammar in error output
* fix: Group rules could not be nested
- Update to version 0.14.1
* Fixed parsing large notes @khimaros in #339
* fix day range parsing (#382) by @tjex in #384
* accept tripple dash file URIs as valid links by @tjex in #391
* fix(lsp): fix trigger completion of zk LSP by @Rahlir in #397
* fix(lsp): ignore diagnostic check within code blocks by @Rahlir in #399
* allow notebook as hidden dir by @tjex in #402
* documentation fixes
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-16=1
Package List:
- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):
zk-0.15.2-bp157.2.3.1
References:
https://www.suse.com/security/cve/CVE-2025-58181.html
openSUSE-SU-2026:0017-1: moderate: Security update for zk
openSUSE Security Update: Security update for zk
_______________________________
Announcement ID: openSUSE-SU-2026:0017-1
Rating: moderate
References:
Cross-References: CVE-2025-58181
CVSS scores:
CVE-2025-58181 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________
An update that fixes one vulnerability is now available.
Description:
This update for zk fixes the following issues:
- Update to version 0.15.2
* Find notes with missing backlinks using zk list --missing-backlink
* LSP diagnostic for missing backlinks when other notes link to current
note without reciprocal links
* Code action to add missing backlinks
* LSP diagnostic for self-referential links
* Release tarballs now output the program version
* Config path can be set with $ZK_CONFIG_DIR
* bump deps: golang.org/x/crypto v0.45.0 fixes CVE-2025-58181
- Update to version 0.15.0
* fixed LSP crashes when editing code fences and/or working in text
files with code fences
* new feature to set a group path "by name", in that any directory with
the same name can share the same group rules, no matter how deep in
the notebook. See references below.
- Update to version 0.14.2
* Path in .zk/config.toml for the default note template now accepts UNIX
"~/paths"
* Find notes without tags with zk list --tagless
* fix: LSP ignores magnet links as links to notes
* fix: Note titles with double quoted words no longer break json output
* fix: Grammar in error output
* fix: Group rules could not be nested
- Update to version 0.14.1
* Fixed parsing large notes @khimaros in #339
* fix day range parsing (#382) by @tjex in #384
* accept tripple dash file URIs as valid links by @tjex in #391
* fix(lsp): fix trigger completion of zk LSP by @Rahlir in #397
* fix(lsp): ignore diagnostic check within code blocks by @Rahlir in #399
* allow notebook as hidden dir by @tjex in #402
* documentation fixes
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP6:
zypper in -t patch openSUSE-2026-17=1
Package List:
- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):
zk-0.15.2-bp156.2.3.1
References:
https://www.suse.com/security/cve/CVE-2025-58181.html
openSUSE-SU-2026:0014-1: moderate: Security update for fluidsynth
openSUSE Security Update: Security update for fluidsynth
_______________________________
Announcement ID: openSUSE-SU-2026:0014-1
Rating: moderate
References: #1256435
Cross-References: CVE-2025-56225
CVSS scores:
CVE-2025-56225 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________
An update that fixes one vulnerability is now available.
Description:
This update for fluidsynth fixes the following issues:
- CVE-2025-56225: Fixed NULL pointer deference when loading and invalid
MIDI file (boo#1256435).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-14=1
Package List:
- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):
fluidsynth-2.3.4-bp157.2.3.1
fluidsynth-devel-2.3.4-bp157.2.3.1
libfluidsynth3-2.3.4-bp157.2.3.1
- openSUSE Backports SLE-15-SP7 (aarch64_ilp32):
libfluidsynth3-64bit-2.3.4-bp157.2.3.1
- openSUSE Backports SLE-15-SP7 (x86_64):
libfluidsynth3-32bit-2.3.4-bp157.2.3.1
References:
https://www.suse.com/security/cve/CVE-2025-56225.html
https://bugzilla.suse.com/1256435
