SUSE has released three security updates to address vulnerabilities in various packages. The first update, SUSE-SU-2026:0801-1, fixes a moderate-level vulnerability in libxslt and can be installed on multiple products including openSUSE Leap 15.4 and 15.6. The second update, SUSE-SU-2026:0803-1, addresses a moderate-level vulnerability in util-linux that affects openSUSE Leap 15.6. The third update, SUSE-SU-2026:0805-1, fixes a low-level vulnerability in python-pip and can be installed on multiple products including openSUSE Leap 15.4 and 15.6.

SUSE-SU-2026:0801-1: moderate: Security update for libxslt
SUSE-SU-2026:0803-1: moderate: Security update for util-linux
SUSE-SU-2026:0805-1: low: Security update for python-pip

SUSE-SU-2026:0801-1: moderate: Security update for libxslt

# Security update for libxslt

Announcement ID: SUSE-SU-2026:0801-1
Release Date: 2026-03-04T12:33:42Z
Rating: moderate
References:

* bsc#1250553

Cross-References:

* CVE-2025-10911

CVSS scores:

* CVE-2025-10911 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-10911 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-10911 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for libxslt fixes the following issues:

* CVE-2025-10911: use-after-free will be fixed on libxml2 side instead
(bsc#1250553).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-801=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-801=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-801=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-801=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-801=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-801=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-801=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-801=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-801=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libxslt-tools-1.1.34-150400.3.16.1
* libxslt-devel-1.1.34-150400.3.16.1
* libxslt1-1.1.34-150400.3.16.1
* libxslt-tools-debuginfo-1.1.34-150400.3.16.1
* libxslt-debugsource-1.1.34-150400.3.16.1
* libxslt1-debuginfo-1.1.34-150400.3.16.1
* openSUSE Leap 15.4 (x86_64)
* libxslt-devel-32bit-1.1.34-150400.3.16.1
* libxslt1-32bit-1.1.34-150400.3.16.1
* libxslt1-32bit-debuginfo-1.1.34-150400.3.16.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libxslt1-64bit-1.1.34-150400.3.16.1
* libxslt1-64bit-debuginfo-1.1.34-150400.3.16.1
* libxslt-devel-64bit-1.1.34-150400.3.16.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* libxslt-tools-1.1.34-150400.3.16.1
* libxslt-devel-1.1.34-150400.3.16.1
* libxslt1-1.1.34-150400.3.16.1
* libxslt-tools-debuginfo-1.1.34-150400.3.16.1
* libxslt-debugsource-1.1.34-150400.3.16.1
* libxslt1-debuginfo-1.1.34-150400.3.16.1
* openSUSE Leap 15.6 (x86_64)
* libxslt-devel-32bit-1.1.34-150400.3.16.1
* libxslt1-32bit-1.1.34-150400.3.16.1
* libxslt1-32bit-debuginfo-1.1.34-150400.3.16.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libxslt1-1.1.34-150400.3.16.1
* libxslt-debugsource-1.1.34-150400.3.16.1
* libxslt1-debuginfo-1.1.34-150400.3.16.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libxslt1-1.1.34-150400.3.16.1
* libxslt-debugsource-1.1.34-150400.3.16.1
* libxslt1-debuginfo-1.1.34-150400.3.16.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libxslt1-1.1.34-150400.3.16.1
* libxslt-debugsource-1.1.34-150400.3.16.1
* libxslt1-debuginfo-1.1.34-150400.3.16.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libxslt1-1.1.34-150400.3.16.1
* libxslt-debugsource-1.1.34-150400.3.16.1
* libxslt1-debuginfo-1.1.34-150400.3.16.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libxslt1-1.1.34-150400.3.16.1
* libxslt-debugsource-1.1.34-150400.3.16.1
* libxslt1-debuginfo-1.1.34-150400.3.16.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libxslt-tools-1.1.34-150400.3.16.1
* libxslt-devel-1.1.34-150400.3.16.1
* libxslt1-1.1.34-150400.3.16.1
* libxslt-tools-debuginfo-1.1.34-150400.3.16.1
* libxslt-debugsource-1.1.34-150400.3.16.1
* libxslt1-debuginfo-1.1.34-150400.3.16.1
* SUSE Package Hub 15 15-SP7 (x86_64)
* libxslt1-32bit-debuginfo-1.1.34-150400.3.16.1
* libxslt1-32bit-1.1.34-150400.3.16.1

## References:

* https://www.suse.com/security/cve/CVE-2025-10911.html
* https://bugzilla.suse.com/show_bug.cgi?id=1250553

SUSE-SU-2026:0803-1: moderate: Security update for util-linux

# Security update for util-linux

Announcement ID: SUSE-SU-2026:0803-1
Release Date: 2026-03-04T12:58:08Z
Rating: moderate
References:

* bsc#1258859

Cross-References:

* CVE-2026-3184

CVSS scores:

* CVE-2026-3184 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-3184 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products:

* openSUSE Leap 15.6

An update that solves one vulnerability can now be installed.

## Description:

This update for util-linux fixes the following issues:

* CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access
control for "login -h" (bsc#1258859).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-803=1 openSUSE-SLE-15.6-2026-803=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* uuidd-debuginfo-2.39.3-150600.4.18.1
* libmount1-2.39.3-150600.4.18.1
* python3-libmount-2.39.3-150600.4.18.1
* libblkid1-2.39.3-150600.4.18.1
* libblkid-devel-2.39.3-150600.4.18.1
* libuuid-devel-2.39.3-150600.4.18.1
* libuuid1-debuginfo-2.39.3-150600.4.18.1
* python-libmount-debugsource-2.39.3-150600.4.18.1
* libsmartcols1-2.39.3-150600.4.18.1
* libblkid-devel-static-2.39.3-150600.4.18.1
* libfdisk1-2.39.3-150600.4.18.1
* libsmartcols-devel-2.39.3-150600.4.18.1
* util-linux-debugsource-2.39.3-150600.4.18.1
* util-linux-systemd-2.39.3-150600.4.18.1
* libfdisk-devel-static-2.39.3-150600.4.18.1
* util-linux-systemd-debuginfo-2.39.3-150600.4.18.1
* util-linux-debuginfo-2.39.3-150600.4.18.1
* uuidd-2.39.3-150600.4.18.1
* python3-libmount-debuginfo-2.39.3-150600.4.18.1
* util-linux-2.39.3-150600.4.18.1
* util-linux-tty-tools-debuginfo-2.39.3-150600.4.18.1
* libfdisk-devel-2.39.3-150600.4.18.1
* libmount1-debuginfo-2.39.3-150600.4.18.1
* libmount-devel-2.39.3-150600.4.18.1
* libuuid-devel-static-2.39.3-150600.4.18.1
* libfdisk1-debuginfo-2.39.3-150600.4.18.1
* libuuid1-2.39.3-150600.4.18.1
* libsmartcols1-debuginfo-2.39.3-150600.4.18.1
* util-linux-systemd-debugsource-2.39.3-150600.4.18.1
* util-linux-tty-tools-2.39.3-150600.4.18.1
* libmount-devel-static-2.39.3-150600.4.18.1
* libsmartcols-devel-static-2.39.3-150600.4.18.1
* libblkid1-debuginfo-2.39.3-150600.4.18.1
* openSUSE Leap 15.6 (x86_64)
* libsmartcols1-32bit-debuginfo-2.39.3-150600.4.18.1
* libfdisk-devel-32bit-2.39.3-150600.4.18.1
* libmount1-32bit-2.39.3-150600.4.18.1
* libblkid1-32bit-2.39.3-150600.4.18.1
* libuuid-devel-32bit-2.39.3-150600.4.18.1
* libsmartcols1-32bit-2.39.3-150600.4.18.1
* libfdisk1-32bit-debuginfo-2.39.3-150600.4.18.1
* libuuid1-32bit-debuginfo-2.39.3-150600.4.18.1
* libblkid-devel-32bit-2.39.3-150600.4.18.1
* libmount-devel-32bit-2.39.3-150600.4.18.1
* libblkid1-32bit-debuginfo-2.39.3-150600.4.18.1
* libmount1-32bit-debuginfo-2.39.3-150600.4.18.1
* libfdisk1-32bit-2.39.3-150600.4.18.1
* libuuid1-32bit-2.39.3-150600.4.18.1
* libsmartcols-devel-32bit-2.39.3-150600.4.18.1
* openSUSE Leap 15.6 (noarch)
* util-linux-lang-2.39.3-150600.4.18.1
* openSUSE Leap 15.6 (s390x)
* util-linux-extra-2.39.3-150600.4.18.1
* util-linux-extra-debuginfo-2.39.3-150600.4.18.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libfdisk1-64bit-debuginfo-2.39.3-150600.4.18.1
* libfdisk-devel-64bit-2.39.3-150600.4.18.1
* libblkid-devel-64bit-2.39.3-150600.4.18.1
* libblkid1-64bit-debuginfo-2.39.3-150600.4.18.1
* libsmartcols1-64bit-2.39.3-150600.4.18.1
* libfdisk1-64bit-2.39.3-150600.4.18.1
* libsmartcols-devel-64bit-2.39.3-150600.4.18.1
* libmount-devel-64bit-2.39.3-150600.4.18.1
* libuuid1-64bit-debuginfo-2.39.3-150600.4.18.1
* libmount1-64bit-debuginfo-2.39.3-150600.4.18.1
* libuuid-devel-64bit-2.39.3-150600.4.18.1
* libsmartcols1-64bit-debuginfo-2.39.3-150600.4.18.1
* libblkid1-64bit-2.39.3-150600.4.18.1
* libmount1-64bit-2.39.3-150600.4.18.1
* libuuid1-64bit-2.39.3-150600.4.18.1

## References:

* https://www.suse.com/security/cve/CVE-2026-3184.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258859

SUSE-SU-2026:0805-1: low: Security update for python-pip

# Security update for python-pip

Announcement ID: SUSE-SU-2026:0805-1
Release Date: 2026-03-04T12:58:47Z
Rating: low
References:

* bsc#1257599

Cross-References:

* CVE-2026-1703

CVSS scores:

* CVE-2026-1703 ( SUSE ): 2.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-1703 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2026-1703 ( NVD ): 2.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6
* Public Cloud Module 15-SP4
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for python-pip fixes the following issues:

* CVE-2026-1703: Fixed a potential path traversal in python-pip. (bsc#1257599)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-805=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-805=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-805=1

* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-805=1

## Package List:

* openSUSE Leap 15.4 (noarch)
* python311-pip-22.3.1-150400.17.19.1
* openSUSE Leap 15.6 (noarch)
* python311-pip-22.3.1-150400.17.19.1
* Public Cloud Module 15-SP4 (noarch)
* python311-pip-22.3.1-150400.17.19.1
* Python 3 Module 15-SP7 (noarch)
* python311-pip-22.3.1-150400.17.19.1

## References:

* https://www.suse.com/security/cve/CVE-2026-1703.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257599