SUSE-SU-2026:2820-1: important: Security update for GraphicsMagick
SUSE-SU-2026:2819-1: moderate: Security update for python-Django
SUSE-SU-2026:2828-1: moderate: Security update for python-idna
SUSE-SU-2026:2827-1: important: Security update for cosign
SUSE-SU-2026:2829-1: important: Security update for libaom
SUSE-SU-2026:2830-1: important: Security update for warewulf4
SUSE-SU-2026:2832-1: important: Security update for rustup
SUSE-SU-2026:2831-1: important: Security update for rustup
SUSE-SU-2026:2834-1: important: Security update for clamav
SUSE-SU-2026:2835-1: important: Security update for clamav
openSUSE-SU-2026:0239-1: important: Security update for flannel
openSUSE-SU-2026:0238-1: important: Security update for chromium
SUSE-SU-2026:2844-1: important: Security update for gstreamer-plugins-good
SUSE-SU-2026:2842-1: important: Security update for gstreamer-plugins-good
SUSE-SU-2026:2843-1: important: Security update for gstreamer-plugins-good
SUSE-SU-2026:2847-1: important: Security update for krb5
SUSE-SU-2026:2848-1: important: Security update for krb5, krb5-mini
openSUSE-SU-2026:21274-1: important: Security update for rust-keylime
openSUSE-SU-2026:11221-1: moderate: python313-sqlparse-0.5.5-2.1 on GA media
openSUSE-SU-2026:11223-1: moderate: rustup-1.28.2~0-5.1 on GA media
openSUSE-SU-2026:11217-1: moderate: nasm-3.02-1.1 on GA media
openSUSE-SU-2026:11218-1: moderate: libIex-3_4-33-3.4.13-1.1 on GA media
openSUSE-SU-2026:11224-1: moderate: sccache-0.16.0~0-3.1 on GA media
openSUSE-SU-2026:11220-1: moderate: python313-pytest-html-4.2.0-4.1 on GA media
openSUSE-SU-2026:11215-1: moderate: libmbedtls23-4.2.0-1.1 on GA media
SUSE-SU-2026:2840-1: important: Security update for the Linux Kernel
SUSE-SU-2026:2820-1: important: Security update for GraphicsMagick
# Security update for GraphicsMagick
Announcement ID: SUSE-SU-2026:2820-1
Release Date: 2026-07-09T18:01:15Z
Rating: important
References:
* bsc#1269891
Cross-References:
* CVE-2026-13606
CVSS scores:
* CVE-2026-13606 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for GraphicsMagick fixes the following issue
* CVE-2026-13606: crafted Photo CD (PCD) file can cause memory corruption
(bsc#1269891).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2820=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2820=1
## Package List:
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* GraphicsMagick-debuginfo-1.3.42-150600.3.33.1
* GraphicsMagick-devel-1.3.42-150600.3.33.1
* libGraphicsMagick-Q16-3-1.3.42-150600.3.33.1
* libGraphicsMagick++-Q16-12-debuginfo-1.3.42-150600.3.33.1
* perl-GraphicsMagick-debuginfo-1.3.42-150600.3.33.1
* GraphicsMagick-1.3.42-150600.3.33.1
* libGraphicsMagick-Q16-3-debuginfo-1.3.42-150600.3.33.1
* libGraphicsMagick++-devel-1.3.42-150600.3.33.1
* perl-GraphicsMagick-1.3.42-150600.3.33.1
* libGraphicsMagickWand-Q16-2-debuginfo-1.3.42-150600.3.33.1
* libGraphicsMagick3-config-1.3.42-150600.3.33.1
* libGraphicsMagick++-Q16-12-1.3.42-150600.3.33.1
* libGraphicsMagickWand-Q16-2-1.3.42-150600.3.33.1
* GraphicsMagick-debugsource-1.3.42-150600.3.33.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* GraphicsMagick-debuginfo-1.3.42-150600.3.33.1
* GraphicsMagick-devel-1.3.42-150600.3.33.1
* libGraphicsMagick-Q16-3-1.3.42-150600.3.33.1
* libGraphicsMagick++-Q16-12-debuginfo-1.3.42-150600.3.33.1
* libGraphicsMagickWand-Q16-2-1.3.42-150600.3.33.1
* perl-GraphicsMagick-debuginfo-1.3.42-150600.3.33.1
* GraphicsMagick-1.3.42-150600.3.33.1
* libGraphicsMagick-Q16-3-debuginfo-1.3.42-150600.3.33.1
* libGraphicsMagick++-devel-1.3.42-150600.3.33.1
* perl-GraphicsMagick-1.3.42-150600.3.33.1
* libGraphicsMagickWand-Q16-2-debuginfo-1.3.42-150600.3.33.1
* libGraphicsMagick++-Q16-12-1.3.42-150600.3.33.1
* libGraphicsMagick3-config-1.3.42-150600.3.33.1
* GraphicsMagick-debugsource-1.3.42-150600.3.33.1
## References:
* https://www.suse.com/security/cve/CVE-2026-13606.html
* https://bugzilla.suse.com/show_bug.cgi?id=1269891
SUSE-SU-2026:2819-1: moderate: Security update for python-Django
# Security update for python-Django
Announcement ID: SUSE-SU-2026:2819-1
Release Date: 2026-07-09T17:12:22Z
Rating: moderate
References:
* bsc#1271029
* bsc#1271030
Cross-References:
* CVE-2026-48588
* CVE-2026-53877
CVSS scores:
* CVE-2026-48588 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-48588 ( NVD ): 2.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-48588 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-48588 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-53877 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-53877 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-53877 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7
An update that solves two vulnerabilities can now be installed.
## Description:
This update for python-Django fixes the following issues:
* CVE-2026-48588: potential exposure of private data via cached `Set-Cookie`
response (bsc#1271029).
* CVE-2026-53877: information disclosure via 32-byte heap buffer overread in
`GDALRaster` (bsc#1271030).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2819=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2819=1
## Package List:
* SUSE Package Hub 15 15-SP7 (noarch)
* python311-Django-4.2.11-150600.3.62.1
* openSUSE Leap 15.6 (noarch)
* python311-Django-4.2.11-150600.3.62.1
## References:
* https://www.suse.com/security/cve/CVE-2026-48588.html
* https://www.suse.com/security/cve/CVE-2026-53877.html
* https://bugzilla.suse.com/show_bug.cgi?id=1271029
* https://bugzilla.suse.com/show_bug.cgi?id=1271030
SUSE-SU-2026:2828-1: moderate: Security update for python-idna
# Security update for python-idna
Announcement ID: SUSE-SU-2026:2828-1
Release Date: 2026-07-09T18:30:14Z
Rating: moderate
References:
* bsc#1265413
Cross-References:
* CVE-2026-45409
CVSS scores:
* CVE-2026-45409 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-45409 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-45409 ( NVD ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-45409 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
* openSUSE Leap 15.4
* Public Cloud Module 15-SP4
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for python-idna fixes the following issue
* CVE-2026-45409: specially crafted inputs to idna.encode() can bypass earlier
security fix (bsc#1265413).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-2828=1
* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-2828=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2828=1
## Package List:
* Python 3 Module 15-SP7 (noarch)
* python311-idna-3.4-150400.11.13.1
* Public Cloud Module 15-SP4 (noarch)
* python311-idna-3.4-150400.11.13.1
* openSUSE Leap 15.4 (noarch)
* python311-idna-3.4-150400.11.13.1
## References:
* https://www.suse.com/security/cve/CVE-2026-45409.html
* https://bugzilla.suse.com/show_bug.cgi?id=1265413
SUSE-SU-2026:2827-1: important: Security update for cosign
# Security update for cosign
Announcement ID: SUSE-SU-2026:2827-1
Release Date: 2026-07-09T18:28:33Z
Rating: important
References:
* bsc#1261811
* bsc#1266049
* bsc#1267044
Cross-References:
* CVE-2026-25680
* CVE-2026-25681
* CVE-2026-27136
* CVE-2026-33815
* CVE-2026-39827
* CVE-2026-39828
* CVE-2026-39829
* CVE-2026-39830
* CVE-2026-39831
* CVE-2026-39832
* CVE-2026-39833
* CVE-2026-39834
* CVE-2026-39835
* CVE-2026-42502
* CVE-2026-42506
* CVE-2026-42508
* CVE-2026-46595
* CVE-2026-46597
* CVE-2026-46598
CVSS scores:
* CVE-2026-25680 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-25680 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25680 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-25681 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-25681 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-25681 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-27136 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-27136 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-27136 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-33815 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
* CVE-2026-33815 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-33815 ( NVD ): 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
* CVE-2026-39827 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39828 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39828 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-39828 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-39829 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39829 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39829 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39830 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39830 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39830 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-39831 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39831 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39832 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
* CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39832 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39832 ( NVD ): 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
* CVE-2026-39833 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39833 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39834 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39834 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-39835 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39835 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-39835 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42502 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-42502 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42502 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42506 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-42506 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42506 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42508 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42508 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42508 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46595 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46595 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
* CVE-2026-46595 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
* CVE-2026-46597 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46597 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46598 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46598 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
* Basesystem Module 15-SP7
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves 19 vulnerabilities can now be installed.
## Description:
This update for cosign fixes the following issues
* CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506:
multiple issues when parsing HTML files (bsc#1267044).
* CVE-2026-33815: memory-safety vulnerability (bsc#1261811).
*
CVE-2026-39827,CVE-2026-39828,CVE-2026-39829,CVE-2026-39830,CVE-2026-39831,CVE-2026-39832,CVE-2026-39833,
CVE-2026-39834,CVE-2026-39835,CVE-2026-42508,CVE-2026-46595,CVE-2026-46597,CVE-2026-46598:
Fixed multiple issues in golang.org/x/crypto/ssh (bsc#1266049).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2827=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2827=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2827=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2827=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2827=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2827=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2827=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2827=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2827=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2827=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2827=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2827=1
## Package List:
* Basesystem Module 15-SP7 (noarch)
* cosign-bash-completion-3.1.1-150400.3.45.1
* cosign-zsh-completion-3.1.1-150400.3.45.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* cosign-3.1.1-150400.3.45.1
* cosign-debuginfo-3.1.1-150400.3.45.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* cosign-3.1.1-150400.3.45.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* cosign-3.1.1-150400.3.45.1
* cosign-debuginfo-3.1.1-150400.3.45.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* cosign-3.1.1-150400.3.45.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* cosign-3.1.1-150400.3.45.1
* cosign-debuginfo-3.1.1-150400.3.45.1
* openSUSE Leap 15.4 (noarch)
* cosign-bash-completion-3.1.1-150400.3.45.1
* cosign-fish-completion-3.1.1-150400.3.45.1
* cosign-zsh-completion-3.1.1-150400.3.45.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* cosign-3.1.1-150400.3.45.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* cosign-3.1.1-150400.3.45.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* cosign-3.1.1-150400.3.45.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* cosign-3.1.1-150400.3.45.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* cosign-3.1.1-150400.3.45.1
* cosign-debuginfo-3.1.1-150400.3.45.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* cosign-3.1.1-150400.3.45.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* cosign-3.1.1-150400.3.45.1
## References:
* https://www.suse.com/security/cve/CVE-2026-25680.html
* https://www.suse.com/security/cve/CVE-2026-25681.html
* https://www.suse.com/security/cve/CVE-2026-27136.html
* https://www.suse.com/security/cve/CVE-2026-33815.html
* https://www.suse.com/security/cve/CVE-2026-39827.html
* https://www.suse.com/security/cve/CVE-2026-39828.html
* https://www.suse.com/security/cve/CVE-2026-39829.html
* https://www.suse.com/security/cve/CVE-2026-39830.html
* https://www.suse.com/security/cve/CVE-2026-39831.html
* https://www.suse.com/security/cve/CVE-2026-39832.html
* https://www.suse.com/security/cve/CVE-2026-39833.html
* https://www.suse.com/security/cve/CVE-2026-39834.html
* https://www.suse.com/security/cve/CVE-2026-39835.html
* https://www.suse.com/security/cve/CVE-2026-42502.html
* https://www.suse.com/security/cve/CVE-2026-42506.html
* https://www.suse.com/security/cve/CVE-2026-42508.html
* https://www.suse.com/security/cve/CVE-2026-46595.html
* https://www.suse.com/security/cve/CVE-2026-46597.html
* https://www.suse.com/security/cve/CVE-2026-46598.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261811
* https://bugzilla.suse.com/show_bug.cgi?id=1266049
* https://bugzilla.suse.com/show_bug.cgi?id=1267044
SUSE-SU-2026:2829-1: important: Security update for libaom
# Security update for libaom
Announcement ID: SUSE-SU-2026:2829-1
Release Date: 2026-07-09T18:40:25Z
Rating: important
References:
* bsc#1268650
* bsc#1268651
* bsc#1268653
* bsc#1268655
Cross-References:
* CVE-2026-56208
* CVE-2026-56209
* CVE-2026-56210
* CVE-2026-56211
CVSS scores:
* CVE-2026-56208 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-56208 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
* CVE-2026-56208 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2026-56208 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2026-56209 ( SUSE ): 7.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-56209 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
* CVE-2026-56209 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
* CVE-2026-56209 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
* CVE-2026-56210 ( SUSE ): 7.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-56210 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-56210 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-56210 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-56211 ( SUSE ): 7.5
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-56211 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-56211 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
* CVE-2026-56211 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves four vulnerabilities can now be installed.
## Description:
This update for libaom fixes the following issues:
* CVE-2026-56208: untrusted encoder configuration inputs can lead to a heap-
based buffer overflow and a process crash (bsc#1268650).
* CVE-2026-56209: crafted video frames with specific Y-plane pixel values can
lead to an arbitrary memory write (bsc#1268651).
* CVE-2026-56210: missing bounds check on layer_id inputs can lead to an out-
of-bounds heap read (bsc#1268653).
* CVE-2026-56211: out-of-range spatial/temporal layer selection can lead to
remote code execution (bsc#1268655).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2829=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2829=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2829=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2829=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2829=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2829=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2829=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2829=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2829=1
## Package List:
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libaom-debugsource-3.7.1-150400.3.12.1
* aom-tools-debuginfo-3.7.1-150400.3.12.1
* libaom3-3.7.1-150400.3.12.1
* libaom-devel-3.7.1-150400.3.12.1
* aom-tools-3.7.1-150400.3.12.1
* libaom3-debuginfo-3.7.1-150400.3.12.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* libaom-devel-doc-3.7.1-150400.3.12.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libaom-debugsource-3.7.1-150400.3.12.1
* aom-tools-debuginfo-3.7.1-150400.3.12.1
* libaom3-3.7.1-150400.3.12.1
* libaom-devel-3.7.1-150400.3.12.1
* aom-tools-3.7.1-150400.3.12.1
* libaom3-debuginfo-3.7.1-150400.3.12.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* libaom-devel-doc-3.7.1-150400.3.12.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libaom-debugsource-3.7.1-150400.3.12.1
* aom-tools-debuginfo-3.7.1-150400.3.12.1
* libaom3-3.7.1-150400.3.12.1
* libaom-devel-3.7.1-150400.3.12.1
* aom-tools-3.7.1-150400.3.12.1
* libaom3-debuginfo-3.7.1-150400.3.12.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* libaom-devel-doc-3.7.1-150400.3.12.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* libaom-devel-doc-3.7.1-150400.3.12.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libaom-debugsource-3.7.1-150400.3.12.1
* aom-tools-debuginfo-3.7.1-150400.3.12.1
* libaom3-3.7.1-150400.3.12.1
* libaom-devel-3.7.1-150400.3.12.1
* aom-tools-3.7.1-150400.3.12.1
* libaom3-debuginfo-3.7.1-150400.3.12.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libaom-debugsource-3.7.1-150400.3.12.1
* aom-tools-debuginfo-3.7.1-150400.3.12.1
* libaom3-3.7.1-150400.3.12.1
* libaom-devel-3.7.1-150400.3.12.1
* aom-tools-3.7.1-150400.3.12.1
* libaom3-debuginfo-3.7.1-150400.3.12.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* libaom-devel-doc-3.7.1-150400.3.12.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* libaom-devel-doc-3.7.1-150400.3.12.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libaom-debugsource-3.7.1-150400.3.12.1
* aom-tools-debuginfo-3.7.1-150400.3.12.1
* libaom3-3.7.1-150400.3.12.1
* libaom-devel-3.7.1-150400.3.12.1
* aom-tools-3.7.1-150400.3.12.1
* libaom3-debuginfo-3.7.1-150400.3.12.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libaom-debugsource-3.7.1-150400.3.12.1
* aom-tools-debuginfo-3.7.1-150400.3.12.1
* libaom3-3.7.1-150400.3.12.1
* libaom-devel-3.7.1-150400.3.12.1
* aom-tools-3.7.1-150400.3.12.1
* libaom3-debuginfo-3.7.1-150400.3.12.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* libaom-devel-doc-3.7.1-150400.3.12.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* libaom-debugsource-3.7.1-150400.3.12.1
* aom-tools-debuginfo-3.7.1-150400.3.12.1
* libaom3-3.7.1-150400.3.12.1
* libaom-devel-3.7.1-150400.3.12.1
* aom-tools-3.7.1-150400.3.12.1
* libaom3-debuginfo-3.7.1-150400.3.12.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libaom3-64bit-debuginfo-3.7.1-150400.3.12.1
* libaom3-64bit-3.7.1-150400.3.12.1
* openSUSE Leap 15.4 (x86_64)
* libaom3-32bit-3.7.1-150400.3.12.1
* libaom3-32bit-debuginfo-3.7.1-150400.3.12.1
* openSUSE Leap 15.4 (noarch)
* libaom-devel-doc-3.7.1-150400.3.12.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libaom-debugsource-3.7.1-150400.3.12.1
* aom-tools-debuginfo-3.7.1-150400.3.12.1
* libaom3-3.7.1-150400.3.12.1
* libaom-devel-3.7.1-150400.3.12.1
* aom-tools-3.7.1-150400.3.12.1
* libaom3-debuginfo-3.7.1-150400.3.12.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* libaom-devel-doc-3.7.1-150400.3.12.1
## References:
* https://www.suse.com/security/cve/CVE-2026-56208.html
* https://www.suse.com/security/cve/CVE-2026-56209.html
* https://www.suse.com/security/cve/CVE-2026-56210.html
* https://www.suse.com/security/cve/CVE-2026-56211.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268650
* https://bugzilla.suse.com/show_bug.cgi?id=1268651
* https://bugzilla.suse.com/show_bug.cgi?id=1268653
* https://bugzilla.suse.com/show_bug.cgi?id=1268655
SUSE-SU-2026:2830-1: important: Security update for warewulf4
# Security update for warewulf4
Announcement ID: SUSE-SU-2026:2830-1
Release Date: 2026-07-09T18:42:10Z
Rating: important
References:
* bsc#1254470
* bsc#1258511
* bsc#1262810
* bsc#1265653
* bsc#1266483
* bsc#1268790
Cross-References:
* CVE-2025-69725
* CVE-2026-33814
* CVE-2026-34986
* CVE-2026-39821
CVSS scores:
* CVE-2025-69725 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N
* CVE-2025-69725 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2025-69725 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34986 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39821 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39821 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Affected Products:
* HPC Module 15-SP7
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
An update that solves four vulnerabilities and has two security fixes can now be
installed.
## Description:
This update for warewulf4 fixes the following issues:
Update to v4.7.0.
Security issues fixed:
* CVE-2025-69725: incorrect input validation in the `RedirectSlashes` function
can lead to an open redirect (bsc#1258511).
* CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport
when given bad `SETTINGS_MAX_FRAME_SIZE` can lead to a denial of service
(bsc#1265653).
* CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a
missing encrypted key can lead to a denial of service (bsc#1262810).
* CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only
Punycode-encoded labels allows for validation bypass and privilege
escalation (bsc#1266483).
Other updates and bugfixes:
* Add correct flag `--update-overlays` fix (bsc#1268790).
* v4.7.0:
* New `wwctl` unset command
* Refactored server routes (URLs)
* New `/files/` route for serving individual files and templates
* Server TLS support
* Removed support for fetching individual overlays and individual files from
overlays
* Fixed whitespace handling around template functions
* Security fixes, including updated Go and library versions
* v4.6.5:
* New wwctl overlay info command
* Fixed `wwctl` image import `--update` option
* Cross-arch support for `wwclient`
* Improved IPv6 support
* Improved support for bonded interfaces
* Renamed `debian.interfaces` overlay to `ifupdown`
* New `systemd-networkd` overlay
* `warewulf-dracut` fixes, including `provision-to-disk` fixes
* Remove `slurm-overlay` package.
* Fix `wwctl` image import `--update` option (bsc#1254470).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2830=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2830=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2830=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2830=1
* HPC Module 15-SP7
zypper in -t patch SUSE-SLE-Module-HPC-15-SP7-2026-2830=1
## Package List:
* openSUSE Leap 15.5 (noarch)
* warewulf4-dracut-4.7.0-150500.6.42.1
* warewulf4-reference-doc-4.7.0-150500.6.42.1
* warewulf4-man-4.7.0-150500.6.42.1
* warewulf4-overlay-rke2-4.7.0-150500.6.42.1
* openSUSE Leap 15.5 (aarch64 x86_64)
* warewulf4-overlay-4.7.0-150500.6.42.1
* warewulf4-4.7.0-150500.6.42.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* warewulf4-overlay-4.7.0-150500.6.42.1
* warewulf4-4.7.0-150500.6.42.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* warewulf4-dracut-4.7.0-150500.6.42.1
* warewulf4-man-4.7.0-150500.6.42.1
* warewulf4-reference-doc-4.7.0-150500.6.42.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* warewulf4-overlay-4.7.0-150500.6.42.1
* warewulf4-4.7.0-150500.6.42.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* warewulf4-dracut-4.7.0-150500.6.42.1
* warewulf4-man-4.7.0-150500.6.42.1
* warewulf4-reference-doc-4.7.0-150500.6.42.1
* HPC Module 15-SP7 (aarch64 x86_64)
* warewulf4-overlay-4.7.0-150500.6.42.1
* warewulf4-4.7.0-150500.6.42.1
* HPC Module 15-SP7 (noarch)
* warewulf4-dracut-4.7.0-150500.6.42.1
* warewulf4-reference-doc-4.7.0-150500.6.42.1
* warewulf4-man-4.7.0-150500.6.42.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 x86_64)
* warewulf4-overlay-4.7.0-150500.6.42.1
* warewulf4-4.7.0-150500.6.42.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* warewulf4-dracut-4.7.0-150500.6.42.1
* warewulf4-reference-doc-4.7.0-150500.6.42.1
* warewulf4-man-4.7.0-150500.6.42.1
## References:
* https://www.suse.com/security/cve/CVE-2025-69725.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-34986.html
* https://www.suse.com/security/cve/CVE-2026-39821.html
* https://bugzilla.suse.com/show_bug.cgi?id=1254470
* https://bugzilla.suse.com/show_bug.cgi?id=1258511
* https://bugzilla.suse.com/show_bug.cgi?id=1262810
* https://bugzilla.suse.com/show_bug.cgi?id=1265653
* https://bugzilla.suse.com/show_bug.cgi?id=1266483
* https://bugzilla.suse.com/show_bug.cgi?id=1268790
SUSE-SU-2026:2832-1: important: Security update for rustup
# Security update for rustup
Announcement ID: SUSE-SU-2026:2832-1
Release Date: 2026-07-09T19:02:15Z
Rating: important
References:
* bsc#1203257
* bsc#1230032
* bsc#1243862
* bsc#1249008
* bsc#1270186
* bsc#1270521
* bsc#1270619
* bsc#1270644
* bsc#1270795
* bsc#1270870
* bsc#1270874
* bsc#1270989
Cross-References:
* CVE-2024-12224
* CVE-2025-58160
* CVE-2026-41676
* CVE-2026-41677
* CVE-2026-41678
* CVE-2026-41681
* CVE-2026-41898
* CVE-2026-42327
* CVE-2026-44662
* CVE-2026-45784
CVSS scores:
* CVE-2024-12224 ( SUSE ): 2.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-12224 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2024-12224 ( NVD ): 5.1
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-58160 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-58160 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2025-58160 ( NVD ): 2.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41676 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-41676 ( NVD ): 7.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41676 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41677 ( SUSE ): 1.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
* CVE-2026-41677 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-41677 ( NVD ): 1.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41677 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-41678 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41678 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-41678 ( NVD ): 7.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41678 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41681 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-41681 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-41681 ( NVD ): 8.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41681 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41898 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-41898 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-41898 ( NVD ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41898 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-42327 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42327 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-42327 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-44662 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-44662 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-44662 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-45784 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-45784 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Affected Products:
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves 10 vulnerabilities and has two security fixes can now be
installed.
## Description:
This update for rustup fixes the following issues
Security issues:
* CVE-2024-12224: idna: idna accepts Punycode labels that do not produce any
non-ASCII when decoded (bsc#1243862).
* CVE-2025-58160: tracing-subscriber: Tracing log pollution (bsc#1249008).
* CVE-2026-41676: openssl: `Deriver:derive` and `PkeyCtxRef:derive` can
overflow short buffers on OpenSSL 1.1.1 (bsc#1270186).
* CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when
returning an oversized length in rust- openssl crate (bsc#1270619).
* CVE-2026-41678: openssl: incorrect bounds assertion in aes key wrap in rust-
openssl crate (bsc#1270644).
* CVE-2026-41681: openssl: MdCtxRef::digest_final() writes past caller buffer
with no length check in rust-openssl crate (bsc#1270795).
* CVE-2026-41898: openssl: unchecked callback-returned length in PSK and
cookie generate trampolines can leak adjacent memory in rust-openssl crate
(bsc#1270870).
* CVE-2026-42327: openssl: arbitrary code execution via specially crafted
certificate in rust-openssl crate (bsc#1270521).
* CVE-2026-44662: openssl: heap buffer overflow when encrypting with AES key-
wrap-with-padding in rust-openssl crate (bsc#1270874).
* CVE-2026-45784: openssl: out-of-bounds write in
`CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers in rust-
openssl crate (bsc#1270989).
* rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006,
GHSA-r7qv-8r2h-pg27) (bsc#1230032).
Non security issue:
* devel:languages:rust/rustup: Missing symlink for rust-analyzer
(bsc#1203257).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2832=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2832=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2832=1
* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-2832=1
## Package List:
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 x86_64)
* rustup-1.28.2~0-150600.10.13.1
* rustup-debuginfo-1.28.2~0-150600.10.13.1
* Development Tools Module 15-SP7 (aarch64 x86_64)
* rustup-1.28.2~0-150600.10.13.1
* rustup-debuginfo-1.28.2~0-150600.10.13.1
* openSUSE Leap 15.6 (aarch64 x86_64)
* rustup-1.28.2~0-150600.10.13.1
* rustup-debugsource-1.28.2~0-150600.10.13.1
* rustup-debuginfo-1.28.2~0-150600.10.13.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64)
* rustup-1.28.2~0-150600.10.13.1
* rustup-debuginfo-1.28.2~0-150600.10.13.1
## References:
* https://www.suse.com/security/cve/CVE-2024-12224.html
* https://www.suse.com/security/cve/CVE-2025-58160.html
* https://www.suse.com/security/cve/CVE-2026-41676.html
* https://www.suse.com/security/cve/CVE-2026-41677.html
* https://www.suse.com/security/cve/CVE-2026-41678.html
* https://www.suse.com/security/cve/CVE-2026-41681.html
* https://www.suse.com/security/cve/CVE-2026-41898.html
* https://www.suse.com/security/cve/CVE-2026-42327.html
* https://www.suse.com/security/cve/CVE-2026-44662.html
* https://www.suse.com/security/cve/CVE-2026-45784.html
* https://bugzilla.suse.com/show_bug.cgi?id=1203257
* https://bugzilla.suse.com/show_bug.cgi?id=1230032
* https://bugzilla.suse.com/show_bug.cgi?id=1243862
* https://bugzilla.suse.com/show_bug.cgi?id=1249008
* https://bugzilla.suse.com/show_bug.cgi?id=1270186
* https://bugzilla.suse.com/show_bug.cgi?id=1270521
* https://bugzilla.suse.com/show_bug.cgi?id=1270619
* https://bugzilla.suse.com/show_bug.cgi?id=1270644
* https://bugzilla.suse.com/show_bug.cgi?id=1270795
* https://bugzilla.suse.com/show_bug.cgi?id=1270870
* https://bugzilla.suse.com/show_bug.cgi?id=1270874
* https://bugzilla.suse.com/show_bug.cgi?id=1270989
SUSE-SU-2026:2831-1: important: Security update for rustup
# Security update for rustup
Announcement ID: SUSE-SU-2026:2831-1
Release Date: 2026-07-09T18:55:58Z
Rating: important
References:
* bsc#1203257
* bsc#1230032
* bsc#1243862
* bsc#1249008
* bsc#1257902
* bsc#1270186
* bsc#1270521
* bsc#1270619
* bsc#1270644
* bsc#1270795
* bsc#1270870
* bsc#1270874
* bsc#1270989
Cross-References:
* CVE-2024-12224
* CVE-2025-58160
* CVE-2026-25727
* CVE-2026-41676
* CVE-2026-41677
* CVE-2026-41678
* CVE-2026-41681
* CVE-2026-41898
* CVE-2026-42327
* CVE-2026-44662
* CVE-2026-45784
CVSS scores:
* CVE-2024-12224 ( SUSE ): 2.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-12224 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2024-12224 ( NVD ): 5.1
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-58160 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-58160 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2025-58160 ( NVD ): 2.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25727 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25727 ( NVD ): 6.8
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-41676 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-41676 ( NVD ): 7.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41676 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41677 ( SUSE ): 1.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
* CVE-2026-41677 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-41677 ( NVD ): 1.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41677 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-41678 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41678 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-41678 ( NVD ): 7.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41678 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41681 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-41681 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-41681 ( NVD ): 8.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41681 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41898 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-41898 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-41898 ( NVD ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41898 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-42327 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42327 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-42327 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-44662 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-44662 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-44662 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-45784 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-45784 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves 11 vulnerabilities and has two security fixes can now be
installed.
## Description:
This update for rustup fixes the following issues
Security issues:
* CVE-2024-12224: idna: idna accepts Punycode labels that do not produce any
non-ASCII when decoded (bsc#1243862).
* CVE-2025-58160: tracing-subscriber: Tracing log pollution (bsc#1249008).
* CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date
parser can lead to stack exhaustion (bsc#1257902).
* CVE-2026-41676: openssl: `Deriver:derive` and `PkeyCtxRef:derive` can
overflow short buffers on OpenSSL 1.1.1 (bsc#1270186).
* CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when
returning an oversized length in rust- openssl crate (bsc#1270619).
* CVE-2026-41678: openssl: incorrect bounds assertion in aes key wrap in rust-
openssl crate (bsc#1270644).
* CVE-2026-41681: openssl: MdCtxRef::digest_final() writes past caller buffer
with no length check in rust-openssl crate (bsc#1270795).
* CVE-2026-41898: openssl: unchecked callback-returned length in PSK and
cookie generate trampolines can leak adjacent memory in rust-openssl crate
(bsc#1270870).
* CVE-2026-42327: openssl: arbitrary code execution via specially crafted
certificate in rust-openssl crate (bsc#1270521).
* CVE-2026-44662: openssl: heap buffer overflow when encrypting with AES key-
wrap-with-padding in rust-openssl crate (bsc#1270874).
* CVE-2026-45784: openssl: out-of-bounds write in
`CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers in rust-
openssl crate (bsc#1270989).
* rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006,
GHSA-r7qv-8r2h-pg27) (bsc#1230032).
Non security issue:
* devel:languages:rust/rustup: Missing symlink for rust-analyzer
(bsc#1203257).
Changes for rustup:
* Completely drop openssl to prevent future security issues
Update to version 1.28.2~0:
* Deprecate native-tls as well
* Enable HTTP/2 support for reqwest download backend
* Emit tracing events from log facade calls
* download: show Debug representation for errors
* Avoid repeated globals in tracing events
* Log original download errors immediately
* feat(cli/rustup-mode): add aliases to `rustup component remove`
* Switch flate2 to use the zlib-rs backend
* Hardlink proxies if symlinks aren't reachable
* Add powerpc64le-unknown-linux-musl support
* Add toolchain_name to not installed bail msg
* Warn about using curl
* Drop workspace indirection
* Fold download crate back into rustup
* download: merge integration test files
* chore(deps): lock file maintenance
* Test CARGO environment replacement
* Update CARGO env var if it is a rustup proxy
* Tweak toolchain subcommand help text
* Move toolchain and default commands first
* show toolchain paths in rustup show -v output
* refactor(cli/self-update): save allocations in `Nu::rcfiles()`
* fix(cli/self-update)!: stop appending to `env.nu` due to deprecation
* fix(cli/self-update): consider Windows paths in Nushell suggestions
* refactor(cli/self-update): use `path add` in `env.nu` template
* fix(cli/self-update): use interpolated string in `env.nu` template
* Upgrade dependencies
* docs(user-guide/environment-variables): document `RUSTUP_VERSION`
* feat(rustup-init/sh): allow setting `RUSTUP_VERSION` during installation
* feat(cli/self-update): allow setting `RUSTUP_VERSION` for arbitrary
downgrades
* feat(test/clitools): add `Config::expect_ok_ex_env()`
* fix(errors)!: improve error messages for
`RustupError::ToolchainNotInstalled`
* Add set auto-install disable
* Use `cursor: pointer` for copy button on website
* fix(dist): refine suggestions about missing targets
* Append Windows bin directory to PATH by default
* Remove validation for custom toolchains when reading rust-toolchain.toml
* document RUSTUP_AUTO_INSTALL
* Fix build script `cargo` instructions
Update to version 1.28.1~0:
* dist(rustup-init/sh): update commit shasum
* Update changelog for 1.28.1
* fix!(config): re-enable implicit toolchain installation in
`Cfg::local_toolchain()` with optional opt-out
* refactor(test/clitools): extract `Config::expect_err_env()`
* Use relative symlinks when possible
* docs: update CHANGELOG for v1.28.1 release
* fix!(config): re-enable active toolchain installation in
`Cfg::find_active_toolchain()` with optional opt-out
* config: make Config::find_active_toolchain() async
* Use terse output for rustup show active-toolchain
* Use read_timeout for reqwest instead of timeout
* test: turn set_current_dist_date() into a Config method
* test: privatize clitools module
* test: remove function wrappers for cmd() and env()
* test: privatize mock module
* test: move create_mock_dist_server() to Scenario::write_to()
* test: move Release into dist
* test: turn channel builders into constructors
* test: move mock channel builders into dist
* test: move arch consts into top-level module
* test: turn build_*_installer() functions into constructors
* test: move installer builders into mock module
* test: privatize items in clitools
* test: keep Config impl close to type definition
* test: privatize dist module
* test: privatize items in test::dist
* test: inline short module topical_doc_data
* Remove level of nesting in test module
* Tweak SanitizedOutput style
* docs: update `CHANGELOG` for v1.28.0 release
* Have mocked cargo better adhere to cargo conventions
* Do not append `EXE_SUFFIX` in `Config::cmd`
* Add `TryFrom<Output>` for `SanitizedOutput`
* refactor(test): replace `(before|after)_test_async()` with
`TestProcess::_telemetry_guard`
* style(rustup-init): reorganize imports
* refactor(log): introduce `GlobalTelemetryGuard`
* refactor(process): rename `TestProcess::_guard` to `_tracing_guard`
* chore(deps): update opentelemetry
* fix(deps): update rust crate windows-registry to 0.5.0
* refactor: improve binary suffix stripping
* build: bump the codebase Language Edition to 2024
* style(cli/job): fix `unsafe-op-in-unsafe-fn`
* style(cli/log): use precise capturing when necessary
* chore: use unsafe versions of `(add|remove)_var()`
* style: remove redundant `ref` keywords
* style: partially migrate away from `if-let`
* style: format sources with the 2024 Style Edition
* chore: fix new `clippy` warnings
* fix(deps): update rust crate pulldown-cmark to 0.13
* feat(rustup-init/sh): add env var to print arch detection result
* refactor(component): reduce allocations in `ComponentPart::encode()`
* refactor(component)!: extract `ComponentPartKind`
* style(component): reduce right drift in `ComponentPart::decode()`
* refactor(component)!: turn `ComponentPart`'s fields into named ones
* fix(dist/prefix): normalize path separators in `REL_MANIFEST_DIR`
* fix(component): normalize path separators during
`ComponentPart::(en|de)code()`
* Upgrade to rand 0.9
* fix(ci/doc): fix typo in renovate `datasource`
* ci(doc): make `renovatebot` bump locked `mdbook`
* ci(doc): pin `mdbook` to `0.4.43`
* ci(schedule): run cron tasks more times per week
* ci(schedule): promote to use the `stable` job list
* ci(doc): fix stable build of `user-guide`
* ci(linux): enable the full test suite for `aarch64-unknown-linux-gnu`
* ci(linux): use public ARM64 Linux runners
* ci(deploy-docs): merge with `test-docs`
* ci(deploy-docs): enable on PR without uploads
* ci(deploy-docs): build one book per workflow step
* ci(deploy-docs): install `mdbook` with `install-action`
* Change installation of dependencies for Aarch64 Dockerfile
* Run Aarch64 jobs on PRs
* Use ARM based runners for ARM CI targets
* style: fix `clippy` warnings
* docs(user-guide/components): add deprecation notice for `wasm32-wasi`
* Update Windows dependencies
* feat(cli/rustup-mode)!: simplify error message for `rustup show active-
toolchain`
* fix(cli/rustup-mode): make `rustup show active-toolchain` exit with `1` when
none is active
* fix(cli/rustup-mode): make `rustup default` exit with `1` when there's no
default
* fix(cli/rustup-mode)!: change `rustup doc --error_codes` to `--error-codes`
* fix(deps): update rust crate itertools to 0.14
* fix(cli): align `rustup show`'s `--verbose` behavior with `rustup show
active-toolchain`
* feat(cli): show the toolchain path with `rustup show active-toolchain
--verbose`
* feat(test): accept more than one args in `for_host*!()`
* fix(ci): fix installation of `cargo-all-features`
* docs(user-guide/installation): update "General tips"
* move deps around
* fix(deps): update rust crate rustls-platform-verifier to 0.5
* fix(rustup-init/sh): don't emit "unknown macOS major version" for macOS v11+
* refactor(rustup-init/sh): extract `$_os_major`
* refactor(rustup-init/sh): extract `$_os_version`
* ci(linux): move `bindgen-cli` installation into `run.bash`
* ci(stable): enable `loongarch64-unknown-linux-musl` builds
* ci(linux): disable `reqwest-rustls-tls` for unsupported platforms
* ci(linux): configure `gcc-multilib` and `libclang` for some *nix builds
* chore(deps): bump `aws-lc-rs` and `aws-lc-sys`
* download: clean up TLS feature guards
* download: simplify feature guards
* download: attach download functions to Backend type
* download: remove intermediate reqwest-backend feature
* Implement more complete backend selection
* Simplify logic for download backend notification
* docs(dev-guide/tracing): make "Adding instrumentation" a level-2 title
* ci(windows): don't install `awscli` via `choco`
* test(mock/topical-doc-data): add test cases with both a flag and a topic
* refactor(test/mock): use tuples for `topical_doc_data::TEST_CASES`
* feat(cli/rustup-mode): allow `rustup doc` with both a flag and a topic
* refactor(toolchain): allow passing a fragment in `Toolchain::doc_path()`
* refactor(toolchain): allow absolute paths in `Toolchain::doc_path()`
* refactor(toolchain): simplify `Toolchain::doc_path()`
* refactor(cli/rustup-mode): rename `doc_url` to `doc_path`
* refactor(cli/rustup-mode): make `DocPage::path()` return
`Option<&Path>`
* refactor(cli/rustup-mode): move `DocPage::name()` to a separate `impl` block
* refactor(cli/topical-doc): clean up some funtions
* refactor(cli/rustup-mode): use early return in `doc()`
* Update semver-compatible dependencies
* fix: make sure no overflow on small screens
* feat: make the box white
* feat: use the color form the rust website for tags, hr and copy button
* Add the main element and header to setup new layout
* chore: remove the old pitch first
* Apply clippy suggestions
* Append to 1.28.0 changelog
* Bump version, commit and date in rustup-init.sh
* Clean up trailing whitespace in rustup-init.sh
* Add changelog for 1.28.0
* Bump version to 1.28.0
* chore(deps): update remove-dir-all to 1.0
* Add aliases for remove/uninstall/unset commands
* feat: add nushell support
* Upgrade to opentelemetry 0.27
* fix: add missing close body tag
* Upgrade thiserror to 2
* Upgrade to rustls-platform-verifier 0.4
* fix(cli/rustup-mode): remove `.num_args()` when
`.value_delimiter(',')` is present
* refactor(cli/rustup-mode): remove deprecated `.use_value_delimiter()`
* chore(config): migrate config .github/renovate.json
* docs: update channel toolchain syntax
* feat(cli/rustup-mode): support more books in `rustup doc`
* style(cli/rustup-mode): reorder items in `docs_data![]`
* fix: add powerpc64 and s390x to known target_arch values for tests
* style(utils): put the `mod` declarations below the imports
* style: regroup some imports
* refactor(utils): hoist `utils::utils` into `utils`
* feat(rustup-init): detect and warn about existing `settings.toml`
* fix: fix typo in `check_existence_of_rustc_or_cargo_in_path()`
* style: allow using `dbg!()` across `rustup::test`
* refactor(diskio): replace `eprintln!()` with `debug!()`
* style: enable `clippy::(dbg_macro|todo)` across the workspace
* style: enable `clippy::print_std(err|out)` when applicable
* style: introduce workspace-wide lint tables
* build: use `workspace.package` properties in `Cargo.toml`
* fix(config): improve error when overridden active custom toolchain isn't
installed
* fix(config): print special error for invalid toolchain name in override file
* Update semver-compatible dependencies, except openssl-src
* style(rustup-init/sh): ignore `shellcheck` SC2086 false positives
* fix(rustup-init/sh): fix incorrect TLS warning with curl v8.10
* tests: rust-toolchain + profile in settings
* Remove unnecessary methods
* replace `winreg` dependency
* Update remove_dir_all
* refactor(cli/common)!: deny installing a host-incompatible toolchain w/o
`--force-non-host`
* refactor(cli/common)!: take in `toolchain: String` in
`warn_if_host_is_incompatible()`
* feat(cli/rustup-mode): add `--force-non-host` to `rustup default`
* refactor(config)!: pass the `force_non_host` flag to
`Cfg::ensure_installed()`
* refactor(cli/rustup-mode): rename `forced` to `force_non_host`
* docs(README): Point out where to find nightly/master docs.
* Note that selecting VS lang packs is optional
* Make symlink_or_hardlink_file remove dest
* Try symlinking proxies first
* Apply clippy suggestions from 1.81
* feat(cli/rustup-mode)!: set log level to `INFO`/`DEBUG` on
`--quiet`/`--verbose` if `RUSTUP_LOG` is unset
* refactor(cli/setup-mode): extract `update_console_logger()`
* fix(cli/setup-mode): simplify description for `--quiet`
* feat(cli/setup-mode)!: set log level to `DEBUG` on `--verbose` if
`RUSTUP_LOG` is unset
* refactor(common)!: remove `verbose` flag in several places
* refactor(config): simplify `find_or_install_active_toolchain()`
* refactor(config)!: return `LocalToolchainName` from
`find_or_install_active_toolchain()`
* refactor(config): simplify `resolve_toolchain()`
* refactor(config): simplify `toolchain_from_partial()`
* chore(triage): allow transferring issues to other org repos
* Allow `rustup doc` to search for unions
* docs(user-guide): add a link to the latest "Previous components" section
* test(cli_v2): introduce `update_removed_component_toolchain()`
* feat(dist): add notes for `stable` and `beta` in `components_missing_msg()`
* refactor(dist): inline some const strings in `components_missing_msg()`
* refactor(dist): extract "nightly tips" out of the match block in
`components_missing_msg()`
* fix: fix typo in several places
* Upgrade pulldown-cmark to 0.12
* fix(manifest): consider possible renames in `Component::try_new()`
* ci(macos): install `awscli` from `brew`
* refactor(config)!: make `toolchain_from_partial()` sync
* feat(config)!: remove implicit installation from `toolchain_from_partial()`
* refactor(config)!: make `resolve_toolchain()` sync
* feat(config)!: remove implicit installation from `resolve_toolchain()`
* test(cli-rustup): remove `heal_damaged_toolchain()`
* refactor(config): extract `local_toolchain()` from
`resolve_local_toolchain()`
* refactor(config): extract `toolchain` variable from
`resolve_local_toolchain()`
* refactor(config)!: make `resolve_local_toolchain()` sync
* feat(config)!: remove implicit installation from `resolve_local_toolchain()`
* refactor(config)!: rename `local_toolchain()` to `resolve_local_toolchain()`
* feat(rustup-mode): install the active toolchain by default on `rustup
toolchain install`
* fix(rustup-mode): adjust descriptions for `rustup toolchain uninstall`
* feat(rustup-mode)!: add `ensure_active_toolchain` flag to `update()`
* feat(config)!: add `verbose` flag to `find_or_install_active_toolchain()`
* style(config): replace `dist::Profile` with `Profile`
* style(config): replace `dist::TargetTriple` with `TargetTriple`
* fix(config): call `warn_if_host_is_incompatible()` in `ensure_installed()`
* refactor(common): use early return in `warn_if_host_is_incompatible()`
* refactor(rustup-mode): extract `warn_if_host_is_incompatible()`
* style(common): merge imports
* refactor(distributable)!: avoid unnecessary clones
* refactor(distributable)!: replace `install_if_not_installed()` with
`ensure_installed()`
* feat(config)!: add `verbose` flag to `ensure_installed()`
* feat(config)!: return `UpdateStatus` from `ensure_installed()`
* feat(config)!: use `Cfg::get_profile()` for unspecified profile in
`ensure_installed()`
* chore(config): add `#[tracing::instrument]` to `ensure_installed()`
* ci(freebsd): fix build failure related to `aws-lc`
* ci(windows): don't install OpenSSL via `choco`
* ci(run): remove redundant `if` predicate
* ci(run): use the detected number of test threads
* feat(download/rustls): use `aws-lc` instead of `ring`
* style(taplo): enable `reorder_keys` for `*dependencies` in `Cargo.toml`
* Upgrade windows-sys to 0.59
* fix: fix unreachable code lints on Android
* docs(dev-guide): remove descriptions of `rustup_macros`
* docs(dev-guide): update description of `rustup::process`
* Remove `once_cell` dependency
* docs(dev-guide): add guideline for atomic commits to the developer guide
* fix: fix `clippy` lints
* docs(user-guide): use `brew install rustup` instead of `rustup-init`
* Bump fs_at to 0.2.1
* chore(deps/renovate): disable `automerge`
* Upgrade to opentelemetry 0.24
* build(windows): don't link against `powrprof`
* build(windows): fix typo in `build.rs`
* fix(utils): make `ExitCode` `#[must_use]`
* refactor(rustup-mode): introduce `ExitCode::bitand*()`
* fix(rustup-mode): return `ExitCode(1)` when `update()` fails
* refactor(rustup-mode)!: remove redundant `ExitCode` in `self_update()`'s
callback
* test(cli-misc): simplify `version_mentions_rustc_version_confusion()`
* fix(rustup-mode): refine output for `rustup --version`
* fix(rustup-mode)!: don't install toolchain on `rustup --version`
* chore(deps/renovate): update `automerge` schedule for `lockFileMaintenance`
* ci(check): add `taplo fmt` test for TOMLs
* style: reformat all TOMLs with `taplo`
* ci(gen-workflows): remove `--quiet` from `git diff`
* refactor: use `#[cfg()]` instead of `cfg!()` when possible
* refactor(self-update): remove outdated `do_pre_install_sanity_checks`
* Add help message for missing toolchain
* Rename OSProcess to OsProcess
* Rename currentprocess to process
* Forward to Process::var_os() directly
* Fix home_dir() and current_dir() regression
* feat(log): set level of `#[tracing::instrument(err)]` to `TRACE`
* feat(log): unhide `tracing::instrument` from behind `feature =
"otel"`
* ci(windows): increase stack size to 16MiB
* Upload Windows artifacts into correct subdirectory
* Fix uploading of Windows build artifacts
* Prepare deployment on master branch
* Grant GitHub Actions workflows access to OIDC token
* chore(deps): update aws-actions/configure-aws-credentials action to v4
* Authenticate CI uploads with OIDC
* Upload release artifacts to new S3 bucket
* chore(deps/renovate): set `prCreation` to `immediate`
* feat(dist): refine suggestions regarding manifest checksum mismatches
* refactor(config): extract `dist_root_server()`
* refactor(dist): use `let-else` in `dl_v2_manifest()`
* refactor(dist/notifications)!: inline usages of
`Notification::ManifestChecksumFailedHack`
* refactor(install): avoid extra clone in `InstallMethod::install`
* Reorder operations in order to simplify
* Deduplicate handling of environnment variables
* Move if_not_empty() to calling module
* feat(cli): warn when removing the default/active toolchain
* feat(cli): improve warning when removing the last/host target for a
toolchain
* docs(ci): simplify the target policy in the README
* Add loongarch64-unknown-linux-musl support
* fix(download): fix build error with `--no-default-features --features=curl-
backend`
* feat(rustup-init): set log level to `WARN` on `-q` if `RUSTUP_LOG` is unset
* implements quiet flag in `rustup-init.sh`
* test(manifestation): introduce and migrate tests to `TestContext`
* chore(manifestation): organize imports
* add regression tests for smart guess
* apply smart guess to `rustup update/uninstall self`
* Disable automatic self updates in CI environments
* feat(download/rustls): use `rustls-platform-verifier`
* ci(windows): run `cargo all-features`
* fix(self-update/windows): address some `unused_imports` warnings
* fix(rustup-mode): improve `clap` error format
* Add period in warning while checking existing rust installations
* Move Windows-only test code into windows module
* Asyncify CLI tests
* Use guard type to replace with_saved_path()
* Refactor test registry state to be more type safe
* Inline single-use with_saved_global_state() function
* Privatize with_saved_global_state()
* Move change_dir() into CliTestContext
* Move with_update_server() into CliTestContext
* Remove Config::with_scenario()
* Port cli_v2 to CliTestContext
* Port cli_v1 to CliTestContext
* Port cli_self_upd to CliTestContext
* Port cli_rustup to CliTestContext
* Port cli_paths to CliTestContext
* Port cli_misc to CliTestContext
* Port cli_inst_interactive to CliTestContext
* Port cli_exact to CliTestContext
* Use CliTestContext directly in self_update_setup()
* Start CliTestContext type wrapper
* docs(dev-guide/tracing): mention `RUSTUP_LOG` and console-based tracing
* docs(dev-guide/linting): improve wording
* test(dist): add simple tests for `PartialVersion`
* chore(dist): add some doc comments
* fix(dist): throw an error when a `PartialVersion` string doesn't start with
an ASCII digit
* ci(all-features): add `-D warnings` to `cargo check-all-features`
* fix(currentprocess/filesource): address some `unused_imports` warnings
* fix(currentprocess): address some `unused_imports` warnings
* fix(regex): replace `\d` to `[0-9]` to avoid matching non-ASCII digits
* refactor(toolchain/names): replace `toolchain_sort` with `ToolchainName`'s
`Ord` instance
* refactor(dist)!: make `ToolchainDesc.channel` more strongly typed
* Remove unnecessary lint suppressions
* Use local suppression for clippy::too_many_arguments
* Rename desc fields to toolchain
* Remove intermediate state from error handling
* Remove indirection in update error handling
* Inline wrapper function
* Reduce rightward drift
* Propagate use of DistOptions
* Avoid unnecessary unwrapping
* Extract struct from InstallMethods::Dist variant
* refactor(log): replace the `TELEMETRY_DEFAULT_TARCER` singleton with a
function
* test(clitools): revive `run_inprocess()`
* fix(dist/arm): don't assume `armv7` if `/proc/cpuinfo` is unavailable
* fix(dist): add fallbacks to `/proc/self/exe` in `rustup-init.sh`
* Rename default-tls to native-tls
* Inline small errors module
* Inline addition/removal to programs
* Move windows-only self_update code into windows module
* Reorganize platform-dependent imports in self_update
* refactor(log): replace `[Ww]arning:` log line prefix with `warn:`
* refactor(log): rename `NotificationLevel::Debug` to `Trace` and `Verbose` to
`Debug`
* Remove unused code
* Hoist Toolchain up into top-level toolchain module
* Remove unused derived sorting implementations
* Privatize internal organization of toolchain module
* Inline argument
* Inline trivial wrapper
* Move toolchain resolution into Cfg method
* Check settings version on Cfg construction
* Move proxy toolchain resolution logic into Cfg method
* Move rustc_version() function into Cfg
* Expose higher-level interface in Toolchain
* Move DistributableToolchain::installed_paths() into Cfg
* No need to store cfg in DistributableToolchain
* Reduce indirection in Cfg::from_partial()
* Move Toolchain::from_partial() to Cfg
* Take owned LocalToolchainName in Toolchain::from_local()
* Simplify Toolchain::from_local()
* refactor(dist): hoist `dist::dist` into `dist`
* refactor(dist): privatize imports from `dist::dist`
* Fix the `TODO` in `src\toolchain\toolchain.rs`
* Use tracing macros directly
* Inline single-caller maybe_trace_rustup()
* Remove rustup test wrapper macros
* Use tokio::main attribute
* Attach Process-dependent utils to Process
* Remove with_runtime()
* fix(config): fix typo in `ActiveReason`
* fix(log): use `RUSTUP_LOG` for internal `tracing` instead of `RUST_LOG`
* refactor(currentprocess): make use of `Arc::default()`
* refactor(currentprocess): rename `TestProcess.guard` to `_guard`
* Remove currentprocess::with()
* Privatize most TestProcess fields
* Remove unused TestProcess::id
* Pass Process around explicitly
* Let argument parser handle SelfUpdateMode conversion
* Let argument parser handle Profile conversion
* Use simpler form for string concatenation
* Reduce rightward drift by duplicating some Ok-wrapping
* Rename _install_selection() to IInstallOpts::install()
* Inline async closure
* Move error mapping out of validation function
* Rename do_pre_install_options_sanity_checks() to InstallOpts::validate()
* Rename customize_install() to InstallOpts::customize()
* Pass InstallOpts around directly
* refactor(terminalsource): use `.eq_ignore_ascii_case()` in
`ColorableTerminal::new`
* chore(notify): sort logging macros and `NotificationLevel` on verbosity
* chore(env): retire `RUSTUP_DEBUG` in favor of `RUST_LOG`
* feat(log): make `console_logger()` accept `RUSTUP_TERM_COLOR` and `NO_COLOR`
* refactor(log): reimplement `log` using `tracing`
* refactor(test): clean up `before_test_async()`
* chore(deps): make `tracing-subscriber` a hard requirement
* refactor(test): setup `tracing` subscriber in `before_test_async()`
* test(clitools): disable `run_inprocess()`
* refactor(test): execute all `#[rustup_macros::unit_test]`s within a `tokio`
context
* refactor(log): extract `telemetry()`
* Remove noop functions in favor of conditional compilation
* Avoid trivial wrapper functions
* Store process name in error variant directly
* Inline trivial wrapper function
* Fix misleading "uninstalled toolchain" notification
* refactor(ci/run): use more `target_cargo()` in `run.bash`
* Remove trivial new() implementation
* Use serde to encode/decode mock manifests
* Use serde to encode/decode rustup manifests
* Use serde to encode/decode config
* Represent config version as an enum
* Use serde to encode/decode manifests
* Represent manifest version as enum
* Use serde to encode/decode settings
* Add tests for settings encoding
* Derive Default for Settings
* Represent metadata version as an enum
* Use Default impl for Settings::profile default
* Derive Default for Profile
* Discard unnecessary layer of Arc
* Externalize wrapping of DownloadTracker
* Inline NotifyOnConsole
* Internalize interior mutability for Notifier
* Decouple Cfg from Notifier initialization
* fix(dist/triple): ensure `dist::triple::known` is up to date with
`platforms`
* refactor(toolchain): reuse `dist::triple::known` in `toolchain::names`
* refactor(dist/triple): move known triples to `dist::triple::known`
* refactor(build): use `platforms` to verify `RUSTUP_OVERRIDE_BUILD_TRIPLE`
* refactor(build): simplify the code obtaining the current triple
* feat(cli): add `--quiet` to `rustup (target|component) list`
* feat(cli): add `--quiet` to `rustup toolchain list`
* Inline trivial single-use function utils::to_absolute()
* Inline trivial single-use function Cfg::which_binary()
* Inline short single-use function direct_proxy()
* Rename new_toolchain_with_reason() to Toolchain::with_reason()
* Move Cfg::maybe_do_cargo_fallback() to Toolchain
* Move Cfg::create_command_for_toolchain() to Toolchain::command()
* Extract common usage of Cfg::create_command_for_toolchain()
* Inline trivial single-use function Cfg::create_command_for_dir()
* Inline simple function Cfg::create_command_for_toolchain()
* Move toolchain construction out of Cfg::create_command_for_toolchain()
* Inline single-use function
* Improve error message for failing .rustup creation
* Inline trivial single-use function
* Inline utils::current_dir()
* Take explicit current_dir argument in to_absolute()
* Pass current_dir down from main()
* Update rustup.rs website to offer Rustup on Windows on Arm
* Use Cfg::current_dir in override_remove()
* Use Cfg::current_dir in override_add()
* Use Cfg::current_dir in find_or_install_active_toolchain()
* Use Cfg::current_dir for create_command_for_dir()
* Use Cfg::current_dir for find_or_install_active_toolchain()
* Store current_dir in Cfg for use in find_active_toolchain()
* Enable building Rustup win-aarch64 on PR
* Add aarch64-apple-darwin and aarch64-pc-windows-msvc to cloudfront-
invalidation.txt
* Update Other installation methods page to include aarch64-pc-windows-msvc
* Remove unnecessary trait abstraction
* Simplify process access to current_dir
* Simplify process access to environment variables
* Remove unnecessary trait bound for home::Env
* Simplify process access to pid
* Simplify process access to stdin
* Simplify process access to stderr
* Simplify process access to stdout
* Simplify process access to argument iterator
* fix(download): work around `hyper` hang issue by adjusting `reqwest` config
* test(download): fix clippy warnings regarding `Mutex` in `async`
* test(dist): add regression tests for parsing beta versions with tags
* test(dist): introduce scenario `BetaTag` with mock test data
* feat(dist): add support for parsing beta versions with tags in the toolchain
* refactor(utils): move `run_future()` under `manifestation`
* feat(config): make `create_command_for_toolchain()` async
* refactor(config): make `update_all_channels()` async
* refactor(self_update): make `maybe_install_rust()` async
* refactor(config): make `ensure_installed` async
* fix expected path-separators on windows
* add a regression test
* consistently add context with file path when parsing fails
* ci(windows/gnu): install `mingw` via `bwoodsend/setup-winlibs-action`
* ci(windows): enable CI on `x86_64-pc-windows-gnu`
* Make manifestation test update_from_dist async
* Make update async
* Make default_ async
* Make check_updates async
* Make target_add async
* Make target_remove async
* Make component_add async
* Make component_remove async
* Make update_all_channels async
* Make toolchain_link async
* Make override_add async
* Make DistributableToolchain::remove_component async
* Make DistributableToolchain::add_component async
* Make DistributableTool::install_if_not_installed async
* Make DistributableToolChain::install async
* Make toolchain.update async
* Make update_extra async
* Make show_dist_version async
* Make InstallMethod::install async
* Make InstallMethod::run async
* Make update_from_dist async
* Make update_from_dist_ async
* Make try_update_from_dist_ async
* Make update_v1 async
* Make dist::dl_*_manifest async
* Make common::self_update async
* Make manifestation::update async
* Make download retries async
* Make DownloadCfg::download_and_check async
* Make DownloadCfg::download_hash async
* Make self_update::update async
* Make check_rustup_update async
* Make prepare_update async
* Make get_available_rustup_version async
* Make setup_mode::main async
* Make self_update::install async
* Make try_install_msvc async
* Make download_file async
* Make DownloadCfg::download async
* Make download_file_with_resume async
* Make download_file_ async
* Make download_to_path_with_backend async
* Make download_with_backend async
* Make rustup_mode::main async
* Convert run_rustup_inner to async
* Make run_rustup async
* Remove maybe_trace_rustup runtime setup
* Make maybe_trace_rustup async
* Convert main to using a tokio runtime always
* Ring 0.17.x support Windows on ARM
* ci(macos): use `macos-latest` instead of `macos-14`
* fix(deps): update rust crate itertools to 0.13
* fix(deps): update rust crate pulldown-cmark to 0.11
* Avoid unnecessary allocations
* Attempt to reduce duplication by adding a little abstraction
* Move explicit_desc_or_dir_toolchain() to Toolchain::from_partial()
* Propagate ExitStatus instead of custom ExitCode
* Use precise internal imports
* Use idiomatic way to proxy str data
* Inline RustupSubcmd::dispatch()
* refactor(filesource): replace repetitive `#[cfg()]` usages with a new `mod`
* Fix ETA display after regression
* Stop showing ETA after download is complete
* refactor(cli): hoist the `handle_epipe()` call out of the `match`
* refactor(cli): rewrite `rustup` itself with `clap-derive`
* refactor(cli): rewrite `rustup (self|set)` with `clap-derive`
* refactor(cli): rewrite `rustup (man|completions)` with `clap-derive`
* refactor(cli): rewrite `rustup doc` with `clap-derive`
* refactor(cli): rewrite `rustup (run|which|dump-testament)` with `clap-
derive`
* refactor(cli): rewrite `rustup override` with `clap-derive`
* refactor(cli): rewrite `rustup component` with `clap-derive`
* refactor(cli): rewrite `rustup target` with `clap-derive`
* refactor(cli): rewrite `rustup (check|default)` with `clap-derive`
* refactor(cli): rewrite `rustup (toolchain|update|(un)?install)` with `clap-
derive`
* refactor(cli): remove `deprecated()`
* refactor(cli): rewrite `rustup show` with `clap_derive`
* fix(rustup-init): fix typo in `rustup-init[.sh]` args
* feat(download): reflect the download/TLS backends in the user agent
* Make find_override_from_dir_walk return OverrideCfg
* Make settings file allow multiple borrows
* Fix doc error with `rust-toolchain.toml` custom TC
* Make `rustup default` not error if no default
* Update format of `toolchain list`
* Update format of `show` and `show active-toolchain`
* Redesign OverrideCfg to be more type-driven
* Pull match statement out in OverrideCfg::from_file()
* Change find_override to find_active_toolchain
* Pull out `new_toolchain_with_reason()`
* Pull out `ensure_installed()`
* refactor(cli): reorder `if` statement in `cli::setup_mode::main()`
* refactor(cli): rewrite `rustup-init` with `clap_derive`
* Avoid code duplication for printing target/component items
* Deduplicate code to get components from distributable
* Merge list_{,installed_}targets
* Merge list_{,installed_}components functions
* fix(filesource): make some constructs only available via the `test` feature
* fix(ci/freebsd): install ca certs to prevent `invalid peer certificate:
UnknownIssuer`
* feat(download-backend)!: make `reqwest/rustls` the new default
* feat(download-backend)!: refine selection logic
* Update MSVC requirements to VS 2017 to match Rust repo
* refactor(download): use `DownloadCallBack` in `download_with_backend()`
* ci: don't build for `i686-linux-android` due to OpenSSL v3 atomic issues
* ci(android): update NDK version
* fix(deps): update rust crate openssl-src to v300
* ci(linux-gnu): install `perl-IPC-Cmd` to make OpenSSL v3 happy
* chore(deps): update ubuntu docker tag to v24
* docs(dev-guide): remove "pushing to master" in the release process
* Replace remaining winapi usage with windows-sys
Update to version 1.27.1~0:
* chore(dist): update commit shasum in `rustup-init.sh`, take 2
* fix(ci/linux): don't use `pip3` to install `awscli`
* fix(ci/macos): don't use `pip3` to install `awscli`
* chore(dist): update commit shasum in `rustup-init.sh`
* docs: update CHANGELOG for v1.27.1
* feat(dist): improve `changelog_helper` script
* dist: bump `rustup` version to `1.27.1`
* chore: fix some typos in comments
* Remove TryFrom for TargetTriple
* Add tests for add/remove components by name with target triple
* Replace Component::new_with_target by Component::try_new
* refactor(self-update)!: remove confusing `get_path()` impl on Unix
* test(self-update): ensure the resolution of #3739
* feat(self-update): add `with_saved_reg_value()`
* refactor(self-update): extract `(get|restore)_reg_value()`
* refactor(self-update): extract `with_saved_global_state()`
* refactor(self-update): use `std::io`
* fix(self-update): replace some `#[cfg(not(unix))]` usages with
`#[cfg(windows)]`
* feat(self-update): improve error messages on Windows
* fix(self-update): run `do_update_programs_display_version()` on
`run_update()`
* refactor(self-update): extract `get_and_parse_new_rustup_version()`
* refactor(self-update): extract `do_update_programs_display_version()`
* ci: don't test for FreeBSD on PRs
* docs(user-guide): update `environment-variables`
* refactor(self-update): eliminate needless clone
* feat(self-update): log `RUSTUP_DIST_*` if it's set
* feat(self-update): log `RUSTUP_UPDATE_ROOT` if it's set
* refactor(self-update): rename `UPDATE_ROOT` to `DEFAULT_UPDATE_ROOT`
* refactor(self-update): extract `update_root()`
* once_cell only used with reqwest in download crate, so gate it
* tracing unsed only from otel feature, so move it to optional
* Add loongarch64-unknown-linux-gnu to installation docs
* Add loongarch64-unknown-linux-gnu to cloudfront invalidations
* Use pattern matching to make Debug impl for Cfg more robust
* Use std IsTerminal interface
* Rename temp::Cfg to Context
* temp: keep definitions and impls together
* Remove derivative dependency in favor of manual implementation
* docs(dev-guide): move all mentions of `cargo clippy` to `linting.md`
* docs(dev-guide): mention that we need to keep mdBook links stable
* refactor(utils)!: rename `delete_dir_contents()` to
`delete_dir_contents_following_links()`
* fix(utils): resolve input path in `delete_dir_contents()` if it's a link
* test(cli): ensure the resolution of #3344
* Revert "fix(utils): unlink input path in `delete_dir_contents()` if it's a
link"
* Revert "refactor(utils)!: rename `delete_dir_contents()` to
`delete_dir_contents_or_unlink()`"
* Revert "test(cli): ensure the resolution of #3344"
* refactor(utils)!: rename `delete_dir_contents()` to
`delete_dir_contents_or_unlink()`
* fix(utils): unlink input path in `delete_dir_contents()` if it's a link
* test(cli): ensure the resolution of #3737
* refactor(util)!: rename `open_dir()` to `open_dir_following_links()`
* fix(utils): don't use `O_NOFOLLOW` in `open_dir()`
* chore: fix typo in `CHANGELOG`
* chore(meta): update `bug_report` issue template
* Add hr to Windows instructions
* fix(doc): don't show the opening message when --path is used
* chore: remove repetitive words
* fix(deps): update rust crate opener to 0.7.0
* fix(config): remove unnecessary debug print
* fix(ci): fix file paths in CI-generated `*.sha256` files on *nix
* fix(ci): correct error message after bumping reqwest
* fix(deps): update rust crate reqwest to 0.12
* doc(dev-guide): Fix test Lint and add explanation
* Fix "component add" error message
* ci: use `stable` Rust for all clippy lints
* style: apply clippy suggestions from Rust 1.78.0
* fix(ci/windows): disable `cargo clippy` on `*-windows-gnu`
* fix(shell): create parent dir before appending to rcfiles
* fix(fish): fix definition of `Fish::update_rcs`
* docs(dev-guide): update `release-process.md` to match the new workflow based
on GitHub Merge Queue
* ci(macos): add `MACOSX_DEPLOYMENT_TARGET` and friends
* Replaced `.` with `source` in fish shell's `source_string`
* Deny clippy warnings in CI
* Rely on implicit conversion to OperationResult
* Extract closure from match scrutinee
* fix(cli): fix incorrect color state after `ColorableTerminal::reset`
* docs: Add note about stability of llvm-tools.
* Change default for RUSTUP_WINDOWS_PATH_ADD_BIN
* ci: remove direct `renovate/*` tests
* Fix dead_code and unused_imports warnings
Update to version 1.27.0~0:
* docs: update `CHANGELOG` for v1.27.0
* hack(deps): pin `openssl-sys` to 0.9.92
* fix #3663. Feedback in terminal when opening browser for docs
* Fix copy icon position in Safari
* Upgrade to opentelemetry 0.22
* fix ambiguous prompt after setting up custom installation
* docs: rephrase and split sentence about Visual Studio license
* Add comment on why we prefer symlinks to junctions
* Windows: Try using symlinks if they're allowed
* chore(ci): unify the matrix format to (mode, target)
* ci: update runners for macOS-related workflows
* docs: mention `apt` in installation methods
* docs: fix missing links in `CHANGELOG.md`
* chore(deps): update rust crate trycmd to 0.15.0
* fix(deps): downgrade `openssl-sys` to 0.9.92
* ci: remove the now-tier3 `mips*-unknown-linux-gnu*` targets from the build
* Update mdbook and fix some source issues.
* Rename `.cargo/config` to `.cargo/config.toml`
* chore: update `CHANGELOG.md`
* dist: bump `rustup-init.sh` version to `1.27.0`
* dist: bump `rustup` version to `1.27.0`
* feat: introduce `changelog_helper` script
* Upgrade to pulldown-cmark 0.10
* Fix some typos
* fix(deps): update rust crate libc to 0.2.153
* Download rust CI Docker images from a registry
* Component is now named 'llvm-tools'
* chore: add docstring to `is_32bit_userspace()`
* chore: disable some unix-only helper functions on Windows
* chore(deps): update actions/cache action to v4
* refactor(cli): simplify case splitting on `clap::error::ErrorKind`
* refactor(names): replace `maybe_official_toolchainame_parser` with `impl
FromStr`
* refactor: simplify `is_proxyable_tools`
* refactor(distributable): import `ComponentStatus`
* refactor(cli): avoid nested combinators in `has_at_most_one_target`
* feat(cli): warn when removing the last/host target for a toolchain
* refactor(toolchain): extract `DistributableToolchain::components()`
* www: detect RISC-V 64 platform
* fix(deps): update rust crate strsim to 0.11
* chore(deps): update `renovate.json` to remove version bumps covered by
lockfile maintenance PRs, take 3
* feat(ci): configure `merge_queue` to be a PR-like event
* feat(ci): enable the `merge_group` trigger
* fix(ci): use `github.event_name == 'schedule'` instead of
`github.event.schedule`
* chore(deps): update `renovate.json` to remove version bumps covered by
lockfile maintenance PRs, take 2
* fix(deps): update rust crate clap to v4.4.13
* fix(deps): update rust crate syn to v2.0.48
* chore(deps): update rust crate opentelemetry_sdk to v0.21.2
* fix(ci): use `github.event_name == 'push'` instead of
`github.event.push`
* feat(ci): add CI workflow generation checks
* refactor(ci): disassemble and reorganize `ci/cirrus-templates`
* feat(ci): add `conclusion` job
* refactor(ci): move `freebsd-builds` to GitHub Actions
* refactor(ci): merge all current GitHub Actions workflows into `ci.yaml`
* chore(ci): clean up current CI files
* chore(deps): update `renovate.json` to remove version bumps covered by
lockfile maintenance PRs
* fix(deps): update rust crate syn to v2.0.47
* fix(deps): update rust crate proc-macro2 to v1.0.75
* fix(deps): update rust crate clap_complete to v4.4.6
* fix(deps): update rust crate serde to v1.0.194
* fix(deps): update rust crate semver to v1.0.21
* chore(deps): update rust crate thiserror to v1.0.56
* chore(deps): update rust crate anyhow to v1.0.79
* fix(deps): update rust crate syn to v2.0.45
* fix(deps): update rust crate proc-macro2 to v1.0.73
* fix(deps): update rust crate syn to v2.0.44
* fix(deps): update rust crate quote to v1.0.34
* fix(deps): update rust crate proc-macro2 to v1.0.72
* chore(deps): update rust crate anyhow to v1.0.78
* chore(deps): update rust crate thiserror to v1.0.53
* fix(deps): update rust crate clap to v4.4.12
* chore(deps): update rust crate tempfile to v3.9.0
* fix(deps): update rust crate clap_complete to v4.4.5
* chore(deps): update rust crate anyhow to v1.0.77
* chore(deps): update rust crate thiserror to v1.0.52
* fix(deps): update rust crate syn to v2.0.43
* fix(deps): update rust crate openssl to v0.10.62
* fix(deps): update rust crate proc-macro2 to v1.0.71
* fix(deps): update rust crate syn to v2.0.42
* chore(deps): update rust crate anyhow to v1.0.76
* chore(deps): update rust crate hyper-util to v0.1.2
* chore(deps): update rust crate tokio to v1.35.1
* fix(deps): update rust crate reqwest to v0.11.23
* chore(deps): update rust crate hyper to v1.1.0
* docs: move "rls" and "rust-analysis" to separate section "previous..."
(#3591)
* chore(deps): update actions/upload-artifact action to v4
* Fix rustup-init failure to read ZDOTDIR from zsh when SHELL is not zsh
(#3584)
* CI: Enable rustls on loongarch64
* CI: Revert "Disable openssl for loongarch64-unknown-linux-gnu"
* fix(deps): update rust crate openssl-src to v300.2.1+3.2.0
* fix(deps): update rust crate syn to v2.0.41
* fix(deps): update rust crate syn to v2.0.40
* fix(deps): update rust crate libc to v0.2.151
* chore(deps): update rust crate once_cell to v1.19.0
* fix(deps): update rust crate clap to v4.4.11
* fix(deps): update rust crate openssl to v0.10.61
* Fix test permanently adding to PATH
* chore(deps): revert `Cargo.toml` bump in #3540
* chore(deps): revert `Cargo.toml` bump in #3532
* chore(renovate): prevent unnecessary `Cargo.toml` bumps
* Lock file maintenance
* Fix panic in `component list --toolchain stable`
* Upgrade hyper to 1.0 (#3543)
* Clarify several docs and help messages
* Remove rel paths from rust-toolchain.toml docs
* CI: Disable openssl for loongarch64-unknown-linux-gnu
* Update Rust crate url to 2.5
* Update Rust crate winreg to 0.52
* Update Rust crate windows-sys to 0.52.0
* Update Rust crate termcolor to 1.4
* Streamline dependencies in `Cargo.toml`
* Update opentelemetry
* [doc] windows.md: fix link
* Inline channel pattern list
* Remove unused import
* Explicitly import symbols
* Remove unused dependencies from macros crate
* Replace usage of lazy_static with once_cell
* Use more conventional field order in package table
* Remove authors from Cargo manifest (per RFC 3052)
* Use uniform dependency specification style
* Inline `semver::Version` in `toolchain_sort`
* Add docs specifying `toolchain_sort`'s expected behavior
* Change key used in `toolchain_sort`
* Inline `special_version` in `toolchain_sort`
* Inline `toolchain_sort_key` in `toolchain_sort`
* Replace `sort_by` with `sort_by_key` in `toolchain_sort`
* Refine `test_toolchain_sort`
* Suggest installing MSYS2 for `windows-gnu`
* Fix the test toolchain_broken_symlink on Windows
* Move `TOOLSTATE_MSG` to `dist` to serve toolchain-wide operations
* Add test to ensure resolution of #3418
* Add `Panics` sections to docstrings
* Refactor `components_*_msg`
* Delete suggestions of removing the relevant component from
`component_unavailable_msg`
* Clean up some `manifestation` logic
* Warn when running under Rosetta emulation
* Typo fixed in tips-and-tricks.md file
* Adjust suggestions about sourcing `env` files
* Restrict zsh `shwordsplit` to `downloader()`
* Update Rust crate zstd to 0.13
* Apply `clippy` suggestions
* Extract `post_install_msg_unix_source_env!()`
* Add suggestions to mention sourcing `env.fish`
* Fix zsh word splitting for curl "\--retry 3"
* Add ksh compatibility for latest illumos and others
* Remove redundant message if an error occurs during package extraction
* Update Rust crate regex to 1.10.0
* Write a custom env script for fish
* Fix fish config dir paths
* Update all rc fish scripts
* Try to add support for fish shell
* Clarify the origin of `rust-$TARGET` CI Docker images
* Apply more `clippy` suggestions
* Capturing IO error in download_file_with_resume (#3421)
* Adjust instructions for manual installation (#3502)
* Windows: Load DLLs from system32
* When running a 32-bit rustup on an aarch64 CPU, select a 32-bit toolchain
* Do not fallback to "arm" in rustup-init.sh on aarch64 with 32-bit userland
* Update Rust crate toml to 0.8
* Mention `brew install rustup-init` in the user guide
* Adjust section titles in the user guide
* Update actions/checkout action to v4
* Avoid warning for unused variant
* fix invalid link for 1.25.2
* 1.26.0 should not be unreleased in the changelog
* Refactor test case `install_uninstall_affect_path`
* Update Rust crate winreg to 0.51
* Apply clippy suggestions from Rust 1.74 (#3497)
* Fix rustup_only_options_stdout
* Bring additional help section style in line with clap 4
* Upgrade to clap 4
* Avoid deprecated clap API
* Isolate trycmd tests from environment
* Update Rust crate tracing-opentelemetry to 0.21.0
* buf writes to components
* Update Rust crate tempfile to 3.8
* Return the right lifetime from DistributableToolchain::install
* Fix handling of async tests
* Improve CI debugability
* Refactor: Use download_cfg.notify_handler in update()
* Authenticate when installing protoc
* Avoid installing protoc for most CI workflows
* Refine suggestions of sourcing `$HOME/.cargo/env`
* Avoid `sysctl: unknown oid` stderr output and/or non-zero exit code
* Configure automerge in Renovate
* Fix renovate.json
* Make `RUSTUP_TERM_COLOR`'s value case insensitive
* Add unit tests for `RUSTUP_TERM_COLOR`
* Support `RUSTUP_TERM_COLOR` as an override environment variable
* macOS `uname -m` can lie due to Rosetta shenanigans
* Migrate CONTRIBUTING.md to an mdbook
* Build docs during CI
* Move the user guide from doc to doc/user-guide
* Update Rust crate tempfile to 3.7
* Use available_parallelism replace the `num_cpus`crate
* rustup-init.sh: Check for kernel UAPI compatibility on LoongArch
* Enable loongarch64-linux-gnu builds on stable
* allow `clippy::arc_with_non_send_sync`
* Address `#[warn(clippy::useless_vec)]`
* Address `#[warn(clippy::needless_borrow)]`
* Address `#[warn(clippy::useless_conversion)]`
* Address `#[warn(clippy::redundant_pattern_matching)]`
* Address `#[warn(clippy::redundant_field_names)]`
* Bump proc-macro2 v1.0.51 -> v1.0.63
* Bump the openssl v0.10.52 -> v0.10.55
* Fix typo: prerequistes -> prerequisites
* update installation methods to use TLS v1.2
* Disable the "oldtime" feature of chrono
* Update Rust crate tempfile to 3.6
* Update Rust crate url to 2.4
* Update Rust crate once_cell to 1.18.0
* Make download_tracker thread safe.
* Enable broken color in MSYS2 shells
* Add suggest_message helper for errors
* replace term with termcolor
* Tweak docs
* Improve error message for removing uninstalled target
* Improve error message for adding unknown target
* CI support for loongarch64-unknown-linux-gnu
* Fix compile on rust nightly
* Group updates to opentelemetry together
* Improve CurrentProcess
* Update dependencies
* TestProcess and friends should be test only
* Update Rust crate windows-sys to 0.48.0
* Rework Toolchain model and drop relative file path overrides
* Add in opentelemetry tracing as a feature
* Remove repeated definite article
* Make clippy happy
* Update Rust crate toml to 0.7.3
* Suggest right toolchain when running clippy
* Fix small typo
* Update Rust crate winreg to 0.50
* Update Rust crate tempfile to 3.5
* Compile static Mutex where possible
* Upgrade CI image to FreeBSD 13.2
* Update Rust crate opener to 0.6.0
* Update Rust crate enum-map to 2.5.0
* Bumped retry
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2831=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2831=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2831=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2831=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2831=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2831=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2831=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2831=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2831=1
## Package List:
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* rustup-debugsource-1.28.2~0-150400.3.13.1
* rustup-debuginfo-1.28.2~0-150400.3.13.1
* rustup-1.28.2~0-150400.3.13.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 x86_64)
* rustup-debugsource-1.28.2~0-150400.3.13.1
* rustup-debuginfo-1.28.2~0-150400.3.13.1
* rustup-1.28.2~0-150400.3.13.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* rustup-debuginfo-1.28.2~0-150400.3.13.1
* rustup-debugsource-1.28.2~0-150400.3.13.1
* rustup-1.28.2~0-150400.3.13.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* rustup-debuginfo-1.28.2~0-150400.3.13.1
* rustup-debugsource-1.28.2~0-150400.3.13.1
* rustup-1.28.2~0-150400.3.13.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* rustup-debugsource-1.28.2~0-150400.3.13.1
* rustup-debuginfo-1.28.2~0-150400.3.13.1
* rustup-1.28.2~0-150400.3.13.1
* openSUSE Leap 15.4 (aarch64 x86_64)
* rustup-debugsource-1.28.2~0-150400.3.13.1
* rustup-debuginfo-1.28.2~0-150400.3.13.1
* rustup-1.28.2~0-150400.3.13.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* rustup-debuginfo-1.28.2~0-150400.3.13.1
* rustup-debugsource-1.28.2~0-150400.3.13.1
* rustup-1.28.2~0-150400.3.13.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 x86_64)
* rustup-1.28.2~0-150400.3.13.1
* rustup-debuginfo-1.28.2~0-150400.3.13.1
* rustup-debugsource-1.28.2~0-150400.3.13.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* rustup-1.28.2~0-150400.3.13.1
* rustup-debuginfo-1.28.2~0-150400.3.13.1
* rustup-debugsource-1.28.2~0-150400.3.13.1
## References:
* https://www.suse.com/security/cve/CVE-2024-12224.html
* https://www.suse.com/security/cve/CVE-2025-58160.html
* https://www.suse.com/security/cve/CVE-2026-25727.html
* https://www.suse.com/security/cve/CVE-2026-41676.html
* https://www.suse.com/security/cve/CVE-2026-41677.html
* https://www.suse.com/security/cve/CVE-2026-41678.html
* https://www.suse.com/security/cve/CVE-2026-41681.html
* https://www.suse.com/security/cve/CVE-2026-41898.html
* https://www.suse.com/security/cve/CVE-2026-42327.html
* https://www.suse.com/security/cve/CVE-2026-44662.html
* https://www.suse.com/security/cve/CVE-2026-45784.html
* https://bugzilla.suse.com/show_bug.cgi?id=1203257
* https://bugzilla.suse.com/show_bug.cgi?id=1230032
* https://bugzilla.suse.com/show_bug.cgi?id=1243862
* https://bugzilla.suse.com/show_bug.cgi?id=1249008
* https://bugzilla.suse.com/show_bug.cgi?id=1257902
* https://bugzilla.suse.com/show_bug.cgi?id=1270186
* https://bugzilla.suse.com/show_bug.cgi?id=1270521
* https://bugzilla.suse.com/show_bug.cgi?id=1270619
* https://bugzilla.suse.com/show_bug.cgi?id=1270644
* https://bugzilla.suse.com/show_bug.cgi?id=1270795
* https://bugzilla.suse.com/show_bug.cgi?id=1270870
* https://bugzilla.suse.com/show_bug.cgi?id=1270874
* https://bugzilla.suse.com/show_bug.cgi?id=1270989
SUSE-SU-2026:2834-1: important: Security update for clamav
# Security update for clamav
Announcement ID: SUSE-SU-2026:2834-1
Release Date: 2026-07-09T19:12:56Z
Rating: important
References:
* bsc#1270085
* bsc#1270088
* bsc#1270089
* bsc#1270091
* bsc#1270092
* bsc#1270106
* bsc#1270107
* bsc#1270138
Cross-References:
* CVE-2026-20213
* CVE-2026-20214
* CVE-2026-20215
* CVE-2026-20216
* CVE-2026-20217
* CVE-2026-20243
* CVE-2026-20244
* CVE-2026-41676
CVSS scores:
* CVE-2026-20213 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20213 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20214 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20214 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20215 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20215 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20216 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20216 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20217 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20217 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20243 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20243 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20244 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20244 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-41676 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-41676 ( NVD ): 7.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41676 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves eight vulnerabilities can now be installed.
## Description:
This update for clamav fixes the following issues
* CVE-2026-20213: PE file format parser could allow an unauthenticated, remote
attacker to cause a denial of service (bsc#1270107).
* CVE-2026-20214: FSG file format parser could allow an unauthenticated,
remote attacker to cause a denial of service (bsc#1270085).
* CVE-2026-20215: 7z file format parser could allow an unauthenticated, remote
attacker to cause a denial of service (bsc#1270088).
* CVE-2026-20216: InstallShield file format parser could allow an
unauthenticated, remote attacker to cause a denial of service (bsc#1270089).
* CVE-2026-20217: PESpin file format parser could allow an unauthenticated,
remote attacker to cause a denial of service (bsc#1270091).
* CVE-2026-20243: ALZ file format parser could allow an unauthenticated,
remote attacker to cause a denial of service (bsc#1270092).
* CVE-2026-20244: DMG file format parser could allow an unauthenticated,
remote attacker to cause a denial of service on 32-bit platforms only
(bsc#1270106).
* CVE-2026-41676: rust-openssl: `Deriver:derive` and `PkeyCtxRef:derive` can
overflow short buffers on OpenSSL 1.1.1 (bsc#1270138).
Changes for clamav:
* Update to 1.5.3:
* Hardened clamscan, clamdscan, and clamonacc quarantine actions against time-
of-check/time-of-use races that could redirect copied, moved, or removed
files under unsafe quarantine directory configurations.
* Raised the minimum required CMake version to 3.17 to fix Linux builds with
libcurl v8.21.0 when linking static library dependencies.
* Metadata preclass scans now run before the final scan verdict.
* ClamOnAcc: Fixed errors when recursively excluded paths are children of an
included path.
* ClamOnAcc: Fixed hash bucket list corruption when two watched paths collide
in the same bucket.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2834=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2834=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2834=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2834=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2834=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2834=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2834=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2834=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2834=1
## Package List:
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libclammspack0-1.5.3-150400.13.8.1
* libclamav12-1.5.3-150400.13.8.1
* libclamav12-debuginfo-1.5.3-150400.13.8.1
* libfreshclam4-debuginfo-1.5.3-150400.13.8.1
* clamav-devel-1.5.3-150400.13.8.1
* clamav-debuginfo-1.5.3-150400.13.8.1
* clamav-debugsource-1.5.3-150400.13.8.1
* clamav-1.5.3-150400.13.8.1
* clamav-milter-1.5.3-150400.13.8.1
* clamav-milter-debuginfo-1.5.3-150400.13.8.1
* libfreshclam4-1.5.3-150400.13.8.1
* libclammspack0-debuginfo-1.5.3-150400.13.8.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* clamav-docs-html-1.5.3-150400.13.8.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* libclammspack0-1.5.3-150400.13.8.1
* libclamav12-1.5.3-150400.13.8.1
* libclamav12-debuginfo-1.5.3-150400.13.8.1
* clamav-devel-1.5.3-150400.13.8.1
* libfreshclam4-debuginfo-1.5.3-150400.13.8.1
* clamav-debuginfo-1.5.3-150400.13.8.1
* clamav-debugsource-1.5.3-150400.13.8.1
* clamav-1.5.3-150400.13.8.1
* clamav-milter-1.5.3-150400.13.8.1
* clamav-milter-debuginfo-1.5.3-150400.13.8.1
* libfreshclam4-1.5.3-150400.13.8.1
* libclammspack0-debuginfo-1.5.3-150400.13.8.1
* openSUSE Leap 15.4 (noarch)
* clamav-docs-html-1.5.3-150400.13.8.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libclammspack0-1.5.3-150400.13.8.1
* libclamav12-1.5.3-150400.13.8.1
* libclamav12-debuginfo-1.5.3-150400.13.8.1
* clamav-devel-1.5.3-150400.13.8.1
* libfreshclam4-debuginfo-1.5.3-150400.13.8.1
* clamav-debuginfo-1.5.3-150400.13.8.1
* clamav-debugsource-1.5.3-150400.13.8.1
* clamav-1.5.3-150400.13.8.1
* clamav-milter-1.5.3-150400.13.8.1
* clamav-milter-debuginfo-1.5.3-150400.13.8.1
* libfreshclam4-1.5.3-150400.13.8.1
* libclammspack0-debuginfo-1.5.3-150400.13.8.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* clamav-docs-html-1.5.3-150400.13.8.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libclammspack0-1.5.3-150400.13.8.1
* libclamav12-1.5.3-150400.13.8.1
* libclamav12-debuginfo-1.5.3-150400.13.8.1
* clamav-devel-1.5.3-150400.13.8.1
* libfreshclam4-debuginfo-1.5.3-150400.13.8.1
* clamav-debuginfo-1.5.3-150400.13.8.1
* clamav-debugsource-1.5.3-150400.13.8.1
* clamav-1.5.3-150400.13.8.1
* clamav-milter-1.5.3-150400.13.8.1
* clamav-milter-debuginfo-1.5.3-150400.13.8.1
* libfreshclam4-1.5.3-150400.13.8.1
* libclammspack0-debuginfo-1.5.3-150400.13.8.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* clamav-docs-html-1.5.3-150400.13.8.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* clamav-docs-html-1.5.3-150400.13.8.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libclammspack0-1.5.3-150400.13.8.1
* libclamav12-1.5.3-150400.13.8.1
* libclamav12-debuginfo-1.5.3-150400.13.8.1
* libfreshclam4-debuginfo-1.5.3-150400.13.8.1
* clamav-devel-1.5.3-150400.13.8.1
* clamav-debuginfo-1.5.3-150400.13.8.1
* clamav-debugsource-1.5.3-150400.13.8.1
* clamav-1.5.3-150400.13.8.1
* clamav-milter-1.5.3-150400.13.8.1
* clamav-milter-debuginfo-1.5.3-150400.13.8.1
* libfreshclam4-1.5.3-150400.13.8.1
* libclammspack0-debuginfo-1.5.3-150400.13.8.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libclammspack0-1.5.3-150400.13.8.1
* libclamav12-1.5.3-150400.13.8.1
* libclamav12-debuginfo-1.5.3-150400.13.8.1
* clamav-devel-1.5.3-150400.13.8.1
* libfreshclam4-debuginfo-1.5.3-150400.13.8.1
* clamav-debuginfo-1.5.3-150400.13.8.1
* clamav-debugsource-1.5.3-150400.13.8.1
* clamav-1.5.3-150400.13.8.1
* clamav-milter-1.5.3-150400.13.8.1
* clamav-milter-debuginfo-1.5.3-150400.13.8.1
* libfreshclam4-1.5.3-150400.13.8.1
* libclammspack0-debuginfo-1.5.3-150400.13.8.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* clamav-docs-html-1.5.3-150400.13.8.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libclammspack0-1.5.3-150400.13.8.1
* libclamav12-1.5.3-150400.13.8.1
* libclamav12-debuginfo-1.5.3-150400.13.8.1
* libfreshclam4-debuginfo-1.5.3-150400.13.8.1
* clamav-devel-1.5.3-150400.13.8.1
* clamav-debuginfo-1.5.3-150400.13.8.1
* clamav-debugsource-1.5.3-150400.13.8.1
* clamav-1.5.3-150400.13.8.1
* clamav-milter-1.5.3-150400.13.8.1
* clamav-milter-debuginfo-1.5.3-150400.13.8.1
* libfreshclam4-1.5.3-150400.13.8.1
* libclammspack0-debuginfo-1.5.3-150400.13.8.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* clamav-docs-html-1.5.3-150400.13.8.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* clamav-docs-html-1.5.3-150400.13.8.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libclammspack0-1.5.3-150400.13.8.1
* libclamav12-1.5.3-150400.13.8.1
* libclamav12-debuginfo-1.5.3-150400.13.8.1
* libfreshclam4-debuginfo-1.5.3-150400.13.8.1
* clamav-devel-1.5.3-150400.13.8.1
* clamav-debugsource-1.5.3-150400.13.8.1
* clamav-debuginfo-1.5.3-150400.13.8.1
* clamav-1.5.3-150400.13.8.1
* clamav-milter-1.5.3-150400.13.8.1
* clamav-milter-debuginfo-1.5.3-150400.13.8.1
* libfreshclam4-1.5.3-150400.13.8.1
* libclammspack0-debuginfo-1.5.3-150400.13.8.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libclammspack0-1.5.3-150400.13.8.1
* libclamav12-1.5.3-150400.13.8.1
* libclamav12-debuginfo-1.5.3-150400.13.8.1
* clamav-devel-1.5.3-150400.13.8.1
* libfreshclam4-debuginfo-1.5.3-150400.13.8.1
* clamav-debuginfo-1.5.3-150400.13.8.1
* clamav-debugsource-1.5.3-150400.13.8.1
* clamav-1.5.3-150400.13.8.1
* clamav-milter-1.5.3-150400.13.8.1
* clamav-milter-debuginfo-1.5.3-150400.13.8.1
* libfreshclam4-1.5.3-150400.13.8.1
* libclammspack0-debuginfo-1.5.3-150400.13.8.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* clamav-docs-html-1.5.3-150400.13.8.1
## References:
* https://www.suse.com/security/cve/CVE-2026-20213.html
* https://www.suse.com/security/cve/CVE-2026-20214.html
* https://www.suse.com/security/cve/CVE-2026-20215.html
* https://www.suse.com/security/cve/CVE-2026-20216.html
* https://www.suse.com/security/cve/CVE-2026-20217.html
* https://www.suse.com/security/cve/CVE-2026-20243.html
* https://www.suse.com/security/cve/CVE-2026-20244.html
* https://www.suse.com/security/cve/CVE-2026-41676.html
* https://bugzilla.suse.com/show_bug.cgi?id=1270085
* https://bugzilla.suse.com/show_bug.cgi?id=1270088
* https://bugzilla.suse.com/show_bug.cgi?id=1270089
* https://bugzilla.suse.com/show_bug.cgi?id=1270091
* https://bugzilla.suse.com/show_bug.cgi?id=1270092
* https://bugzilla.suse.com/show_bug.cgi?id=1270106
* https://bugzilla.suse.com/show_bug.cgi?id=1270107
* https://bugzilla.suse.com/show_bug.cgi?id=1270138
SUSE-SU-2026:2835-1: important: Security update for clamav
# Security update for clamav
Announcement ID: SUSE-SU-2026:2835-1
Release Date: 2026-07-09T19:13:18Z
Rating: important
References:
* bsc#1270085
* bsc#1270088
* bsc#1270089
* bsc#1270091
* bsc#1270092
* bsc#1270106
* bsc#1270107
* bsc#1270138
Cross-References:
* CVE-2026-20213
* CVE-2026-20214
* CVE-2026-20215
* CVE-2026-20216
* CVE-2026-20217
* CVE-2026-20243
* CVE-2026-20244
* CVE-2026-41676
CVSS scores:
* CVE-2026-20213 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20213 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20214 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20214 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20215 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20215 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20216 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20216 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20217 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20217 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20243 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20243 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20244 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20244 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-41676 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-41676 ( NVD ): 7.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41676 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves eight vulnerabilities can now be installed.
## Description:
This update for clamav fixes the following issues
* CVE-2026-20213: PE file format parser could allow an unauthenticated, remote
attacker to cause a denial of service (bsc#1270107).
* CVE-2026-20214: FSG file format parser could allow an unauthenticated,
remote attacker to cause a denial of service (bsc#1270085).
* CVE-2026-20215: 7z file format parser could allow an unauthenticated, remote
attacker to cause a denial of service (bsc#1270088).
* CVE-2026-20216: InstallShield file format parser could allow an
unauthenticated, remote attacker to cause a denial of service (bsc#1270089).
* CVE-2026-20217: PESpin file format parser could allow an unauthenticated,
remote attacker to cause a denial of service (bsc#1270091).
* CVE-2026-20243: ALZ file format parser could allow an unauthenticated,
remote attacker to cause a denial of service (bsc#1270092).
* CVE-2026-20244: DMG file format parser could allow an unauthenticated,
remote attacker to cause a denial of service on 32-bit platforms only
(bsc#1270106).
* CVE-2026-41676: rust-openssl: `Deriver:derive` and `PkeyCtxRef:derive` can
overflow short buffers on OpenSSL 1.1.1 (bsc#1270138).
Changes for clamav:
* Update to 1.5.3:
* Hardened clamscan, clamdscan, and clamonacc quarantine actions against time-
of-check/time-of-use races that could redirect copied, moved, or removed
files under unsafe quarantine directory configurations.
* Raised the minimum required CMake version to 3.17 to fix Linux builds with
libcurl v8.21.0 when linking static library dependencies.
* Metadata preclass scans now run before the final scan verdict.
* ClamOnAcc: Fixed errors when recursively excluded paths are children of an
included path.
* ClamOnAcc: Fixed hash bucket list corruption when two watched paths collide
in the same bucket.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2835=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2835=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2835=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2835=1
## Package List:
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libclammspack0-1.5.3-150600.18.28.1
* clamav-milter-1.5.3-150600.18.28.1
* clamav-debugsource-1.5.3-150600.18.28.1
* clamav-1.5.3-150600.18.28.1
* clamav-devel-1.5.3-150600.18.28.1
* libfreshclam4-debuginfo-1.5.3-150600.18.28.1
* libclamav12-1.5.3-150600.18.28.1
* libclamav12-debuginfo-1.5.3-150600.18.28.1
* clamav-milter-debuginfo-1.5.3-150600.18.28.1
* libclammspack0-debuginfo-1.5.3-150600.18.28.1
* libfreshclam4-1.5.3-150600.18.28.1
* clamav-debuginfo-1.5.3-150600.18.28.1
* Basesystem Module 15-SP7 (noarch)
* clamav-docs-html-1.5.3-150600.18.28.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* clamav-docs-html-1.5.3-150600.18.28.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libclammspack0-1.5.3-150600.18.28.1
* clamav-milter-1.5.3-150600.18.28.1
* clamav-debugsource-1.5.3-150600.18.28.1
* clamav-1.5.3-150600.18.28.1
* clamav-devel-1.5.3-150600.18.28.1
* libfreshclam4-debuginfo-1.5.3-150600.18.28.1
* libclamav12-1.5.3-150600.18.28.1
* clamav-milter-debuginfo-1.5.3-150600.18.28.1
* libclamav12-debuginfo-1.5.3-150600.18.28.1
* libclammspack0-debuginfo-1.5.3-150600.18.28.1
* libfreshclam4-1.5.3-150600.18.28.1
* clamav-debuginfo-1.5.3-150600.18.28.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libclammspack0-1.5.3-150600.18.28.1
* clamav-milter-1.5.3-150600.18.28.1
* clamav-debugsource-1.5.3-150600.18.28.1
* clamav-1.5.3-150600.18.28.1
* clamav-devel-1.5.3-150600.18.28.1
* libfreshclam4-debuginfo-1.5.3-150600.18.28.1
* libclamav12-1.5.3-150600.18.28.1
* libclamav12-debuginfo-1.5.3-150600.18.28.1
* clamav-milter-debuginfo-1.5.3-150600.18.28.1
* libclammspack0-debuginfo-1.5.3-150600.18.28.1
* libfreshclam4-1.5.3-150600.18.28.1
* clamav-debuginfo-1.5.3-150600.18.28.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* clamav-docs-html-1.5.3-150600.18.28.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* libclammspack0-1.5.3-150600.18.28.1
* clamav-milter-1.5.3-150600.18.28.1
* clamav-debugsource-1.5.3-150600.18.28.1
* clamav-1.5.3-150600.18.28.1
* clamav-devel-1.5.3-150600.18.28.1
* libfreshclam4-debuginfo-1.5.3-150600.18.28.1
* libclamav12-1.5.3-150600.18.28.1
* libclamav12-debuginfo-1.5.3-150600.18.28.1
* clamav-milter-debuginfo-1.5.3-150600.18.28.1
* libclammspack0-debuginfo-1.5.3-150600.18.28.1
* libfreshclam4-1.5.3-150600.18.28.1
* clamav-debuginfo-1.5.3-150600.18.28.1
* openSUSE Leap 15.6 (noarch)
* clamav-docs-html-1.5.3-150600.18.28.1
## References:
* https://www.suse.com/security/cve/CVE-2026-20213.html
* https://www.suse.com/security/cve/CVE-2026-20214.html
* https://www.suse.com/security/cve/CVE-2026-20215.html
* https://www.suse.com/security/cve/CVE-2026-20216.html
* https://www.suse.com/security/cve/CVE-2026-20217.html
* https://www.suse.com/security/cve/CVE-2026-20243.html
* https://www.suse.com/security/cve/CVE-2026-20244.html
* https://www.suse.com/security/cve/CVE-2026-41676.html
* https://bugzilla.suse.com/show_bug.cgi?id=1270085
* https://bugzilla.suse.com/show_bug.cgi?id=1270088
* https://bugzilla.suse.com/show_bug.cgi?id=1270089
* https://bugzilla.suse.com/show_bug.cgi?id=1270091
* https://bugzilla.suse.com/show_bug.cgi?id=1270092
* https://bugzilla.suse.com/show_bug.cgi?id=1270106
* https://bugzilla.suse.com/show_bug.cgi?id=1270107
* https://bugzilla.suse.com/show_bug.cgi?id=1270138
openSUSE-SU-2026:0239-1: important: Security update for flannel
openSUSE Security Update: Security update for flannel
_______________________________
Announcement ID: openSUSE-SU-2026:0239-1
Rating: important
References: #1265780 #1266620
Cross-References: CVE-2026-33814 CVE-2026-39821
CVSS scores:
CVE-2026-33814 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2026-39821 (SUSE): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for flannel fixes the following issues:
- Update to version 0.28.7:
* prepare for release v0.28.7 (#2485)
* fix: use install-conf in chart (#2484)
* fix: use semver tag type in Docker meta to support release events
(#2483)
* build(deps): bump github/codeql-action/upload-sarif (#2480)
* build(deps): bump golang.org/x/net from 0.54.0 to 0.55.0 (#2473), fix
for CVE-2026-33814 (boo#1265780) and CVE-2026-39821 (boo#1266620)
* build(deps): bump docker/build-push-action from 7.2.0 to 7.3.0 (#2479)
* build(deps): bump golangci/golangci-lint-action from 9.2.1 to 9.3.0
(#2478)
* build(deps): bump docker/metadata-action from 6.1.0 to 6.2.0 (#2476)
* build(deps): bump the tencent group with 2 updates (#2475)
* build(deps): bump the etcd group with 4 updates (#2474)
* fix: skip invalid CIDRs in subnet file readers (#2454)
* subnet/etcd: recover subnet watch from compaction (#2471)
* Bump the tencent group across 1 directory with 2 updates (#2461)
* Bump actions/attest-build-provenance from 4.1.0 to 4.1.1 (#2467)
* Bump actions/setup-go from 6.4.0 to 6.5.0 (#2468)
* feat: new install_conf cmd to install flannel's config file (#2466)
* Bump the other-go-modules group with 2 updates (#2464)
* Bump actions/checkout from 6.0.2 to 7.0.0 (#2465)
* Bump github/codeql-action from 4.36.0 to 4.36.2 (#2463)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-239=1
Package List:
- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):
flannel-0.28.7-bp157.2.12.1
- openSUSE Backports SLE-15-SP7 (noarch):
flannel-k8s-yaml-0.28.7-bp157.2.12.1
References:
https://www.suse.com/security/cve/CVE-2026-33814.html
https://www.suse.com/security/cve/CVE-2026-39821.html
https://bugzilla.suse.com/1265780
https://bugzilla.suse.com/1266620
openSUSE-SU-2026:0238-1: important: Security update for chromium
openSUSE Security Update: Security update for chromium
_______________________________
Announcement ID: openSUSE-SU-2026:0238-1
Rating: important
References: #1271093
Cross-References: CVE-2026-15107 CVE-2026-15108 CVE-2026-15109
CVE-2026-15110 CVE-2026-15111 CVE-2026-15112
CVE-2026-15113 CVE-2026-15114 CVE-2026-15115
CVE-2026-15116 CVE-2026-15117 CVE-2026-15118
CVE-2026-15119 CVE-2026-15120 CVE-2026-15121
CVE-2026-15122 CVE-2026-15123 CVE-2026-15124
CVE-2026-15125 CVE-2026-15126 CVE-2026-15127
CVE-2026-15128 CVE-2026-15129 CVE-2026-15130
CVE-2026-15131 CVE-2026-15132 CVE-2026-15133
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________
An update that fixes 27 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
- Chromium 150.0.7871.114 (boo#1271093):
* CVE-2026-15112: Use after free in Ozone
* CVE-2026-15129: Use after free in Views
* CVE-2026-15132: Uninitialized Use in V8
* CVE-2026-15133: Use after free in InterestGroups
* CVE-2026-15108: Integer overflow in Extensions API
* CVE-2026-15109: Uninitialized Use in ANGLE
* CVE-2026-15110: Use after free in Extensions
* CVE-2026-15111: Use after free in Views
* CVE-2026-15113: Use after free in Autofill
* CVE-2026-15114: Out of bounds read and write in Codecs
* CVE-2026-15115: Insufficient validation of untrusted input in
WebAppInstalls
* CVE-2026-15116: Use after free in Actor
* CVE-2026-15117: Use after free in Payments
* CVE-2026-15118: Use after free in Input
* CVE-2026-15119: Inappropriate implementation in GetUserMedia
* CVE-2026-15120: Use after free in Core
* CVE-2026-15121: Use after free in WebRTC
* CVE-2026-15122: Insufficient validation of untrusted input in Codecs
* CVE-2026-15123: Insufficient data validation in DOM
* CVE-2026-15124: Insufficient policy enforcement in Passwords
* CVE-2026-15125: Inappropriate implementation in Forms
* CVE-2026-15126: Use after free in Forms
* CVE-2026-15127: Inappropriate implementation in WebGL
* CVE-2026-15128: Inappropriate implementation in Forms
* CVE-2026-15130: Insufficient policy enforcement in Navigation
* CVE-2026-15107: Use after free in IndexedDB
* CVE-2026-15131: Insufficient data validation in Navigation
- Chromium 150.0.7871.100:
* stability improvements, no further information available
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-238=1
Package List:
- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le x86_64):
chromedriver-150.0.7871.114-bp157.2.184.1
chromium-150.0.7871.114-bp157.2.184.1
References:
https://www.suse.com/security/cve/CVE-2026-15107.html
https://www.suse.com/security/cve/CVE-2026-15108.html
https://www.suse.com/security/cve/CVE-2026-15109.html
https://www.suse.com/security/cve/CVE-2026-15110.html
https://www.suse.com/security/cve/CVE-2026-15111.html
https://www.suse.com/security/cve/CVE-2026-15112.html
https://www.suse.com/security/cve/CVE-2026-15113.html
https://www.suse.com/security/cve/CVE-2026-15114.html
https://www.suse.com/security/cve/CVE-2026-15115.html
https://www.suse.com/security/cve/CVE-2026-15116.html
https://www.suse.com/security/cve/CVE-2026-15117.html
https://www.suse.com/security/cve/CVE-2026-15118.html
https://www.suse.com/security/cve/CVE-2026-15119.html
https://www.suse.com/security/cve/CVE-2026-15120.html
https://www.suse.com/security/cve/CVE-2026-15121.html
https://www.suse.com/security/cve/CVE-2026-15122.html
https://www.suse.com/security/cve/CVE-2026-15123.html
https://www.suse.com/security/cve/CVE-2026-15124.html
https://www.suse.com/security/cve/CVE-2026-15125.html
https://www.suse.com/security/cve/CVE-2026-15126.html
https://www.suse.com/security/cve/CVE-2026-15127.html
https://www.suse.com/security/cve/CVE-2026-15128.html
https://www.suse.com/security/cve/CVE-2026-15129.html
https://www.suse.com/security/cve/CVE-2026-15130.html
https://www.suse.com/security/cve/CVE-2026-15131.html
https://www.suse.com/security/cve/CVE-2026-15132.html
https://www.suse.com/security/cve/CVE-2026-15133.html
https://bugzilla.suse.com/1271093
SUSE-SU-2026:2844-1: important: Security update for gstreamer-plugins-good
# Security update for gstreamer-plugins-good
Announcement ID: SUSE-SU-2026:2844-1
Release Date: 2026-07-10T10:29:20Z
Rating: important
References:
* bsc#1268449
Cross-References:
* CVE-2026-53705
CVSS scores:
* CVE-2026-53705 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-53705 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2026-53705 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves one vulnerability can now be installed.
## Description:
This update for gstreamer-plugins-good fixes the following issue
* CVE-2026-53705: Heap buffer overflow in WavPack decoder via integer overflow
(bsc#1268449).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2844=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2844=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2844=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2844=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2844=1
## Package List:
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* gstreamer-plugins-good-1.20.1-150400.3.17.1
* gstreamer-plugins-good-debugsource-1.20.1-150400.3.17.1
* gstreamer-plugins-good-debuginfo-1.20.1-150400.3.17.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* gstreamer-plugins-good-lang-1.20.1-150400.3.17.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* gstreamer-plugins-good-extra-64bit-1.20.1-150400.3.17.1
* gstreamer-plugins-good-jack-64bit-debuginfo-1.20.1-150400.3.17.1
* gstreamer-plugins-good-jack-64bit-1.20.1-150400.3.17.1
* gstreamer-plugins-good-extra-64bit-debuginfo-1.20.1-150400.3.17.1
* gstreamer-plugins-good-64bit-1.20.1-150400.3.17.1
* gstreamer-plugins-good-64bit-debuginfo-1.20.1-150400.3.17.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* gstreamer-plugins-good-gtk-1.20.1-150400.3.17.1
* gstreamer-plugins-good-debugsource-1.20.1-150400.3.17.1
* gstreamer-plugins-good-debuginfo-1.20.1-150400.3.17.1
* gstreamer-plugins-good-1.20.1-150400.3.17.1
* gstreamer-plugins-good-qtqml-debuginfo-1.20.1-150400.3.17.1
* gstreamer-plugins-good-qtqml-1.20.1-150400.3.17.1
* gstreamer-plugins-good-extra-1.20.1-150400.3.17.1
* gstreamer-plugins-good-jack-1.20.1-150400.3.17.1
* gstreamer-plugins-good-gtk-debuginfo-1.20.1-150400.3.17.1
* gstreamer-plugins-good-jack-debuginfo-1.20.1-150400.3.17.1
* gstreamer-plugins-good-extra-debuginfo-1.20.1-150400.3.17.1
* openSUSE Leap 15.4 (x86_64)
* gstreamer-plugins-good-jack-32bit-debuginfo-1.20.1-150400.3.17.1
* gstreamer-plugins-good-32bit-1.20.1-150400.3.17.1
* gstreamer-plugins-good-32bit-debuginfo-1.20.1-150400.3.17.1
* gstreamer-plugins-good-jack-32bit-1.20.1-150400.3.17.1
* gstreamer-plugins-good-extra-32bit-1.20.1-150400.3.17.1
* gstreamer-plugins-good-extra-32bit-debuginfo-1.20.1-150400.3.17.1
* openSUSE Leap 15.4 (noarch)
* gstreamer-plugins-good-lang-1.20.1-150400.3.17.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* gstreamer-plugins-good-lang-1.20.1-150400.3.17.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* gstreamer-plugins-good-1.20.1-150400.3.17.1
* gstreamer-plugins-good-debugsource-1.20.1-150400.3.17.1
* gstreamer-plugins-good-debuginfo-1.20.1-150400.3.17.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* gstreamer-plugins-good-debugsource-1.20.1-150400.3.17.1
* gstreamer-plugins-good-1.20.1-150400.3.17.1
* gstreamer-plugins-good-debuginfo-1.20.1-150400.3.17.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* gstreamer-plugins-good-lang-1.20.1-150400.3.17.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* gstreamer-plugins-good-lang-1.20.1-150400.3.17.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* gstreamer-plugins-good-debugsource-1.20.1-150400.3.17.1
* gstreamer-plugins-good-1.20.1-150400.3.17.1
* gstreamer-plugins-good-debuginfo-1.20.1-150400.3.17.1
## References:
* https://www.suse.com/security/cve/CVE-2026-53705.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268449
SUSE-SU-2026:2842-1: important: Security update for gstreamer-plugins-good
# Security update for gstreamer-plugins-good
Announcement ID: SUSE-SU-2026:2842-1
Release Date: 2026-07-10T10:25:06Z
Rating: important
References:
* bsc#1268449
Cross-References:
* CVE-2026-53705
CVSS scores:
* CVE-2026-53705 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-53705 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2026-53705 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves one vulnerability can now be installed.
## Description:
This update for gstreamer-plugins-good fixes the following issue
* CVE-2026-53705: Heap buffer overflow in WavPack decoder via integer overflow
(bsc#1268449).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2842=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2842=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2842=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2842=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2842=1
## Package List:
* openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64)
* gstreamer-plugins-good-qtqml-1.22.0-150500.4.13.1
* gstreamer-plugins-good-gtk-debuginfo-1.22.0-150500.4.13.1
* gstreamer-plugins-good-qtqml-debuginfo-1.22.0-150500.4.13.1
* gstreamer-plugins-good-extra-1.22.0-150500.4.13.1
* gstreamer-plugins-good-jack-debuginfo-1.22.0-150500.4.13.1
* gstreamer-plugins-good-jack-1.22.0-150500.4.13.1
* gstreamer-plugins-good-debugsource-1.22.0-150500.4.13.1
* gstreamer-plugins-good-extra-debuginfo-1.22.0-150500.4.13.1
* gstreamer-plugins-good-1.22.0-150500.4.13.1
* gstreamer-plugins-good-gtk-1.22.0-150500.4.13.1
* gstreamer-plugins-good-debuginfo-1.22.0-150500.4.13.1
* openSUSE Leap 15.5 (noarch)
* gstreamer-plugins-good-lang-1.22.0-150500.4.13.1
* openSUSE Leap 15.5 (x86_64)
* gstreamer-plugins-good-32bit-1.22.0-150500.4.13.1
* gstreamer-plugins-good-jack-32bit-1.22.0-150500.4.13.1
* gstreamer-plugins-good-jack-32bit-debuginfo-1.22.0-150500.4.13.1
* gstreamer-plugins-good-32bit-debuginfo-1.22.0-150500.4.13.1
* gstreamer-plugins-good-extra-32bit-debuginfo-1.22.0-150500.4.13.1
* gstreamer-plugins-good-extra-32bit-1.22.0-150500.4.13.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* gstreamer-plugins-good-jack-64bit-1.22.0-150500.4.13.1
* gstreamer-plugins-good-jack-64bit-debuginfo-1.22.0-150500.4.13.1
* gstreamer-plugins-good-64bit-debuginfo-1.22.0-150500.4.13.1
* gstreamer-plugins-good-64bit-1.22.0-150500.4.13.1
* gstreamer-plugins-good-extra-64bit-1.22.0-150500.4.13.1
* gstreamer-plugins-good-extra-64bit-debuginfo-1.22.0-150500.4.13.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* gstreamer-plugins-good-lang-1.22.0-150500.4.13.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* gstreamer-plugins-good-debugsource-1.22.0-150500.4.13.1
* gstreamer-plugins-good-1.22.0-150500.4.13.1
* gstreamer-plugins-good-debuginfo-1.22.0-150500.4.13.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* gstreamer-plugins-good-debugsource-1.22.0-150500.4.13.1
* gstreamer-plugins-good-1.22.0-150500.4.13.1
* gstreamer-plugins-good-debuginfo-1.22.0-150500.4.13.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* gstreamer-plugins-good-lang-1.22.0-150500.4.13.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* gstreamer-plugins-good-debugsource-1.22.0-150500.4.13.1
* gstreamer-plugins-good-1.22.0-150500.4.13.1
* gstreamer-plugins-good-debuginfo-1.22.0-150500.4.13.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* gstreamer-plugins-good-lang-1.22.0-150500.4.13.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* gstreamer-plugins-good-debugsource-1.22.0-150500.4.13.1
* gstreamer-plugins-good-1.22.0-150500.4.13.1
* gstreamer-plugins-good-debuginfo-1.22.0-150500.4.13.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* gstreamer-plugins-good-lang-1.22.0-150500.4.13.1
## References:
* https://www.suse.com/security/cve/CVE-2026-53705.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268449
SUSE-SU-2026:2843-1: important: Security update for gstreamer-plugins-good
# Security update for gstreamer-plugins-good
Announcement ID: SUSE-SU-2026:2843-1
Release Date: 2026-07-10T10:28:30Z
Rating: important
References:
* bsc#1268449
Cross-References:
* CVE-2026-53705
CVSS scores:
* CVE-2026-53705 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-53705 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2026-53705 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Affected Products:
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Linux Enterprise Workstation Extension 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for gstreamer-plugins-good fixes the following issue
* CVE-2026-53705: Heap buffer overflow in WavPack decoder via integer overflow
(bsc#1268449).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2843=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2843=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2843=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2843=1
* SUSE Linux Enterprise Workstation Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-2843=1
## Package List:
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* gstreamer-plugins-good-debugsource-1.24.0-150600.3.10.1
* gstreamer-plugins-good-1.24.0-150600.3.10.1
* gstreamer-plugins-good-debuginfo-1.24.0-150600.3.10.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* gstreamer-plugins-good-lang-1.24.0-150600.3.10.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* gstreamer-plugins-good-debugsource-1.24.0-150600.3.10.1
* gstreamer-plugins-good-1.24.0-150600.3.10.1
* gstreamer-plugins-good-debuginfo-1.24.0-150600.3.10.1
* Basesystem Module 15-SP7 (noarch)
* gstreamer-plugins-good-lang-1.24.0-150600.3.10.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* gstreamer-plugins-good-jack-64bit-1.24.0-150600.3.10.1
* gstreamer-plugins-good-64bit-1.24.0-150600.3.10.1
* gstreamer-plugins-good-extra-64bit-1.24.0-150600.3.10.1
* gstreamer-plugins-good-jack-64bit-debuginfo-1.24.0-150600.3.10.1
* gstreamer-plugins-good-extra-64bit-debuginfo-1.24.0-150600.3.10.1
* gstreamer-plugins-good-64bit-debuginfo-1.24.0-150600.3.10.1
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* gstreamer-plugins-good-gtk-debuginfo-1.24.0-150600.3.10.1
* gstreamer-plugins-good-debuginfo-1.24.0-150600.3.10.1
* gstreamer-plugins-good-gtk-1.24.0-150600.3.10.1
* gstreamer-plugins-good-jack-debuginfo-1.24.0-150600.3.10.1
* gstreamer-plugins-good-extra-1.24.0-150600.3.10.1
* gstreamer-plugins-good-qtqml-1.24.0-150600.3.10.1
* gstreamer-plugins-good-extra-debuginfo-1.24.0-150600.3.10.1
* gstreamer-plugins-good-debugsource-1.24.0-150600.3.10.1
* gstreamer-plugins-good-jack-1.24.0-150600.3.10.1
* gstreamer-plugins-good-qtqml-debuginfo-1.24.0-150600.3.10.1
* gstreamer-plugins-good-1.24.0-150600.3.10.1
* openSUSE Leap 15.6 (x86_64)
* gstreamer-plugins-good-32bit-debuginfo-1.24.0-150600.3.10.1
* gstreamer-plugins-good-extra-32bit-debuginfo-1.24.0-150600.3.10.1
* gstreamer-plugins-good-extra-32bit-1.24.0-150600.3.10.1
* gstreamer-plugins-good-jack-32bit-debuginfo-1.24.0-150600.3.10.1
* gstreamer-plugins-good-32bit-1.24.0-150600.3.10.1
* gstreamer-plugins-good-jack-32bit-1.24.0-150600.3.10.1
* openSUSE Leap 15.6 (noarch)
* gstreamer-plugins-good-lang-1.24.0-150600.3.10.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* gstreamer-plugins-good-lang-1.24.0-150600.3.10.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* gstreamer-plugins-good-debugsource-1.24.0-150600.3.10.1
* gstreamer-plugins-good-1.24.0-150600.3.10.1
* gstreamer-plugins-good-debuginfo-1.24.0-150600.3.10.1
* SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64)
* gstreamer-plugins-good-debugsource-1.24.0-150600.3.10.1
* gstreamer-plugins-good-gtk-debuginfo-1.24.0-150600.3.10.1
* gstreamer-plugins-good-debuginfo-1.24.0-150600.3.10.1
* gstreamer-plugins-good-gtk-1.24.0-150600.3.10.1
## References:
* https://www.suse.com/security/cve/CVE-2026-53705.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268449
SUSE-SU-2026:2847-1: important: Security update for krb5
# Security update for krb5
Announcement ID: SUSE-SU-2026:2847-1
Release Date: 2026-07-10T11:38:37Z
Rating: important
References:
* bsc#1268131
Cross-References:
* CVE-2026-11850
CVSS scores:
* CVE-2026-11850 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-11850 ( NVD ): 5.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves one vulnerability can now be installed.
## Description:
This update for krb5 fixes the following issue
* CVE-2026-11850: integer underflow in berval2tl_data() leads to heap out-of-
bounds read (bsc#1268131).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-2847=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2847=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2847=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2847=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2847=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2847=1
## Package List:
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* krb5-devel-1.20.1-150500.3.23.1
* krb5-plugin-kdb-ldap-1.20.1-150500.3.23.1
* krb5-client-debuginfo-1.20.1-150500.3.23.1
* krb5-server-debuginfo-1.20.1-150500.3.23.1
* krb5-plugin-preauth-pkinit-1.20.1-150500.3.23.1
* krb5-plugin-preauth-otp-1.20.1-150500.3.23.1
* krb5-client-1.20.1-150500.3.23.1
* krb5-plugin-kdb-ldap-debuginfo-1.20.1-150500.3.23.1
* krb5-plugin-preauth-otp-debuginfo-1.20.1-150500.3.23.1
* krb5-1.20.1-150500.3.23.1
* krb5-debugsource-1.20.1-150500.3.23.1
* krb5-plugin-preauth-pkinit-debuginfo-1.20.1-150500.3.23.1
* krb5-debuginfo-1.20.1-150500.3.23.1
* krb5-server-1.20.1-150500.3.23.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
* krb5-32bit-debuginfo-1.20.1-150500.3.23.1
* krb5-32bit-1.20.1-150500.3.23.1
* openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64)
* krb5-client-1.20.1-150500.3.23.1
* krb5-plugin-kdb-ldap-debuginfo-1.20.1-150500.3.23.1
* krb5-plugin-kdb-ldap-1.20.1-150500.3.23.1
* krb5-server-debuginfo-1.20.1-150500.3.23.1
* krb5-plugin-preauth-otp-1.20.1-150500.3.23.1
* krb5-mini-debugsource-1.20.1-150500.3.23.1
* krb5-1.20.1-150500.3.23.1
* krb5-plugin-preauth-pkinit-debuginfo-1.20.1-150500.3.23.1
* krb5-debuginfo-1.20.1-150500.3.23.1
* krb5-plugin-preauth-pkinit-1.20.1-150500.3.23.1
* krb5-client-debuginfo-1.20.1-150500.3.23.1
* krb5-mini-1.20.1-150500.3.23.1
* krb5-plugin-preauth-otp-debuginfo-1.20.1-150500.3.23.1
* krb5-debugsource-1.20.1-150500.3.23.1
* krb5-plugin-preauth-spake-debuginfo-1.20.1-150500.3.23.1
* krb5-devel-1.20.1-150500.3.23.1
* krb5-mini-debuginfo-1.20.1-150500.3.23.1
* krb5-mini-devel-1.20.1-150500.3.23.1
* krb5-plugin-preauth-spake-1.20.1-150500.3.23.1
* krb5-server-1.20.1-150500.3.23.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* krb5-devel-64bit-1.20.1-150500.3.23.1
* krb5-64bit-debuginfo-1.20.1-150500.3.23.1
* krb5-64bit-1.20.1-150500.3.23.1
* openSUSE Leap 15.5 (x86_64)
* krb5-devel-32bit-1.20.1-150500.3.23.1
* krb5-32bit-debuginfo-1.20.1-150500.3.23.1
* krb5-32bit-1.20.1-150500.3.23.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* krb5-1.20.1-150500.3.23.1
* krb5-debugsource-1.20.1-150500.3.23.1
* krb5-debuginfo-1.20.1-150500.3.23.1
* krb5-client-1.20.1-150500.3.23.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* krb5-plugin-kdb-ldap-1.20.1-150500.3.23.1
* krb5-devel-1.20.1-150500.3.23.1
* krb5-server-1.20.1-150500.3.23.1
* krb5-client-debuginfo-1.20.1-150500.3.23.1
* krb5-server-debuginfo-1.20.1-150500.3.23.1
* krb5-plugin-preauth-otp-1.20.1-150500.3.23.1
* krb5-client-1.20.1-150500.3.23.1
* krb5-plugin-kdb-ldap-debuginfo-1.20.1-150500.3.23.1
* krb5-plugin-preauth-otp-debuginfo-1.20.1-150500.3.23.1
* krb5-1.20.1-150500.3.23.1
* krb5-debugsource-1.20.1-150500.3.23.1
* krb5-plugin-preauth-pkinit-debuginfo-1.20.1-150500.3.23.1
* krb5-debuginfo-1.20.1-150500.3.23.1
* krb5-plugin-preauth-pkinit-1.20.1-150500.3.23.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* krb5-32bit-debuginfo-1.20.1-150500.3.23.1
* krb5-32bit-1.20.1-150500.3.23.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* krb5-plugin-kdb-ldap-1.20.1-150500.3.23.1
* krb5-devel-1.20.1-150500.3.23.1
* krb5-server-1.20.1-150500.3.23.1
* krb5-server-debuginfo-1.20.1-150500.3.23.1
* krb5-client-debuginfo-1.20.1-150500.3.23.1
* krb5-plugin-preauth-otp-1.20.1-150500.3.23.1
* krb5-client-1.20.1-150500.3.23.1
* krb5-plugin-kdb-ldap-debuginfo-1.20.1-150500.3.23.1
* krb5-plugin-preauth-otp-debuginfo-1.20.1-150500.3.23.1
* krb5-1.20.1-150500.3.23.1
* krb5-debugsource-1.20.1-150500.3.23.1
* krb5-plugin-preauth-pkinit-debuginfo-1.20.1-150500.3.23.1
* krb5-debuginfo-1.20.1-150500.3.23.1
* krb5-plugin-preauth-pkinit-1.20.1-150500.3.23.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64)
* krb5-32bit-debuginfo-1.20.1-150500.3.23.1
* krb5-32bit-1.20.1-150500.3.23.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* krb5-plugin-kdb-ldap-1.20.1-150500.3.23.1
* krb5-devel-1.20.1-150500.3.23.1
* krb5-client-debuginfo-1.20.1-150500.3.23.1
* krb5-server-debuginfo-1.20.1-150500.3.23.1
* krb5-plugin-preauth-pkinit-1.20.1-150500.3.23.1
* krb5-plugin-preauth-otp-1.20.1-150500.3.23.1
* krb5-client-1.20.1-150500.3.23.1
* krb5-plugin-kdb-ldap-debuginfo-1.20.1-150500.3.23.1
* krb5-plugin-preauth-otp-debuginfo-1.20.1-150500.3.23.1
* krb5-1.20.1-150500.3.23.1
* krb5-debugsource-1.20.1-150500.3.23.1
* krb5-plugin-preauth-pkinit-debuginfo-1.20.1-150500.3.23.1
* krb5-debuginfo-1.20.1-150500.3.23.1
* krb5-server-1.20.1-150500.3.23.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64)
* krb5-32bit-debuginfo-1.20.1-150500.3.23.1
* krb5-32bit-1.20.1-150500.3.23.1
## References:
* https://www.suse.com/security/cve/CVE-2026-11850.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268131
SUSE-SU-2026:2848-1: important: Security update for krb5, krb5-mini
# Security update for krb5, krb5-mini
Announcement ID: SUSE-SU-2026:2848-1
Release Date: 2026-07-10T11:39:12Z
Rating: important
References:
* bsc#1263366
* bsc#1263367
* bsc#1268131
Cross-References:
* CVE-2026-11850
* CVE-2026-40355
* CVE-2026-40356
CVSS scores:
* CVE-2026-11850 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-11850 ( NVD ): 5.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-40355 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40355 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40356 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40356 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* Server Applications Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves three vulnerabilities can now be installed.
## Description:
This update for krb5, krb5-mini fixes the following issues
* CVE-2026-11850: integer underflow in berval2tl_data() leads to heap out-of-
bounds read (bsc#1268131).
* CVE-2026-40355: Denial of Service via NULL pointer dereference in NegoEx
mechanism (bsc#1263366).
* CVE-2026-40356: Denial of Service via integer underflow and out-of-bounds
read (bsc#1263367).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2848=1
* Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-2848=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2848=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2848=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2848=1
## Package List:
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* krb5-1.20.1-150600.11.19.1
* krb5-plugin-preauth-pkinit-debuginfo-1.20.1-150600.11.19.1
* krb5-debugsource-1.20.1-150600.11.19.1
* krb5-devel-1.20.1-150600.11.19.1
* krb5-client-1.20.1-150600.11.19.1
* krb5-plugin-preauth-pkinit-1.20.1-150600.11.19.1
* krb5-debuginfo-1.20.1-150600.11.19.1
* krb5-plugin-preauth-otp-1.20.1-150600.11.19.1
* krb5-plugin-preauth-otp-debuginfo-1.20.1-150600.11.19.1
* krb5-client-debuginfo-1.20.1-150600.11.19.1
* Basesystem Module 15-SP7 (x86_64)
* krb5-32bit-debuginfo-1.20.1-150600.11.19.1
* krb5-32bit-1.20.1-150600.11.19.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* krb5-plugin-preauth-pkinit-debuginfo-1.20.1-150600.11.19.1
* krb5-1.20.1-150600.11.19.1
* krb5-debugsource-1.20.1-150600.11.19.1
* krb5-devel-1.20.1-150600.11.19.1
* krb5-server-debuginfo-1.20.1-150600.11.19.1
* krb5-client-1.20.1-150600.11.19.1
* krb5-plugin-preauth-pkinit-1.20.1-150600.11.19.1
* krb5-debuginfo-1.20.1-150600.11.19.1
* krb5-plugin-preauth-otp-1.20.1-150600.11.19.1
* krb5-plugin-preauth-otp-debuginfo-1.20.1-150600.11.19.1
* krb5-plugin-kdb-ldap-debuginfo-1.20.1-150600.11.19.1
* krb5-plugin-kdb-ldap-1.20.1-150600.11.19.1
* krb5-server-1.20.1-150600.11.19.1
* krb5-client-debuginfo-1.20.1-150600.11.19.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64)
* krb5-32bit-debuginfo-1.20.1-150600.11.19.1
* krb5-32bit-1.20.1-150600.11.19.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* krb5-plugin-preauth-pkinit-debuginfo-1.20.1-150600.11.19.1
* krb5-1.20.1-150600.11.19.1
* krb5-debugsource-1.20.1-150600.11.19.1
* krb5-devel-1.20.1-150600.11.19.1
* krb5-client-1.20.1-150600.11.19.1
* krb5-server-debuginfo-1.20.1-150600.11.19.1
* krb5-plugin-preauth-pkinit-1.20.1-150600.11.19.1
* krb5-debuginfo-1.20.1-150600.11.19.1
* krb5-plugin-preauth-otp-1.20.1-150600.11.19.1
* krb5-plugin-preauth-otp-debuginfo-1.20.1-150600.11.19.1
* krb5-plugin-kdb-ldap-debuginfo-1.20.1-150600.11.19.1
* krb5-plugin-kdb-ldap-1.20.1-150600.11.19.1
* krb5-server-1.20.1-150600.11.19.1
* krb5-client-debuginfo-1.20.1-150600.11.19.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64)
* krb5-32bit-debuginfo-1.20.1-150600.11.19.1
* krb5-32bit-1.20.1-150600.11.19.1
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* krb5-1.20.1-150600.11.19.1
* krb5-debugsource-1.20.1-150600.11.19.1
* krb5-debuginfo-1.20.1-150600.11.19.1
* krb5-mini-devel-1.20.1-150600.11.19.1
* krb5-plugin-preauth-otp-1.20.1-150600.11.19.1
* krb5-plugin-kdb-ldap-debuginfo-1.20.1-150600.11.19.1
* krb5-plugin-kdb-ldap-1.20.1-150600.11.19.1
* krb5-client-debuginfo-1.20.1-150600.11.19.1
* krb5-devel-1.20.1-150600.11.19.1
* krb5-mini-debuginfo-1.20.1-150600.11.19.1
* krb5-plugin-preauth-spake-1.20.1-150600.11.19.1
* krb5-server-debuginfo-1.20.1-150600.11.19.1
* krb5-client-1.20.1-150600.11.19.1
* krb5-server-1.20.1-150600.11.19.1
* krb5-mini-debugsource-1.20.1-150600.11.19.1
* krb5-plugin-preauth-pkinit-debuginfo-1.20.1-150600.11.19.1
* krb5-plugin-preauth-spake-debuginfo-1.20.1-150600.11.19.1
* krb5-mini-1.20.1-150600.11.19.1
* krb5-plugin-preauth-pkinit-1.20.1-150600.11.19.1
* krb5-plugin-preauth-otp-debuginfo-1.20.1-150600.11.19.1
* openSUSE Leap 15.6 (x86_64)
* krb5-devel-32bit-1.20.1-150600.11.19.1
* krb5-32bit-1.20.1-150600.11.19.1
* krb5-32bit-debuginfo-1.20.1-150600.11.19.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* krb5-64bit-debuginfo-1.20.1-150600.11.19.1
* krb5-64bit-1.20.1-150600.11.19.1
* krb5-devel-64bit-1.20.1-150600.11.19.1
* Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* krb5-debugsource-1.20.1-150600.11.19.1
* krb5-server-debuginfo-1.20.1-150600.11.19.1
* krb5-debuginfo-1.20.1-150600.11.19.1
* krb5-plugin-kdb-ldap-debuginfo-1.20.1-150600.11.19.1
* krb5-plugin-kdb-ldap-1.20.1-150600.11.19.1
* krb5-server-1.20.1-150600.11.19.1
## References:
* https://www.suse.com/security/cve/CVE-2026-11850.html
* https://www.suse.com/security/cve/CVE-2026-40355.html
* https://www.suse.com/security/cve/CVE-2026-40356.html
* https://bugzilla.suse.com/show_bug.cgi?id=1263366
* https://bugzilla.suse.com/show_bug.cgi?id=1263367
* https://bugzilla.suse.com/show_bug.cgi?id=1268131
openSUSE-SU-2026:21274-1: important: Security update for rust-keylime
openSUSE security update: security update for rust-keylime
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21274-1
Rating: important
References:
* bsc#1260596
* bsc#1270174
* bsc#1270523
* bsc#1270614
* bsc#1270699
* bsc#1270792
* bsc#1270842
* bsc#1270903
* bsc#1270999
Cross-References:
* CVE-2026-41676
* CVE-2026-41677
* CVE-2026-41678
* CVE-2026-41681
* CVE-2026-41898
* CVE-2026-42327
* CVE-2026-44662
* CVE-2026-45784
CVSS scores:
* CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-41676 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41677 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-41677 ( SUSE ): 1.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
* CVE-2026-41678 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-41678 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41681 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-41681 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-41898 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-41898 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-42327 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-42327 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-44662 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-44662 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-45784 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-45784 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 8 vulnerabilities and has 9 bug fixes can now be installed.
Description:
This update for rust-keylime fixes the following issues:
Update to version 0.2.9+49.
Security issues fixed:
- CVE-2026-41676: openssl: `Deriver:derive` and `PkeyCtxRef:derive` can overflow short buffers on OpenSSL 1.1.1
(bsc#1270174).
- CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length
(bsc#1270614).
- CVE-2026-41678: openssl: out-of-bounds write due to incorrect bounds assertion in `aes::unwrap_key()` (bsc#1270699).
- CVE-2026-41681: openssl: `MdCtxRef::digest_final()` writes past caller buffer with no length check (bsc#1270792).
- CVE-2026-41898: openssl: unchecked callback-returned length in PSK and cookie generate trampolines can leak adjacent
memory to the network (bsc#1270842).
- CVE-2026-42327: openssl: undefined behavior in `X509Ref::ocsp_responders` for certificates with non-UTF-8 OCSP URLs
(bsc#1270523).
- CVE-2026-44662: openssl: heap buffer overflow when encrypting with AES key-wrap-with-padding due to incorrectly sized
output buffers (bsc#1270903).
- CVE-2026-45784: openssl: out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers due to
incorrectly sized output buffer (bsc#1270999).
Other updates and bugfixes:
- Update openssl to 0.10.81.
- Make tss-esai-sys depend on bindgen 72.1 to support llvm > 21.
- Build with Clang cb in ip6_err_gen_icmpv6_unreach()
(bsc#1264097).
* CVE-2026-46090: ALSA: aloop: Fix peer runtime UAF during format-change stop
(bsc#1267531).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267722).
* CVE-2026-46197: drm/amdkfd: validate SVM ioctl nattr against buffer size
(bsc#1267381).
* CVE-2026-46229: drm/amdkfd: Clear VRAM on allocation to prevent stale data
exposure (bsc#1267567).
* CVE-2026-46253: pstore/ram: fix buffer overflow in persistent_ram_save_old()
(bsc#1267635).
* CVE-2026-46266: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP
(bsc#1267684).
* CVE-2026-46319: net/sched: act_ct: Only release RCU read lock after ct_ft
(bsc#1268022).
* CVE-2026-46320: tap: free page on error paths in tap_get_user_xdp()
(bsc#1267993).
* CVE-2026-46330: Revert "net/smc: Introduce TCP ULP support" (bsc#1268049).
* CVE-2026-46331: net/sched: fix pedit partial COW leading to page cache
(bsc#1265421).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268660).
* CVE-2026-52918: Bluetooth: serialize accept_q access (bsc#1269100).
* CVE-2026-52923: ipc: limit next_id allocation to the valid ID range
(bsc#1269033).
* CVE-2026-52924: sctp: purge outqueue on stale COOKIE-ECHO handling
(bsc#1269036).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269022).
* CVE-2026-52955: libceph: Fix potential out-of-bounds access in
crush_decode() (bsc#1269159).
* CVE-2026-52969: KVM: Reject wrapped offset in kvm_reset_dirty_gfn()
(bsc#1269184).
* CVE-2026-52972: crypto: af_alg - Cap AEAD AD length to 0x80000000
(bsc#1269195).
* CVE-2026-52993: tipc: fix double-free in tipc_buf_append() (bsc#1269193).
* CVE-2026-53016: crypto: ccp - copy IV using skcipher ivsize (bsc#1269090).
* CVE-2026-53041: ocfs2: fix listxattr handling when the buffer is full
(bsc#1269398).
* CVE-2026-53053: iommu/amd: Fix clone_alias() to use the original device's
devid (bsc#1269310).
* CVE-2026-53071: Bluetooth: l2cap: Add missing chan lock in
l2cap_ecred_reconf_rsp (bsc#1269678).
* CVE-2026-53072: Bluetooth: fix locking in hci_conn_request_evt() with
HCI_PROTO_DEFER (bsc#1269681).
* CVE-2026-53133: RDMA/umem: Fix truncation for block sizes >= 4G
(bsc#1269821).
* CVE-2026-53253: Bluetooth: bnep: reject short frames before parsing
(bsc#1269574).
* CVE-2026-53359: KVM: x86: Fix shadow paging use-after-free due to unexpected
role (bsc#1270059).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-2840=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2840=1
## Package List:
* openSUSE Leap 15.5 (x86_64)
* kernel-rt-livepatch-5.14.21-150500.13.151.1
* kernel-rt-optional-5.14.21-150500.13.151.1
* kernel-rt_debug-devel-5.14.21-150500.13.151.1
* kernel-rt-optional-debuginfo-5.14.21-150500.13.151.1
* dlm-kmp-rt-5.14.21-150500.13.151.1
* kselftests-kmp-rt-5.14.21-150500.13.151.1
* kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.151.1
* kernel-rt_debug-debugsource-5.14.21-150500.13.151.1
* kselftests-kmp-rt-debuginfo-5.14.21-150500.13.151.1
* kernel-rt-devel-debuginfo-5.14.21-150500.13.151.1
* reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.151.1
* kernel-rt-vdso-debuginfo-5.14.21-150500.13.151.1
* kernel-rt-vdso-5.14.21-150500.13.151.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.151.1
* kernel-rt-devel-5.14.21-150500.13.151.1
* ocfs2-kmp-rt-5.14.21-150500.13.151.1
* kernel-rt_debug-debuginfo-5.14.21-150500.13.151.1
* kernel-rt-debugsource-5.14.21-150500.13.151.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.151.1
* gfs2-kmp-rt-debuginfo-5.14.21-150500.13.151.1
* kernel-rt_debug-vdso-5.14.21-150500.13.151.1
* cluster-md-kmp-rt-5.14.21-150500.13.151.1
* dlm-kmp-rt-debuginfo-5.14.21-150500.13.151.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.151.1
* kernel-rt-extra-debuginfo-5.14.21-150500.13.151.1
* kernel-syms-rt-5.14.21-150500.13.151.1
* kernel-rt-extra-5.14.21-150500.13.151.1
* kernel-rt-debuginfo-5.14.21-150500.13.151.1
* gfs2-kmp-rt-5.14.21-150500.13.151.1
* kernel-rt-livepatch-devel-5.14.21-150500.13.151.1
* reiserfs-kmp-rt-5.14.21-150500.13.151.1
* openSUSE Leap 15.5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.151.1
* kernel-rt_debug-5.14.21-150500.13.151.1
* openSUSE Leap 15.5 (noarch)
* kernel-devel-rt-5.14.21-150500.13.151.1
* kernel-source-rt-5.14.21-150500.13.151.1
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* kernel-rt-debuginfo-5.14.21-150500.13.151.1
* kernel-rt-debugsource-5.14.21-150500.13.151.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* kernel-devel-rt-5.14.21-150500.13.151.1
* kernel-source-rt-5.14.21-150500.13.151.1
* SUSE Linux Enterprise Micro 5.5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.151.1
## References:
* https://www.suse.com/security/cve/CVE-2026-31771.html
* https://www.suse.com/security/cve/CVE-2026-43038.html
* https://www.suse.com/security/cve/CVE-2026-46090.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46197.html
* https://www.suse.com/security/cve/CVE-2026-46229.html
* https://www.suse.com/security/cve/CVE-2026-46253.html
* https://www.suse.com/security/cve/CVE-2026-46266.html
* https://www.suse.com/security/cve/CVE-2026-46274.html
* https://www.suse.com/security/cve/CVE-2026-46319.html
* https://www.suse.com/security/cve/CVE-2026-46320.html
* https://www.suse.com/security/cve/CVE-2026-46330.html
* https://www.suse.com/security/cve/CVE-2026-46331.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52918.html
* https://www.suse.com/security/cve/CVE-2026-52923.html
* https://www.suse.com/security/cve/CVE-2026-52924.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://www.suse.com/security/cve/CVE-2026-52955.html
* https://www.suse.com/security/cve/CVE-2026-52969.html
* https://www.suse.com/security/cve/CVE-2026-52972.html
* https://www.suse.com/security/cve/CVE-2026-52993.html
* https://www.suse.com/security/cve/CVE-2026-53016.html
* https://www.suse.com/security/cve/CVE-2026-53041.html
* https://www.suse.com/security/cve/CVE-2026-53053.html
* https://www.suse.com/security/cve/CVE-2026-53071.html
* https://www.suse.com/security/cve/CVE-2026-53072.html
* https://www.suse.com/security/cve/CVE-2026-53133.html
* https://www.suse.com/security/cve/CVE-2026-53253.html
* https://www.suse.com/security/cve/CVE-2026-53359.html
* https://bugzilla.suse.com/show_bug.cgi?id=1264097
* https://bugzilla.suse.com/show_bug.cgi?id=1264145
* https://bugzilla.suse.com/show_bug.cgi?id=1265421
* https://bugzilla.suse.com/show_bug.cgi?id=1267381
* https://bugzilla.suse.com/show_bug.cgi?id=1267531
* https://bugzilla.suse.com/show_bug.cgi?id=1267567
* https://bugzilla.suse.com/show_bug.cgi?id=1267635
* https://bugzilla.suse.com/show_bug.cgi?id=1267684
* https://bugzilla.suse.com/show_bug.cgi?id=1267722
* https://bugzilla.suse.com/show_bug.cgi?id=1267918
* https://bugzilla.suse.com/show_bug.cgi?id=1267993
* https://bugzilla.suse.com/show_bug.cgi?id=1268022
* https://bugzilla.suse.com/show_bug.cgi?id=1268049
* https://bugzilla.suse.com/show_bug.cgi?id=1268660
* https://bugzilla.suse.com/show_bug.cgi?id=1269022
* https://bugzilla.suse.com/show_bug.cgi?id=1269033
* https://bugzilla.suse.com/show_bug.cgi?id=1269036
* https://bugzilla.suse.com/show_bug.cgi?id=1269090
* https://bugzilla.suse.com/show_bug.cgi?id=1269100
* https://bugzilla.suse.com/show_bug.cgi?id=1269159
* https://bugzilla.suse.com/show_bug.cgi?id=1269184
* https://bugzilla.suse.com/show_bug.cgi?id=1269193
* https://bugzilla.suse.com/show_bug.cgi?id=1269195
* https://bugzilla.suse.com/show_bug.cgi?id=1269310
* https://bugzilla.suse.com/show_bug.cgi?id=1269398
* https://bugzilla.suse.com/show_bug.cgi?id=1269574
* https://bugzilla.suse.com/show_bug.cgi?id=1269678
* https://bugzilla.suse.com/show_bug.cgi?id=1269681
* https://bugzilla.suse.com/show_bug.cgi?id=1269821
* https://bugzilla.suse.com/show_bug.cgi?id=1270059