Linux Kernel, Nginx, Kubernetes, and Multiple Packages update for SUSE

SUSE 5673 Published by

SUSE have released a comprehensive batch of security patches that address numerous vulnerabilities across core operating system components and popular development libraries. High impact updates target the Linux kernel, Nginx web server, and Kubernetes to fix critical flaws like heap buffer overflows, infinite loops, and authorization bypasses that could lead to system crashes or unauthorized access. Enterprise administrators should deploy these fixes immediately using the zypper patch command or YaST interface to secure their infrastructure against over twenty tracked common vulnerabilities.

SUSE-SU-2026:2306-1: important: Security update for perl-Protocol-HTTP2
SUSE-SU-2026:2307-1: important: Security update for nginx
SUSE-SU-2026:2310-1: important: Security update for the Linux Kernel
SUSE-SU-2026:2311-1: moderate: Security update for avahi
openSUSE-SU-2026:20921-1: important: Security update for elemental-toolkit
openSUSE-SU-2026:20926-1: moderate: Security update for python-requests
openSUSE-SU-2026:20925-1: moderate: Security update for polkit
openSUSE-SU-2026:20919-1: moderate: Security update for agama-web-ui
openSUSE-SU-2026:20924-1: important: Security update for elemental-system-agent
openSUSE-SU-2026:20920-1: important: Security update for elemental-register
openSUSE-SU-2026:10965-1: moderate: ack-3.10.0-1.1 on GA media
openSUSE-SU-2026:10968-1: moderate: perl-CryptX-0.89.0-2.1 on GA media
openSUSE-SU-2026:10966-1: moderate: amazon-ssm-agent-3.3.4624.0-2.1 on GA media
openSUSE-SU-2026:10961-1: moderate: ggml-devel-9500-1.1 on GA media
SUSE-SU-2026:2325-1: important: Security update for kubernetes1.26




SUSE-SU-2026:2306-1: important: Security update for perl-Protocol-HTTP2


# Security update for perl-Protocol-HTTP2

Announcement ID: SUSE-SU-2026:2306-1
Release Date: 2026-06-09T07:58:46Z
Rating: important
References:

* bsc#1267857

Cross-References:

* CVE-2026-10725

CVSS scores:

* CVE-2026-10725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-10725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for perl-Protocol-HTTP2 fixes the following issue

* CVE-2026-10725: denial of service due to absence of inbound HPACK header-
list size limit (HTTP/2 Bomb attack) (bsc#1267857).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2306=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2306=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* perl-Protocol-HTTP2-1.10-150600.3.3.1
* SUSE Package Hub 15 15-SP7 (noarch)
* perl-Protocol-HTTP2-1.10-150600.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-10725.html
* https://bugzilla.suse.com/show_bug.cgi?id=1267857



SUSE-SU-2026:2307-1: important: Security update for nginx


# Security update for nginx

Announcement ID: SUSE-SU-2026:2307-1
Release Date: 2026-06-09T08:12:26Z
Rating: important
References:

* bsc#1266215

Cross-References:

* CVE-2026-9256

CVSS scores:

* CVE-2026-9256 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-9256 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* Server Applications Module 15-SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for nginx fixes the following issue

* CVE-2026-9256: heap buffer overflow in the `ngx_http_rewrite_module` when
using a configuration with overlapping captures (bsc#1266215).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2307=1

* Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-2307=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2307=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2307=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* nginx-1.21.5-150600.10.21.1
* nginx-debugsource-1.21.5-150600.10.21.1
* nginx-debuginfo-1.21.5-150600.10.21.1
* openSUSE Leap 15.6 (noarch)
* nginx-source-1.21.5-150600.10.21.1
* Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* nginx-1.21.5-150600.10.21.1
* nginx-debugsource-1.21.5-150600.10.21.1
* nginx-debuginfo-1.21.5-150600.10.21.1
* Server Applications Module 15-SP7 (noarch)
* nginx-source-1.21.5-150600.10.21.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* nginx-1.21.5-150600.10.21.1
* nginx-debugsource-1.21.5-150600.10.21.1
* nginx-debuginfo-1.21.5-150600.10.21.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* nginx-source-1.21.5-150600.10.21.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* nginx-1.21.5-150600.10.21.1
* nginx-debugsource-1.21.5-150600.10.21.1
* nginx-debuginfo-1.21.5-150600.10.21.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* nginx-source-1.21.5-150600.10.21.1

## References:

* https://www.suse.com/security/cve/CVE-2026-9256.html
* https://bugzilla.suse.com/show_bug.cgi?id=1266215



SUSE-SU-2026:2310-1: important: Security update for the Linux Kernel


# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2026:2310-1
Release Date: 2026-06-09T08:18:37Z
Rating: important
References:

* bsc#1261700
* bsc#1262663
* bsc#1263068
* bsc#1263769
* bsc#1263774
* bsc#1263790
* bsc#1263995
* bsc#1264093
* bsc#1264449
* bsc#1264551
* bsc#1264989
* bsc#1265928
* bsc#1265960
* bsc#1266001
* bsc#1266009
* bsc#1266238
* bsc#1266402
* bsc#1266414
* bsc#1266711
* bsc#1266765
* bsc#1266889
* bsc#1266901
* bsc#1266969
* bsc#1266972
* bsc#1267205
* bsc#1267220
* bsc#1267222

Cross-References:

* CVE-2026-31405
* CVE-2026-31473
* CVE-2026-31613
* CVE-2026-31614
* CVE-2026-31629
* CVE-2026-31758
* CVE-2026-43037
* CVE-2026-43206
* CVE-2026-43284
* CVE-2026-43362
* CVE-2026-43499
* CVE-2026-43501
* CVE-2026-43503
* CVE-2026-45852
* CVE-2026-45910
* CVE-2026-45970
* CVE-2026-46004
* CVE-2026-46021
* CVE-2026-46043
* CVE-2026-46113
* CVE-2026-46114
* CVE-2026-46243

CVSS scores:

* CVE-2026-31405 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31405 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31405 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31473 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31473 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31473 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31613 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31613 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31613 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
* CVE-2026-31614 ( SUSE ): 6.1
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31614 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31614 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31629 ( SUSE ): 8.7
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31629 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31629 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43206 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43206 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43284 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43362 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2026-43362 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
* CVE-2026-43362 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
* CVE-2026-43499 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43499 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43499 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43503 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-45852 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45852 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45852 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45910 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45910 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45910 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46004 ( SUSE ): 7.0
CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46004 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46021 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46021 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46043 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46043 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46043 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-46113 ( SUSE ): 9.3
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-46113 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46113 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46114 ( SUSE ): 5.3
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-46114 ( SUSE ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-46114 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise High Availability Extension 15 SP6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves 22 vulnerabilities and has five security fixes can now be
installed.

## Description:

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security
issues

The following security issues were fixed:

* CVE-2026-31405: media: dvb-net: fix OOB access in ULE extension header
tables (bsc#1261700).
* CVE-2026-31473: media: mc, v4l2: serialize REINIT and REQBUFS with
req_queue_mutex (bsc#1262663).
* CVE-2026-31613: smb: client: fix OOB reads parsing symlink error response
(bsc#1263769).
* CVE-2026-31614: smb: client: fix off-by-8 bounds check in check_wsl_eas()
(bsc#1263774).
* CVE-2026-31629: nfc: llcp: add missing return after LLCP_CLOSED checks
(bsc#1263790).
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264093).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb in ip4ip6_err() (bsc#1263995).
* CVE-2026-43206: drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set()
(bsc#1264551).
* CVE-2026-43362: smb: client: fix in-place encryption corruption in
SMB2_write() (bsc#1264989).
* CVE-2026-43499: rtmutex: Use waiter::task instead of current in
remove_waiter() (bsc#1266001).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266009).
* CVE-2026-43503: net: skbuff: propagate shared-frag marker through frag-
transfer helpers (bsc#1265960).
* CVE-2026-45852: RDMA/rxe: Fix double free in rxe_srq_from_init
(bsc#1266711).
* CVE-2026-45910: RDMA/rxe: Fix race condition in QP timer handlers
(bsc#1266889).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267205).
* CVE-2026-46004: ALSA: caiaq: Handle probe errors properly (bsc#1267222).
* CVE-2026-46021: thermal: core: Fix thermal zone governor cleanup issues
(bsc#1267220).
* CVE-2026-46043: RDMA/rxe: Validate pad and ICRC before payload_size() in
rxe_rcv (bsc#1266901).
* CVE-2026-46113: KVM: x86: Fix shadow paging use-after-free due to unexpected
GFN (bsc#1266969).
* CVE-2026-46114: RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads
(bsc#1266972).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(bsc#1266238).

The following non security issues were fixed:

* arm64: tlb: Allow XZR argument to TLBI ops (git-fixes).
* arm64: tlb: Optimize ARM64_WORKAROUND_REPEAT_TLBI (git-fixes).
* drm/hyperv: validate resolution_count and fix WIN8 fallback (git-fixes).
* drm/hyperv: validate VMBus packet size in receive callback (git-fixes).
* net: gro: don't merge zcopy skbs (git-fixes).
* net: mana: Add NULL guards in teardown path to prevent panic on attach
failure (git-fixes).
* net: mana: Expose hardware diagnostic info via debugfs (bsc#1266414).
* net: mana: Fix TOCTOU double-fetch of hwc_msg_id from DMA buffer
(bsc#1265928).
* net: mana: hardening: Reject zero max_num_queues from
GDMA_QUERY_MAX_RESOURCES (git-fixes).
* net: mana: Skip redundant detach on already-detached port (git-fixes).
* net: mana: Use kvmalloc for large RX queue and buffer allocations
(bsc#1266765).
* net: mana: Use per-queue allocation for tx_qp to reduce allocation size
(bsc#1266765).
* net: mana: validate rx_req_idx to prevent out-of-bounds array access
(bsc#1266402).
* RDMA/mana_ib: Report max_msg_sz in mana_ib_query_port (git-fixes).
* s390/barrier: Make array_index_mask_nospec() __always_inline (bsc#1263068).
* s390/entry: Scrub r12 register on kernel entry (bsc#1263068).
* s390/syscalls: Add spectre boundary for syscall dispatch table
(bsc#1263068).
* smb: client: correctly handle ErrorContextData as a flexible array (git-
fixes).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2310=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2310=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2310=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-2310=1

* SUSE Linux Enterprise High Availability Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-2310=1

## Package List:

* openSUSE Leap 15.6 (aarch64)
* dtb-apm-6.4.0-150600.23.115.1
* dtb-allwinner-6.4.0-150600.23.115.1
* dlm-kmp-64kb-6.4.0-150600.23.115.1
* gfs2-kmp-64kb-debuginfo-6.4.0-150600.23.115.1
* dtb-rockchip-6.4.0-150600.23.115.1
* dtb-freescale-6.4.0-150600.23.115.1
* dlm-kmp-64kb-debuginfo-6.4.0-150600.23.115.1
* dtb-hisilicon-6.4.0-150600.23.115.1
* dtb-cavium-6.4.0-150600.23.115.1
* kernel-64kb-devel-debuginfo-6.4.0-150600.23.115.1
* kernel-64kb-debugsource-6.4.0-150600.23.115.1
* dtb-qcom-6.4.0-150600.23.115.1
* dtb-lg-6.4.0-150600.23.115.1
* cluster-md-kmp-64kb-debuginfo-6.4.0-150600.23.115.1
* gfs2-kmp-64kb-6.4.0-150600.23.115.1
* ocfs2-kmp-64kb-6.4.0-150600.23.115.1
* dtb-marvell-6.4.0-150600.23.115.1
* dtb-renesas-6.4.0-150600.23.115.1
* dtb-exynos-6.4.0-150600.23.115.1
* kernel-64kb-devel-6.4.0-150600.23.115.1
* kselftests-kmp-64kb-debuginfo-6.4.0-150600.23.115.1
* dtb-amd-6.4.0-150600.23.115.1
* kernel-64kb-extra-debuginfo-6.4.0-150600.23.115.1
* kernel-64kb-optional-debuginfo-6.4.0-150600.23.115.1
* kernel-64kb-extra-6.4.0-150600.23.115.1
* dtb-amazon-6.4.0-150600.23.115.1
* kernel-64kb-optional-6.4.0-150600.23.115.1
* reiserfs-kmp-64kb-debuginfo-6.4.0-150600.23.115.1
* dtb-xilinx-6.4.0-150600.23.115.1
* dtb-apple-6.4.0-150600.23.115.1
* dtb-mediatek-6.4.0-150600.23.115.1
* ocfs2-kmp-64kb-debuginfo-6.4.0-150600.23.115.1
* dtb-amlogic-6.4.0-150600.23.115.1
* cluster-md-kmp-64kb-6.4.0-150600.23.115.1
* dtb-socionext-6.4.0-150600.23.115.1
* dtb-broadcom-6.4.0-150600.23.115.1
* reiserfs-kmp-64kb-6.4.0-150600.23.115.1
* kernel-64kb-debuginfo-6.4.0-150600.23.115.1
* dtb-altera-6.4.0-150600.23.115.1
* kselftests-kmp-64kb-6.4.0-150600.23.115.1
* dtb-arm-6.4.0-150600.23.115.1
* dtb-sprd-6.4.0-150600.23.115.1
* dtb-nvidia-6.4.0-150600.23.115.1
* openSUSE Leap 15.6 (aarch64 nosrc)
* kernel-64kb-6.4.0-150600.23.115.1
* openSUSE Leap 15.6 (aarch64 ppc64le x86_64)
* kernel-default-base-6.4.0-150600.23.115.1.150600.12.54.1
* kernel-default-base-rebuild-6.4.0-150600.23.115.1.150600.12.54.1
* kernel-kvmsmall-devel-6.4.0-150600.23.115.1
* kernel-kvmsmall-debuginfo-6.4.0-150600.23.115.1
* kernel-kvmsmall-devel-debuginfo-6.4.0-150600.23.115.1
* kernel-kvmsmall-debugsource-6.4.0-150600.23.115.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* kernel-obs-qa-6.4.0-150600.23.115.1
* kernel-obs-build-6.4.0-150600.23.115.1
* kernel-obs-build-debugsource-6.4.0-150600.23.115.1
* kernel-default-debugsource-6.4.0-150600.23.115.1
* kernel-default-devel-6.4.0-150600.23.115.1
* dlm-kmp-default-debuginfo-6.4.0-150600.23.115.1
* kselftests-kmp-default-debuginfo-6.4.0-150600.23.115.1
* gfs2-kmp-default-6.4.0-150600.23.115.1
* kernel-default-optional-debuginfo-6.4.0-150600.23.115.1
* kselftests-kmp-default-6.4.0-150600.23.115.1
* kernel-default-livepatch-6.4.0-150600.23.115.1
* kernel-default-extra-debuginfo-6.4.0-150600.23.115.1
* kernel-default-extra-6.4.0-150600.23.115.1
* gfs2-kmp-default-debuginfo-6.4.0-150600.23.115.1
* kernel-default-optional-6.4.0-150600.23.115.1
* kernel-syms-6.4.0-150600.23.115.1
* kernel-default-debuginfo-6.4.0-150600.23.115.1
* cluster-md-kmp-default-6.4.0-150600.23.115.1
* kernel-default-devel-debuginfo-6.4.0-150600.23.115.1
* ocfs2-kmp-default-6.4.0-150600.23.115.1
* reiserfs-kmp-default-debuginfo-6.4.0-150600.23.115.1
* dlm-kmp-default-6.4.0-150600.23.115.1
* ocfs2-kmp-default-debuginfo-6.4.0-150600.23.115.1
* reiserfs-kmp-default-6.4.0-150600.23.115.1
* cluster-md-kmp-default-debuginfo-6.4.0-150600.23.115.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-6.4.0-150600.23.115.1
* openSUSE Leap 15.6 (noarch nosrc)
* kernel-docs-6.4.0-150600.23.115.1
* openSUSE Leap 15.6 (noarch)
* kernel-macros-6.4.0-150600.23.115.1
* kernel-docs-html-6.4.0-150600.23.115.1
* kernel-devel-6.4.0-150600.23.115.1
* kernel-source-6.4.0-150600.23.115.1
* kernel-source-vanilla-6.4.0-150600.23.115.1
* openSUSE Leap 15.6 (nosrc ppc64le x86_64)
* kernel-debug-6.4.0-150600.23.115.1
* openSUSE Leap 15.6 (ppc64le x86_64)
* kernel-debug-debugsource-6.4.0-150600.23.115.1
* kernel-debug-devel-6.4.0-150600.23.115.1
* kernel-debug-debuginfo-6.4.0-150600.23.115.1
* kernel-debug-devel-debuginfo-6.4.0-150600.23.115.1
* openSUSE Leap 15.6 (x86_64)
* kernel-default-vdso-debuginfo-6.4.0-150600.23.115.1
* kernel-kvmsmall-vdso-6.4.0-150600.23.115.1
* kernel-debug-vdso-debuginfo-6.4.0-150600.23.115.1
* kernel-debug-vdso-6.4.0-150600.23.115.1
* kernel-kvmsmall-vdso-debuginfo-6.4.0-150600.23.115.1
* kernel-default-vdso-6.4.0-150600.23.115.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-default-livepatch-devel-6.4.0-150600.23.115.1
* kernel-livepatch-SLE15-SP6_Update_27-debugsource-1-150600.13.3.1
* kernel-livepatch-6_4_0-150600_23_115-default-debuginfo-1-150600.13.3.1
* kernel-livepatch-6_4_0-150600_23_115-default-1-150600.13.3.1
* openSUSE Leap 15.6 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-6.4.0-150600.23.115.1
* openSUSE Leap 15.6 (nosrc s390x)
* kernel-zfcpdump-6.4.0-150600.23.115.1
* openSUSE Leap 15.6 (s390x)
* kernel-zfcpdump-debugsource-6.4.0-150600.23.115.1
* kernel-zfcpdump-debuginfo-6.4.0-150600.23.115.1
* openSUSE Leap 15.6 (nosrc)
* dtb-aarch64-6.4.0-150600.23.115.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* kernel-obs-build-6.4.0-150600.23.115.1
* kernel-default-devel-debuginfo-6.4.0-150600.23.115.1
* kernel-default-devel-6.4.0-150600.23.115.1
* gfs2-kmp-default-debuginfo-6.4.0-150600.23.115.1
* ocfs2-kmp-default-6.4.0-150600.23.115.1
* dlm-kmp-default-debuginfo-6.4.0-150600.23.115.1
* reiserfs-kmp-default-debuginfo-6.4.0-150600.23.115.1
* ocfs2-kmp-default-debuginfo-6.4.0-150600.23.115.1
* dlm-kmp-default-6.4.0-150600.23.115.1
* gfs2-kmp-default-6.4.0-150600.23.115.1
* reiserfs-kmp-default-6.4.0-150600.23.115.1
* cluster-md-kmp-default-6.4.0-150600.23.115.1
* kernel-syms-6.4.0-150600.23.115.1
* kernel-default-debuginfo-6.4.0-150600.23.115.1
* cluster-md-kmp-default-debuginfo-6.4.0-150600.23.115.1
* kernel-obs-build-debugsource-6.4.0-150600.23.115.1
* kernel-default-debugsource-6.4.0-150600.23.115.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 nosrc)
* kernel-64kb-6.4.0-150600.23.115.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64)
* kernel-64kb-debugsource-6.4.0-150600.23.115.1
* kernel-64kb-debuginfo-6.4.0-150600.23.115.1
* kernel-64kb-devel-debuginfo-6.4.0-150600.23.115.1
* kernel-64kb-devel-6.4.0-150600.23.115.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64
nosrc)
* kernel-default-6.4.0-150600.23.115.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le x86_64)
* kernel-default-base-6.4.0-150600.23.115.1.150600.12.54.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* kernel-source-6.4.0-150600.23.115.1
* kernel-macros-6.4.0-150600.23.115.1
* kernel-devel-6.4.0-150600.23.115.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch nosrc)
* kernel-docs-6.4.0-150600.23.115.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (nosrc s390x)
* kernel-zfcpdump-6.4.0-150600.23.115.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (s390x)
* kernel-zfcpdump-debugsource-6.4.0-150600.23.115.1
* kernel-zfcpdump-debuginfo-6.4.0-150600.23.115.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* kernel-default-debugsource-6.4.0-150600.23.115.1
* kernel-obs-build-6.4.0-150600.23.115.1
* kernel-default-devel-debuginfo-6.4.0-150600.23.115.1
* kernel-default-devel-6.4.0-150600.23.115.1
* ocfs2-kmp-default-6.4.0-150600.23.115.1
* reiserfs-kmp-default-debuginfo-6.4.0-150600.23.115.1
* dlm-kmp-default-debuginfo-6.4.0-150600.23.115.1
* gfs2-kmp-default-debuginfo-6.4.0-150600.23.115.1
* ocfs2-kmp-default-debuginfo-6.4.0-150600.23.115.1
* dlm-kmp-default-6.4.0-150600.23.115.1
* reiserfs-kmp-default-6.4.0-150600.23.115.1
* gfs2-kmp-default-6.4.0-150600.23.115.1
* kernel-default-base-6.4.0-150600.23.115.1.150600.12.54.1
* kernel-syms-6.4.0-150600.23.115.1
* kernel-default-debuginfo-6.4.0-150600.23.115.1
* cluster-md-kmp-default-debuginfo-6.4.0-150600.23.115.1
* kernel-obs-build-debugsource-6.4.0-150600.23.115.1
* cluster-md-kmp-default-6.4.0-150600.23.115.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (nosrc ppc64le
x86_64)
* kernel-default-6.4.0-150600.23.115.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* kernel-source-6.4.0-150600.23.115.1
* kernel-macros-6.4.0-150600.23.115.1
* kernel-devel-6.4.0-150600.23.115.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch nosrc)
* kernel-docs-6.4.0-150600.23.115.1
* SUSE Linux Enterprise Live Patching 15-SP6 (nosrc)
* kernel-default-6.4.0-150600.23.115.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_115-default-debuginfo-1-150600.13.3.1
* kernel-default-livepatch-devel-6.4.0-150600.23.115.1
* kernel-livepatch-6_4_0-150600_23_115-default-1-150600.13.3.1
* kernel-default-debuginfo-6.4.0-150600.23.115.1
* kernel-default-livepatch-6.4.0-150600.23.115.1
* kernel-default-debugsource-6.4.0-150600.23.115.1
* kernel-livepatch-SLE15-SP6_Update_27-debugsource-1-150600.13.3.1
* SUSE Linux Enterprise High Availability Extension 15 SP6 (nosrc)
* kernel-default-6.4.0-150600.23.115.1
* SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le
s390x x86_64)
* kernel-default-debugsource-6.4.0-150600.23.115.1
* kernel-default-debuginfo-6.4.0-150600.23.115.1

## References:

* https://www.suse.com/security/cve/CVE-2026-31405.html
* https://www.suse.com/security/cve/CVE-2026-31473.html
* https://www.suse.com/security/cve/CVE-2026-31613.html
* https://www.suse.com/security/cve/CVE-2026-31614.html
* https://www.suse.com/security/cve/CVE-2026-31629.html
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43206.html
* https://www.suse.com/security/cve/CVE-2026-43284.html
* https://www.suse.com/security/cve/CVE-2026-43362.html
* https://www.suse.com/security/cve/CVE-2026-43499.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-43503.html
* https://www.suse.com/security/cve/CVE-2026-45852.html
* https://www.suse.com/security/cve/CVE-2026-45910.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46004.html
* https://www.suse.com/security/cve/CVE-2026-46021.html
* https://www.suse.com/security/cve/CVE-2026-46043.html
* https://www.suse.com/security/cve/CVE-2026-46113.html
* https://www.suse.com/security/cve/CVE-2026-46114.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261700
* https://bugzilla.suse.com/show_bug.cgi?id=1262663
* https://bugzilla.suse.com/show_bug.cgi?id=1263068
* https://bugzilla.suse.com/show_bug.cgi?id=1263769
* https://bugzilla.suse.com/show_bug.cgi?id=1263774
* https://bugzilla.suse.com/show_bug.cgi?id=1263790
* https://bugzilla.suse.com/show_bug.cgi?id=1263995
* https://bugzilla.suse.com/show_bug.cgi?id=1264093
* https://bugzilla.suse.com/show_bug.cgi?id=1264449
* https://bugzilla.suse.com/show_bug.cgi?id=1264551
* https://bugzilla.suse.com/show_bug.cgi?id=1264989
* https://bugzilla.suse.com/show_bug.cgi?id=1265928
* https://bugzilla.suse.com/show_bug.cgi?id=1265960
* https://bugzilla.suse.com/show_bug.cgi?id=1266001
* https://bugzilla.suse.com/show_bug.cgi?id=1266009
* https://bugzilla.suse.com/show_bug.cgi?id=1266238
* https://bugzilla.suse.com/show_bug.cgi?id=1266402
* https://bugzilla.suse.com/show_bug.cgi?id=1266414
* https://bugzilla.suse.com/show_bug.cgi?id=1266711
* https://bugzilla.suse.com/show_bug.cgi?id=1266765
* https://bugzilla.suse.com/show_bug.cgi?id=1266889
* https://bugzilla.suse.com/show_bug.cgi?id=1266901
* https://bugzilla.suse.com/show_bug.cgi?id=1266969
* https://bugzilla.suse.com/show_bug.cgi?id=1266972
* https://bugzilla.suse.com/show_bug.cgi?id=1267205
* https://bugzilla.suse.com/show_bug.cgi?id=1267220
* https://bugzilla.suse.com/show_bug.cgi?id=1267222



SUSE-SU-2026:2311-1: moderate: Security update for avahi


# Security update for avahi

Announcement ID: SUSE-SU-2026:2311-1
Release Date: 2026-06-09T11:05:49Z
Rating: moderate
References:

* bsc#1257235
* bsc#1261546

Cross-References:

* CVE-2026-24401
* CVE-2026-34933

CVSS scores:

* CVE-2026-24401 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-34933 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34933 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves two vulnerabilities can now be installed.

## Description:

This update for avahi fixes the following issue:

* CVE-2026-24401: uncontrolled recursion in `lookup_handle_cname` can crash
the `avahi-daemon` (bsc#1257235).
* CVE-2026-34933: reachable assertion in `transport_flags_from_domain` can
crash the `avahi-daemon` (bsc#1261546).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2311=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2311=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2311=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2311=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2311=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-2311=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* avahi-0.8-150400.7.31.2
* avahi-glib2-debugsource-0.8-150400.7.31.2
* libavahi-glib-devel-0.8-150400.7.31.2
* typelib-1_0-Avahi-0_6-0.8-150400.7.31.2
* avahi-compat-mDNSResponder-devel-0.8-150400.7.31.2
* libavahi-core7-debuginfo-0.8-150400.7.31.2
* libavahi-client3-debuginfo-0.8-150400.7.31.2
* libhowl0-0.8-150400.7.31.2
* python3-avahi-gtk-0.8-150400.7.31.2
* avahi-utils-0.8-150400.7.31.2
* libavahi-libevent1-0.8-150400.7.31.2
* libavahi-gobject-devel-0.8-150400.7.31.2
* libavahi-qt5-1-debuginfo-0.8-150400.7.31.2
* avahi-qt5-debugsource-0.8-150400.7.31.2
* avahi-compat-howl-devel-0.8-150400.7.31.2
* avahi-debugsource-0.8-150400.7.31.2
* libavahi-ui-gtk3-0-debuginfo-0.8-150400.7.31.2
* avahi-autoipd-0.8-150400.7.31.2
* avahi-debuginfo-0.8-150400.7.31.2
* libavahi-common3-0.8-150400.7.31.2
* libavahi-common3-debuginfo-0.8-150400.7.31.2
* libavahi-glib1-debuginfo-0.8-150400.7.31.2
* libhowl0-debuginfo-0.8-150400.7.31.2
* libavahi-ui-gtk3-0-0.8-150400.7.31.2
* libavahi-qt5-devel-0.8-150400.7.31.2
* libdns_sd-0.8-150400.7.31.2
* avahi-utils-gtk-0.8-150400.7.31.2
* libavahi-glib1-0.8-150400.7.31.2
* avahi-utils-gtk-debuginfo-0.8-150400.7.31.2
* libavahi-gobject0-debuginfo-0.8-150400.7.31.2
* avahi-autoipd-debuginfo-0.8-150400.7.31.2
* libavahi-qt5-1-0.8-150400.7.31.2
* libavahi-gobject0-0.8-150400.7.31.2
* libavahi-libevent1-debuginfo-0.8-150400.7.31.2
* python3-avahi-0.8-150400.7.31.2
* libavahi-devel-0.8-150400.7.31.2
* libdns_sd-debuginfo-0.8-150400.7.31.2
* avahi-utils-debuginfo-0.8-150400.7.31.2
* libavahi-client3-0.8-150400.7.31.2
* libavahi-core7-0.8-150400.7.31.2
* openSUSE Leap 15.4 (x86_64)
* libavahi-client3-32bit-0.8-150400.7.31.2
* libavahi-client3-32bit-debuginfo-0.8-150400.7.31.2
* libavahi-common3-32bit-0.8-150400.7.31.2
* libdns_sd-32bit-debuginfo-0.8-150400.7.31.2
* avahi-32bit-debuginfo-0.8-150400.7.31.2
* libavahi-glib1-32bit-0.8-150400.7.31.2
* libdns_sd-32bit-0.8-150400.7.31.2
* libavahi-glib1-32bit-debuginfo-0.8-150400.7.31.2
* libavahi-common3-32bit-debuginfo-0.8-150400.7.31.2
* openSUSE Leap 15.4 (noarch)
* avahi-lang-0.8-150400.7.31.2
* openSUSE Leap 15.4 (aarch64_ilp32)
* avahi-64bit-debuginfo-0.8-150400.7.31.2
* libavahi-client3-64bit-0.8-150400.7.31.2
* libdns_sd-64bit-0.8-150400.7.31.2
* libavahi-glib1-64bit-debuginfo-0.8-150400.7.31.2
* libavahi-client3-64bit-debuginfo-0.8-150400.7.31.2
* libdns_sd-64bit-debuginfo-0.8-150400.7.31.2
* libavahi-common3-64bit-0.8-150400.7.31.2
* libavahi-common3-64bit-debuginfo-0.8-150400.7.31.2
* libavahi-glib1-64bit-0.8-150400.7.31.2
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* avahi-0.8-150400.7.31.2
* avahi-debugsource-0.8-150400.7.31.2
* libavahi-core7-debuginfo-0.8-150400.7.31.2
* libavahi-client3-debuginfo-0.8-150400.7.31.2
* avahi-debuginfo-0.8-150400.7.31.2
* libavahi-common3-0.8-150400.7.31.2
* libavahi-common3-debuginfo-0.8-150400.7.31.2
* libavahi-client3-0.8-150400.7.31.2
* libavahi-core7-0.8-150400.7.31.2
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* avahi-0.8-150400.7.31.2
* avahi-debugsource-0.8-150400.7.31.2
* libavahi-core7-debuginfo-0.8-150400.7.31.2
* libavahi-client3-debuginfo-0.8-150400.7.31.2
* avahi-debuginfo-0.8-150400.7.31.2
* libavahi-common3-0.8-150400.7.31.2
* libavahi-common3-debuginfo-0.8-150400.7.31.2
* libavahi-client3-0.8-150400.7.31.2
* libavahi-core7-0.8-150400.7.31.2
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* avahi-0.8-150400.7.31.2
* avahi-debugsource-0.8-150400.7.31.2
* libavahi-core7-debuginfo-0.8-150400.7.31.2
* libavahi-client3-debuginfo-0.8-150400.7.31.2
* avahi-debuginfo-0.8-150400.7.31.2
* libavahi-common3-0.8-150400.7.31.2
* libavahi-common3-debuginfo-0.8-150400.7.31.2
* libavahi-client3-0.8-150400.7.31.2
* libavahi-core7-0.8-150400.7.31.2
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* avahi-0.8-150400.7.31.2
* avahi-debugsource-0.8-150400.7.31.2
* libavahi-core7-debuginfo-0.8-150400.7.31.2
* libavahi-client3-debuginfo-0.8-150400.7.31.2
* avahi-debuginfo-0.8-150400.7.31.2
* libavahi-common3-0.8-150400.7.31.2
* libavahi-common3-debuginfo-0.8-150400.7.31.2
* libavahi-client3-0.8-150400.7.31.2
* libavahi-core7-0.8-150400.7.31.2
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* avahi-0.8-150400.7.31.2
* avahi-debugsource-0.8-150400.7.31.2
* libavahi-core7-debuginfo-0.8-150400.7.31.2
* libavahi-client3-debuginfo-0.8-150400.7.31.2
* avahi-debuginfo-0.8-150400.7.31.2
* libavahi-common3-0.8-150400.7.31.2
* libavahi-common3-debuginfo-0.8-150400.7.31.2
* libavahi-client3-0.8-150400.7.31.2
* libavahi-core7-0.8-150400.7.31.2

## References:

* https://www.suse.com/security/cve/CVE-2026-24401.html
* https://www.suse.com/security/cve/CVE-2026-34933.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257235
* https://bugzilla.suse.com/show_bug.cgi?id=1261546



openSUSE-SU-2026:20921-1: important: Security update for elemental-toolkit


openSUSE security update: security update for elemental-toolkit
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20921-1
Rating: important
References:

* bsc#1251679
* bsc#1260277
* bsc#1266187
* bsc#1267168

Cross-References:

* CVE-2026-33186

CVSS scores:

* CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has 4 bug fixes can now be installed.

Description:

This update for elemental-toolkit fixes the following issue

- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo-
header (bsc#1260277).

Changes:

- Update to v2.3.4:
* 974af043 Bump golang.org/x/net to v0.55.0 (bsc#1267168 bsc#1251679)
* ae39c90f Bump golang.org/x/crypto to v0.52.0 (bsc#1266187)
- Update to v2.3.3:
* 8b4af274 Avoid pulling binaries with curl
* d46e30f4 Bump golangci/golangci-lint-action to v9
* 02caf200 Bump github.com/spf13/cobra library
* e29e1fbf Bump github.com/jaypipes/ghw library
* 652654e1 Bump github.com/bramvdbogaerde/go-scp library
* f94a0c58 Bump google.golang.org/grpc library (bsc#1260277 CVE-2026-33186)
* dc1a2056 Bump github.com/ulikunitz/xz library
* 337a986c Update headers to 2026
* d6aac085 Switch from TW to Leap 16.0 for green flavor

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-903=1

Package List:

- openSUSE Leap 16.0:

elemental-toolkit-2.3.4-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-33186.html



openSUSE-SU-2026:20926-1: moderate: Security update for python-requests


openSUSE security update: security update for python-requests
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20926-1
Rating: moderate
References:

* bsc#1260589

Cross-References:

* CVE-2026-25645

CVSS scores:

* CVE-2026-25645 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-25645 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for python-requests fixes the following issue:

- CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses
target files that already exist without validation (bsc#1260589).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-908=1

Package List:

- openSUSE Leap 16.0:

python313-requests-2.32.4-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-25645.html



openSUSE-SU-2026:20925-1: moderate: Security update for polkit


openSUSE security update: security update for polkit
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20925-1
Rating: moderate
References:

* bsc#1260859

Cross-References:

* CVE-2026-4897

CVSS scores:

* CVE-2026-4897 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4897 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for polkit fixes the following issue:

- CVE-2026-4897: Fixed possible OOM condition via specially crafted input to `polkit-agent-helper-1` (bsc#1260859).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-907=1

Package List:

- openSUSE Leap 16.0:

libpolkit-agent-1-0-123-160000.3.1
libpolkit-gobject-1-0-123-160000.3.1
pkexec-123-160000.3.1
polkit-123-160000.3.1
polkit-devel-123-160000.3.1
polkit-doc-123-160000.3.1
typelib-1_0-Polkit-1_0-123-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-4897.html



openSUSE-SU-2026:20919-1: moderate: Security update for agama-web-ui


openSUSE security update: security update for agama-web-ui
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20919-1
Rating: moderate
References:

* bsc#1246678
* bsc#1264160
* bsc#1264802
* bsc#1266256

Cross-References:

* CVE-2025-7339
* CVE-2026-42041
* CVE-2026-42264
* CVE-2026-9277

CVSS scores:

* CVE-2025-7339 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-7339 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-42041 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-42041 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42264 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-42264 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-9277 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-9277 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 4 vulnerabilities and has 4 bug fixes can now be installed.

Description:

This update for agama-web-ui fixes the following issues

- CVE-2025-7339: on-headers: incorrect array handling may lead to HTTP response header manipulation (bsc#1246678).
- CVE-2026-9277: shell-quote: improper escaping of newlines in object .op values by quote() can lead to shell command
injection (bsc#1266256).
- CVE-2026-42041: axios: authentication bypass via validateStatus prototype pollution gadget due to suppression of HTTP
error (bsc#1264160).
- CVE-2026-42264: axios: prototype pollution read-side gadgets in HTTP adapter can lead to credential injection and
request h (bsc#1264802).

Changes for agama-web-ui:

- Update other dependencies reported by "npm audit".

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-901=1

Package List:

- openSUSE Leap 16.0:

agama-web-ui-17+612.d8bf69336-160000.11.1

References:

* https://www.suse.com/security/cve/CVE-2025-7339.html
* https://www.suse.com/security/cve/CVE-2026-42041.html
* https://www.suse.com/security/cve/CVE-2026-42264.html
* https://www.suse.com/security/cve/CVE-2026-9277.html



openSUSE-SU-2026:20924-1: important: Security update for elemental-system-agent


openSUSE security update: security update for elemental-system-agent
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20924-1
Rating: important
References:

* bsc#1260277

Cross-References:

* CVE-2026-33186

CVSS scores:

* CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for elemental-system-agent fixes the following issue

- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo-
header (bsc#1260277).

Changes:

- Update to version 0.3.16:
* setup for immutable releases (#274)
* align system-agent image publishing for signed releases (#270)
* Bumo github.com/docker/cli to v29.2.0 and go.opentelemetry.io/otel to v1.43.0
* run go mod tidy in /test folder
* Bump google.golang.org/grpc from 1.75.0 to 1.79.3 (bsc#1260277 CVE-2026-33186)
* Bump github.com/docker/cli in /test
* export CATTLE_NODE_NAME if SYSTEM_UPGRADE_NODE_NAME is set
* use correct prefix for system-agent binary (#273)
* checksum validation (#271)
* Add `validate` subcommand for configuration validation (#250)
* Update CODEOWNERS
* Pin GH Actions to commit sha
* chore: bump sles to 15.7
* Extend remote plan e2e tests
* Fix agent restart issue and introduce constants
* chore: bump go to v1.25
* Setup e2e test infrastructure
* chores(deps): Bump k8s dependencies
* Define linter rules
* Fix CI failures
* Introduce an extended Makefile
* Switch workflows to use name makefile
* Replace dapper with multi stage builds
* Remove dapper scripts
* Add multiple improvements for ignore files
* fix: remove umask command from the system-agent unit-file
* fix-system-agent-umask
* [1.34] bumped dependencies for 1.34 support (#242)
* Bump K8s patch level to 1.33.5 and Go patch level to 1.24.6
* fix: properly handle traps after unsuccessful SUC job execution
* fix: do not unconditionally reset failure-counts
* fix: remove resetFailureCountOnStartup, always reset failure counts on first start
* un-rc wrangler and lasso
* drop windows 2019 when running PR CI

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-906=1

Package List:

- openSUSE Leap 16.0:

elemental-system-agent-0.3.16-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-33186.html



openSUSE-SU-2026:20920-1: important: Security update for elemental-register


openSUSE security update: security update for elemental-register
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20920-1
Rating: important
References:

* bsc#1251679
* bsc#1260277
* bsc#1265921
* bsc#1266789
* bsc#1267168
* bsc#1267197

Cross-References:

* CVE-2026-33186

CVSS scores:

* CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has 6 bug fixes can now be installed.

Description:

This update for elemental-register fixes the following issue

- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo-
header (bsc#1260277).

Changes:

- Update to v1.9.2:
* 71d1fb9c Local node labels (#984)
* ce6acda9 Bump golang.org/x/net to v0.55.0 includes fixes for:
- bsc#1266789 bsc#1265921 bsc#1267197 bsc#1267168 bsc#1251679
* 060958b7 Bump golangci/golangci-lint-action
* 3b4b6699 use a real UUID for the machine registration ID
* d33faa01 Bump google.golang.org/grpc library (bsc#1260277 CVE-2026-33186)
* 6dceb411 Deterministic endpoints for MachineRegistrations (#975)
- Update to v1.9.1:
* b42116d4 Ensure the machine inventory selector keeps looking for a match
- Update to v1.9.0:
- Update to v1.9.0-rc1:
* 9952ebe1 Update libraries based on dependency scan
* 5e128c5d Adapt OBS packages to a 1.9 version to coexist with 1.8 version
* f88219af Fix cluster api version in test environment
* ad937279 Run 'make generate' to recreate generated code and vendor folder
* 15bb505f Bump to cluster API libraries to v1.12.x
* 63369022 Bump test environment tools in Makefile
* 7b464802 Run 'make vendor' to recreate vendor folder
* 879b3464 Bump yip
* aeda10ac Fix unit tests after bumping libraries
* 33dcb61a Run 'make vendor' to recreate vendor folder
* 0ccd96af Bump wrangler from v2 to v3
* ff0190c4 Run 'make generate' to renew all generated code and config files
* b28d2f08 Bump controller generator to version 0.19
* 0bf7dc32 Update controller runtime options
* 549e720d Run 'make vendor' to recreate vendor folder
* 3f0f27e0 Updated cluster-api, steve, rancher/apis, client-go and k8s/api
to the level they were at rancher v2.13
* 49ebf0b7 Update headers to 2026
* fd13ba92 Update questions to include SL Micro 6.2

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-902=1

Package List:

- openSUSE Leap 16.0:

elemental-register-1.9.2-160000.1.1
elemental-support-1.9.2-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-33186.html



openSUSE-SU-2026:10965-1: moderate: ack-3.10.0-1.1 on GA media


# ack-3.10.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10965-1
Rating: moderate

Cross-References:

* CVE-2026-49145
* CVE-2026-49146
* CVE-2026-49147

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the ack-3.10.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ack 3.10.0-1.1
* perl-App-Ack 3.10.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-49145.html
* https://www.suse.com/security/cve/CVE-2026-49146.html
* https://www.suse.com/security/cve/CVE-2026-49147.html



openSUSE-SU-2026:10968-1: moderate: perl-CryptX-0.89.0-2.1 on GA media


# perl-CryptX-0.89.0-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10968-1
Rating: moderate

Cross-References:

* CVE-2026-41565

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the perl-CryptX-0.89.0-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* perl-CryptX 0.89.0-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-41565.html



openSUSE-SU-2026:10966-1: moderate: amazon-ssm-agent-3.3.4624.0-2.1 on GA media


# amazon-ssm-agent-3.3.4624.0-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10966-1
Rating: moderate

Cross-References:

* CVE-2026-39827
* CVE-2026-39828
* CVE-2026-39834
* CVE-2026-46598

CVSS scores:

* CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39828 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46598 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the amazon-ssm-agent-3.3.4624.0-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* amazon-ssm-agent 3.3.4624.0-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-39827.html
* https://www.suse.com/security/cve/CVE-2026-39828.html
* https://www.suse.com/security/cve/CVE-2026-39834.html
* https://www.suse.com/security/cve/CVE-2026-46598.html



openSUSE-SU-2026:10961-1: moderate: ggml-devel-9500-1.1 on GA media


# ggml-devel-9500-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10961-1
Rating: moderate

Cross-References:

* CVE-2026-21869

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ggml-devel-9500-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ggml-devel 9500-1.1
* libggml-base0 9500-1.1
* libggml-cpu 9500-1.1
* libggml-opencl 9500-1.1
* libggml-vulkan 9500-1.1
* libggml0 9500-1.1
* libllama-common0 9500-1.1
* libllama0 9500-1.1
* libmtmd0 9500-1.1
* llamacpp 9500-1.1
* llamacpp-devel 9500-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-21869.html



SUSE-SU-2026:2325-1: important: Security update for kubernetes1.26


# Security update for kubernetes1.26

Announcement ID: SUSE-SU-2026:2325-1
Release Date: 2026-06-09T14:34:21Z
Rating: important
References:

* bsc#1251168
* bsc#1262271
* bsc#1265740

Cross-References:

* CVE-2026-33814
* CVE-2026-35469

CVSS scores:

* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-35469 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-35469 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-35469 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves two vulnerabilities and has one security fix can now be
installed.

## Description:

This update for kubernetes1.26 fixes the following issues

* CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport
when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1265740).
* CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY
frame parsing leads to denial of service (bsc#1262271).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2325=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2325=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2325=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2325=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2325=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2325=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2325=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2325=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2325=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* kubernetes1.26-apiserver-1.26.15-150400.9.27.1
* kubernetes1.26-kubeadm-1.26.15-150400.9.27.1
* kubernetes1.26-scheduler-1.26.15-150400.9.27.1
* kubernetes1.26-controller-manager-1.26.15-150400.9.27.1
* kubernetes1.26-client-common-1.26.15-150400.9.27.1
* kubernetes1.26-kubelet-1.26.15-150400.9.27.1
* kubernetes1.26-client-1.26.15-150400.9.27.1
* kubernetes1.26-proxy-1.26.15-150400.9.27.1
* kubernetes1.26-kubelet-common-1.26.15-150400.9.27.1
* openSUSE Leap 15.4 (noarch)
* kubernetes1.26-client-fish-completion-1.26.15-150400.9.27.1
* kubernetes1.26-client-bash-completion-1.26.15-150400.9.27.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* kubernetes1.26-client-1.26.15-150400.9.27.1
* kubernetes1.26-client-common-1.26.15-150400.9.27.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* kubernetes1.26-client-1.26.15-150400.9.27.1
* kubernetes1.26-client-common-1.26.15-150400.9.27.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* kubernetes1.26-client-1.26.15-150400.9.27.1
* kubernetes1.26-client-common-1.26.15-150400.9.27.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* kubernetes1.26-client-1.26.15-150400.9.27.1
* kubernetes1.26-client-common-1.26.15-150400.9.27.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* kubernetes1.26-client-1.26.15-150400.9.27.1
* kubernetes1.26-client-common-1.26.15-150400.9.27.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* kubernetes1.26-client-1.26.15-150400.9.27.1
* kubernetes1.26-client-common-1.26.15-150400.9.27.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* kubernetes1.26-client-1.26.15-150400.9.27.1
* kubernetes1.26-client-common-1.26.15-150400.9.27.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* kubernetes1.26-client-1.26.15-150400.9.27.1
* kubernetes1.26-client-common-1.26.15-150400.9.27.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-35469.html
* https://bugzilla.suse.com/show_bug.cgi?id=1251168
* https://bugzilla.suse.com/show_bug.cgi?id=1262271
* https://bugzilla.suse.com/show_bug.cgi?id=1265740


Samba security update for Rocky Linux 8

OpenSSL, QEMU, Vim, Netatalk, and more updates for Ubuntu

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...