MariaDB, PostgreSQL, Unbound, and more updates for SUSE

SUSE 5668 Published 2026-06-06 07:48 by Philipp Esselbach

News

openSUSE-SU-2026:0188-1: moderate: Security update for tor

openSUSE Security Update: Security update for tor
_______________________________

Announcement ID: openSUSE-SU-2026:0188-1
Rating: moderate
References:
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that contains security fixes can now be installed.

Description:

This update for tor fixes the following issues:

- Update to 0.4.9.9
* Major bugfixes (compression, security):
- Fix a compression bomb bypass where an attacker could concatenate
many gzip or zlib sub-streams, each just under the per-stream
detection threshold, to avoid the compression bomb check entirely.
TROVE-2026-022. Fixes bug 41275; bugfix on 0.3.1.1-alpha.
- Fix an infinite loop when decompressing a truncated zlib/gzip stream
with done=1. A truncated stream never reaches Z_STREAM_END, causing
zlib to return Z_BUF_ERROR with no input remaining, which
buf_add_compress() mistook for a full output buffer and retried
forever. Fixed by returning TOR_COMPRESS_ERROR in that case so the
caller can abort cleanly. TROVE-2026-021. Fixes bug 41274; bugfix
on 0.2.6.1-alpha.
* Major bugfixes (conflux, security):
- Fix a NULL write after free when sending a CONFLUX_SWITCH cell
fails. The return value of relay_send_command_from_edge() was
ignored, so a send failure (which calls circuit_mark_for_close() and
removes the leg via cfx_del_leg()) would go undetected, causing the
caller to write to the now-freed current leg and resulting in a
crash. TROVE-2026-017. Fixes bug 41263; bugfix
on 0.4.8.1-alpha.
* Major bugfixes (security, TROVE-2026-019):
- Avoid out-of-bounds read/write when parsing a consensus or detached
signature with unexpected signature digest type. Impact is minor for
most Tor roles, but potentially major for directory authorities.
Fixes bug 41267; bugfix on 0.2.8.2-alpha.
* Major bugfixes (client stability, TROVE-2026-013, TROVE-2026-015):
- Protect against a client-side assert that can happen if a malicious
onion service gets the client to load its carefully crafted onion
descriptor. Fixes bugs 41259 and 41261; bugfix
on 0.3.1.1-alpha.
* Major bugfixes (code safety):
- Avoid a dangerous situation in router_find_exact_exit_enclave()
where we could have reached an assert if bridges or relays claim an
IP address of 0.0.0.0. Fixes bug 41276; bugfix on 0.4.5.1-alpha.
* Major bugfixes (conflux, shutdown):
- Fix a use-after-free in the shutdown path when freeing conflux
circuits. cfx_add_leg() shares stream list pointers across legs
without NULLing the old leg, so circuit_free_all() would free the
lists via one leg and then access freed memory via another. TROVE-
2026-016. Fixes bug 41262; bugfix on 0.4.8.1-alpha.
* Major bugfixes (DNSPort, TROVE-2026-018):
- Fix a client-side crash that would happen if we decide to stop
reading on a RESOLVE request that came from the DNSPort or
controller. This crash could happen naturally under heavy load and
with poor luck, but since 0.4.7.2-alpha it could be induced by the
exit relay via a flow control request. Fixes bug 41265; bugfix
on 0.2.0.1-alpha.
* Major bugfixes (memory safety, TROVE-2026-014):
- Avoid a heap-use-after-free mistake that can happen in the conflux
subsystem, and which can be induced at either the client or the exit
relay. Fixes bug 41260; bugfix on 0.4.8.1-alpha.
* Major bugfixes (onion services, TROVE-2026-020):
- Avoid a possible divide by zero crash on onion services that have
the proof-of-work (PoW) defense enabled. This bug could be hit by
extreme bad luck or maybe by the help of an attacker crafting just
the right circumstances. Fixes bug 41270; bugfix on 0.4.8.1-alpha.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-188=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64):

tor-0.4.9.9-bp157.2.12.1

References:

openSUSE-SU-2026:0191-1: moderate: Security update for perl-HTTP-Tiny

openSUSE Security Update: Security update for perl-HTTP-Tiny
_______________________________

Announcement ID: openSUSE-SU-2026:0191-1
Rating: moderate
References: #1264992
Cross-References: CVE-2026-7010
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for perl-HTTP-Tiny fixes the following issues:

- updated to 0.094 0.094 2026-05-17 10:31:00+02:00 Europe/Brussels
- No changes from 0.093-TRIAL 0.093 2026-05-11 17:18:12+02:00
Europe/Brussels (TRIAL RELEASE)
- fix to prevent invalid characters in all headers, and prevent
header smuggling (CVE-2026-7010) boo#1264992

- updated to 0.092 0.092 2025-12-27 20:49:41+01:00 Europe/Berlin
- No changes from 0.091-TRIAL 0.091 2025-12-13 06:26:51+01:00
Europe/Brussels (TRIAL RELEASE) [ADDED]
- Added keep_alive_timeout to force keepalive connections to be
closed based on a timeout. [CHANGED]
- Optional tests are always required when releasing.
- Always use TCP_NODELAY option. [FIXED]
- Fixed test incorrectly testing cookie jar interactions multiple
times.
- Fixed perl version comparisons to work when not starting with 5.
- Fixed link to LIMITATIONS in documentation.

- updated to 0.090 0.090 2024-11-12 11:51:32+01:00 Europe/Brussels
- No changes from 0.089-TRIAL 0.089 2024-10-21 09:35:48+02:00
Europe/Brussels (TRIAL RELEASE) [CHANGED]
- Find the certificate bundle via IO::Socket::SSL rather than
implementing it in HTTP::Tiny.
- When encoding form data, given a hashref with an arrayref value,
preserve the order of the values in the arrayref rather than sorting.
[DOCS]
- Fixed internal link to "TLS/SSL SUPPORT" section

- Fix disabling of __perllib_provides

- updated to 0.088 0.088 2023-07-11 08:52:54-04:00 America/New_York
[DOCS]
- Update metadata to point to new Perl-Toolchain-Gang repository.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-191=1

Package List:

- openSUSE Backports SLE-15-SP7 (noarch):

perl-HTTP-Tiny-0.094-bp157.2.3.1

References:

https://www.suse.com/security/cve/CVE-2026-7010.html
https://bugzilla.suse.com/1264992

openSUSE-SU-2026:0189-1: moderate: Security update for cacti

openSUSE Security Update: Security update for cacti
_______________________________

Announcement ID: openSUSE-SU-2026:0189-1
Rating: moderate
References:
Cross-References: CVE-2024-27355
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for cacti fixes the following issues:

- Update to version 1.2.30+git457.e55c2aea:
* docs(changelog): add security fix refs for 1.2.31 (#7170)
* fix: Upgrade DOMPurify again for additional hardening (#7168)
* security: Ensure that reports does not work as guest (#7167)
* Update translation files
* security: GHSA-m7v2-f3xw-3qh7 - User Enumeration via Error Messages
(#7166)
* chore: Move around developers, rest in peace my friend (#7165)
* Import undefined variable (#7164)
* fix: guard api_plugin_moveup/movedown against NULL prior/next id
(1.2.x backport) (#7158)
* fix(correctness): loop-state leaks, chunk-aware poller CRC,
header-suppression and tree false-guards (1.2.x) (#7151)
* fix: Remove composer.lock (#7156)
* test: source-pattern coverage backfill for PR 7148, 7149, 7150 (#7153)
* fix: CVE-2024-27355 in phpseclib (#7155)
* chore: Update ChangeLogs (#7152)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-189=1

Package List:

- openSUSE Backports SLE-15-SP7 (noarch):

cacti-1.2.30+git457.e55c2aea-bp157.2.12.1

References:

https://www.suse.com/security/cve/CVE-2024-27355.html

openSUSE-SU-2026:20897-1: moderate: Security update for python-pyOpenSSL

openSUSE security update: security update for python-pyopenssl
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20897-1
Rating: moderate
References:

* bsc#1262803

Cross-References:

* CVE-2026-40475

CVSS scores:

* CVE-2026-40475 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40475 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for python-pyOpenSSL fixes the following issue

- CVE-2026-40475: improper input handling of null bytes can lead to silent data truncation and security-state
inconsistency (bsc#1262803).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-883=1

Package List:

- openSUSE Leap 16.0:

python313-pyOpenSSL-25.0.0-160000.4.1

References:

* https://www.suse.com/security/cve/CVE-2026-40475.html

openSUSE-SU-2026:20902-1: important: Security update for keybase-client

openSUSE security update: security update for keybase-client
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20902-1
Rating: important
References:

* bsc#1253563
* bsc#1253864
* bsc#1254023
* bsc#1258591
* bsc#1260696
* bsc#1266158
* bsc#1266596

Cross-References:

* CVE-2025-47913
* CVE-2025-47914
* CVE-2025-58181
* CVE-2026-26958
* CVE-2026-33809
* CVE-2026-39821
* CVE-2026-39827
* CVE-2026-39828
* CVE-2026-39829
* CVE-2026-39830
* CVE-2026-39831
* CVE-2026-39832
* CVE-2026-39833
* CVE-2026-39834
* CVE-2026-39835
* CVE-2026-42508
* CVE-2026-46595
* CVE-2026-46597
* CVE-2026-46598

CVSS scores:

* CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-47913 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-47914 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-47914 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58181 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58181 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-26958 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
* CVE-2026-26958 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39828 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39829 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39830 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39832 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
* CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39833 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39835 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42508 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46595 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46598 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 19 vulnerabilities and has 7 bug fixes can now be installed.

Description:

This update for keybase-client fixes the following issues:

Changes in keybase-client:

- golang.org/x/crypto/ssh: Fixed multiple issues:
CVE-2026-39827, CVE-2026-39834, CVE-2026-39828, CVE-2026-39829, CVE-2026-39831,
CVE-2026-42508, CVE-2026-39833, CVE-2026-39830, CVE-2026-39832, CVE-2026-46597,
CVE-2026-46598, CVE-2026-46595, CVE-2026-39835 (boo#1266158)
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels
allows for validation bypass and privilege escalation (boo#1266596).

- Update to version 6.6.2
* Improve git default branch handling

- CVE-2026-33809: golang.org/x/image/tiff: excessive resource consumption due to
large allocation attempt when decoding maliciously crafted TIFF file (bsc#1260696)
- Switch to go1.25 as required by update go image library.

- Update to version 6.6.0
* Various bug fixes and performance improvements

- CVE-2026-26958: filippo.io/edwards25519: failure to initialize receiver in MultiScalarMult
can produce invalid results and lead to undefined behavior (bsc#1258591).
- CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic
due to an out of bounds read (bsc#1254023).
- CVE-2025-58181: keybase-client: golang.org/x/crypto/ssh: invalidated number of mechanisms
can cause unbounded memory consumption (bsc#1253864).
- CVE-2025-47913: keybase-client: golang.org/x/crypto/ssh/agent: client process termination
when receiving an unexpected message type in response to a key listing or signing request (bsc#1253563).

- Update to version 6.5.1
* Fix team deletion not working
* Chat attachments improvements
* Miscellaneous bugfixes

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-297=1

Package List:

- openSUSE Leap 16.0:

kbfs-6.6.2-bp160.1.1
kbfs-git-6.6.2-bp160.1.1
kbfs-tool-6.6.2-bp160.1.1
keybase-client-6.6.2-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-47913.html
* https://www.suse.com/security/cve/CVE-2025-47914.html
* https://www.suse.com/security/cve/CVE-2025-58181.html
* https://www.suse.com/security/cve/CVE-2026-26958.html
* https://www.suse.com/security/cve/CVE-2026-33809.html
* https://www.suse.com/security/cve/CVE-2026-39821.html
* https://www.suse.com/security/cve/CVE-2026-39827.html
* https://www.suse.com/security/cve/CVE-2026-39828.html
* https://www.suse.com/security/cve/CVE-2026-39829.html
* https://www.suse.com/security/cve/CVE-2026-39830.html
* https://www.suse.com/security/cve/CVE-2026-39831.html
* https://www.suse.com/security/cve/CVE-2026-39832.html
* https://www.suse.com/security/cve/CVE-2026-39833.html
* https://www.suse.com/security/cve/CVE-2026-39834.html
* https://www.suse.com/security/cve/CVE-2026-39835.html
* https://www.suse.com/security/cve/CVE-2026-42508.html
* https://www.suse.com/security/cve/CVE-2026-46595.html
* https://www.suse.com/security/cve/CVE-2026-46597.html
* https://www.suse.com/security/cve/CVE-2026-46598.html

openSUSE-SU-2026:20895-1: moderate: Security update for libsoup2

openSUSE security update: security update for libsoup2
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20895-1
Rating: moderate
References:

* bsc#1257649

Cross-References:

* CVE-2026-1801

CVSS scores:

* CVE-2026-1801 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-1801 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for libsoup2 fixes the following issues:

- CVE-2026-1801: Use CRLF as line boundary when parsing chunk encoding data (bsc#1257649).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-881=1

Package List:

- openSUSE Leap 16.0:

libsoup-2_4-1-2.74.3-160000.5.1
libsoup2-devel-2.74.3-160000.5.1
libsoup2-lang-2.74.3-160000.5.1
typelib-1_0-Soup-2_4-2.74.3-160000.5.1

References:

* https://www.suse.com/security/cve/CVE-2026-1801.html

openSUSE-SU-2026:20901-1: important: Security update for postgresql18

openSUSE security update: security update for postgresql18
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20901-1
Rating: important
References:

* bsc#1263804
* bsc#1265172
* bsc#1265173
* bsc#1265174
* bsc#1265175
* bsc#1265176
* bsc#1265177
* bsc#1265178
* bsc#1265179
* bsc#1265180
* bsc#1265181
* bsc#1265182

Cross-References:

* CVE-2026-6472
* CVE-2026-6473
* CVE-2026-6474
* CVE-2026-6475
* CVE-2026-6476
* CVE-2026-6477
* CVE-2026-6478
* CVE-2026-6479
* CVE-2026-6575
* CVE-2026-6637
* CVE-2026-6638

CVSS scores:

* CVE-2026-6472 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-6473 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-6474 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-6475 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-6476 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-6477 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-6478 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-6479 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-6575 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-6637 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-6638 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 11 vulnerabilities and has 12 bug fixes can now be installed.

Description:

This update for postgresql18 fixes the following issues

Security issues:

- CVE-2026-6472: ensure the user has CREATE privilege on the schema specified (bsc#1265172).
- CVE-2026-6473: integer overflows in memory-allocation calculations (bsc#1265173).
- CVE-2026-6474: Guard against malicious time zone names (bsc#1265174).
- CVE-2026-6475: Prevent path traversal in pg_basebackup and pg_rewind (bsc#1265175).
- CVE-2026-6476: Properly quote subscription names in pg_createsubscriber (bsc#1265176).
- CVE-2026-6477: Mark PQfn() as unsafe, and avoid using it within libpq (bsc#1265177).
- CVE-2026-6478: Use timing-safe string comparisons in authentication code (bsc#1265178).
- CVE-2026-6479: Prevent unbounded recursion while processing startup packets (bsc#1265179).
- CVE-2026-6575: Detect faulty input when restoring attribute MCV statistics (bsc#1265180).
- CVE-2026-6637: Prevent SQL injection and buffer overruns in contrib/spi (bsc#1265181).
- CVE-2026-6638: Properly quote object names in logical replication origin checks (bsc#1265182).

Non security issue:

- Update to version 18.4.
- Get rid of update-alternatives for openSUSE/SLE 16.0 and newer
to support immutable systems and transactional updates (jsc#PED-14820).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-887=1

Package List:

- openSUSE Leap 16.0:

libecpg6-18.4-160000.1.1
libpq5-18.4-160000.1.1
postgresql18-18.4-160000.1.1
postgresql18-contrib-18.4-160000.1.1
postgresql18-devel-18.4-160000.1.1
postgresql18-devel-mini-18.4-160000.1.1
postgresql18-docs-18.4-160000.1.1
postgresql18-llvmjit-18.4-160000.1.1
postgresql18-llvmjit-devel-18.4-160000.1.1
postgresql18-plperl-18.4-160000.1.1
postgresql18-plpython-18.4-160000.1.1
postgresql18-pltcl-18.4-160000.1.1
postgresql18-server-18.4-160000.1.1
postgresql18-server-devel-18.4-160000.1.1
postgresql18-test-18.4-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-6472.html
* https://www.suse.com/security/cve/CVE-2026-6473.html
* https://www.suse.com/security/cve/CVE-2026-6474.html
* https://www.suse.com/security/cve/CVE-2026-6475.html
* https://www.suse.com/security/cve/CVE-2026-6476.html
* https://www.suse.com/security/cve/CVE-2026-6477.html
* https://www.suse.com/security/cve/CVE-2026-6478.html
* https://www.suse.com/security/cve/CVE-2026-6479.html
* https://www.suse.com/security/cve/CVE-2026-6575.html
* https://www.suse.com/security/cve/CVE-2026-6637.html
* https://www.suse.com/security/cve/CVE-2026-6638.html

openSUSE-SU-2026:20896-1: important: Security update for xorg-x11-server

openSUSE security update: security update for xorg-x11-server
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20896-1
Rating: important
References:

* bsc#1266294
* bsc#1266295
* bsc#1266296
* bsc#1266297
* bsc#1266298
* bsc#1266299
* bsc#1266300
* bsc#1266301
* bsc#1266302

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that has 9 bug fixes can now be installed.

Description:

This update for xorg-x11-server fixes the following issues:

- CreateSaverWindow Use-After-Free Information Disclosure. (bsc#1266301)
- DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write. (bsc#1266302)
- Font Alias Stack-based Buffer Overflow. (bsc#1266294)
- GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write. (bsc#1266300)
- XKB Key Types Stack-based Buffer Overflow. (bsc#1266296)
- XKB SetMap Request Stack-based Buffer Overflow. (bsc#1266297)
- XSYNC Use-After-Free in FreeCounter(). (bsc#1266298)
- XSYNC Use-After-Free in miSyncDestroyFence(). (bsc#1266295)
- XSYNC Use-After-Free in SyncChangeCounter(). (bsc#1266299)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-882=1

Package List:

- openSUSE Leap 16.0:

xorg-x11-server-21.1.15-160000.5.1
xorg-x11-server-Xvfb-21.1.15-160000.5.1
xorg-x11-server-extra-21.1.15-160000.5.1
xorg-x11-server-sdk-21.1.15-160000.5.1
xorg-x11-server-source-21.1.15-160000.5.1
xorg-x11-server-wrapper-21.1.15-160000.5.1

openSUSE-SU-2026:20898-1: important: Security update for frr

openSUSE security update: security update for frr
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20898-1
Rating: important
References:

* bsc#1261013
* bsc#1263859
* bsc#1263863
* bsc#1263974

Cross-References:

* CVE-2026-28532
* CVE-2026-37457
* CVE-2026-37458
* CVE-2026-5107

CVSS scores:

* CVE-2026-28532 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-28532 ( SUSE ): 6 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-37457 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-37458 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-37458 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-5107 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-5107 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 4 vulnerabilities and has 4 bug fixes can now be installed.

Description:

This update for frr fixes the following issues:

- CVE-2026-5107: Fixed an improper access controls in EVPN Type-2 Route Handler (bsc#1261013).
- CVE-2026-28532: Harden TE/SR TLV iteration against malformed lengths (bsc#1263859).
- CVE-2026-37457: Fix off-by-one error in FlowSpec operator array bounds check (bsc#1263863).
- CVE-2026-37458: Validate MP_REACH_NLRI attribute against incorrect next-hop (bsc#1263974).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-884=1

Package List:

- openSUSE Leap 16.0:

frr-10.2.6-160000.1.1
frr-devel-10.2.6-160000.1.1
libfrr0-10.2.6-160000.1.1
libfrr_pb0-10.2.6-160000.1.1
libfrrcares0-10.2.6-160000.1.1
libfrrfpm_pb0-10.2.6-160000.1.1
libfrrospfapiclient0-10.2.6-160000.1.1
libfrrsnmp0-10.2.6-160000.1.1
libfrrzmq0-10.2.6-160000.1.1
libmgmt_be_nb0-10.2.6-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-28532.html
* https://www.suse.com/security/cve/CVE-2026-37457.html
* https://www.suse.com/security/cve/CVE-2026-37458.html
* https://www.suse.com/security/cve/CVE-2026-5107.html

openSUSE-SU-2026:10928-1: moderate: vifm-0.14.4-1.1 on GA media

# vifm-0.14.4-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10928-1
Rating: moderate

Cross-References:

* CVE-2026-8997

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the vifm-0.14.4-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* vifm 0.14.4-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-8997.html

openSUSE-SU-2026:10929-1: moderate: weblate-5.17.1-1.1 on GA media

# weblate-5.17.1-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10929-1
Rating: moderate

Cross-References:

* CVE-2026-41519
* CVE-2026-41654
* CVE-2026-44263
* CVE-2026-44264

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the weblate-5.17.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* weblate 5.17.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-41519.html
* https://www.suse.com/security/cve/CVE-2026-41654.html
* https://www.suse.com/security/cve/CVE-2026-44263.html
* https://www.suse.com/security/cve/CVE-2026-44264.html

openSUSE-SU-2026:10927-1: moderate: tomcat11-11.0.22-1.1 on GA media

# tomcat11-11.0.22-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10927-1
Rating: moderate

Cross-References:

* CVE-2026-41284
* CVE-2026-41293
* CVE-2026-42498
* CVE-2026-43512
* CVE-2026-43513
* CVE-2026-43514
* CVE-2026-43515

CVSS scores:

* CVE-2026-41284 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-41284 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41293 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-41293 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42498 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-42498 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-43512 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-43512 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-43513 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-43513 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-43514 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-43514 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-43515 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-43515 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 7 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the tomcat11-11.0.22-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* tomcat11 11.0.22-1.1
* tomcat11-admin-webapps 11.0.22-1.1
* tomcat11-doc 11.0.22-1.1
* tomcat11-docs-webapp 11.0.22-1.1
* tomcat11-el-6_0-api 11.0.22-1.1
* tomcat11-embed 11.0.22-1.1
* tomcat11-jsp-4_0-api 11.0.22-1.1
* tomcat11-jsvc 11.0.22-1.1
* tomcat11-lib 11.0.22-1.1
* tomcat11-servlet-6_1-api 11.0.22-1.1
* tomcat11-webapps 11.0.22-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-41284.html
* https://www.suse.com/security/cve/CVE-2026-41293.html
* https://www.suse.com/security/cve/CVE-2026-42498.html
* https://www.suse.com/security/cve/CVE-2026-43512.html
* https://www.suse.com/security/cve/CVE-2026-43513.html
* https://www.suse.com/security/cve/CVE-2026-43514.html
* https://www.suse.com/security/cve/CVE-2026-43515.html

openSUSE-SU-2026:10920-1: moderate: cacti-1.2.30+git457.e55c2aea-1.1 on GA media

# cacti-1.2.30+git457.e55c2aea-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10920-1
Rating: moderate

Cross-References:

* CVE-2024-27355

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the cacti-1.2.30+git457.e55c2aea-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* cacti 1.2.30+git457.e55c2aea-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-27355.html

openSUSE-SU-2026:10925-1: moderate: tomcat-9.0.118-1.1 on GA media

# tomcat-9.0.118-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10925-1
Rating: moderate

Cross-References:

* CVE-2026-41284
* CVE-2026-41293
* CVE-2026-42498
* CVE-2026-43512
* CVE-2026-43513
* CVE-2026-43514
* CVE-2026-43515

CVSS scores:

* CVE-2026-41284 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-41284 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41293 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-41293 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42498 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-42498 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-43512 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-43512 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-43513 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-43513 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-43514 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-43514 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-43515 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-43515 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 7 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the tomcat-9.0.118-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* tomcat 9.0.118-1.1
* tomcat-admin-webapps 9.0.118-1.1
* tomcat-docs-webapp 9.0.118-1.1
* tomcat-el-3_0-api 9.0.118-1.1
* tomcat-embed 9.0.118-1.1
* tomcat-javadoc 9.0.118-1.1
* tomcat-jsp-2_3-api 9.0.118-1.1
* tomcat-jsvc 9.0.118-1.1
* tomcat-lib 9.0.118-1.1
* tomcat-servlet-4_0-api 9.0.118-1.1
* tomcat-webapps 9.0.118-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-41284.html
* https://www.suse.com/security/cve/CVE-2026-41293.html
* https://www.suse.com/security/cve/CVE-2026-42498.html
* https://www.suse.com/security/cve/CVE-2026-43512.html
* https://www.suse.com/security/cve/CVE-2026-43513.html
* https://www.suse.com/security/cve/CVE-2026-43514.html
* https://www.suse.com/security/cve/CVE-2026-43515.html

openSUSE-SU-2026:10926-1: moderate: tomcat10-10.1.55-1.1 on GA media

# tomcat10-10.1.55-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10926-1
Rating: moderate

Cross-References:

* CVE-2026-41284
* CVE-2026-41293
* CVE-2026-42498
* CVE-2026-43512
* CVE-2026-43513
* CVE-2026-43514
* CVE-2026-43515

CVSS scores:

* CVE-2026-41284 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-41284 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41293 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-41293 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42498 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-42498 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-43512 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-43512 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-43513 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-43513 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-43514 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-43514 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-43515 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-43515 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 7 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the tomcat10-10.1.55-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* tomcat10 10.1.55-1.1
* tomcat10-admin-webapps 10.1.55-1.1
* tomcat10-doc 10.1.55-1.1
* tomcat10-docs-webapp 10.1.55-1.1
* tomcat10-el-5_0-api 10.1.55-1.1
* tomcat10-embed 10.1.55-1.1
* tomcat10-jsp-3_1-api 10.1.55-1.1
* tomcat10-jsvc 10.1.55-1.1
* tomcat10-lib 10.1.55-1.1
* tomcat10-servlet-6_0-api 10.1.55-1.1
* tomcat10-webapps 10.1.55-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-41284.html
* https://www.suse.com/security/cve/CVE-2026-41293.html
* https://www.suse.com/security/cve/CVE-2026-42498.html
* https://www.suse.com/security/cve/CVE-2026-43512.html
* https://www.suse.com/security/cve/CVE-2026-43513.html
* https://www.suse.com/security/cve/CVE-2026-43514.html
* https://www.suse.com/security/cve/CVE-2026-43515.html

openSUSE-SU-2026:10924-1: moderate: perl-Sereal-Decoder-5.6.0-1.1 on GA media

# perl-Sereal-Decoder-5.6.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10924-1
Rating: moderate

Cross-References:

* CVE-2026-8796

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the perl-Sereal-Decoder-5.6.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* perl-Sereal-Decoder 5.6.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-8796.html

openSUSE-SU-2026:10922-1: moderate: grafana-11.6.14+security01-4.1 on GA media

# grafana-11.6.14+security01-4.1 on GA media

Announcement ID: openSUSE-SU-2026:10922-1
Rating: moderate

Cross-References:

* CVE-2025-30153

CVSS scores:

* CVE-2025-30153 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the grafana-11.6.14+security01-4.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* grafana 11.6.14+security01-4.1

## References:

* https://www.suse.com/security/cve/CVE-2025-30153.html

openSUSE-SU-2026:10923-1: moderate: mcphost-0.34.0-8.1 on GA media

# mcphost-0.34.0-8.1 on GA media

Announcement ID: openSUSE-SU-2026:10923-1
Rating: moderate

Cross-References:

* CVE-2026-25680
* CVE-2026-25681
* CVE-2026-27136
* CVE-2026-42502
* CVE-2026-42506

CVSS scores:

* CVE-2026-25680 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25680 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-25681 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-25681 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-27136 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-27136 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-42502 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42502 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-42506 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42506 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 5 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the mcphost-0.34.0-8.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* mcphost 0.34.0-8.1
* mcphost-bash-completion 0.34.0-8.1
* mcphost-fish-completion 0.34.0-8.1
* mcphost-zsh-completion 0.34.0-8.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25680.html
* https://www.suse.com/security/cve/CVE-2026-25681.html
* https://www.suse.com/security/cve/CVE-2026-27136.html
* https://www.suse.com/security/cve/CVE-2026-42502.html
* https://www.suse.com/security/cve/CVE-2026-42506.html

openSUSE-SU-2026:10921-1: moderate: google-guest-agent-20260529.00-1.1 on GA media

# google-guest-agent-20260529.00-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10921-1
Rating: moderate

Cross-References:

* CVE-2023-45288
* CVE-2025-22869
* CVE-2026-33186
* CVE-2026-33814
* CVE-2026-39821

CVSS scores:

* CVE-2023-45288 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-45288 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22869 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 5 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the google-guest-agent-20260529.00-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* google-guest-agent 20260529.00-1.1

## References:

* https://www.suse.com/security/cve/CVE-2023-45288.html
* https://www.suse.com/security/cve/CVE-2025-22869.html
* https://www.suse.com/security/cve/CVE-2026-33186.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-39821.html

SUSE-SU-2026:2281-1: important: Security update for unbound

# Security update for unbound

Announcement ID: SUSE-SU-2026:2281-1
Release Date: 2026-06-05T12:12:48Z
Rating: important
References:

* bsc#1265578
* bsc#1265580
* bsc#1265581
* bsc#1265582
* bsc#1265583
* bsc#1265584
* bsc#1265585
* bsc#1265586
* bsc#1265587
* bsc#1265588
* bsc#1265589

Cross-References:

* CVE-2026-32792
* CVE-2026-33278
* CVE-2026-40622
* CVE-2026-41292
* CVE-2026-42534
* CVE-2026-42923
* CVE-2026-42944
* CVE-2026-42959
* CVE-2026-42960
* CVE-2026-44390
* CVE-2026-44608

CVSS scores:

* CVE-2026-32792 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-32792 ( NVD ): 4.6
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green
* CVE-2026-32792 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-33278 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-33278 ( NVD ): 9.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red
* CVE-2026-33278 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-40622 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-40622 ( NVD ): 6.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
* CVE-2026-40622 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-41292 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-41292 ( NVD ): 6.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red
* CVE-2026-41292 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42534 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42534 ( NVD ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
* CVE-2026-42534 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-42923 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42923 ( NVD ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
* CVE-2026-42923 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-42944 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-42944 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red
* CVE-2026-42944 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42959 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42959 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red
* CVE-2026-42959 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42960 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-42960 ( NVD ): 5.7
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
* CVE-2026-42960 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
* CVE-2026-44390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-44390 ( NVD ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
* CVE-2026-44390 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-44608 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-44608 ( NVD ): 4.6
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
* CVE-2026-44608 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves 11 vulnerabilities can now be installed.

## Description:

This update for unbound fixes the following issues

* CVE-2026-32792: Packet of death with DNSCrypt (bsc#1265583).
* CVE-2026-33278: Possible remote code execution during DNSSEC validation
(bsc#1265587).
* CVE-2026-40622: "Ghost domain name" variant (bsc#1265581).
* CVE-2026-41292: Parsing a long list of incoming EDNS options degrades
performance (bsc#1265580).
* CVE-2026-42534: Jostle logic bypass degrades resolution performance
(bsc#1265585).
* CVE-2026-42923: Degradation of service with unbounded NSEC3 hash
calculations (bsc#1265589).
* CVE-2026-42944: Heap overflow and crash with multiple nsid, cookie, padding
EDNS options (bsc#1265578).
* CVE-2026-42959: Crash during DNSSEC validation of malicious content
(bsc#1265586).
* CVE-2026-42960: Possible cache poisoning attack while following delegation
(bsc#1265588).
* CVE-2026-44390: Unbounded name compression in certain cases causes
degradation of service (bsc#1265584).
* CVE-2026-44608: Use after free and crash in RPZ code (bsc#1265582).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2281=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2281=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2281=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2281=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2281=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* unbound-python-debuginfo-1.20.0-150600.23.16.1
* libunbound-devel-mini-debugsource-1.20.0-150600.23.16.1
* libunbound-devel-mini-1.20.0-150600.23.16.1
* unbound-python-1.20.0-150600.23.16.1
* libunbound-devel-mini-debuginfo-1.20.0-150600.23.16.1
* unbound-debugsource-1.20.0-150600.23.16.1
* unbound-1.20.0-150600.23.16.1
* libunbound8-1.20.0-150600.23.16.1
* unbound-debuginfo-1.20.0-150600.23.16.1
* unbound-anchor-debuginfo-1.20.0-150600.23.16.1
* libunbound8-debuginfo-1.20.0-150600.23.16.1
* unbound-devel-1.20.0-150600.23.16.1
* unbound-anchor-1.20.0-150600.23.16.1
* openSUSE Leap 15.6 (noarch)
* unbound-munin-1.20.0-150600.23.16.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* unbound-python-debuginfo-1.20.0-150600.23.16.1
* unbound-python-1.20.0-150600.23.16.1
* unbound-debugsource-1.20.0-150600.23.16.1
* unbound-1.20.0-150600.23.16.1
* unbound-debuginfo-1.20.0-150600.23.16.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* unbound-debugsource-1.20.0-150600.23.16.1
* libunbound8-1.20.0-150600.23.16.1
* unbound-debuginfo-1.20.0-150600.23.16.1
* unbound-anchor-debuginfo-1.20.0-150600.23.16.1
* libunbound8-debuginfo-1.20.0-150600.23.16.1
* unbound-devel-1.20.0-150600.23.16.1
* unbound-anchor-1.20.0-150600.23.16.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* unbound-debugsource-1.20.0-150600.23.16.1
* libunbound8-1.20.0-150600.23.16.1
* unbound-debuginfo-1.20.0-150600.23.16.1
* unbound-anchor-debuginfo-1.20.0-150600.23.16.1
* libunbound8-debuginfo-1.20.0-150600.23.16.1
* unbound-devel-1.20.0-150600.23.16.1
* unbound-anchor-1.20.0-150600.23.16.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* unbound-debugsource-1.20.0-150600.23.16.1
* libunbound8-1.20.0-150600.23.16.1
* unbound-debuginfo-1.20.0-150600.23.16.1
* unbound-anchor-debuginfo-1.20.0-150600.23.16.1
* libunbound8-debuginfo-1.20.0-150600.23.16.1
* unbound-devel-1.20.0-150600.23.16.1
* unbound-anchor-1.20.0-150600.23.16.1

## References:

* https://www.suse.com/security/cve/CVE-2026-32792.html
* https://www.suse.com/security/cve/CVE-2026-33278.html
* https://www.suse.com/security/cve/CVE-2026-40622.html
* https://www.suse.com/security/cve/CVE-2026-41292.html
* https://www.suse.com/security/cve/CVE-2026-42534.html
* https://www.suse.com/security/cve/CVE-2026-42923.html
* https://www.suse.com/security/cve/CVE-2026-42944.html
* https://www.suse.com/security/cve/CVE-2026-42959.html
* https://www.suse.com/security/cve/CVE-2026-42960.html
* https://www.suse.com/security/cve/CVE-2026-44390.html
* https://www.suse.com/security/cve/CVE-2026-44608.html
* https://bugzilla.suse.com/show_bug.cgi?id=1265578
* https://bugzilla.suse.com/show_bug.cgi?id=1265580
* https://bugzilla.suse.com/show_bug.cgi?id=1265581
* https://bugzilla.suse.com/show_bug.cgi?id=1265582
* https://bugzilla.suse.com/show_bug.cgi?id=1265583
* https://bugzilla.suse.com/show_bug.cgi?id=1265584
* https://bugzilla.suse.com/show_bug.cgi?id=1265585
* https://bugzilla.suse.com/show_bug.cgi?id=1265586
* https://bugzilla.suse.com/show_bug.cgi?id=1265587
* https://bugzilla.suse.com/show_bug.cgi?id=1265588
* https://bugzilla.suse.com/show_bug.cgi?id=1265589

SUSE-SU-2026:2282-1: critical: Security update for mariadb

# Security update for mariadb

Announcement ID: SUSE-SU-2026:2282-1
Release Date: 2026-06-05T12:14:38Z
Rating: critical
References:

* bsc#1259176
* bsc#1266437
* bsc#1266438
* bsc#1266439
* bsc#1266440
* bsc#1266442
* bsc#1266814
* bsc#1266815
* bsc#1267542

Cross-References:

* CVE-2026-3494
* CVE-2026-44168
* CVE-2026-44170
* CVE-2026-44171
* CVE-2026-44172
* CVE-2026-44173
* CVE-2026-48163
* CVE-2026-48165
* CVE-2026-49261

CVSS scores:

* CVE-2026-3494 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-3494 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-3494 ( NVD ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-3494 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-44168 ( SUSE ): 8.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-44168 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-44170 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-44171 ( SUSE ): 5.4
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-44171 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-44172 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-44173 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
* CVE-2026-44173 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
* CVE-2026-48163 ( SUSE ): 8.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-48163 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-48165 ( SUSE ): 8.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-48165 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-49261 ( SUSE ): 9.4
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-49261 ( SUSE ): 9.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products:

* Galera for Ericsson 15 SP4
* Galera for Ericsson 15 SP5
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves nine vulnerabilities can now be installed.

## Description:

This update for mariadb fixes the following issues:

Security fixes:

* CVE-2026-3494: audit plugin comment handling bypass (bsc#1259176).
* CVE-2026-44168: wsrep SST unsafe parameter handling on the donor side
(bsc#1266442).
* CVE-2026-44170: argument injection in CONNECT REST Xcurl on Windows via
unsanitized URL (bsc#1266440).
* CVE-2026-44171: path traversal in mbstream (bsc#1266439).
* CVE-2026-44172: mysql_real_escape_string() incorrectly handled big5
(bsc#1266438).
* CVE-2026-44173: FILE privilege was not checked for subqueries in the FROM
clause (bsc#1266437).
* CVE-2026-48163: wsrep SST unsafe parameter handling on the donor side
(bsc#1266815).
* CVE-2026-48165: unsafe usage of `wsrep_sst_receive_address` values on the
joiner side (bsc#1266814).
* CVE-2026-49261: unsafe parameter handling in `wsrep_notify_cmd`
(bsc#1267542).

Other fixes:

* Update to 10.6.27: https://mariadb.com/docs/release-notes/community-
server/10.6/10.6.27 https://mariadb.com/docs/release-notes/community-
server/changelogs/10.6/10.6.27
* Update to 10.6.26: https://mariadb.com/docs/release-notes/community-
server/10.6/10.6.26 https://mariadb.com/docs/release-notes/community-
server/changelogs/10.6/10.6.26 https://mariadb.com/docs/release-
notes/community-server/10.6/10.6.25 https://mariadb.com/docs/release-
notes/community-server/changelogs/10.6/10.6.25

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2282=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2282=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2282=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2282=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2282=1

* Galera for Ericsson 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-ERICSSON-2026-2282=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2282=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2282=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2282=1

* Galera for Ericsson 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-ERICSSON-2026-2282=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2282=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libmariadbd19-debuginfo-10.6.27-150400.3.46.1
* mariadb-bench-debuginfo-10.6.27-150400.3.46.1
* libmariadbd19-10.6.27-150400.3.46.1
* mariadb-test-debuginfo-10.6.27-150400.3.46.1
* mariadb-bench-10.6.27-150400.3.46.1
* mariadb-client-10.6.27-150400.3.46.1
* mariadb-tools-debuginfo-10.6.27-150400.3.46.1
* mariadb-client-debuginfo-10.6.27-150400.3.46.1
* mariadb-10.6.27-150400.3.46.1
* mariadb-debugsource-10.6.27-150400.3.46.1
* mariadb-galera-10.6.27-150400.3.46.1
* mariadb-tools-10.6.27-150400.3.46.1
* mariadb-debuginfo-10.6.27-150400.3.46.1
* libmariadbd-devel-10.6.27-150400.3.46.1
* mariadb-rpm-macros-10.6.27-150400.3.46.1
* mariadb-test-10.6.27-150400.3.46.1
* openSUSE Leap 15.4 (noarch)
* mariadb-errormessages-10.6.27-150400.3.46.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libmariadbd19-debuginfo-10.6.27-150400.3.46.1
* libmariadbd19-10.6.27-150400.3.46.1
* mariadb-tools-debuginfo-10.6.27-150400.3.46.1
* mariadb-client-10.6.27-150400.3.46.1
* mariadb-client-debuginfo-10.6.27-150400.3.46.1
* mariadb-10.6.27-150400.3.46.1
* mariadb-debugsource-10.6.27-150400.3.46.1
* mariadb-tools-10.6.27-150400.3.46.1
* mariadb-debuginfo-10.6.27-150400.3.46.1
* libmariadbd-devel-10.6.27-150400.3.46.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* mariadb-errormessages-10.6.27-150400.3.46.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libmariadbd19-debuginfo-10.6.27-150400.3.46.1
* libmariadbd19-10.6.27-150400.3.46.1
* mariadb-tools-debuginfo-10.6.27-150400.3.46.1
* mariadb-client-10.6.27-150400.3.46.1
* mariadb-client-debuginfo-10.6.27-150400.3.46.1
* mariadb-10.6.27-150400.3.46.1
* mariadb-debugsource-10.6.27-150400.3.46.1
* mariadb-tools-10.6.27-150400.3.46.1
* mariadb-debuginfo-10.6.27-150400.3.46.1
* libmariadbd-devel-10.6.27-150400.3.46.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* mariadb-errormessages-10.6.27-150400.3.46.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libmariadbd19-debuginfo-10.6.27-150400.3.46.1
* libmariadbd19-10.6.27-150400.3.46.1
* mariadb-tools-debuginfo-10.6.27-150400.3.46.1
* mariadb-client-10.6.27-150400.3.46.1
* mariadb-client-debuginfo-10.6.27-150400.3.46.1
* mariadb-10.6.27-150400.3.46.1
* mariadb-debugsource-10.6.27-150400.3.46.1
* mariadb-tools-10.6.27-150400.3.46.1
* mariadb-debuginfo-10.6.27-150400.3.46.1
* libmariadbd-devel-10.6.27-150400.3.46.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* mariadb-errormessages-10.6.27-150400.3.46.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libmariadbd19-debuginfo-10.6.27-150400.3.46.1
* libmariadbd19-10.6.27-150400.3.46.1
* mariadb-tools-debuginfo-10.6.27-150400.3.46.1
* mariadb-client-10.6.27-150400.3.46.1
* mariadb-client-debuginfo-10.6.27-150400.3.46.1
* mariadb-10.6.27-150400.3.46.1
* mariadb-debugsource-10.6.27-150400.3.46.1
* mariadb-tools-10.6.27-150400.3.46.1
* mariadb-debuginfo-10.6.27-150400.3.46.1
* libmariadbd-devel-10.6.27-150400.3.46.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* mariadb-errormessages-10.6.27-150400.3.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libmariadbd19-debuginfo-10.6.27-150400.3.46.1
* mariadb-tools-debuginfo-10.6.27-150400.3.46.1
* libmariadbd19-10.6.27-150400.3.46.1
* mariadb-client-10.6.27-150400.3.46.1
* mariadb-client-debuginfo-10.6.27-150400.3.46.1
* mariadb-10.6.27-150400.3.46.1
* mariadb-debugsource-10.6.27-150400.3.46.1
* mariadb-tools-10.6.27-150400.3.46.1
* mariadb-debuginfo-10.6.27-150400.3.46.1
* libmariadbd-devel-10.6.27-150400.3.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* mariadb-errormessages-10.6.27-150400.3.46.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libmariadbd19-debuginfo-10.6.27-150400.3.46.1
* mariadb-tools-debuginfo-10.6.27-150400.3.46.1
* libmariadbd19-10.6.27-150400.3.46.1
* mariadb-client-10.6.27-150400.3.46.1
* mariadb-client-debuginfo-10.6.27-150400.3.46.1
* mariadb-10.6.27-150400.3.46.1
* mariadb-debugsource-10.6.27-150400.3.46.1
* mariadb-tools-10.6.27-150400.3.46.1
* mariadb-debuginfo-10.6.27-150400.3.46.1
* libmariadbd-devel-10.6.27-150400.3.46.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* mariadb-errormessages-10.6.27-150400.3.46.1
* Galera for Ericsson 15 SP4 (x86_64)
* mariadb-galera-10.6.27-150400.3.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libmariadbd19-debuginfo-10.6.27-150400.3.46.1
* libmariadbd19-10.6.27-150400.3.46.1
* mariadb-tools-debuginfo-10.6.27-150400.3.46.1
* mariadb-client-10.6.27-150400.3.46.1
* mariadb-client-debuginfo-10.6.27-150400.3.46.1
* mariadb-10.6.27-150400.3.46.1
* mariadb-debugsource-10.6.27-150400.3.46.1
* mariadb-tools-10.6.27-150400.3.46.1
* mariadb-debuginfo-10.6.27-150400.3.46.1
* libmariadbd-devel-10.6.27-150400.3.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* mariadb-errormessages-10.6.27-150400.3.46.1
* Galera for Ericsson 15 SP5 (x86_64)
* mariadb-debugsource-10.6.27-150400.3.46.1
* mariadb-galera-10.6.27-150400.3.46.1
* mariadb-debuginfo-10.6.27-150400.3.46.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libmariadbd19-debuginfo-10.6.27-150400.3.46.1
* libmariadbd19-10.6.27-150400.3.46.1
* mariadb-tools-debuginfo-10.6.27-150400.3.46.1
* mariadb-client-10.6.27-150400.3.46.1
* mariadb-client-debuginfo-10.6.27-150400.3.46.1
* mariadb-10.6.27-150400.3.46.1
* mariadb-debugsource-10.6.27-150400.3.46.1
* mariadb-tools-10.6.27-150400.3.46.1
* mariadb-debuginfo-10.6.27-150400.3.46.1
* libmariadbd-devel-10.6.27-150400.3.46.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* mariadb-errormessages-10.6.27-150400.3.46.1

## References:

* https://www.suse.com/security/cve/CVE-2026-3494.html
* https://www.suse.com/security/cve/CVE-2026-44168.html
* https://www.suse.com/security/cve/CVE-2026-44170.html
* https://www.suse.com/security/cve/CVE-2026-44171.html
* https://www.suse.com/security/cve/CVE-2026-44172.html
* https://www.suse.com/security/cve/CVE-2026-44173.html
* https://www.suse.com/security/cve/CVE-2026-48163.html
* https://www.suse.com/security/cve/CVE-2026-48165.html
* https://www.suse.com/security/cve/CVE-2026-49261.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259176
* https://bugzilla.suse.com/show_bug.cgi?id=1266437
* https://bugzilla.suse.com/show_bug.cgi?id=1266438
* https://bugzilla.suse.com/show_bug.cgi?id=1266439
* https://bugzilla.suse.com/show_bug.cgi?id=1266440
* https://bugzilla.suse.com/show_bug.cgi?id=1266442
* https://bugzilla.suse.com/show_bug.cgi?id=1266814
* https://bugzilla.suse.com/show_bug.cgi?id=1266815
* https://bugzilla.suse.com/show_bug.cgi?id=1267542

SUSE-SU-2026:2280-1: important: Security update for ignition

# Security update for ignition

Announcement ID: SUSE-SU-2026:2280-1
Release Date: 2026-06-05T12:11:42Z
Rating: important
References:

* bsc#1265751

Cross-References:

* CVE-2026-33814

CVSS scores:

* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* HPC Module 15-SP7
* openSUSE Leap 15.4
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for ignition fixes the following issue

* CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport
when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1265751).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2280=1

* HPC Module 15-SP7
zypper in -t patch SUSE-SLE-Module-HPC-15-SP7-2026-2280=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2280=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* ignition-debuginfo-2.14.0-150400.9.18.1
* ignition-2.14.0-150400.9.18.1
* ignition-dracut-grub2-2.14.0-150400.9.18.1
* HPC Module 15-SP7 (aarch64 x86_64)
* ignition-debuginfo-2.14.0-150400.9.18.1
* ignition-2.14.0-150400.9.18.1
* ignition-dracut-grub2-2.14.0-150400.9.18.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 x86_64)
* ignition-debuginfo-2.14.0-150400.9.18.1
* ignition-2.14.0-150400.9.18.1
* ignition-dracut-grub2-2.14.0-150400.9.18.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://bugzilla.suse.com/show_bug.cgi?id=1265751

SUSE-SU-2026:2284-1: critical: Security update for mariadb

# Security update for mariadb

Announcement ID: SUSE-SU-2026:2284-1
Release Date: 2026-06-05T12:16:05Z
Rating: critical
References:

* bsc#1259176
* bsc#1266435
* bsc#1266437
* bsc#1266438
* bsc#1266439
* bsc#1266440
* bsc#1266442
* bsc#1266814
* bsc#1266815
* bsc#1267542

Cross-References:

* CVE-2026-34303
* CVE-2026-3494
* CVE-2026-44168
* CVE-2026-44170
* CVE-2026-44171
* CVE-2026-44172
* CVE-2026-44173
* CVE-2026-48163
* CVE-2026-48165
* CVE-2026-49261

CVSS scores:

* CVE-2026-34303 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-3494 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-3494 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-3494 ( NVD ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-3494 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-44168 ( SUSE ): 8.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-44168 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-44170 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-44171 ( SUSE ): 5.4
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-44171 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-44172 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-44173 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
* CVE-2026-44173 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
* CVE-2026-48163 ( SUSE ): 8.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-48163 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-48165 ( SUSE ): 8.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-48165 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-49261 ( SUSE ): 9.4
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-49261 ( SUSE ): 9.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products:

* Galera for Ericsson 15 SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves 10 vulnerabilities can now be installed.

## Description:

This update for mariadb fixes the following issues:

* CVE-2026-3494: audit plugin comment handling bypass (bsc#1259176).
* CVE-2026-34303: mysql: optimizer unspecified vulnerability (bsc#1266435).
* CVE-2026-44168: wsrep SST unsafe parameter handling on the donor side
(bsc#1266442).
* CVE-2026-44170: argument injection in CONNECT REST Xcurl on Windows via
unsanitized URL (bsc#1266440).
* CVE-2026-44171: path traversal in mbstream (bsc#1266439).
* CVE-2026-44172: mysql_real_escape_string() incorrectly handled big5
(bsc#1266438).
* CVE-2026-44173: FILE privilege was not checked for subqueries in the FROM
clause (bsc#1266437).
* CVE-2026-48163: wsrep SST unsafe parameter handling on the donor side
(bsc#1266815).
* CVE-2026-48165: unsafe usage of `wsrep_sst_receive_address` values on the
joiner side (bsc#1266814).
* CVE-2026-49261: unsafe parameter handling in `wsrep_notify_cmd`
(bsc#1267542).

Changes for mariadb:

* Update to 10.11.18: https://mariadb.com/docs/release-notes/community-
server/10.11/10.11.18 https://mariadb.com/docs/release-notes/community-
server/changelogs/10.11/10.11.18
* Update to 10.11.17: https://mariadb.com/docs/release-notes/community-
server/10.11/10.11.17 https://mariadb.com/docs/release-notes/community-
server/changelogs/10.11/10.11.17 https://mariadb.com/docs/release-
notes/community-server/10.11/10.11.16 https://mariadb.com/docs/release-
notes/community-server/changelogs/10.11/10.11.16

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Galera for Ericsson 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-ERICSSON-2026-2284=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2284=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2284=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2284=1

## Package List:

* Galera for Ericsson 15 SP6 (x86_64)
* mariadb-debugsource-10.11.18-150600.4.20.1
* mariadb-debuginfo-10.11.18-150600.4.20.1
* mariadb-galera-10.11.18-150600.4.20.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* mariadb-debugsource-10.11.18-150600.4.20.1
* mariadb-tools-10.11.18-150600.4.20.1
* libmariadbd19-10.11.18-150600.4.20.1
* mariadb-10.11.18-150600.4.20.1
* libmariadbd19-debuginfo-10.11.18-150600.4.20.1
* mariadb-client-10.11.18-150600.4.20.1
* mariadb-client-debuginfo-10.11.18-150600.4.20.1
* mariadb-tools-debuginfo-10.11.18-150600.4.20.1
* libmariadbd-devel-10.11.18-150600.4.20.1
* mariadb-debuginfo-10.11.18-150600.4.20.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* mariadb-errormessages-10.11.18-150600.4.20.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* mariadb-debugsource-10.11.18-150600.4.20.1
* mariadb-rpm-macros-10.11.18-150600.4.20.1
* mariadb-test-10.11.18-150600.4.20.1
* mariadb-tools-10.11.18-150600.4.20.1
* mariadb-test-debuginfo-10.11.18-150600.4.20.1
* libmariadbd19-10.11.18-150600.4.20.1
* mariadb-10.11.18-150600.4.20.1
* mariadb-bench-debuginfo-10.11.18-150600.4.20.1
* libmariadbd19-debuginfo-10.11.18-150600.4.20.1
* mariadb-client-10.11.18-150600.4.20.1
* mariadb-client-debuginfo-10.11.18-150600.4.20.1
* mariadb-bench-10.11.18-150600.4.20.1
* mariadb-tools-debuginfo-10.11.18-150600.4.20.1
* libmariadbd-devel-10.11.18-150600.4.20.1
* mariadb-debuginfo-10.11.18-150600.4.20.1
* mariadb-galera-10.11.18-150600.4.20.1
* openSUSE Leap 15.6 (noarch)
* mariadb-errormessages-10.11.18-150600.4.20.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* mariadb-debugsource-10.11.18-150600.4.20.1
* mariadb-tools-10.11.18-150600.4.20.1
* libmariadbd19-10.11.18-150600.4.20.1
* mariadb-10.11.18-150600.4.20.1
* libmariadbd19-debuginfo-10.11.18-150600.4.20.1
* mariadb-client-10.11.18-150600.4.20.1
* mariadb-client-debuginfo-10.11.18-150600.4.20.1
* mariadb-tools-debuginfo-10.11.18-150600.4.20.1
* libmariadbd-devel-10.11.18-150600.4.20.1
* mariadb-debuginfo-10.11.18-150600.4.20.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* mariadb-errormessages-10.11.18-150600.4.20.1

## References:

* https://www.suse.com/security/cve/CVE-2026-34303.html
* https://www.suse.com/security/cve/CVE-2026-3494.html
* https://www.suse.com/security/cve/CVE-2026-44168.html
* https://www.suse.com/security/cve/CVE-2026-44170.html
* https://www.suse.com/security/cve/CVE-2026-44171.html
* https://www.suse.com/security/cve/CVE-2026-44172.html
* https://www.suse.com/security/cve/CVE-2026-44173.html
* https://www.suse.com/security/cve/CVE-2026-48163.html
* https://www.suse.com/security/cve/CVE-2026-48165.html
* https://www.suse.com/security/cve/CVE-2026-49261.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259176
* https://bugzilla.suse.com/show_bug.cgi?id=1266435
* https://bugzilla.suse.com/show_bug.cgi?id=1266437
* https://bugzilla.suse.com/show_bug.cgi?id=1266438
* https://bugzilla.suse.com/show_bug.cgi?id=1266439
* https://bugzilla.suse.com/show_bug.cgi?id=1266440
* https://bugzilla.suse.com/show_bug.cgi?id=1266442
* https://bugzilla.suse.com/show_bug.cgi?id=1266814
* https://bugzilla.suse.com/show_bug.cgi?id=1266815
* https://bugzilla.suse.com/show_bug.cgi?id=1267542

SUSE-SU-2026:2285-1: important: Security update for yq

# Security update for yq

Announcement ID: SUSE-SU-2026:2285-1
Release Date: 2026-06-05T12:16:32Z
Rating: important
References:

* bsc#1267053
* bsc#1267199

Cross-References:

* CVE-2026-25680
* CVE-2026-25681
* CVE-2026-27136
* CVE-2026-39821
* CVE-2026-42502
* CVE-2026-42506

CVSS scores:

* CVE-2026-25680 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-25680 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25680 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-25681 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-25681 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-25681 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-27136 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-27136 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-27136 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-39821 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-42502 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-42502 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42502 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42506 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-42506 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42506 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves six vulnerabilities can now be installed.

## Description:

This update for yq fixes the following issues:

* CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506:
golang.org/x/net/html: multiple issues when parsing HTML files
(bsc#1267053).
* CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only
Punycode-encoded labels allows for validation bypass and privilege
escalation (bsc#1267199).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2285=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2285=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* yq-4.53.2-150500.3.9.1
* yq-debuginfo-4.53.2-150500.3.9.1
* openSUSE Leap 15.5 (noarch)
* yq-fish-completion-4.53.2-150500.3.9.1
* yq-zsh-completion-4.53.2-150500.3.9.1
* yq-bash-completion-4.53.2-150500.3.9.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* yq-4.53.2-150500.3.9.1
* yq-debuginfo-4.53.2-150500.3.9.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25680.html
* https://www.suse.com/security/cve/CVE-2026-25681.html
* https://www.suse.com/security/cve/CVE-2026-27136.html
* https://www.suse.com/security/cve/CVE-2026-39821.html
* https://www.suse.com/security/cve/CVE-2026-42502.html
* https://www.suse.com/security/cve/CVE-2026-42506.html
* https://bugzilla.suse.com/show_bug.cgi?id=1267053
* https://bugzilla.suse.com/show_bug.cgi?id=1267199

openSUSE-SU-2026:0192-1: critical: Security update for kanidm

openSUSE Security Update: Security update for kanidm
_______________________________

Announcement ID: openSUSE-SU-2026:0192-1
Rating: critical
References:
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that contains security fixes can now be installed.

Description:

This update for kanidm fixes the following issues:

- Update to version 1.10.2~git0.f3dc9ef1f:
* Release 1.10.2
* Security - CRITICAL - authenticated user privilege escalation
* Refactor modification access paths to remove duplication
* Revert ClientID header (#4334)
* Disable prompt=login (#4340)
* Add missing `/sbin/kanidm-mail-sender` (#4323)
* Remove debug symbols in release builds. (#4319)

- Update to version 1.10.1~git0.d02660a98:
* Release 1.10.1
* Fix copy in TOTP removal prompt and align TOTP case (#4314)
* Resolve base64 encoding of webauthn fields (#4312)

- Update to version 1.10.0-pre~git1.32e2f8ec6:
* Release 1.10.0
* Release 1.10.0-pre
* Release notes (#4304)
* Update ldap3/webauthn-rs (#4302)
* Merge commit from fork
* Merge commit from fork
* Merge commit from fork
* Merge commit from fork
* Add notes on server migration (#4301)
* 20260517 sparkle (#4280)
* Bump mozilla-actions/sccache-action in the all group (#4298)
* Bump the all group with 6 updates (#4299)
* Bump the all group across 1 directory with 3 updates (#4283)
* 20260331 send account recovery emails (#4259)
* Update oauth2 well known urls (#4296)
* Clippy for Rust 1.95 (#4291)
* Invert incorrect thread count logic (#4294)
* Allow modification of OAuth2 Refresh Expiry (#4276)
* 20260327 Introspection token auth metadata (#4230)
* fix: add missing kanidm-mail-sender binary (#4279)
* Correctly handle deleted accounts during page visits (#4275)
* don't fail auth when passed ui_locales (#4288)
* Bump actions/upload-pages-artifact from 4 to 5 in the all group (#4284)
* Fix link formatting in oauth2.rs documentation (#4278)
* Feat: Add OIDC Prompt Support (#4224)
* Handle multivalue URLs in SCIM (#4271)
* Correctly encode ssh tag values (#4272)
* Bump the all group with 2 updates (#4263)
* Bump the all group in /rlm_python with 4 updates (#4262)
* Bump the all group with 8 updates (#4264)
* Update deployment.md with configuration notes (#4258)
* Add .well-known/passkey-endpoints (#4255)
* show repl cert metadata and also handle socket timeouts (#4252)
* Update docs regarding replication cert lifetime (#4251)
* Log cleanup (#4248)
* adding timeouts and tests and port docs for mail_sender (#4246)
* Bump the all group with 5 updates (#4247)
* add dependency data to released containers (#4239)
* Fix to end code block and render remaining md correctly (#4241)
* Update readme.md for replication (#4236)
* Added note on primary email address and email aliases (#4237)
* Bump the all group with 6 updates (#4235)
* Bump the all group with 2 updates (#4234)
* Bump the uv group across 1 directory with 2 updates (#4231)
* cli: allow clearing person's legalname attribute (#4228)
* Add shell diagnostics (#4220)
* OpenSSL shall be vanquished (#4219)
* Bump the all group across 1 directory with 16 updates (#4225)
* Bump rustls-webpki from 0.103.9 to 0.103.10 (#4223)
* Bump flatted (#4222)
* Tabular data is tabular (#4221)
* Example sshd-config fragment, deployment de-activated on Debian (#4214)
* Update RELEASE_NOTES.md (#4215)
* fix(debian): Use correct bin path for kanidmd reload (#4212)
* Allow urlencoded client_id in basic auth (#4141)
* add nsswitch config check to unixd (#4210)
* 20260311 zxcvbn check (#4206)
* Enhance Traefik documentation (#4194)
* Re-add incorrectly removed utopia feature flag (#4207)
* Update ldap3 to 0.7.0 to resolve config filter issue (#4205)
* Added PasswordChangedTime attribute and database field (#3999)
* Defer on some routes (#4202)
* Remove thread local storage (#4204)
* Improve FreeBSD building, fully drop ring as a dependency.
* 20260218 credential reset emails (authenticated only) (#4151)
* android support for cli (#4197)
* Bump the all group with 4 updates (#4198)
* Bump the all group with 7 updates (#4199)
* feat: bind mount home strategy (#3997)
* Bump the all group with 2 updates (#4183)
* Bump the all group with 8 updates (#4184)
* Bump minimatch (#4180)
* Disable multithreading on RADIUS when DEBUG is False. (#4177)
* Don't revert admin changes in some groups during migrcation (#4176)
* Fix bug where DEBUG is always true in RADIUS entrypoint. (#4169)
* 20260220 prevent migration accidents (#4156)
* Bump the all group across 1 directory with 20 updates (#4163)
* Move the grafana group creation step (#4160)
* Alert on unsaved changes (#4155)
* pykanidm v1.3.0 - major rewrite to use openapi-generated codebase
based on 1.9.0 spec (#4149)
* Warn about systemd-userdb (#4147)
* Dont require basic auth on token introspection (#4142)
* Dont be as upset when migration dir doesnt exist (#4146)
* Add AGENTS.md instructions (#4148)
* Feature OIDC updated at (#4007)
* pykanidm: clarify token use with service accounts (#4043)
* Fixed small typo in how_does_oauth2_work.md (#4138)
* Bye bye lazy static (#4134)
* Allow LDAP CA verification to be disabled in sync (#4133)
* Add oauth2 example, fix inter-migration reference handling (#4136)
* Add missing future migration in domain check (#4132)
* Corrected recycle_bin.md typo (#4135)
* 20260211 dev version (#4131)

- Update to version 1.9.3~git0.7d4108698:
* Release 1.9.3
* Security - High: SCIM Filters did not contain a bound on their parsing
depth allowing stack exhaustion to occur leading to Denial of Service
by an unauthenticated user
* Security - Moderate: PNG Image validation did not correctly handle
short images allowing a panic to occur in a worker thread. This may
lead to system instability over time
* Security - Low: HTML injection via user DisplayName in Passkey
enrolment dialogs. This allows an admin to execute JS in the context
of a users browser. Since the admin already can reset the users
credentials, the impact of this is minimal.
* Security - Low: non-constant time comparison of OAuth2 client secret
may allow a remote attacker to remotely recovery the bytes of the
secret. Due to the length of the secret (48 chars) this is infeasible
practically.
* Security - Low: incorrect handling of origin validation in Webauthn-RS
allowed a malicious domain to collide with a valid one (badexample.com
would match with example.com). This is mitigated by browsers detecting
the forgery and preventing the authentication from proceeding.
* Security - High: LDAP Filters did not contain a bound on their parsing
depth allowing stack exhaustion to occur leading to Denial of Service
by an unauthenticated user.
* Update two vulnerable dependencies
* Release 1.9.2
* Allow urlencoded client_id in basic auth (#4141)
* Update ldap3 to 0.7.0 to resolve config filter issue (#4205)
* Remove thread local storage (#4204)

- Update to version 1.9.2~git6.896acba35:
* Release 1.9.3
* Merge commit from fork
* Merge commit from fork
* Merge commit from fork
* Merge commit from fork
* Update two vulnerable dependencies

- Update to version 1.9.2~git0.6a2bb66bd:
* Release 1.9.2
* Allow urlencoded client_id in basic auth (#4141)
* Update ldap3 to 0.7.0 to resolve config filter issue (#4205)
* Remove thread local storage (#4204)
* Disable multithreading on RADIUS when DEBUG is False. (#4177)
* Fix bug where DEBUG is always true in RADIUS entrypoint. (#4169)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-192=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 x86_64):

kanidm-1.10.2~git0.f3dc9ef1f-bp157.2.32.1
kanidm-clients-1.10.2~git0.f3dc9ef1f-bp157.2.32.1
kanidm-docs-1.10.2~git0.f3dc9ef1f-bp157.2.32.1
kanidm-server-1.10.2~git0.f3dc9ef1f-bp157.2.32.1
kanidm-unixd-clients-1.10.2~git0.f3dc9ef1f-bp157.2.32.1

References:

Compat-OpenSSL10, Vim, Expat, and more updates for Rocky Linux

YARD, Postfix, Tomcat, and Robocode updates for Ubuntu LTS

MariaDB, PostgreSQL, Unbound, and more updates for SUSE

openSUSE-SU-2026:0188-1: moderate: Security update for tor

openSUSE-SU-2026:0191-1: moderate: Security update for perl-HTTP-Tiny

openSUSE-SU-2026:0189-1: moderate: Security update for cacti

openSUSE-SU-2026:20897-1: moderate: Security update for python-pyOpenSSL

openSUSE-SU-2026:20902-1: important: Security update for keybase-client

openSUSE-SU-2026:20895-1: moderate: Security update for libsoup2

openSUSE-SU-2026:20901-1: important: Security update for postgresql18

openSUSE-SU-2026:20896-1: important: Security update for xorg-x11-server

openSUSE-SU-2026:20898-1: important: Security update for frr

openSUSE-SU-2026:10928-1: moderate: vifm-0.14.4-1.1 on GA media

openSUSE-SU-2026:10929-1: moderate: weblate-5.17.1-1.1 on GA media

openSUSE-SU-2026:10927-1: moderate: tomcat11-11.0.22-1.1 on GA media

openSUSE-SU-2026:10920-1: moderate: cacti-1.2.30+git457.e55c2aea-1.1 on GA media

openSUSE-SU-2026:10925-1: moderate: tomcat-9.0.118-1.1 on GA media

openSUSE-SU-2026:10926-1: moderate: tomcat10-10.1.55-1.1 on GA media

openSUSE-SU-2026:10924-1: moderate: perl-Sereal-Decoder-5.6.0-1.1 on GA media

openSUSE-SU-2026:10922-1: moderate: grafana-11.6.14+security01-4.1 on GA media

openSUSE-SU-2026:10923-1: moderate: mcphost-0.34.0-8.1 on GA media

openSUSE-SU-2026:10921-1: moderate: google-guest-agent-20260529.00-1.1 on GA media

SUSE-SU-2026:2281-1: important: Security update for unbound

SUSE-SU-2026:2282-1: critical: Security update for mariadb

SUSE-SU-2026:2280-1: important: Security update for ignition

SUSE-SU-2026:2284-1: critical: Security update for mariadb

SUSE-SU-2026:2285-1: important: Security update for yq

openSUSE-SU-2026:0192-1: critical: Security update for kanidm

Windows

Linux

macOS

Community