openSUSE-SU-2026:10330-1: moderate: mingw32-binutils-2.45.1-2.1 on GA media
openSUSE-SU-2026:10326-1: moderate: giflib-devel-32bit-5.2.2-3.1 on GA media
openSUSE-SU-2026:10324-1: moderate: MozillaFirefox-148.0.2-1.1 on GA media
openSUSE-SU-2026:10328-1: moderate: himmelblau-2.3.8+git0.dec3693-1.1 on GA media
openSUSE-SU-2026:10327-1: moderate: heroic-games-launcher-2.20.1-3.1 on GA media
openSUSE-SU-2026:20354-1: important: Security update for libsoup2
openSUSE-SU-2026:20350-1: important: Security update for tomcat
openSUSE-SU-2026:20357-1: moderate: Security update for qemu
openSUSE-SU-2026:20361-1: moderate: Security update for osc, obs-scm-bridge
openSUSE-SU-2026:20351-1: important: Security update for amazon-ssm-agent
openSUSE-SU-2026:10331-1: moderate: mingw64-binutils-2.45.1-2.1 on GA media
openSUSE-SU-2026:10329-1: moderate: kubelogin-0.2.16-1.1 on GA media
openSUSE-SU-2026:10325-1: moderate: clamav-1.5.2-1.1 on GA media
openSUSE-SU-2026:10330-1: moderate: mingw32-binutils-2.45.1-2.1 on GA media
# mingw32-binutils-2.45.1-2.1 on GA media
Announcement ID: openSUSE-SU-2026:10330-1
Rating: moderate
Cross-References:
* CVE-2025-7545
* CVE-2025-7546
CVSS scores:
* CVE-2025-7545 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-7545 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-7546 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-7546 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 2 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the mingw32-binutils-2.45.1-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* mingw32-binutils 2.45.1-2.1
* mingw32-binutils-debug 2.45.1-2.1
* mingw32-binutils-devel 2.45.1-2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-7545.html
* https://www.suse.com/security/cve/CVE-2025-7546.html
openSUSE-SU-2026:10326-1: moderate: giflib-devel-32bit-5.2.2-3.1 on GA media
# giflib-devel-32bit-5.2.2-3.1 on GA media
Announcement ID: openSUSE-SU-2026:10326-1
Rating: moderate
Cross-References:
* CVE-2026-23868
CVSS scores:
* CVE-2026-23868 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2026-23868 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the giflib-devel-32bit-5.2.2-3.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* giflib-devel 5.2.2-3.1
* giflib-devel-32bit 5.2.2-3.1
* giflib-progs 5.2.2-3.1
* libgif7 5.2.2-3.1
* libgif7-32bit 5.2.2-3.1
## References:
* https://www.suse.com/security/cve/CVE-2026-23868.html
openSUSE-SU-2026:10324-1: moderate: MozillaFirefox-148.0.2-1.1 on GA media
# MozillaFirefox-148.0.2-1.1 on GA media
Announcement ID: openSUSE-SU-2026:10324-1
Rating: moderate
Cross-References:
* CVE-2026-3846
* CVE-2026-3847
CVSS scores:
* CVE-2026-3846 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2026-3847 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Tumbleweed
An update that solves 2 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the MozillaFirefox-148.0.2-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* MozillaFirefox 148.0.2-1.1
* MozillaFirefox-branding-upstream 148.0.2-1.1
* MozillaFirefox-devel 148.0.2-1.1
* MozillaFirefox-translations-common 148.0.2-1.1
* MozillaFirefox-translations-other 148.0.2-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-3846.html
* https://www.suse.com/security/cve/CVE-2026-3847.html
openSUSE-SU-2026:10328-1: moderate: himmelblau-2.3.8+git0.dec3693-1.1 on GA media
# himmelblau-2.3.8+git0.dec3693-1.1 on GA media
Announcement ID: openSUSE-SU-2026:10328-1
Rating: moderate
Cross-References:
* CVE-2026-31979
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the himmelblau-2.3.8+git0.dec3693-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* himmelblau 2.3.8+git0.dec3693-1.1
* himmelblau-qr-greeter 2.3.8+git0.dec3693-1.1
* himmelblau-sshd-config 2.3.8+git0.dec3693-1.1
* himmelblau-sso 2.3.8+git0.dec3693-1.1
* libnss_himmelblau2 2.3.8+git0.dec3693-1.1
* pam-himmelblau 2.3.8+git0.dec3693-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-31979.html
openSUSE-SU-2026:10327-1: moderate: heroic-games-launcher-2.20.1-3.1 on GA media
# heroic-games-launcher-2.20.1-3.1 on GA media
Announcement ID: openSUSE-SU-2026:10327-1
Rating: moderate
Cross-References:
* CVE-2026-28292
CVSS scores:
* CVE-2026-28292 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the heroic-games-launcher-2.20.1-3.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* heroic-games-launcher 2.20.1-3.1
## References:
* https://www.suse.com/security/cve/CVE-2026-28292.html
openSUSE-SU-2026:20354-1: important: Security update for libsoup2
openSUSE security update: security update for libsoup2
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:20354-1
Rating: important
References:
* bsc#1240751
* bsc#1243422
* bsc#1254876
* bsc#1256399
* bsc#1256418
* bsc#1257398
* bsc#1257441
* bsc#1257597
* bsc#1258120
* bsc#1258170
* bsc#1258508
Cross-References:
* CVE-2025-14523
* CVE-2025-32049
* CVE-2025-4476
* CVE-2026-0716
* CVE-2026-0719
* CVE-2026-1467
* CVE-2026-1539
* CVE-2026-1760
* CVE-2026-2369
* CVE-2026-2443
* CVE-2026-2708
CVSS scores:
* CVE-2025-14523 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
* CVE-2025-14523 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-32049 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32049 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-4476 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-4476 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-0716 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-0716 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-0719 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-0719 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-1467 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-1467 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
* CVE-2026-1539 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
* CVE-2026-1539 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
* CVE-2026-1760 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
* CVE-2026-1760 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2026-2369 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-2369 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-2443 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-2443 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-2708 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
* CVE-2026-2708 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 11 vulnerabilities and has 11 bug fixes can now be installed.
Description:
This update for libsoup2 fixes the following issues:
- CVE-2025-4476: null pointer dereference may lead to denial of service (bsc#1243422).
- CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (bsc#1254876).
- CVE-2025-32049: Denial of Service attack to websocket server (bsc#1240751).
- CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418).
- CVE-2026-0719: stack-based buffer overflow in NTLM authentication can lead to arbitrary code execution (bsc#1256399).
- CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests (bsc#1257398).
- CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects
(bsc#1257441).
- CVE-2026-1760: improper handling of HTTP requests combining certain headers by SoupServer can lead to HTTP request
smuggling and potential DoS (bsc#1257597).
- CVE-2026-2369: Buffer overread due to integer underflow when handling zero-length resources (bsc#1258120).
- CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information
disclosure to remote attackers (bsc#1258170).
- CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers (bsc#1258508).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-378=1
Package List:
- openSUSE Leap 16.0:
libsoup-2_4-1-2.74.3-160000.4.1
libsoup2-devel-2.74.3-160000.4.1
libsoup2-lang-2.74.3-160000.4.1
typelib-1_0-Soup-2_4-2.74.3-160000.4.1
References:
* https://www.suse.com/security/cve/CVE-2025-14523.html
* https://www.suse.com/security/cve/CVE-2025-32049.html
* https://www.suse.com/security/cve/CVE-2025-4476.html
* https://www.suse.com/security/cve/CVE-2026-0716.html
* https://www.suse.com/security/cve/CVE-2026-0719.html
* https://www.suse.com/security/cve/CVE-2026-1467.html
* https://www.suse.com/security/cve/CVE-2026-1539.html
* https://www.suse.com/security/cve/CVE-2026-1760.html
* https://www.suse.com/security/cve/CVE-2026-2369.html
* https://www.suse.com/security/cve/CVE-2026-2443.html
* https://www.suse.com/security/cve/CVE-2026-2708.html
openSUSE-SU-2026:20350-1: important: Security update for tomcat
openSUSE security update: security update for tomcat
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:20350-1
Rating: important
References:
* bsc#1253460
* bsc#1258371
* bsc#1258385
* bsc#1258387
Cross-References:
* CVE-2025-66614
* CVE-2026-24733
* CVE-2026-24734
CVSS scores:
* CVE-2025-66614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-66614 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-24733 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-24733 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-24734 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 3 vulnerabilities and has 4 bug fixes can now be installed.
Description:
This update for tomcat fixes the following issues:
Update to Tomcat 9.0.115:
- CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371).
- CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385).
- CVE-2026-24734: certificate revocation bypass due to incomplete OCSP verification checks (bsc#1258387).
* Catalina
+ Fix: 69623: Additional fix for the long standing regression that meant
that calls to ClassLoader.getResource().getContent() failed when made from
within a web application with resource caching enabled if the target
resource was packaged in a JAR file. (markt)
+ Fix: Pull request #923: Avoid adding multiple CSRF tokens to a URL in the
CsrfPreventionFilter. (schultz)
+ Fix: 69918: Ensure request parameters are correctly parsed for HTTP/2
requests when the content-length header is not set. (dsoumis)
+ Update: Update the minimum and recommended versions for Tomcat Native to
1.3.4. (markt)
+ Add: Add a new ssoReauthenticationMode to the Tomcat provided
Authenticators that provides a per Authenticator override of the SSO Valve
requireReauthentication attribute. (markt)
+ Fix: Ensure URL encoding errors in the Rewrite Valve trigger an exception
rather than silently using a replacement character. (markt)
+ Fix: 69871: Increase log level to INFO for missing configuration for the
rewrite valve. (remm)
+ Fix: Add log warnings for additional Host appBase suspicious values.
(remm)
+ Fix: Remove hard dependency on tomcat-jni.jar for catalina.jar.
org.apache.catalina.Connector no longer requires
org.apache.tomcat.jni.AprStatus to be present. (markt)
+ Add: Add the ability to use a custom function to generate the client
identifier in the CrawlerSessionManagerValve. This is only available
programmatically. Pull request #902 by Brian Matzon. (markt)
+ Fix: Change the SSO reauthentication behaviour for SPNEGO authentication
so that a normal SPNEGO authentication is performed if the SSL Valve is
configured with reauthentication enabled. This is so that the delegated
credentials will be available to the web application. (markt)
+ Fix: When generating the class path in the Loader, re-order the check on
individual class path components to avoid a potential
NullPointerException. Identified by Coverity Scan. (markt)
+ Fix: Fix SSL socket factory configuration in the JNDI realm. Based on pull
request #915 by Joshua Rogers. (remm)
+ Update: Add an attribute, digestInRfc3112Order, to
MessageDigestCredentialHandler to control the order in which the
credential and salt are digested. By default, the current, non-RFC 3112
compliant, order of salt then credential will be used. This default will
change in Tomcat 12 to the RFC 3112 compliant order of credential then
salt. (markt)
* Cluster
+ Add: 62814: Document that human-readable names maybe used for
mapSendOptions and align documentation with channelSendOptions. Based on
pull request #929 by archan0621. (markt)
* Clustering
+ Fix: Correct a regression introduced in 9.0.109 that broke some clustering
configurations. (markt)
* Coyote
+ Fix: Prevent concurrent release of OpenSSLEngine resources and the
termination of the Tomcat Native library as it can cause crashes during
Tomcat shutdown. (markt)
+ Fix: Avoid possible NPEs when using a TLS enabled custom connector. (remm)
+ Fix: Improve warnings when setting ciphers lists in the FFM code,
mirroring the tomcat-native changes. (remm)
+ Fix: 69910: Dereference TLS objects right after closing a socket to
improve memory efficiency. (remm)
+ Fix: Relax the JSSE vs OpenSSL configuration style checks on SSLHostConfig
to reflect the existing implementation that allows one configuration style
to be used for the trust attributes and a different style for all the
other attributes. (markt)
+ Fix: Better warning message when OpenSSLConf configuration elements are
used with a JSSE TLS implementation. (markt)
+ Fix: When using OpenSSL via FFM, don't log a warning about missing CA
certificates unless CA certificates were configured and the configuration
failed. (markt)
+ Add: For configuration consistency between OpenSSL and JSSE TLS
implementations, TLSv1.3 cipher suites included in the ciphers attribute
of an SSLHostConfig are now always ignored (previously they would be
ignored with OpenSSL implementations and used with JSSE implementations)
and a warning is logged that the cipher suite has been ignored. (markt)
+ Add: Add the ciphersuite attribute to SSLHostConfig to configure the
TLSv1.3 cipher suites. (markt)
+ Add: Add OCSP support to JSSE based TLS connectors and make the use of
OCSP configurable per connector for both JSSE and OpenSSL based TLS
implementations. Align the checks performed by OpenSSL with those
performed by JSSE. (markt)
+ Add: Add support for soft failure of OCSP checks with soft failure support
disabled by default. (markt)
+ Add: Add support for configuring the verification flags passed to
OCSP_basic_verify when using an OpenSSL based TLS implementation. (markt)
+ Fix: Fix OpenSSL FFM code compatibility with LibreSSL versions below 3.5.
+ Fix: Don't log an incorrect certificate KeyStore location when creating a
TLS connector if the KeyStore instance has been set directly on the
connector. (markt)
+ Fix: HTTP/0.9 only allows GET as the HTTP method. (remm)
+ Add: Add strictSni attribute on the Connector to allow matching the
SSLHostConfig configuration associated with the SNI host name to the
SSLHostConfig configuration matched from the HTTP protocol host name. Non
matching configurations will cause the request to be rejected. The
attribute default value is true, enabling the matching. (remm)
+ Fix: Graceful failure for OCSP on BoringSSL in the FFM code. (remm)
+ Fix: 69866: Fix a memory leak when using a trust store with the OpenSSL
provider. Pull request #912 by aogburn. (markt)
+ Fix: Fix AJP message length check. Pull request #916 by Joshua Rogers.
* Jasper
+ Fix: 69333: Correct a regression in the previous fix for 69333 and ensure
that reuse() or release() is always called for a tag. (markt)
+ Fix: 69877: Catch IllegalArgumentException when processing URIs when
creating the classpath to handle invalid URIs. (remm)
+ Fix: Fix populating the classpath with the webapp classloader
repositories. (remm)
+ Fix: 69862: Avoid NPE unwrapping Servlet exception which would hide some
exception details. Patch submitted by Eric Blanquer. (remm)
* Jdbc-pool
+ Fix: 64083: If the underlying connection has been closed, don't add it to
the pool when it is returned. Pull request #235 by Alex Panchenko. (markt)
* Web applications
+ Fix: Manager: Fix abrupt truncation of the HTML and JSON complete server
status output if one or more of the web applications failed to start.
(schultz)
+ Add: Manager: Include web application state in the HTML and JSON complete
server status output. (markt)
+ Add: Documentation: Expand the documentation to better explain when OCSP
is supported and when it is not. (markt)
* Websocket
+ Fix: 69920: When attempting to write to a closed Writer or OutputStream
obtained from a WebSocket session, throw an IOException rather than an
IllegalStateExcpetion as required by Writer and strongly suggested by
OutputStream. (markt)
* Other
+ Add: Add property "gpg.sign.files" to optionally disable release artefact
signing with GPG. (rjung)
+ Add: Add test.silent property to suppress JUnit console output during test
execution. Useful for cleaner console output when running tests with
multiple threads. (csutherl)
+ Update: Update the internal fork of Commons Pool to 2.13.1. (markt)
+ Update: Update the internal fork of Commons DBCP to 2.14.0. (markt)
+ Update: Update Commons Daemon to 1.5.1. (markt)
+ Update: Update ByteBuddy to 1.18.3. (markt)
+ Update: Update UnboundID to 7.0.4. (markt)
+ Update: Update Checkstyle to 12.3.1. (markt)
+ Add: Improvements to French translations. (markt)
+ Add: Improvements to Japanese translations provided by tak7iji. (markt)
+ Add: Improvements to Chinese translations provided by Yang. vincent.h and
yong hu. (markt)
+ Update: Update Tomcat Native to 1.3.5. (markt)
+ Add: Add test profile system for selective test execution. Profiles can be
specified via -Dtest.profile= to run specific test subsets without
using patterns directly. Profile patterns are defined in
test-profiles.properties. (csutherl)
+ Update: Update file extension to media type mappings to align with the
current list used by the Apache Web Server (httpd). (markt)
+ Update: Update Commons Daemon to 1.5.0. (markt)
+ Update: Update Byte Buddy to 1.18.2. (markt)
+ Update: Update Checkstyle to 12.2.0. (markt)
+ Add: Improvements to Spanish translations provided by White Vogel. (markt)
+ Add: Improvements to French translations. (remm)
+ Update: Update the internal fork of Apache Commons BCEL to 6.11.0. (markt)
+ Update: Update to Byte Buddy 1.17.8. (markt)
+ Update: Update to Checkstyle 12.1.1. (markt)
+ Update: Update to Jacoco 0.8.14. (markt)
+ Update: Update to SpotBugs 4.9.8. (markt)
+ Update: Update to JSign 7.4. (markt)
+ Update: Update Maven Resolver Ant Tasks to 1.6.0. (rjung)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-374=1
Package List:
- openSUSE Leap 16.0:
tomcat-9.0.115-160000.1.1
tomcat-admin-webapps-9.0.115-160000.1.1
tomcat-docs-webapp-9.0.115-160000.1.1
tomcat-el-3_0-api-9.0.115-160000.1.1
tomcat-embed-9.0.115-160000.1.1
tomcat-javadoc-9.0.115-160000.1.1
tomcat-jsp-2_3-api-9.0.115-160000.1.1
tomcat-jsvc-9.0.115-160000.1.1
tomcat-lib-9.0.115-160000.1.1
tomcat-servlet-4_0-api-9.0.115-160000.1.1
tomcat-webapps-9.0.115-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2025-66614.html
* https://www.suse.com/security/cve/CVE-2026-24733.html
* https://www.suse.com/security/cve/CVE-2026-24734.html
openSUSE-SU-2026:20357-1: moderate: Security update for qemu
openSUSE security update: security update for qemu
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:20357-1
Rating: moderate
References:
* bsc#1255400
* bsc#1256484
* bsc#1257474
* bsc#1257492
Cross-References:
* CVE-2025-14876
* CVE-2026-0665
CVSS scores:
* CVE-2025-14876 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-14876 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-0665 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-0665 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 2 vulnerabilities and has 4 bug fixes can now be installed.
Description:
This update for qemu fixes the following issues:
- Update to version 10.0.8
- CVE-2025-14876: Fixed unbounded allocation in virtio-crypto. (bsc#1255400)
- CVE-2026-0665: Fixed PIRQ bounds check in xen_physdev_map_pirq. (bsc#1256484)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-381=1
Package List:
- openSUSE Leap 16.0:
qemu-10.0.8-160000.1.1
qemu-SLOF-10.0.8-160000.1.1
qemu-accel-qtest-10.0.8-160000.1.1
qemu-arm-10.0.8-160000.1.1
qemu-audio-alsa-10.0.8-160000.1.1
qemu-audio-dbus-10.0.8-160000.1.1
qemu-audio-jack-10.0.8-160000.1.1
qemu-audio-oss-10.0.8-160000.1.1
qemu-audio-pa-10.0.8-160000.1.1
qemu-audio-pipewire-10.0.8-160000.1.1
qemu-audio-spice-10.0.8-160000.1.1
qemu-block-curl-10.0.8-160000.1.1
qemu-block-dmg-10.0.8-160000.1.1
qemu-block-iscsi-10.0.8-160000.1.1
qemu-block-nfs-10.0.8-160000.1.1
qemu-block-rbd-10.0.8-160000.1.1
qemu-block-ssh-10.0.8-160000.1.1
qemu-chardev-baum-10.0.8-160000.1.1
qemu-chardev-spice-10.0.8-160000.1.1
qemu-doc-10.0.8-160000.1.1
qemu-extra-10.0.8-160000.1.1
qemu-guest-agent-10.0.8-160000.1.1
qemu-headless-10.0.8-160000.1.1
qemu-hw-display-qxl-10.0.8-160000.1.1
qemu-hw-display-virtio-gpu-10.0.8-160000.1.1
qemu-hw-display-virtio-gpu-pci-10.0.8-160000.1.1
qemu-hw-display-virtio-vga-10.0.8-160000.1.1
qemu-hw-s390x-virtio-gpu-ccw-10.0.8-160000.1.1
qemu-hw-usb-host-10.0.8-160000.1.1
qemu-hw-usb-redirect-10.0.8-160000.1.1
qemu-hw-usb-smartcard-10.0.8-160000.1.1
qemu-img-10.0.8-160000.1.1
qemu-ipxe-10.0.8-160000.1.1
qemu-ivshmem-tools-10.0.8-160000.1.1
qemu-ksm-10.0.8-160000.1.1
qemu-lang-10.0.8-160000.1.1
qemu-linux-user-10.0.8-160000.1.1
qemu-microvm-10.0.8-160000.1.1
qemu-ppc-10.0.8-160000.1.1
qemu-pr-helper-10.0.8-160000.1.1
qemu-s390x-10.0.8-160000.1.1
qemu-seabios-10.0.81.16.3_3_g3d33c746-160000.1.1
qemu-skiboot-10.0.8-160000.1.1
qemu-spice-10.0.8-160000.1.1
qemu-tools-10.0.8-160000.1.1
qemu-ui-curses-10.0.8-160000.1.1
qemu-ui-dbus-10.0.8-160000.1.1
qemu-ui-gtk-10.0.8-160000.1.1
qemu-ui-opengl-10.0.8-160000.1.1
qemu-ui-spice-app-10.0.8-160000.1.1
qemu-ui-spice-core-10.0.8-160000.1.1
qemu-vgabios-10.0.81.16.3_3_g3d33c746-160000.1.1
qemu-vhost-user-gpu-10.0.8-160000.1.1
qemu-vmsr-helper-10.0.8-160000.1.1
qemu-x86-10.0.8-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2025-14876.html
* https://www.suse.com/security/cve/CVE-2026-0665.html
openSUSE-SU-2026:20361-1: moderate: Security update for osc, obs-scm-bridge
openSUSE security update: security update for osc, obs-scm-bridge
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:20361-1
Rating: moderate
References:
* bsc#1230469
* bsc#1247410
Cross-References:
* CVE-2024-22038
CVSS scores:
* CVE-2024-22038 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
* CVE-2024-22038 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves one vulnerability and has 2 bug fixes can now be installed.
Description:
This update for osc, obs-scm-bridge fixes the following issues:
Changes in osc:
- 1.24.0
- Command-line:
- Add '--target-owner' option to 'git-obs repo fork' command
- Add '--self' parameter to fix 'no matching parent repo' error message in 'git-obs pr create'
- Fix 'osc aggregatepac' for scmsync packages
- Fix 'osc build' to retrieve buildconfig from git package's cache
- Fix 'osc token' error handling for project wide trigger
- Fix string formatting for id in obs-request.xml in 'git-obs pr dump'
- Library:
- Consolidate build types in build.py and commandline.py
- Fix build.get_build_type() by comparing binary_type only if specified
- Make use of queryconfig tool configurable and consistent
- Fix how get_request_collection() filters the projects and packages
- Support copying packages from an scmsync source, when target exists
- Add timestamps to the DEBUG output
- Update new project template
- 1.23.0
- Command-line:
- Add '--target-owner' option to 'git-obs pr create' to specify the target owner explicitly
- Add '--target-branch' option to 'git-obs staging search' command
- Added 'git-obs staging search' command to find project PRs with referenced package PRs that have all been approved
- Change 'git-obs pr dump' to produce directories that match the specified pull request IDs
- Change 'git-obs pr dump' to write STATUS file
- Properly error out on invalid 'PR:' references in 'git-obs pr dump'
- Fix 'git-obs pr create' when the source repo is not a fork
- Fix 'git-obs api' command when server returns 'null'
- Fix 'osc build --alternative-project=...' when there's no .osc in the current directory
- Fix argument and store handling in 'osc results' command
- Library:
- Add Manifest.get_package_paths() method that lists all paths to existings packages in a project
- Fix Manifest class to handle loading empty YAML files or strings
- Fix working with meta during git rebase by determining the current branch from rebase head
- Fix handling local branch when fetching remote
- Move get_label_ids() from PullRequest to Repo class
- Change GitStore not to require apiurl anymore
- Fix storing last_buildroot for git packages
- Store the last buildroot only if there's a store detected
- Fix BuildRoot so it acts as a tuple and the individual values are accessible via indexes
- Make PullReqest.parse_id() more permissive by accepting trailing whitespaces
- Fix 'missingok' argument in server_diff()
- Fix gitea_api.PullRequest ordering methods
- Add return to gitea_api.Branch.list()
- PKGBUILD changes
* Remove redundant packages from makedepends. If a package depends
on something, it implicitly makedepends on it as well
* Add python-ruamel-yaml dependency
* Build and install man pages
* Add python-argparse-manpage and python-sphinx to makedepends for
building man pages
* Add check() to run the test suite
* Add checkdepends for test suite dependencies
* Add optdepends as an equivalent to RPM's Recommends, making it
easier for users to find packages needed for optional features
* Use $pkgname variable across the script
* Install shell completion files
* Bump pkgrel
- 1.22.0
- Command-line:
- Add 'git-obs staging' commands
- Add '--gitea-fork-org' option to 'osc fork' command
- Add '--git-branch' option to 'osc fork' command
- Add 'DELETE' to 'git-obs api' allowed methods
- Add commit messages as commented lines to the template in 'git-obs pr create'
- Add filtering by label to 'git-obs pr list'
- Properly handle fork mismatch in 'osc fork'
- Change 'osc build' to build from any git repo if '--alternative-project' is specified
- Fix 'osc service' for git based packages
- Fix 'git-obs pr dump' to skip the dump if the target has the same updated_at timestamp as the pull request in Gitea
- Fix 'git-obs pr dump' to do case insensitive check on owner and repo
- Fix retrieving 'arch' argument in 'osc buildlog'
- Library:
- Add 'status' to the output of gitea_api.Git.get_submodules()
- Add 'remote' argument to gitea_api.Repo.clone_or_update()
- Add gitea_api.common.TemporaryDirectory class that supports 'delete' argument on python 3.6+
- Add gitea_api.GitDiffGenerator class for creating submodule diffs without a git checkout
- Add 'depth' argument to gitea_api.Repo.clone() and clone_or_update()
- Add gitea_api.StagingPullRequestWrapper class for handling staging
- Add gitea_api.PullRequest.get_host_owner_repo_number() method
- Make GitObsCommand.add_argument_owner_repo() and add_argument_owner_repo_pull() reusable by allowing setting 'dest' argument
- Warn if the git package doesn't have the same branch as the parent project
- Extend gitea_api.PullRequest with methods that work with 'PR:' references
- Support setting labels in gitea_api.PullRequest.create()
- Fix gitea_api to use pagination instead of limit -1 everywhere
- Remove duplicate, unused PullRequestReview class from gitea_api.pr
- Move clone_or_update() from 'git-obs pr dump' command to gitea_api.Repo
- Change gitea_api.Repo.clone_or_update() to take 'ssh_private_key_path' argument
- Improve performance of gitea_api.IssueTimelineEntry by listing and caching requests instead of fetching them one by one
- Make GitObsCommand.add_argument_owner_repo() and add_argument_owner_repo_pull() reusable by allowing setting 'help' argument
- Change gitea_api.Repo.clone() to stop borrowing objects when 'reference' or 'reference_if_able' is used
- Fix the resulting dictionary in gitea_api.PullRequest._get_label_ids()
- Make gitea_api.RepoExists exception more helpful by giving a hint to fork under a different name
- Use server_diff() instead of server_diff_noex() to exit with a non-zero return code
- Return preinstallimage.info and allow podman to use preinstallimage
- 1.21.0
- Command-line:
- Modify osc subcommands to error out if they don't work with git
- Add 'git-obs meta' commands for managing the local metadata
- Add 'git-obs meta info' command for printing resolved metadata about the current checkout
- Add -b/--branch option to 'git-obs repo clone' command
- Add 'git-obs pr dump' command to store pull request information on disk
- Add 'git-obs --quiet' option (that mutes printing gitea settings now)
- Automatially pull meta after 'git-obs repo clone'
- Change 'git-obs pr review interactive' to write 'merge ok' comment instead of scheduling a merge
- Mute stderr when creating a worktree in 'git-obs pr review interactive'
- Change 'git-obs -G' to accept url to select a gitea login entry
- Support substitutions in 'osc build --root'
- Fix crash in 'osc build' when 'build_repositories' in store was None
- Fix filtering by reviewers in 'git-obs pr list'
- Update 'osc rq show' command to include history comments in verbose mode
- Library:
- Refactor GitStore
- Migrate git_scm.Store over to gitea_api.Git
- Store buildinfo and buildconfig files in GitStore's cache instead directly in the repo
- Move code from 'git-obs meta pull' command to GitStore.pull()
- Improve GitStore.pull() to support reading project from project.build
- Rephrase the error message about detached HEAD in GitStore
- Improve GitStore's error messages by adding instructions on how to fix missing metadata
- Be more permissive when loading parent project_store in GitStore
- Fix loading _manifest in a project git
- Fix git store to check if all the required fields are present
- Derive package name from topdir if a package is part of a project checkout
- Change 'git-obs pr review interactive' to run pager process as a context manager
- Change obs_api.TarDiff to spawn a process extracting archives as a context manager
- Change 'commit' argument in gitea_api.Git.reset() to optional
- Add gitea_api.Git.get_owner_repo_from_url() staticmethod
- Add gitea_api.Git.urljoin() static method
- Fix gitea_api.Git.get_branch_head() to raise a proper exception if the HEAD cannot be retrieved
- Fix gitea_api.Git to work with the current remote instead of 'origin'
- Fix get_store() to throw the exception from git store if .osc directory is not present
- Introduce GitObsRuntimeError exception and use it where appropriate
- Fix tardiff by removing directories with shutil.rmtree() and files by os.unlink()
- Add 'quiet' option to gitea_api.Git.switch()
- Mute stderr in git_obs.Git.lfs_cat_file()
- Treat None flavor as "" in multibuild resolve
- Make Token.triggered_at optional as it's not available in the oficially released OBS code
- Add BaseModel.from_string() and BaseModel.to_string() methods
- Add BaseModel.from_file() and BaseModel.to_file() methods
- Fix BaseModel to initialize from a dictionary via __init__ instead of setattr
- Docs:
- Update docs for the new git metadata store
- Update list of recommended gitea permissions in git-obs-quickstart
- Spec:
- Install git-obs-metadata man page
- 1.20.0
- Command-line:
- Fix 'osc fork' command to use the right tracking branch
- Fix 'osc blt' command by checking if the working copy is a package
- Make 'osc buildlog' work outside of osc package directory
- Add 'git-obs pr close' and 'git-obs pr reopen' commands
- Add 'close' option to 'git-obs pr review interactive'
- Change 'git-obs pr review interactive' to work with all archives, not only those in Git LFS
- Fix checkout of the base branch in 'git-obs pr review interactive' command
- Library:
- Support _manifest file in git store
- Allow pull request IDs in '/!' format
- Properly handle deleted users and teams in the git-obs timeline
- Handle situations when there's 'None' among timeline entries
- Skip binary files in gitea_api.PullRequest.get_patch()
- Change get_user_input(), add support for vertically printed list of answers
- Spec:
- Provide git-obs
- 1.19.1
- Command-line:
- Use OSC_PACKAGE_CACHE_DIR env var instead of deprecated OSC_PACKAGECACHEDIR
- Connection:
- Check for both upper and lowercase versions of HTTP_PROXY and HTTPS_PROXY env vars
- Library:
- Add 'trackingbranch' field to ScmsyncObsinfo model
- Revert "Return None if GitStore cannot determine apiurl"
- Throw a proper exception when 'apiurl' argument of 'makeurl()' is empty
- Move code setting apiurl from store to 'osc.conf.get_config()'
- Simplify 'osc.commandline.Osc.get_api_url()' to return the value from 'self.options'
- Remove 'osc.commandline.Osc.post_argparse()' because it's no longer used
- Fix unit tests to use the new code path to run osc
- Fix osc.gitea_api.dt_sanitize() by replacing dateutil with datetime
- 1.19.0
- Command-line:
- Add 'git-obs pr cancel-scheduled-merge' command
- Add timeline to 'git-obs pr review interactive'
- Add '--timeline' option to 'git-obs pr get'
- Fix 'git-obs pr search' by using pagination to retrieve all results
- Extend '--message' option in git-obs subcommands with the '-m' short option
- Add a different message for scheduled merges in 'git-obs pr merge' command
- Library:
- Add 'conn' parameter to gitea_api.common.GiteaModel
- Add gitea_api.Connection.scheme attribute
- Add gitea_api.PullRequest.merge_commit property
- Add gitea_api.PullRequest.get_owner_repo_number()
- Add gitea_api.common.dt_sanitize() for sanitizing datetime strings
- Handle missing head repo in the PullRequest properties
- Return None if GitStore cannot determine apiurl
- Remove extra newline from store files
- Fix the 'Move remaining imports in osc.babysitter into try-except block' change by preserving the order of handling the exceptions
- Spec:
- Use primary_python to define runtime requires matching the shebang lines
- Provide %{use_python_pkg}-osc for all pythons and python3-osc for primary_python
- Add conflict with obs-scm-bridge < 0.7.3
- 1.18.0
- Command-line:
- Add 'git-obs pr comment [--message=...]' command
- Add 'git-obs pr show-patch' command
- Add '--reviewer' option to 'git-obs pr review {approve,decline,interactive}' to support group reviews via group review bot
- Update 'git-obs pr review interactive' to return non-zero return codes for 'exit' and 'skip' actions
- Make 'osc results --show-excluded' work in a project context
- Add '--no-pager' global option
- Fix 'osc fork' by copying whole query part to the new scmsync url
- Fix 'osc buildinfo' for git packages by handing the 'build_repositories' files by store objects
- Fix crash in 'git-obs pr get --patch'
- Fix git-obs to exit with 130 on keyboard interrupt
- Fix --sccache help typo in 'osc build' command
- Connection:
- Don't retry requests on 504 Gateway Timeout
- Library:
- If a devel project is not specified, try reading it from a mapping from URL set in OBS:GitDevelProjectMap project attribute
- Improve detection of packages and projects in git
- scmsync_obsinfo: Pass correct revision to obs-scm-bridge
- Add obs_api.Request.search() method
- Raise an exception if obs-scm-bridge fails
- Fix obs_scm.Package.get_pulled_srcmd5() returning an empty string
- Fix git store to support non-default remote
- Extend 'gitea_api.User.get()' to take 'username' parameter
- Move get_editor() and related functions from command-line module to gitea_api.common
- Migrate subcommands from using Store() to get_store() that is git aware
- Make imports lazy to imporove osc load times
Changes in obs-scm-bridge:
- use the system default python version (boo#1247410)
- 0.7.4
* syntax fix
- 0.7.3
* fix .gitsubmodule parser to handle space and tabs mixed
- package /etc/obs/service directories
- 0.7.2
* Improved error reporting of invalid files in package subdirs
* Introducing a mechanic to limit asset handling
- 0.7.1
* export trackingbranch to scmsync.obsinfo
- 0.7.0
* supporting _manifest file as successor of _subdirs
* record configured branch of submodules in package scmsync url
* stay on the configured branch of a submodule on checkout
- 0.6.3
* Allow ssh:// scm urls as used by osc
* project mode: avoid unecessary changes in package meta url
* code cleanup
- fix dependency (it is python3-PyYAML)
- fix missing dependency to PyYAML
- 0.6.2
* Make project mode always look for _config in the top dir, also
when using subdirs.
- 0.6.1
* new noobsinfo query parameter
(can be used to hide git informations in sources, binaries
won't contain them either then).
- 0.6.0
* project mode: switching to to track package sources using
git sha sums instead of md5sum via download_assets
- 0.5.4
* fixed support of subdir parameter usage on project level
* Fix handling of projectscmsync in the package xml writers
- 0.5.3
* Switch to ssh url when using the bridge via osc
- 0.5.2
* Don't overwrite files from git, but complain instead with
an error. For example _scmsync.obsinfo file must not be part
of the git tree. boo#1230469 CVE-2024-22038
- 0.5.1
* Don't generate _scmsync.obsinfo outside of OBS source server
import use case (eg. no more for osc co)
* Enforce python 3.11 requirement
* Fix export of _scmsync.obsinfo in project mode
* Fix submodule detection
* EXPERIMENTAL: support multiple package subdirs via _subdirs
file. This syntax will change!
(not documented on purpose therefore atm)
* Using git credential manager
* Report some errors as transient, so that OBS can re-try
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-packagehub-162=1
Package List:
- openSUSE Leap 16.0:
obs-scm-bridge-0.7.4-bp160.1.1
osc-1.24.0-bp160.1.1
References:
* https://www.suse.com/security/cve/CVE-2024-22038.html
openSUSE-SU-2026:20351-1: important: Security update for amazon-ssm-agent
openSUSE security update: security update for amazon-ssm-agent
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:20351-1
Rating: important
References:
* bsc#1253611
Cross-References:
* CVE-2025-47913
CVSS scores:
* CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-47913 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves one vulnerability and has one bug fix can now be installed.
Description:
This update for amazon-ssm-agent fixes the following issues:
- CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or
signing request (bsc#1253611).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-375=1
Package List:
- openSUSE Leap 16.0:
amazon-ssm-agent-3.3.2299.0-160000.3.1
References:
* https://www.suse.com/security/cve/CVE-2025-47913.html
openSUSE-SU-2026:10331-1: moderate: mingw64-binutils-2.45.1-2.1 on GA media
# mingw64-binutils-2.45.1-2.1 on GA media
Announcement ID: openSUSE-SU-2026:10331-1
Rating: moderate
Cross-References:
* CVE-2025-7545
* CVE-2025-7546
CVSS scores:
* CVE-2025-7545 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-7545 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-7546 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-7546 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 2 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the mingw64-binutils-2.45.1-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* mingw64-binutils 2.45.1-2.1
* mingw64-binutils-debug 2.45.1-2.1
* mingw64-binutils-devel 2.45.1-2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-7545.html
* https://www.suse.com/security/cve/CVE-2025-7546.html
openSUSE-SU-2026:10329-1: moderate: kubelogin-0.2.16-1.1 on GA media
# kubelogin-0.2.16-1.1 on GA media
Announcement ID: openSUSE-SU-2026:10329-1
Rating: moderate
Cross-References:
* CVE-2025-61728
* CVE-2025-68121
CVSS scores:
* CVE-2025-61728 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-61728 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68121 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-68121 ( SUSE ): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 2 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the kubelogin-0.2.16-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* kubelogin 0.2.16-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-61728.html
* https://www.suse.com/security/cve/CVE-2025-68121.html
openSUSE-SU-2026:10325-1: moderate: clamav-1.5.2-1.1 on GA media
# clamav-1.5.2-1.1 on GA media
Announcement ID: openSUSE-SU-2026:10325-1
Rating: moderate
Cross-References:
* CVE-2026-20031
CVSS scores:
* CVE-2026-20031 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-20031 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the clamav-1.5.2-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* clamav 1.5.2-1.1
* clamav-devel 1.5.2-1.1
* clamav-docs-html 1.5.2-1.1
* clamav-milter 1.5.2-1.1
* libclamav12 1.5.2-1.1
* libclammspack0 1.5.2-1.1
* libfreshclam4 1.5.2-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-20031.html
