Munge, HaProxy, PostgreSQL, and more updates for SUSE Linux

SUSE 5560 Published by

Multiple security updates have been released for SUSE Linux. The most critical ones include a security update for the Linux Kernel and another for libsoup2, both of which are marked as "important." In addition to these major updates, several other fixes were made for various packages such as postgresql, haproxy, and ImageMagick. These updates aim to patch vulnerabilities in the affected software to improve overall system security.

SUSE-SU-2026:0484-1: important: Security update for munge
openSUSE-SU-2026:10189-1: moderate: libowncloudsync-devel-6.0.3-1.1 on GA media
openSUSE-SU-2026:10187-1: moderate: haproxy-3.3.3+git0.465d8e2fc-1.1 on GA media
openSUSE-SU-2026:10192-1: moderate: postgresql16-16.12-1.1 on GA media
openSUSE-SU-2026:10186-1: moderate: gnome-remote-desktop-49.2-2.1 on GA media
openSUSE-SU-2026:10183-1: moderate: build-20260202-2.1 on GA media
openSUSE-SU-2026:10190-1: moderate: postgresql14-14.21-1.1 on GA media
openSUSE-SU-2026:10191-1: moderate: postgresql15-15.16-1.1 on GA media
openSUSE-SU-2026:10185-1: moderate: cargo-c-0.10.15-2.1 on GA media
openSUSE-SU-2026:10188-1: moderate: libpng16-16-1.6.55-1.1 on GA media
openSUSE-SU-2026:10184-1: moderate: cargo-auditable-0.7.2~0-2.1 on GA media
SUSE-SU-2026:0496-1: important: Security update for the Linux Kernel
SUSE-SU-2026:0497-1: important: Security update for libsoup2
SUSE-SU-2026:0499-1: important: Security update for glibc-livepatches
openSUSE-SU-2026:0046-1: important: Security update for htmldoc
openSUSE-SU-2026:0047-1: important: Security update for htmldoc
SUSE-SU-2026:0505-1: important: Security update for cargo-auditable
SUSE-SU-2026:0503-1: important: Security update for ImageMagick
SUSE-SU-2026:0504-1: important: Security update for java-1_8_0-openjdk
SUSE-SU-2026:0510-1: moderate: Security update for util-linux
SUSE-SU-2026:0508-1: moderate: Security update for curl
SUSE-SU-2026:0514-1: important: Security update for cargo-auditable




SUSE-SU-2026:0484-1: important: Security update for munge


# Security update for munge

Announcement ID: SUSE-SU-2026:0484-1
Release Date: 2026-02-12T18:22:47Z
Rating: important
References:

* bsc#1257651

Cross-References:

* CVE-2026-25506

CVSS scores:

* CVE-2026-25506 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
* CVE-2026-25506 ( NVD ): 7.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS

An update that solves one vulnerability can now be installed.

## Description:

This update for munge fixes the following issues:

* CVE-2026-25506: buffer overflow in message unpacking (bsc#1257651).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-484=1 openSUSE-SLE-15.6-2026-484=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-484=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libmunge2-debuginfo-0.5.15-150600.25.6.1
* munge-debuginfo-0.5.15-150600.25.6.1
* munge-0.5.15-150600.25.6.1
* munge-debugsource-0.5.15-150600.25.6.1
* libmunge2-0.5.15-150600.25.6.1
* munge-devel-0.5.15-150600.25.6.1
* openSUSE Leap 15.6 (x86_64)
* munge-devel-32bit-0.5.15-150600.25.6.1
* libmunge2-32bit-debuginfo-0.5.15-150600.25.6.1
* libmunge2-32bit-0.5.15-150600.25.6.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libmunge2-64bit-debuginfo-0.5.15-150600.25.6.1
* libmunge2-64bit-0.5.15-150600.25.6.1
* munge-devel-64bit-0.5.15-150600.25.6.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 x86_64)
* libmunge2-debuginfo-0.5.15-150600.25.6.1
* munge-debuginfo-0.5.15-150600.25.6.1
* munge-0.5.15-150600.25.6.1
* munge-debugsource-0.5.15-150600.25.6.1
* libmunge2-0.5.15-150600.25.6.1
* munge-devel-0.5.15-150600.25.6.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25506.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257651



openSUSE-SU-2026:10189-1: moderate: libowncloudsync-devel-6.0.3-1.1 on GA media


# libowncloudsync-devel-6.0.3-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10189-1
Rating: moderate

Cross-References:

* CVE-2025-64441

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libowncloudsync-devel-6.0.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libowncloudsync-devel 6.0.3-1.1
* libowncloudsync0 6.0.3-1.1
* owncloud-client 6.0.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-64441.html



openSUSE-SU-2026:10187-1: moderate: haproxy-3.3.3+git0.465d8e2fc-1.1 on GA media


# haproxy-3.3.3+git0.465d8e2fc-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10187-1
Rating: moderate

Cross-References:

* CVE-2026-26081

CVSS scores:

* CVE-2026-26081 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-26081 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the haproxy-3.3.3+git0.465d8e2fc-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* haproxy 3.3.3+git0.465d8e2fc-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-26081.html



openSUSE-SU-2026:10192-1: moderate: postgresql16-16.12-1.1 on GA media


# postgresql16-16.12-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10192-1
Rating: moderate

Cross-References:

* CVE-2026-2003
* CVE-2026-2004
* CVE-2026-2005
* CVE-2026-2006

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the postgresql16-16.12-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* postgresql16 16.12-1.1
* postgresql16-contrib 16.12-1.1
* postgresql16-devel 16.12-1.1
* postgresql16-docs 16.12-1.1
* postgresql16-llvmjit 16.12-1.1
* postgresql16-llvmjit-devel 16.12-1.1
* postgresql16-plperl 16.12-1.1
* postgresql16-plpython 16.12-1.1
* postgresql16-pltcl 16.12-1.1
* postgresql16-server 16.12-1.1
* postgresql16-server-devel 16.12-1.1
* postgresql16-test 16.12-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-2003.html
* https://www.suse.com/security/cve/CVE-2026-2004.html
* https://www.suse.com/security/cve/CVE-2026-2005.html
* https://www.suse.com/security/cve/CVE-2026-2006.html



openSUSE-SU-2026:10186-1: moderate: gnome-remote-desktop-49.2-2.1 on GA media


# gnome-remote-desktop-49.2-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10186-1
Rating: moderate

Cross-References:

* CVE-2025-5024

CVSS scores:

* CVE-2025-5024 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H
* CVE-2025-5024 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the gnome-remote-desktop-49.2-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* gnome-remote-desktop 49.2-2.1
* gnome-remote-desktop-lang 49.2-2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-5024.html



openSUSE-SU-2026:10183-1: moderate: build-20260202-2.1 on GA media


# build-20260202-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10183-1
Rating: moderate

Cross-References:

* CVE-2024-22038

CVSS scores:

* CVE-2024-22038 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
* CVE-2024-22038 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the build-20260202-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* build 20260202-2.1
* build-initvm-i586 20260202-2.1
* build-initvm-x86_64 20260202-2.1
* build-mkbaselibs 20260202-2.1
* build-mkdrpms 20260202-2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-22038.html



openSUSE-SU-2026:10190-1: moderate: postgresql14-14.21-1.1 on GA media


# postgresql14-14.21-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10190-1
Rating: moderate

Cross-References:

* CVE-2026-2003
* CVE-2026-2004
* CVE-2026-2005
* CVE-2026-2006

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the postgresql14-14.21-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* postgresql14 14.21-1.1
* postgresql14-contrib 14.21-1.1
* postgresql14-devel 14.21-1.1
* postgresql14-docs 14.21-1.1
* postgresql14-llvmjit 14.21-1.1
* postgresql14-llvmjit-devel 14.21-1.1
* postgresql14-plperl 14.21-1.1
* postgresql14-plpython 14.21-1.1
* postgresql14-pltcl 14.21-1.1
* postgresql14-server 14.21-1.1
* postgresql14-server-devel 14.21-1.1
* postgresql14-test 14.21-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-2003.html
* https://www.suse.com/security/cve/CVE-2026-2004.html
* https://www.suse.com/security/cve/CVE-2026-2005.html
* https://www.suse.com/security/cve/CVE-2026-2006.html



openSUSE-SU-2026:10191-1: moderate: postgresql15-15.16-1.1 on GA media


# postgresql15-15.16-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10191-1
Rating: moderate

Cross-References:

* CVE-2026-2003
* CVE-2026-2004
* CVE-2026-2005
* CVE-2026-2006

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the postgresql15-15.16-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* postgresql15 15.16-1.1
* postgresql15-contrib 15.16-1.1
* postgresql15-devel 15.16-1.1
* postgresql15-docs 15.16-1.1
* postgresql15-llvmjit 15.16-1.1
* postgresql15-llvmjit-devel 15.16-1.1
* postgresql15-plperl 15.16-1.1
* postgresql15-plpython 15.16-1.1
* postgresql15-pltcl 15.16-1.1
* postgresql15-server 15.16-1.1
* postgresql15-server-devel 15.16-1.1
* postgresql15-test 15.16-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-2003.html
* https://www.suse.com/security/cve/CVE-2026-2004.html
* https://www.suse.com/security/cve/CVE-2026-2005.html
* https://www.suse.com/security/cve/CVE-2026-2006.html



openSUSE-SU-2026:10185-1: moderate: cargo-c-0.10.15-2.1 on GA media


# cargo-c-0.10.15-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10185-1
Rating: moderate

Cross-References:

* CVE-2026-25727

CVSS scores:

* CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25727 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the cargo-c-0.10.15-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* cargo-c 0.10.15-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25727.html



openSUSE-SU-2026:10188-1: moderate: libpng16-16-1.6.55-1.1 on GA media


# libpng16-16-1.6.55-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10188-1
Rating: moderate

Cross-References:

* CVE-2026-25646

CVSS scores:

* CVE-2026-25646 ( SUSE ): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-25646 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libpng16-16-1.6.55-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libpng16-16 1.6.55-1.1
* libpng16-16-32bit 1.6.55-1.1
* libpng16-16-x86-64-v3 1.6.55-1.1
* libpng16-compat-devel 1.6.55-1.1
* libpng16-compat-devel-32bit 1.6.55-1.1
* libpng16-compat-devel-x86-64-v3 1.6.55-1.1
* libpng16-devel 1.6.55-1.1
* libpng16-devel-32bit 1.6.55-1.1
* libpng16-devel-x86-64-v3 1.6.55-1.1
* libpng16-tools 1.6.55-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25646.html



openSUSE-SU-2026:10184-1: moderate: cargo-auditable-0.7.2~0-2.1 on GA media


# cargo-auditable-0.7.2~0-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10184-1
Rating: moderate

Cross-References:

* CVE-2026-25727

CVSS scores:

* CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25727 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the cargo-auditable-0.7.2~0-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* cargo-auditable 0.7.2~0-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25727.html



SUSE-SU-2026:0496-1: important: Security update for the Linux Kernel


# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2026:0496-1
Release Date: 2026-02-13T10:52:19Z
Rating: important
References:

* bsc#1220137
* bsc#1220144
* bsc#1222323
* bsc#1223007
* bsc#1225049
* bsc#1233038
* bsc#1235905
* bsc#1236104
* bsc#1236208
* bsc#1237885
* bsc#1237906
* bsc#1238414
* bsc#1238754
* bsc#1238763
* bsc#1244758
* bsc#1244904
* bsc#1245110
* bsc#1245210
* bsc#1245723
* bsc#1245751
* bsc#1247177
* bsc#1247483
* bsc#1248306
* bsc#1248377
* bsc#1249156
* bsc#1249158
* bsc#1249827
* bsc#1252785
* bsc#1253028
* bsc#1253087
* bsc#1253409
* bsc#1253702
* bsc#1254447
* bsc#1254462
* bsc#1254463
* bsc#1254464
* bsc#1254465
* bsc#1254767
* bsc#1254842
* bsc#1255171
* bsc#1255251
* bsc#1255377
* bsc#1255401
* bsc#1255594
* bsc#1255908
* bsc#1256095
* bsc#1256582
* bsc#1256612
* bsc#1256623
* bsc#1256641
* bsc#1256726
* bsc#1256744
* bsc#1256779
* bsc#1256792
* bsc#1257232
* bsc#1257236
* bsc#1257296
* bsc#1257473

Cross-References:

* CVE-2022-49604
* CVE-2022-49943
* CVE-2022-49980
* CVE-2022-50232
* CVE-2022-50697
* CVE-2023-52433
* CVE-2023-52874
* CVE-2023-52923
* CVE-2023-53178
* CVE-2023-53407
* CVE-2023-53412
* CVE-2023-53417
* CVE-2023-53418
* CVE-2023-53714
* CVE-2023-54142
* CVE-2023-54243
* CVE-2024-26581
* CVE-2024-26661
* CVE-2024-26832
* CVE-2024-50143
* CVE-2024-54031
* CVE-2025-21658
* CVE-2025-21760
* CVE-2025-21764
* CVE-2025-21765
* CVE-2025-21766
* CVE-2025-38068
* CVE-2025-38129
* CVE-2025-38159
* CVE-2025-38375
* CVE-2025-38563
* CVE-2025-38565
* CVE-2025-38684
* CVE-2025-40044
* CVE-2025-40139
* CVE-2025-40257
* CVE-2025-40300
* CVE-2025-68183
* CVE-2025-68284
* CVE-2025-68285
* CVE-2025-68312
* CVE-2025-68771
* CVE-2025-68813
* CVE-2025-71085
* CVE-2025-71089
* CVE-2025-71112
* CVE-2025-71116
* CVE-2025-71120
* CVE-2026-22999
* CVE-2026-23001

CVSS scores:

* CVE-2022-49604 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-49604 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-49604 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-49943 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49943 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2022-49943 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-49980 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49980 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49980 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-50232 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50232 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50697 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50697 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52433 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52433 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52874 ( SUSE ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
* CVE-2023-52874 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-52923 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-52923 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52923 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53178 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53178 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53407 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53407 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53407 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53407 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53412 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53412 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53412 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53412 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53417 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53417 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53417 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53417 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53418 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53418 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53714 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53714 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-54142 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-54142 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-54243 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2023-54243 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2024-26581 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26581 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26581 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26661 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26661 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26832 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26832 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50143 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50143 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2024-50143 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50143 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-54031 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-54031 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-54031 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21658 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21658 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21658 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21658 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21760 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21760 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21764 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21764 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21765 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21765 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21766 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21766 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38068 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38068 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-38068 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38129 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38129 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38129 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38159 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38159 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-38375 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38563 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-38563 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38565 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-38565 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-38565 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38684 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38684 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40044 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40044 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-40139 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40139 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40257 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40300 ( SUSE ): 8.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
* CVE-2025-40300 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-40300 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68183 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68183 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-68284 ( SUSE ): 7.0
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68284 ( SUSE ): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-68285 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68285 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68312 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68312 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68771 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68771 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68813 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68813 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71085 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71085 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71089 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71089 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71112 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71112 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71116 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71116 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-71120 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22999 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23001 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23001 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise Micro 5.5

An update that solves 50 vulnerabilities and has eight security fixes can now be
installed.

## Description:

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security
issues

The following security issues were fixed:

* CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant
uninit (bsc#1255594).
* CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy()
(bsc#1256095).
* CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free
(bsc#1255908).
* CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210).
* CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock()
(bsc#1245723).
* CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out
of bounds (bsc#1245751).
* CVE-2025-38375: virtio-net: ensure the received length does not exceed
allocated size (bsc#1247177).
* CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).
* CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation
(bsc#1247483).
* CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing
non-IMA xattr (bsc#1255251).
* CVE-2025-68284: libceph: prevent potential out-of-bounds writes in
handle_auth_session_key() (bsc#1255377).
* CVE-2025-68285: libceph: fix potential use-after-free in
have_mon_and_osd_map() (bsc#1255401).
* CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171).
* CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain
(bsc#1256582).
* CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path
(bsc#1256641).
* CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of
calipso_skbuff_setattr() (bsc#1256623).
* CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
* CVE-2025-71112: net: hns3: add VLAN id validation before using
(bsc#1256726).
* CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted
osdmaps (bsc#1256744).
* CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length
gss_token in gss_read_proxy_verf (bsc#1256779).
* CVE-2026-22999: net/sched: sch_qfq: do not free existing class in
qfq_change_class() (bsc#1257236).
* CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source()
(bsc#1257232).
* CVE-2023-53215: sched/fair: Don't balance task to its current running CPU
(bsc#1250397).
* CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).

The following non security issues were fixed:

* Revert "ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582)".
* mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations
(bsc#1253087 bsc#1254447).
* net: hv_netvsc: reject RSS hash key programming without RX indirection table
(bsc#1257473).
* net: tcp: allow zero-window ACK update the window (bsc#1254767).
* net: tcp: send zero-window ACK when no memory (bsc#1254767).
* scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
* tcp: correct handling of extreme memory squeeze (bsc#1254767).
* x86: make page fault handling disable interrupts properly (git-fixes).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-496=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-496=1

## Package List:

* openSUSE Leap 15.5 (noarch)
* kernel-source-rt-5.14.21-150500.13.121.1
* kernel-devel-rt-5.14.21-150500.13.121.1
* openSUSE Leap 15.5 (x86_64)
* kernel-rt-livepatch-devel-5.14.21-150500.13.121.1
* ocfs2-kmp-rt-5.14.21-150500.13.121.1
* dlm-kmp-rt-debuginfo-5.14.21-150500.13.121.1
* dlm-kmp-rt-5.14.21-150500.13.121.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.121.1
* kernel-rt-extra-5.14.21-150500.13.121.1
* reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.121.1
* kernel-rt-devel-debuginfo-5.14.21-150500.13.121.1
* kselftests-kmp-rt-5.14.21-150500.13.121.1
* kernel-rt_debug-debugsource-5.14.21-150500.13.121.1
* kernel-rt_debug-devel-5.14.21-150500.13.121.1
* kselftests-kmp-rt-debuginfo-5.14.21-150500.13.121.1
* kernel-rt-extra-debuginfo-5.14.21-150500.13.121.1
* cluster-md-kmp-rt-5.14.21-150500.13.121.1
* kernel-rt_debug-debuginfo-5.14.21-150500.13.121.1
* gfs2-kmp-rt-debuginfo-5.14.21-150500.13.121.1
* kernel-rt-debugsource-5.14.21-150500.13.121.1
* kernel-rt-debuginfo-5.14.21-150500.13.121.1
* kernel-rt_debug-vdso-5.14.21-150500.13.121.1
* gfs2-kmp-rt-5.14.21-150500.13.121.1
* kernel-rt-optional-5.14.21-150500.13.121.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.121.1
* kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.121.1
* kernel-syms-rt-5.14.21-150500.13.121.1
* kernel-rt-devel-5.14.21-150500.13.121.1
* kernel-rt-optional-debuginfo-5.14.21-150500.13.121.1
* reiserfs-kmp-rt-5.14.21-150500.13.121.1
* kernel-rt-vdso-5.14.21-150500.13.121.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.121.1
* kernel-rt-vdso-debuginfo-5.14.21-150500.13.121.1
* kernel-rt-livepatch-5.14.21-150500.13.121.1
* openSUSE Leap 15.5 (nosrc x86_64)
* kernel-rt_debug-5.14.21-150500.13.121.1
* kernel-rt-5.14.21-150500.13.121.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* kernel-source-rt-5.14.21-150500.13.121.1
* kernel-devel-rt-5.14.21-150500.13.121.1
* SUSE Linux Enterprise Micro 5.5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.121.1
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* kernel-rt-debuginfo-5.14.21-150500.13.121.1
* kernel-rt-debugsource-5.14.21-150500.13.121.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49604.html
* https://www.suse.com/security/cve/CVE-2022-49943.html
* https://www.suse.com/security/cve/CVE-2022-49980.html
* https://www.suse.com/security/cve/CVE-2022-50232.html
* https://www.suse.com/security/cve/CVE-2022-50697.html
* https://www.suse.com/security/cve/CVE-2023-52433.html
* https://www.suse.com/security/cve/CVE-2023-52874.html
* https://www.suse.com/security/cve/CVE-2023-52923.html
* https://www.suse.com/security/cve/CVE-2023-53178.html
* https://www.suse.com/security/cve/CVE-2023-53407.html
* https://www.suse.com/security/cve/CVE-2023-53412.html
* https://www.suse.com/security/cve/CVE-2023-53417.html
* https://www.suse.com/security/cve/CVE-2023-53418.html
* https://www.suse.com/security/cve/CVE-2023-53714.html
* https://www.suse.com/security/cve/CVE-2023-54142.html
* https://www.suse.com/security/cve/CVE-2023-54243.html
* https://www.suse.com/security/cve/CVE-2024-26581.html
* https://www.suse.com/security/cve/CVE-2024-26661.html
* https://www.suse.com/security/cve/CVE-2024-26832.html
* https://www.suse.com/security/cve/CVE-2024-50143.html
* https://www.suse.com/security/cve/CVE-2024-54031.html
* https://www.suse.com/security/cve/CVE-2025-21658.html
* https://www.suse.com/security/cve/CVE-2025-21760.html
* https://www.suse.com/security/cve/CVE-2025-21764.html
* https://www.suse.com/security/cve/CVE-2025-21765.html
* https://www.suse.com/security/cve/CVE-2025-21766.html
* https://www.suse.com/security/cve/CVE-2025-38068.html
* https://www.suse.com/security/cve/CVE-2025-38129.html
* https://www.suse.com/security/cve/CVE-2025-38159.html
* https://www.suse.com/security/cve/CVE-2025-38375.html
* https://www.suse.com/security/cve/CVE-2025-38563.html
* https://www.suse.com/security/cve/CVE-2025-38565.html
* https://www.suse.com/security/cve/CVE-2025-38684.html
* https://www.suse.com/security/cve/CVE-2025-40044.html
* https://www.suse.com/security/cve/CVE-2025-40139.html
* https://www.suse.com/security/cve/CVE-2025-40257.html
* https://www.suse.com/security/cve/CVE-2025-40300.html
* https://www.suse.com/security/cve/CVE-2025-68183.html
* https://www.suse.com/security/cve/CVE-2025-68284.html
* https://www.suse.com/security/cve/CVE-2025-68285.html
* https://www.suse.com/security/cve/CVE-2025-68312.html
* https://www.suse.com/security/cve/CVE-2025-68771.html
* https://www.suse.com/security/cve/CVE-2025-68813.html
* https://www.suse.com/security/cve/CVE-2025-71085.html
* https://www.suse.com/security/cve/CVE-2025-71089.html
* https://www.suse.com/security/cve/CVE-2025-71112.html
* https://www.suse.com/security/cve/CVE-2025-71116.html
* https://www.suse.com/security/cve/CVE-2025-71120.html
* https://www.suse.com/security/cve/CVE-2026-22999.html
* https://www.suse.com/security/cve/CVE-2026-23001.html
* https://bugzilla.suse.com/show_bug.cgi?id=1220137
* https://bugzilla.suse.com/show_bug.cgi?id=1220144
* https://bugzilla.suse.com/show_bug.cgi?id=1222323
* https://bugzilla.suse.com/show_bug.cgi?id=1223007
* https://bugzilla.suse.com/show_bug.cgi?id=1225049
* https://bugzilla.suse.com/show_bug.cgi?id=1233038
* https://bugzilla.suse.com/show_bug.cgi?id=1235905
* https://bugzilla.suse.com/show_bug.cgi?id=1236104
* https://bugzilla.suse.com/show_bug.cgi?id=1236208
* https://bugzilla.suse.com/show_bug.cgi?id=1237885
* https://bugzilla.suse.com/show_bug.cgi?id=1237906
* https://bugzilla.suse.com/show_bug.cgi?id=1238414
* https://bugzilla.suse.com/show_bug.cgi?id=1238754
* https://bugzilla.suse.com/show_bug.cgi?id=1238763
* https://bugzilla.suse.com/show_bug.cgi?id=1244758
* https://bugzilla.suse.com/show_bug.cgi?id=1244904
* https://bugzilla.suse.com/show_bug.cgi?id=1245110
* https://bugzilla.suse.com/show_bug.cgi?id=1245210
* https://bugzilla.suse.com/show_bug.cgi?id=1245723
* https://bugzilla.suse.com/show_bug.cgi?id=1245751
* https://bugzilla.suse.com/show_bug.cgi?id=1247177
* https://bugzilla.suse.com/show_bug.cgi?id=1247483
* https://bugzilla.suse.com/show_bug.cgi?id=1248306
* https://bugzilla.suse.com/show_bug.cgi?id=1248377
* https://bugzilla.suse.com/show_bug.cgi?id=1249156
* https://bugzilla.suse.com/show_bug.cgi?id=1249158
* https://bugzilla.suse.com/show_bug.cgi?id=1249827
* https://bugzilla.suse.com/show_bug.cgi?id=1252785
* https://bugzilla.suse.com/show_bug.cgi?id=1253028
* https://bugzilla.suse.com/show_bug.cgi?id=1253087
* https://bugzilla.suse.com/show_bug.cgi?id=1253409
* https://bugzilla.suse.com/show_bug.cgi?id=1253702
* https://bugzilla.suse.com/show_bug.cgi?id=1254447
* https://bugzilla.suse.com/show_bug.cgi?id=1254462
* https://bugzilla.suse.com/show_bug.cgi?id=1254463
* https://bugzilla.suse.com/show_bug.cgi?id=1254464
* https://bugzilla.suse.com/show_bug.cgi?id=1254465
* https://bugzilla.suse.com/show_bug.cgi?id=1254767
* https://bugzilla.suse.com/show_bug.cgi?id=1254842
* https://bugzilla.suse.com/show_bug.cgi?id=1255171
* https://bugzilla.suse.com/show_bug.cgi?id=1255251
* https://bugzilla.suse.com/show_bug.cgi?id=1255377
* https://bugzilla.suse.com/show_bug.cgi?id=1255401
* https://bugzilla.suse.com/show_bug.cgi?id=1255594
* https://bugzilla.suse.com/show_bug.cgi?id=1255908
* https://bugzilla.suse.com/show_bug.cgi?id=1256095
* https://bugzilla.suse.com/show_bug.cgi?id=1256582
* https://bugzilla.suse.com/show_bug.cgi?id=1256612
* https://bugzilla.suse.com/show_bug.cgi?id=1256623
* https://bugzilla.suse.com/show_bug.cgi?id=1256641
* https://bugzilla.suse.com/show_bug.cgi?id=1256726
* https://bugzilla.suse.com/show_bug.cgi?id=1256744
* https://bugzilla.suse.com/show_bug.cgi?id=1256779
* https://bugzilla.suse.com/show_bug.cgi?id=1256792
* https://bugzilla.suse.com/show_bug.cgi?id=1257232
* https://bugzilla.suse.com/show_bug.cgi?id=1257236
* https://bugzilla.suse.com/show_bug.cgi?id=1257296
* https://bugzilla.suse.com/show_bug.cgi?id=1257473



SUSE-SU-2026:0497-1: important: Security update for libsoup2


# Security update for libsoup2

Announcement ID: SUSE-SU-2026:0497-1
Release Date: 2026-02-13T10:56:13Z
Rating: important
References:

* bsc#1243422
* bsc#1256418
* bsc#1257598

Cross-References:

* CVE-2025-4476
* CVE-2026-0716
* CVE-2026-1761

CVSS scores:

* CVE-2025-4476 ( SUSE ): 2.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-4476 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-4476 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-0716 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-0716 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-0716 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-1761 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-1761 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-1761 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves three vulnerabilities can now be installed.

## Description:

This update for libsoup2 fixes the following issues:

* CVE-2026-1761: Check length of bytes read in
soup_filter_input_stream_read_until to avoid a stack-based buffer overflow
(bsc#1257598).
* CVE-2026-0716: improper bounds handling may allow out-of-bounds read
(bsc#1256418).
* CVE-2025-4476: null pointer dereference may lead to denial of service
(bsc#1243422).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-497=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-497=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-497=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-497=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-497=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-497=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-497=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-497=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-497=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-497=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-497=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-497=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-497=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-497=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libsoup-2_4-1-2.74.2-150400.3.26.1
* libsoup2-devel-2.74.2-150400.3.26.1
* libsoup2-debugsource-2.74.2-150400.3.26.1
* typelib-1_0-Soup-2_4-2.74.2-150400.3.26.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.26.1
* openSUSE Leap 15.4 (x86_64)
* libsoup-2_4-1-32bit-2.74.2-150400.3.26.1
* libsoup2-devel-32bit-2.74.2-150400.3.26.1
* libsoup-2_4-1-32bit-debuginfo-2.74.2-150400.3.26.1
* openSUSE Leap 15.4 (noarch)
* libsoup2-lang-2.74.2-150400.3.26.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libsoup-2_4-1-64bit-debuginfo-2.74.2-150400.3.26.1
* libsoup-2_4-1-64bit-2.74.2-150400.3.26.1
* libsoup2-devel-64bit-2.74.2-150400.3.26.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libsoup-2_4-1-2.74.2-150400.3.26.1
* libsoup2-debugsource-2.74.2-150400.3.26.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.26.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libsoup-2_4-1-2.74.2-150400.3.26.1
* libsoup2-debugsource-2.74.2-150400.3.26.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.26.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libsoup-2_4-1-2.74.2-150400.3.26.1
* libsoup2-debugsource-2.74.2-150400.3.26.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.26.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libsoup-2_4-1-2.74.2-150400.3.26.1
* libsoup2-debugsource-2.74.2-150400.3.26.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.26.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libsoup-2_4-1-2.74.2-150400.3.26.1
* libsoup2-debugsource-2.74.2-150400.3.26.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.26.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libsoup-2_4-1-2.74.2-150400.3.26.1
* libsoup2-devel-2.74.2-150400.3.26.1
* libsoup2-debugsource-2.74.2-150400.3.26.1
* typelib-1_0-Soup-2_4-2.74.2-150400.3.26.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.26.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* libsoup2-lang-2.74.2-150400.3.26.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libsoup-2_4-1-2.74.2-150400.3.26.1
* libsoup2-devel-2.74.2-150400.3.26.1
* libsoup2-debugsource-2.74.2-150400.3.26.1
* typelib-1_0-Soup-2_4-2.74.2-150400.3.26.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.26.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* libsoup2-lang-2.74.2-150400.3.26.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libsoup-2_4-1-2.74.2-150400.3.26.1
* libsoup2-devel-2.74.2-150400.3.26.1
* libsoup2-debugsource-2.74.2-150400.3.26.1
* typelib-1_0-Soup-2_4-2.74.2-150400.3.26.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.26.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* libsoup2-lang-2.74.2-150400.3.26.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libsoup-2_4-1-2.74.2-150400.3.26.1
* libsoup2-devel-2.74.2-150400.3.26.1
* libsoup2-debugsource-2.74.2-150400.3.26.1
* typelib-1_0-Soup-2_4-2.74.2-150400.3.26.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.26.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* libsoup2-lang-2.74.2-150400.3.26.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libsoup-2_4-1-2.74.2-150400.3.26.1
* libsoup2-devel-2.74.2-150400.3.26.1
* libsoup2-debugsource-2.74.2-150400.3.26.1
* typelib-1_0-Soup-2_4-2.74.2-150400.3.26.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.26.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* libsoup2-lang-2.74.2-150400.3.26.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libsoup-2_4-1-2.74.2-150400.3.26.1
* libsoup2-devel-2.74.2-150400.3.26.1
* libsoup2-debugsource-2.74.2-150400.3.26.1
* typelib-1_0-Soup-2_4-2.74.2-150400.3.26.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.26.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* libsoup2-lang-2.74.2-150400.3.26.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libsoup-2_4-1-2.74.2-150400.3.26.1
* libsoup2-devel-2.74.2-150400.3.26.1
* libsoup2-debugsource-2.74.2-150400.3.26.1
* typelib-1_0-Soup-2_4-2.74.2-150400.3.26.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.26.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* libsoup2-lang-2.74.2-150400.3.26.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libsoup-2_4-1-2.74.2-150400.3.26.1
* libsoup2-devel-2.74.2-150400.3.26.1
* libsoup2-debugsource-2.74.2-150400.3.26.1
* typelib-1_0-Soup-2_4-2.74.2-150400.3.26.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.26.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* libsoup2-lang-2.74.2-150400.3.26.1

## References:

* https://www.suse.com/security/cve/CVE-2025-4476.html
* https://www.suse.com/security/cve/CVE-2026-0716.html
* https://www.suse.com/security/cve/CVE-2026-1761.html
* https://bugzilla.suse.com/show_bug.cgi?id=1243422
* https://bugzilla.suse.com/show_bug.cgi?id=1256418
* https://bugzilla.suse.com/show_bug.cgi?id=1257598



SUSE-SU-2026:0499-1: important: Security update for glibc-livepatches


# Security update for glibc-livepatches

Announcement ID: SUSE-SU-2026:0499-1
Release Date: 2026-02-13T11:42:17Z
Rating: important
References:

* bsc#1256913

Cross-References:

* CVE-2026-0861

CVSS scores:

* CVE-2026-0861 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-0861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-0861 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for glibc-livepatches fixes the following issues:

* CVE-2026-0861: Fixed that inadequate size check in the memalign suite may
result in an integer overflow (bsc#1256913)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-499=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-499=1

## Package List:

* openSUSE Leap 15.6 (x86_64)
* glibc-livepatches-debugsource-0.3-150600.8.2.1
* glibc-livepatches-0.3-150600.8.2.1
* glibc-livepatches-debuginfo-0.3-150600.8.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (x86_64)
* glibc-livepatches-0.3-150600.8.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-0861.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256913



openSUSE-SU-2026:0046-1: important: Security update for htmldoc


openSUSE Security Update: Security update for htmldoc
_______________________________

Announcement ID: openSUSE-SU-2026:0046-1
Rating: important
References: #1232380
Cross-References: CVE-2024-46478
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for htmldoc fixes the following issues:

- CVE-2024-46478: Fixed buffer overflow when handling tabs through the
parse_pre function (boo#1232380).

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-46=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

htmldoc-1.9.16-bp157.3.3.1

References:

https://www.suse.com/security/cve/CVE-2024-46478.html
https://bugzilla.suse.com/1232380



openSUSE-SU-2026:0047-1: important: Security update for htmldoc


openSUSE Security Update: Security update for htmldoc
_______________________________

Announcement ID: openSUSE-SU-2026:0047-1
Rating: important
References: #1232380
Cross-References: CVE-2024-46478
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for htmldoc fixes the following issues:

- CVE-2024-46478: Fixed buffer overflow when handling tabs through the
parse_pre function (boo#1232380).

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2026-47=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

htmldoc-1.9.16-bp156.3.6.1

References:

https://www.suse.com/security/cve/CVE-2024-46478.html
https://bugzilla.suse.com/1232380



SUSE-SU-2026:0505-1: important: Security update for cargo-auditable


# Security update for cargo-auditable

Announcement ID: SUSE-SU-2026:0505-1
Release Date: 2026-02-13T14:32:06Z
Rating: important
References:

* bsc#1257906

Cross-References:

* CVE-2026-25727

CVSS scores:

* CVE-2026-25727 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25727 ( NVD ): 6.8
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for cargo-auditable fixes the following issues:

Update to version 0.7.2~0.

Security issues fixed:

* CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser
can lead to stack exhaustion (bsc#1257906).

Other updates and bugfixes:

* Update to version 0.7.2~0:

* mention cargo-dist in README

* commit Cargo.lock
* bump which dev-dependency to 8.0.0
* bump object to 0.37
* Upgrade cargo_metadata to 0.23
* Expand the set of dist platforms in config

* Update to version 0.7.1~0:

* Out out of unhelpful clippy lint

* Satisfy clippy
* Do not assume --crate-name and --out-dir are present in the rustc command,
but show warnings if they aren't
* Run apt-get update before trying to install packages
* run `cargo dist init` on dist 0.30
* Drop allow-dirty from dist config, should no longer be needed
* Reorder paragraphs in README
* Note the maintenance transition for the go extraction library
* Editing pass on the adopters: scanners
* clarify Docker support
* Cargo clippy fix
* Add Wolfi OS and Chainguard to adopters
* Update mentions around Anchore tooling
* README and documentation updates for nightly
* Bump dependency version in rust-audit-info
* More work on docs
* Nicer formatting on format revision documentation
* Bump versions
* regenerate JSON schema
* cargo fmt
* Document format field
* Make it more clear that RawVersionInfo is private
* Add format field to the serialized data
* cargo clippy fix
* Add special handling for proc macros to treat them as the build dependencies
they are
* Add a test to ensure proc macros are reported as build dependencies
* Add a test fixture for a crate with a proc macro dependency
* parse fully qualified package ID specs from SBOMs
* select first discovered SBOM file
* cargo sbom integration
* Get rid of unmaintained wee_alloc in test code to make people's scanners
misled by GHSA chill out
* Don't fail plan workflow due to manually changed release.yml
* Bump Ubuntu version to hopefully fix release.yml workflow
* Add test for stripped binary
* Bump version to 0.6.7
* Populate changelog
* README.md: add auditable2cdx, more consistency in text
* Placate clippy
* Do not emit -Wl if a bare linker is in use
* Get rid of a compiler warning
* Add bare linker detection function
* drop boilerplate from test that's no longer relevant
* Add support for recovering rustc codegen options
* More lenient parsing of rustc arguments
* More descriptive error message in case rustc is killed abruptly
* change formatting to fit rustfmt
* More descriptive error message in case cargo is killed
* Update REPLACING_CARGO.md to fix #195
* Clarify osv-scanner support in README
* Include the command required to view metadata
* Mention wasm-tools support
* Switch from broken generic cache action to a Rust-specific one
* Fill in various fields in auditable2cdx Cargo.toml
* Include osv-scanner in the list, with a caveat
* Add link to blint repo to README
* Mention that blint supports our data
* Consolidate target definitions
* Account for WASM test dependencies changing, commit the Cargo.lock so they
would stop doing that
* Migrate to a maintained toolchain action
* Fix author specification
* Add link to repository to resolverver Cargo.toml
* Bump resolverver to 0.1.0
* Add resolverver crate to the tree

* Update to version 0.6.6~0:

* Note the `object` upgrade in the changelog

* Upgrade cyclonedx-bom from 0.5 to 0.8 in auditable-cyclonedx
* Upgrade object crate from 0.30 to 0.36 to reduce dependency footprint
* Update dependencies in the lock file
* Populate changelog
* apply clippy lint
* add another --emit parsing test
* shorter code with cargo fmt
* Actually fix cargo-c compatibility
* Attempt to fix cargo-capi incompatibility
* Refactoring in preparation for fixes
* Also read the --emit flag to rustc
* Fill in changelogs
* Bump versions
* Drop cfg'd out tests
* Drop obsolete doc line
* Move dependency cycle tests from auditable-serde to cargo-auditable crate
* Remove cargo_metadata from auditable-serde API surface.
* Apply clippy lint
* Upgrade miniz_oxide to 0.8.0
* Insulate our semver from miniz_oxide semver
* Add support for Rust 2024 edition
* Update tests
* More robust OS detection for riscv feature detection
* bump version
* update changelog for auditable-extract 0.3.5
* Fix wasm component auditable data extraction
* Update blocker description in README.md
* Add openSUSE to adopters
* Update list of know adopters
* Fix detection of `riscv64-linux-android` target features
* Silence noisy lint
* Bump version requirement in rust-audit-info
* Fill in changelogs
* Bump semver of auditable-info
* Drop obsolete comment now that wasm is enabled by default
* Remove dependency on cargo-lock
* Brag about adoption in the README
* Don't use LTO for cargo-dist builds to make them consistent with `cargo
install` etc
* Also build musl binaries
* dist: update dist config for future releases
* dist(cargo-auditable): ignore auditable2cdx for now
* chore: add cargo-dist

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-505=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-505=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-505=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-505=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-505=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-505=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-505=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-505=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* cargo-auditable-debuginfo-0.7.2~0-150500.12.6.1
* cargo-auditable-0.7.2~0-150500.12.6.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* cargo-auditable-debuginfo-0.7.2~0-150500.12.6.1
* cargo-auditable-0.7.2~0-150500.12.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* cargo-auditable-debuginfo-0.7.2~0-150500.12.6.1
* cargo-auditable-0.7.2~0-150500.12.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* cargo-auditable-debuginfo-0.7.2~0-150500.12.6.1
* cargo-auditable-0.7.2~0-150500.12.6.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* cargo-auditable-debuginfo-0.7.2~0-150500.12.6.1
* cargo-auditable-0.7.2~0-150500.12.6.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* cargo-auditable-debuginfo-0.7.2~0-150500.12.6.1
* cargo-auditable-0.7.2~0-150500.12.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* cargo-auditable-debuginfo-0.7.2~0-150500.12.6.1
* cargo-auditable-0.7.2~0-150500.12.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* cargo-auditable-debuginfo-0.7.2~0-150500.12.6.1
* cargo-auditable-0.7.2~0-150500.12.6.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25727.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257906



SUSE-SU-2026:0503-1: important: Security update for ImageMagick


# Security update for ImageMagick

Announcement ID: SUSE-SU-2026:0503-1
Release Date: 2026-02-13T14:23:02Z
Rating: important
References:

* bsc#1256962
* bsc#1256976
* bsc#1257076

Cross-References:

* CVE-2026-23874
* CVE-2026-23876
* CVE-2026-23952

CVSS scores:

* CVE-2026-23874 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23874 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23874 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23876 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23876 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23876 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23876 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23952 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23952 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23952 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Desktop Applications Module 15-SP7
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves three vulnerabilities can now be installed.

## Description:

This update for ImageMagick fixes the following issues:

* CVE-2026-23874: manipulation of digital images can lead to stack overflow
(bsc#1256976).
* CVE-2026-23876: maliciously crafted image can lead to heap buffer overflow
(bsc#1256962).
* CVE-2026-23952: processing comment tag can cause null pointer dereference
(bsc#1257076).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-503=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-503=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-503=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-503=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-503=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-503=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-503=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-503=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-503=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-503=1

* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-503=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-503=1

## Package List:

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.64.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.64.1
* perl-PerlMagick-7.1.0.9-150400.6.64.1
* libMagick++-devel-7.1.0.9-150400.6.64.1
* ImageMagick-7.1.0.9-150400.6.64.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.64.1
* ImageMagick-devel-7.1.0.9-150400.6.64.1
* ImageMagick-debugsource-7.1.0.9-150400.6.64.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.64.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.64.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.64.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.64.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.64.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.64.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.64.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.64.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.64.1
* perl-PerlMagick-7.1.0.9-150400.6.64.1
* libMagick++-devel-7.1.0.9-150400.6.64.1
* ImageMagick-7.1.0.9-150400.6.64.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.64.1
* ImageMagick-devel-7.1.0.9-150400.6.64.1
* ImageMagick-debugsource-7.1.0.9-150400.6.64.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.64.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.64.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.64.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.64.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.64.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.64.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.64.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.64.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.64.1
* perl-PerlMagick-7.1.0.9-150400.6.64.1
* libMagick++-devel-7.1.0.9-150400.6.64.1
* ImageMagick-7.1.0.9-150400.6.64.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.64.1
* ImageMagick-devel-7.1.0.9-150400.6.64.1
* ImageMagick-debugsource-7.1.0.9-150400.6.64.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.64.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.64.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.64.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.64.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.64.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.64.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.64.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.64.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.64.1
* perl-PerlMagick-7.1.0.9-150400.6.64.1
* libMagick++-devel-7.1.0.9-150400.6.64.1
* ImageMagick-7.1.0.9-150400.6.64.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.64.1
* ImageMagick-devel-7.1.0.9-150400.6.64.1
* ImageMagick-debugsource-7.1.0.9-150400.6.64.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.64.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.64.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.64.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.64.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.64.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.64.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.64.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.64.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.64.1
* perl-PerlMagick-7.1.0.9-150400.6.64.1
* libMagick++-devel-7.1.0.9-150400.6.64.1
* ImageMagick-7.1.0.9-150400.6.64.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.64.1
* ImageMagick-devel-7.1.0.9-150400.6.64.1
* ImageMagick-debugsource-7.1.0.9-150400.6.64.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.64.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.64.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.64.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.64.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.64.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.64.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.64.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* ImageMagick-debugsource-7.1.0.9-150400.6.64.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.64.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.64.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.64.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.64.1
* perl-PerlMagick-7.1.0.9-150400.6.64.1
* libMagick++-devel-7.1.0.9-150400.6.64.1
* ImageMagick-7.1.0.9-150400.6.64.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.64.1
* ImageMagick-devel-7.1.0.9-150400.6.64.1
* ImageMagick-debugsource-7.1.0.9-150400.6.64.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.64.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.64.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.64.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.64.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.64.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.64.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.64.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.64.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.64.1
* perl-PerlMagick-7.1.0.9-150400.6.64.1
* libMagick++-devel-7.1.0.9-150400.6.64.1
* ImageMagick-7.1.0.9-150400.6.64.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.64.1
* ImageMagick-devel-7.1.0.9-150400.6.64.1
* ImageMagick-debugsource-7.1.0.9-150400.6.64.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.64.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.64.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.64.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.64.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.64.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.64.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.64.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* ImageMagick-debugsource-7.1.0.9-150400.6.64.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.64.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.64.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.64.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.64.1
* perl-PerlMagick-7.1.0.9-150400.6.64.1
* libMagick++-devel-7.1.0.9-150400.6.64.1
* ImageMagick-7.1.0.9-150400.6.64.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.64.1
* ImageMagick-devel-7.1.0.9-150400.6.64.1
* ImageMagick-debugsource-7.1.0.9-150400.6.64.1
* ImageMagick-extra-7.1.0.9-150400.6.64.1
* ImageMagick-extra-debuginfo-7.1.0.9-150400.6.64.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.64.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.64.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.64.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.64.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.64.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.64.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.64.1
* openSUSE Leap 15.4 (x86_64)
* libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.64.1
* libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.64.1
* libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.64.1
* libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.64.1
* libMagick++-devel-32bit-7.1.0.9-150400.6.64.1
* libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.64.1
* libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.64.1
* ImageMagick-devel-32bit-7.1.0.9-150400.6.64.1
* openSUSE Leap 15.4 (noarch)
* ImageMagick-doc-7.1.0.9-150400.6.64.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.64.1
* libMagick++-7_Q16HDRI5-64bit-7.1.0.9-150400.6.64.1
* libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.0.9-150400.6.64.1
* libMagickWand-7_Q16HDRI10-64bit-7.1.0.9-150400.6.64.1
* ImageMagick-devel-64bit-7.1.0.9-150400.6.64.1
* libMagick++-devel-64bit-7.1.0.9-150400.6.64.1
* libMagickCore-7_Q16HDRI10-64bit-7.1.0.9-150400.6.64.1
* libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.64.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* ImageMagick-debugsource-7.1.0.9-150400.6.64.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.64.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.64.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.64.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.64.1
* perl-PerlMagick-7.1.0.9-150400.6.64.1
* libMagick++-devel-7.1.0.9-150400.6.64.1
* ImageMagick-7.1.0.9-150400.6.64.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.64.1
* ImageMagick-devel-7.1.0.9-150400.6.64.1
* ImageMagick-debugsource-7.1.0.9-150400.6.64.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.64.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.64.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.64.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.64.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.64.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.64.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.64.1

## References:

* https://www.suse.com/security/cve/CVE-2026-23874.html
* https://www.suse.com/security/cve/CVE-2026-23876.html
* https://www.suse.com/security/cve/CVE-2026-23952.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256962
* https://bugzilla.suse.com/show_bug.cgi?id=1256976
* https://bugzilla.suse.com/show_bug.cgi?id=1257076



SUSE-SU-2026:0504-1: important: Security update for java-1_8_0-openjdk


# Security update for java-1_8_0-openjdk

Announcement ID: SUSE-SU-2026:0504-1
Release Date: 2026-02-13T14:24:43Z
Rating: important
References:

* bsc#1257034
* bsc#1257036
* bsc#1257037
* bsc#1257038
* jsc#PED-14507

Cross-References:

* CVE-2026-21925
* CVE-2026-21932
* CVE-2026-21933
* CVE-2026-21945

CVSS scores:

* CVE-2026-21925 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-21925 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-21932 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
* CVE-2026-21932 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
* CVE-2026-21933 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-21933 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-21945 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21945 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Legacy Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves four vulnerabilities and contains one feature can now be
installed.

## Description:

This update for java-1_8_0-openjdk fixes the following issues:

* CVE-2026-21925: Fixed a vulnerability in the Oracle Java SE component RMI.
(bsc#1257034)
* CVE-2026-21932: Fixed a vulnerability in the Oracle Java SE component AWT
and JavaFX. (bsc#1257036)
* CVE-2026-21933: Fixed a vulnerability in the Oracle Java SE component
Networking. (bsc#1257037)
* CVE-2026-21945: Fixed a vulnerability in the Oracle Java SE component
Security. (bsc#1257038)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-504=1

* Legacy Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2026-504=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-504=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-504=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-504=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-504=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-504=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-504=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-504=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-504=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-debugsource-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-demo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-accessibility-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-devel-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-headless-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-src-1.8.0.482-150000.3.117.1
* openSUSE Leap 15.6 (noarch)
* java-1_8_0-openjdk-javadoc-1.8.0.482-150000.3.117.1
* Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-debugsource-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-demo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-devel-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-headless-1.8.0.482-150000.3.117.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-debugsource-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-demo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-devel-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-headless-1.8.0.482-150000.3.117.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-debugsource-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-demo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-devel-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-headless-1.8.0.482-150000.3.117.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-debugsource-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-demo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-devel-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-headless-1.8.0.482-150000.3.117.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-debugsource-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-demo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-devel-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-headless-1.8.0.482-150000.3.117.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-debugsource-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-demo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-devel-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-headless-1.8.0.482-150000.3.117.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-debugsource-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-demo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-devel-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-headless-1.8.0.482-150000.3.117.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-debugsource-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-demo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-devel-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-headless-1.8.0.482-150000.3.117.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-debugsource-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-demo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-devel-1.8.0.482-150000.3.117.1
* java-1_8_0-openjdk-headless-1.8.0.482-150000.3.117.1

## References:

* https://www.suse.com/security/cve/CVE-2026-21925.html
* https://www.suse.com/security/cve/CVE-2026-21932.html
* https://www.suse.com/security/cve/CVE-2026-21933.html
* https://www.suse.com/security/cve/CVE-2026-21945.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257034
* https://bugzilla.suse.com/show_bug.cgi?id=1257036
* https://bugzilla.suse.com/show_bug.cgi?id=1257037
* https://bugzilla.suse.com/show_bug.cgi?id=1257038
* https://jira.suse.com/browse/PED-14507



SUSE-SU-2026:0510-1: moderate: Security update for util-linux


# Security update for util-linux

Announcement ID: SUSE-SU-2026:0510-1
Release Date: 2026-02-13T14:52:46Z
Rating: moderate
References:

* bsc#1254666
* jsc#PED-13682

Cross-References:

* CVE-2025-14104

CVSS scores:

* CVE-2025-14104 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-14104 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-14104 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves one vulnerability and contains one feature can now be
installed.

## Description:

This update for util-linux fixes the following issues:

* CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing
256-byte usernames (bsc#1254666).
* lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-510=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-510=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-510=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-510=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-510=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libuuid-devel-2.37.2-150400.8.38.1
* python3-libmount-debugsource-2.37.2-150400.8.38.1
* util-linux-systemd-2.37.2-150400.8.38.1
* util-linux-debuginfo-2.37.2-150400.8.38.1
* util-linux-debugsource-2.37.2-150400.8.38.1
* libfdisk1-2.37.2-150400.8.38.1
* libsmartcols1-debuginfo-2.37.2-150400.8.38.1
* util-linux-systemd-debugsource-2.37.2-150400.8.38.1
* libmount-devel-static-2.37.2-150400.8.38.1
* libblkid-devel-static-2.37.2-150400.8.38.1
* libblkid1-2.37.2-150400.8.38.1
* libsmartcols1-2.37.2-150400.8.38.1
* libfdisk-devel-2.37.2-150400.8.38.1
* libuuid1-2.37.2-150400.8.38.1
* libfdisk1-debuginfo-2.37.2-150400.8.38.1
* libblkid-devel-2.37.2-150400.8.38.1
* libsmartcols-devel-static-2.37.2-150400.8.38.1
* python3-libmount-debuginfo-2.37.2-150400.8.38.1
* libblkid1-debuginfo-2.37.2-150400.8.38.1
* libfdisk-devel-static-2.37.2-150400.8.38.1
* libuuid1-debuginfo-2.37.2-150400.8.38.1
* uuidd-debuginfo-2.37.2-150400.8.38.1
* libuuid-devel-static-2.37.2-150400.8.38.1
* python3-libmount-2.37.2-150400.8.38.1
* util-linux-systemd-debuginfo-2.37.2-150400.8.38.1
* libmount-devel-2.37.2-150400.8.38.1
* libmount1-2.37.2-150400.8.38.1
* uuidd-2.37.2-150400.8.38.1
* libsmartcols-devel-2.37.2-150400.8.38.1
* libmount1-debuginfo-2.37.2-150400.8.38.1
* util-linux-2.37.2-150400.8.38.1
* openSUSE Leap 15.4 (x86_64)
* libmount1-32bit-debuginfo-2.37.2-150400.8.38.1
* libsmartcols1-32bit-debuginfo-2.37.2-150400.8.38.1
* libmount1-32bit-2.37.2-150400.8.38.1
* libfdisk1-32bit-debuginfo-2.37.2-150400.8.38.1
* libblkid-devel-32bit-2.37.2-150400.8.38.1
* libfdisk-devel-32bit-2.37.2-150400.8.38.1
* libuuid-devel-32bit-2.37.2-150400.8.38.1
* libuuid1-32bit-debuginfo-2.37.2-150400.8.38.1
* libblkid1-32bit-2.37.2-150400.8.38.1
* libmount-devel-32bit-2.37.2-150400.8.38.1
* libblkid1-32bit-debuginfo-2.37.2-150400.8.38.1
* libuuid1-32bit-2.37.2-150400.8.38.1
* libfdisk1-32bit-2.37.2-150400.8.38.1
* libsmartcols1-32bit-2.37.2-150400.8.38.1
* libsmartcols-devel-32bit-2.37.2-150400.8.38.1
* openSUSE Leap 15.4 (noarch)
* util-linux-lang-2.37.2-150400.8.38.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libuuid-devel-64bit-2.37.2-150400.8.38.1
* libblkid-devel-64bit-2.37.2-150400.8.38.1
* libmount1-64bit-debuginfo-2.37.2-150400.8.38.1
* libuuid1-64bit-debuginfo-2.37.2-150400.8.38.1
* libmount-devel-64bit-2.37.2-150400.8.38.1
* libuuid1-64bit-2.37.2-150400.8.38.1
* libmount1-64bit-2.37.2-150400.8.38.1
* libfdisk1-64bit-debuginfo-2.37.2-150400.8.38.1
* libfdisk1-64bit-2.37.2-150400.8.38.1
* libsmartcols1-64bit-2.37.2-150400.8.38.1
* libblkid1-64bit-2.37.2-150400.8.38.1
* libsmartcols1-64bit-debuginfo-2.37.2-150400.8.38.1
* libblkid1-64bit-debuginfo-2.37.2-150400.8.38.1
* libfdisk-devel-64bit-2.37.2-150400.8.38.1
* libsmartcols-devel-64bit-2.37.2-150400.8.38.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libsmartcols1-debuginfo-2.37.2-150400.8.38.1
* util-linux-systemd-debugsource-2.37.2-150400.8.38.1
* libblkid1-debuginfo-2.37.2-150400.8.38.1
* libmount1-debuginfo-2.37.2-150400.8.38.1
* util-linux-debuginfo-2.37.2-150400.8.38.1
* util-linux-systemd-2.37.2-150400.8.38.1
* libblkid1-2.37.2-150400.8.38.1
* libsmartcols1-2.37.2-150400.8.38.1
* libuuid1-debuginfo-2.37.2-150400.8.38.1
* util-linux-debugsource-2.37.2-150400.8.38.1
* libmount1-2.37.2-150400.8.38.1
* libuuid1-2.37.2-150400.8.38.1
* libfdisk1-debuginfo-2.37.2-150400.8.38.1
* libfdisk1-2.37.2-150400.8.38.1
* util-linux-2.37.2-150400.8.38.1
* util-linux-systemd-debuginfo-2.37.2-150400.8.38.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libsmartcols1-debuginfo-2.37.2-150400.8.38.1
* util-linux-systemd-debugsource-2.37.2-150400.8.38.1
* libblkid1-debuginfo-2.37.2-150400.8.38.1
* libmount1-debuginfo-2.37.2-150400.8.38.1
* util-linux-debuginfo-2.37.2-150400.8.38.1
* util-linux-systemd-2.37.2-150400.8.38.1
* libblkid1-2.37.2-150400.8.38.1
* libsmartcols1-2.37.2-150400.8.38.1
* libuuid1-debuginfo-2.37.2-150400.8.38.1
* util-linux-debugsource-2.37.2-150400.8.38.1
* libmount1-2.37.2-150400.8.38.1
* libuuid1-2.37.2-150400.8.38.1
* libfdisk1-debuginfo-2.37.2-150400.8.38.1
* libfdisk1-2.37.2-150400.8.38.1
* util-linux-2.37.2-150400.8.38.1
* util-linux-systemd-debuginfo-2.37.2-150400.8.38.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libsmartcols1-debuginfo-2.37.2-150400.8.38.1
* util-linux-systemd-debugsource-2.37.2-150400.8.38.1
* libblkid1-debuginfo-2.37.2-150400.8.38.1
* libmount1-debuginfo-2.37.2-150400.8.38.1
* util-linux-debuginfo-2.37.2-150400.8.38.1
* util-linux-systemd-2.37.2-150400.8.38.1
* libblkid1-2.37.2-150400.8.38.1
* libsmartcols1-2.37.2-150400.8.38.1
* libuuid1-debuginfo-2.37.2-150400.8.38.1
* util-linux-debugsource-2.37.2-150400.8.38.1
* libmount1-2.37.2-150400.8.38.1
* libuuid1-2.37.2-150400.8.38.1
* libfdisk1-debuginfo-2.37.2-150400.8.38.1
* libfdisk1-2.37.2-150400.8.38.1
* util-linux-2.37.2-150400.8.38.1
* util-linux-systemd-debuginfo-2.37.2-150400.8.38.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libsmartcols1-debuginfo-2.37.2-150400.8.38.1
* util-linux-systemd-debugsource-2.37.2-150400.8.38.1
* libblkid1-debuginfo-2.37.2-150400.8.38.1
* libmount1-debuginfo-2.37.2-150400.8.38.1
* util-linux-debuginfo-2.37.2-150400.8.38.1
* util-linux-systemd-2.37.2-150400.8.38.1
* libblkid1-2.37.2-150400.8.38.1
* libsmartcols1-2.37.2-150400.8.38.1
* libuuid1-debuginfo-2.37.2-150400.8.38.1
* util-linux-debugsource-2.37.2-150400.8.38.1
* libmount1-2.37.2-150400.8.38.1
* libuuid1-2.37.2-150400.8.38.1
* libfdisk1-debuginfo-2.37.2-150400.8.38.1
* libfdisk1-2.37.2-150400.8.38.1
* util-linux-2.37.2-150400.8.38.1
* util-linux-systemd-debuginfo-2.37.2-150400.8.38.1

## References:

* https://www.suse.com/security/cve/CVE-2025-14104.html
* https://bugzilla.suse.com/show_bug.cgi?id=1254666
* https://jira.suse.com/browse/PED-13682



SUSE-SU-2026:0508-1: moderate: Security update for curl


# Security update for curl

Announcement ID: SUSE-SU-2026:0508-1
Release Date: 2026-02-13T14:50:35Z
Rating: moderate
References:

* bsc#1255731
* bsc#1255732
* bsc#1255733
* bsc#1255734
* bsc#1256105

Cross-References:

* CVE-2025-14017
* CVE-2025-14524
* CVE-2025-14819
* CVE-2025-15079
* CVE-2025-15224

CVSS scores:

* CVE-2025-14017 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-14017 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2025-14017 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2025-14524 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-14524 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-14524 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-14819 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-14819 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-14819 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-15079 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-15079 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-15079 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-15224 ( SUSE ): 2.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-15224 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2025-15224 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves five vulnerabilities can now be installed.

## Description:

This update for curl fixes the following issues:

* CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105).
* CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
* CVE-2025-14819: libssh global knownhost override (bsc#1255732).
* CVE-2025-15079: libssh key passphrase bypass without agent set
(bsc#1255733).
* CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-508=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-508=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-508=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-508=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-508=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-508=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libcurl4-debuginfo-8.14.1-150400.5.77.1
* curl-debuginfo-8.14.1-150400.5.77.1
* curl-debugsource-8.14.1-150400.5.77.1
* libcurl4-8.14.1-150400.5.77.1
* libcurl-devel-8.14.1-150400.5.77.1
* libcurl-mini4-debuginfo-8.14.1-150400.5.77.1
* libcurl-mini4-8.14.1-150400.5.77.1
* curl-mini-debugsource-8.14.1-150400.5.77.1
* curl-8.14.1-150400.5.77.1
* openSUSE Leap 15.4 (noarch)
* curl-zsh-completion-8.14.1-150400.5.77.1
* curl-fish-completion-8.14.1-150400.5.77.1
* libcurl-devel-doc-8.14.1-150400.5.77.1
* openSUSE Leap 15.4 (x86_64)
* libcurl-devel-32bit-8.14.1-150400.5.77.1
* libcurl4-32bit-debuginfo-8.14.1-150400.5.77.1
* libcurl4-32bit-8.14.1-150400.5.77.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libcurl4-64bit-debuginfo-8.14.1-150400.5.77.1
* libcurl4-64bit-8.14.1-150400.5.77.1
* libcurl-devel-64bit-8.14.1-150400.5.77.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libcurl4-debuginfo-8.14.1-150400.5.77.1
* curl-debuginfo-8.14.1-150400.5.77.1
* curl-debugsource-8.14.1-150400.5.77.1
* libcurl4-8.14.1-150400.5.77.1
* curl-8.14.1-150400.5.77.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libcurl4-debuginfo-8.14.1-150400.5.77.1
* curl-debuginfo-8.14.1-150400.5.77.1
* curl-debugsource-8.14.1-150400.5.77.1
* libcurl4-8.14.1-150400.5.77.1
* curl-8.14.1-150400.5.77.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libcurl4-debuginfo-8.14.1-150400.5.77.1
* curl-debuginfo-8.14.1-150400.5.77.1
* curl-debugsource-8.14.1-150400.5.77.1
* libcurl4-8.14.1-150400.5.77.1
* curl-8.14.1-150400.5.77.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libcurl4-debuginfo-8.14.1-150400.5.77.1
* curl-debuginfo-8.14.1-150400.5.77.1
* curl-debugsource-8.14.1-150400.5.77.1
* libcurl4-8.14.1-150400.5.77.1
* curl-8.14.1-150400.5.77.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libcurl4-debuginfo-8.14.1-150400.5.77.1
* curl-debuginfo-8.14.1-150400.5.77.1
* curl-debugsource-8.14.1-150400.5.77.1
* libcurl4-8.14.1-150400.5.77.1
* curl-8.14.1-150400.5.77.1

## References:

* https://www.suse.com/security/cve/CVE-2025-14017.html
* https://www.suse.com/security/cve/CVE-2025-14524.html
* https://www.suse.com/security/cve/CVE-2025-14819.html
* https://www.suse.com/security/cve/CVE-2025-15079.html
* https://www.suse.com/security/cve/CVE-2025-15224.html
* https://bugzilla.suse.com/show_bug.cgi?id=1255731
* https://bugzilla.suse.com/show_bug.cgi?id=1255732
* https://bugzilla.suse.com/show_bug.cgi?id=1255733
* https://bugzilla.suse.com/show_bug.cgi?id=1255734
* https://bugzilla.suse.com/show_bug.cgi?id=1256105



SUSE-SU-2026:0514-1: important: Security update for cargo-auditable


# Security update for cargo-auditable

Announcement ID: SUSE-SU-2026:0514-1
Release Date: 2026-02-13T14:57:18Z
Rating: important
References:

* bsc#1257906

Cross-References:

* CVE-2026-25727

CVSS scores:

* CVE-2026-25727 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25727 ( NVD ): 6.8
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves one vulnerability can now be installed.

## Description:

This update for cargo-auditable fixes the following issues:

Update to version 0.7.2~0.

Security issues fixed:

* CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser
can lead to stack exhaustion (bsc#1257906).

Other updates and bugfixes:

* Update to version 0.7.2~0:

* mention cargo-dist in README

* commit Cargo.lock
* bump which dev-dependency to 8.0.0
* bump object to 0.37
* Upgrade cargo_metadata to 0.23
* Expand the set of dist platforms in config

* Update to version 0.7.1~0:

* Out out of unhelpful clippy lint

* Satisfy clippy
* Do not assume --crate-name and --out-dir are present in the rustc command,
but show warnings if they aren't
* Run apt-get update before trying to install packages
* run `cargo dist init` on dist 0.30
* Drop allow-dirty from dist config, should no longer be needed
* Reorder paragraphs in README
* Note the maintenance transition for the go extraction library
* Editing pass on the adopters: scanners
* clarify Docker support
* Cargo clippy fix
* Add Wolfi OS and Chainguard to adopters
* Update mentions around Anchore tooling
* README and documentation updates for nightly
* Bump dependency version in rust-audit-info
* More work on docs
* Nicer formatting on format revision documentation
* Bump versions
* regenerate JSON schema
* cargo fmt
* Document format field
* Make it more clear that RawVersionInfo is private
* Add format field to the serialized data
* cargo clippy fix
* Add special handling for proc macros to treat them as the build dependencies
they are
* Add a test to ensure proc macros are reported as build dependencies
* Add a test fixture for a crate with a proc macro dependency
* parse fully qualified package ID specs from SBOMs
* select first discovered SBOM file
* cargo sbom integration
* Get rid of unmaintained wee_alloc in test code to make people's scanners
misled by GHSA chill out
* Don't fail plan workflow due to manually changed release.yml
* Bump Ubuntu version to hopefully fix release.yml workflow
* Add test for stripped binary
* Bump version to 0.6.7
* Populate changelog
* README.md: add auditable2cdx, more consistency in text
* Placate clippy
* Do not emit -Wl if a bare linker is in use
* Get rid of a compiler warning
* Add bare linker detection function
* drop boilerplate from test that's no longer relevant
* Add support for recovering rustc codegen options
* More lenient parsing of rustc arguments
* More descriptive error message in case rustc is killed abruptly
* change formatting to fit rustfmt
* More descriptive error message in case cargo is killed
* Update REPLACING_CARGO.md to fix #195
* Clarify osv-scanner support in README
* Include the command required to view metadata
* Mention wasm-tools support
* Switch from broken generic cache action to a Rust-specific one
* Fill in various fields in auditable2cdx Cargo.toml
* Include osv-scanner in the list, with a caveat
* Add link to blint repo to README
* Mention that blint supports our data
* Consolidate target definitions
* Account for WASM test dependencies changing, commit the Cargo.lock so they
would stop doing that
* Migrate to a maintained toolchain action
* Fix author specification
* Add link to repository to resolverver Cargo.toml
* Bump resolverver to 0.1.0
* Add resolverver crate to the tree

* Update to version 0.6.6~0:

* Note the `object` upgrade in the changelog

* Upgrade cyclonedx-bom from 0.5 to 0.8 in auditable-cyclonedx
* Upgrade object crate from 0.30 to 0.36 to reduce dependency footprint
* Update dependencies in the lock file
* Populate changelog
* apply clippy lint
* add another --emit parsing test
* shorter code with cargo fmt
* Actually fix cargo-c compatibility
* Attempt to fix cargo-capi incompatibility
* Refactoring in preparation for fixes
* Also read the --emit flag to rustc
* Fill in changelogs
* Bump versions
* Drop cfg'd out tests
* Drop obsolete doc line
* Move dependency cycle tests from auditable-serde to cargo-auditable crate
* Remove cargo_metadata from auditable-serde API surface.
* Apply clippy lint
* Upgrade miniz_oxide to 0.8.0
* Insulate our semver from miniz_oxide semver
* Add support for Rust 2024 edition
* Update tests
* More robust OS detection for riscv feature detection
* bump version
* update changelog for auditable-extract 0.3.5
* Fix wasm component auditable data extraction
* Update blocker description in README.md
* Add openSUSE to adopters
* Update list of know adopters
* Fix detection of `riscv64-linux-android` target features
* Silence noisy lint
* Bump version requirement in rust-audit-info
* Fill in changelogs
* Bump semver of auditable-info
* Drop obsolete comment now that wasm is enabled by default
* Remove dependency on cargo-lock
* Brag about adoption in the README
* Don't use LTO for cargo-dist builds to make them consistent with `cargo
install` etc
* Also build musl binaries
* dist: update dist config for future releases
* dist(cargo-auditable): ignore auditable2cdx for now
* chore: add cargo-dist

* Update to version 0.6.4~0:

* Release cargo-auditable v0.6.4

* Correctly attribute changelog file addition in changelog
* Add changelog for auditable-extract
* Verify various feature combinations in CI
* Upgrade wasmparser to remove dependencies with `unsafe`
* Add LoongArch support
* cargo fmt
* Move doc headers to README.md and point rustdoc to them, so that we have
nice crates.io pages
* Expand on the note about WebAssembly parsing
* Populate changelogs
* Resume bragging about all dependencies being safe, now that there is a
caveat below
* drop fuzz Cargo.lock to always fuzz against latest versions
* Bump `cargo auditable` version
* Mention WASM support in README
* Revert "Be super duper extra sure both MinGW and MSVC are tested on CI"
* Be super duper extra sure both MinGW and MSVC are tested on CI
* Add wasm32 targets to CI for more platforms
* Don't pass --target twice in tests
* Install WASM toolchain in CI
* cargo fmt
* Add WASM end-to-end test
* cargo fmt
* Update documentation to mention the WASM feature
* cargo fmt
* Plumb WASM parsing feature through the whole stack
* Make WASM parsing an optional, non-default feature
* Add a fuzzing harness for WASM parsing
* Rewritten WASM parsing to avoid heap allocations
* Initial WASM extraction support
* Nicer assertion
* Drop obsolete comment
* Clarify that embedding the compiler version has shipped.
* Fixed section name for WASM
* Unified and more robust platform detection. Fixed wasm build process
* Initial WASM support
* More robust platform detection for picking the binary format
* Fix Windows CI to run both -msvc and -gnu
* Use the correct link.exe flag for preserving the specified symbol even if it
is unused
* Fix Windows
* Fix tests on Rust 1.77
* Placate clippy
* Oopps, I meant components field
* Also remove the dependencies field if empty
* Use serde_json with order preservation feature to get a more compressible
JSON after workarounds
* Work around cyclonedx-bom limitations to produce minified JSON
* Also record the dependency kind
* cyclonedx-bom: also record PURL
* Also write the dependency tree
* Clear the serial number in the minimal CycloneDX variant
* Prototype impl of auditable2cdx
* Fill in auditable2cdx dependencies
* Initial auditable2cdx boilerplace
* add #![forbid(unsafe_code)]
* Initial implementation of auditable-to-cyclonedx conversion
* Add the necessary dependencies to auditable-cyclonedx
* Initial dummy package for auditable-cyclonedx

* Update to version 0.6.2~0:

* Update the lockfile

* New releases of cargo-auditable and auditable-serde
* Use a separate project for the custom rustc path tests. Fixes intermittent
test failures due to race conditions
* Revert "add commit hashes to git sources"
* Fix cyclic dependency graph being encoded
* Revert "An unsuccessful attempt to fix cycles caused by dev-dependencies"
* An unsuccessful attempt to fix cycles caused by dev-dependencies
* Fix typo
* Add comment
* Add a test for an issue with cyclic dependencies reported at
https://github.com/rustsec/rustsec/issues/1043
* Fix auditable-serde example not building
* upgrade dependency miniz_oxide to 0.6.0
* fix formatting errors
* apply clippy lints for --all-features
* improve the internal docs and comments
* apply clippy lints
* add missing sources for one of test fixtures
* add commit hashes to git sources
* Run all tests on CI
* cargo fmt
* Run `cargo clean` in tests to get rid of stale binaries
* Fix date in changelog
* Populate changelog
* Bump auditable-info version in rust-audit-info
* Add auditable-info changelog
* Bump versions following cargo-lock bump
* auditable-serde: bump `cargo-lock` to v9
* switch to UNRELEASED
* Update CHANGELOG.md
* Print a better error if calling rustc fails
* Drop unused import
* placate Clippy
* Don't inject audit info if --print argument is passed to rustc
* Reflect the version change in Cargo.lock
* Remove space from keywords
* bump version to 0.6.1
* Fix date in changelog
* Update CHANGELOG.md
* Add publish=false
* Commit the generated manpage
* Add the code for generating a manpage; rather rudimentary so far, but it's a
starting point
* Explain relation to supply chain attacks
* Add keywords to the Cargo manifest
* Revert "generate a man page for cargo auditable"
* fix formatting
* fix review feedback, relocate file to under OUT_DIR, don't use anyhow and
also commit the lock file
* generate a man page for cargo auditable
* Add Clippy suppression
* placate clippy
* commit Cargo.lock
* Sync to latest object file writing code from rustc
* Fix examples in docs
* Allow redundant field names
* Apply clippy suggestion: match -> if let
* Check for clippy and format in CI
* Apply clippy suggestions
* Run CI with --locked

* Update to version 0.6.0~0:

* README and documentation improvements

* Read the rustc path passed by Cargo; fixes #90
* Read location of Cargo from the environment variable Cargo sets for third-
party subcommands
* Add a note on sccache version compatibility to CHANGELOG.md
* Panic on compilation commands where we fail to parse the arguments instead
of silently ignoring the error
* Specifying the binary-scanning feature is no longer needed
* Pass options such as --offline to `cargo metadata`
* Pass on arguments from `cargo auditable` invocation to the rustc wrapper;
prep work towards fixing #83
* Bump rust-audit-info to 0.5.2
* Bump auditable-serde version to 0.5.2
* Correctly fill in the source even in dependency entries when converting to
cargo-lock data format
* Drop the roundtrip through str in semver::Version
* Release auditable-info 0.6.1
* Bump all the version requirements for things depending on auditable-info
* Fix audit_info_from_slice function signature

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-514=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-514=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-514=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-514=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-514=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* cargo-auditable-0.7.2~0-150300.7.6.1
* cargo-auditable-debuginfo-0.7.2~0-150300.7.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* cargo-auditable-0.7.2~0-150300.7.6.1
* cargo-auditable-debuginfo-0.7.2~0-150300.7.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* cargo-auditable-0.7.2~0-150300.7.6.1
* cargo-auditable-debuginfo-0.7.2~0-150300.7.6.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* cargo-auditable-0.7.2~0-150300.7.6.1
* cargo-auditable-debuginfo-0.7.2~0-150300.7.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* cargo-auditable-0.7.2~0-150300.7.6.1
* cargo-auditable-debuginfo-0.7.2~0-150300.7.6.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25727.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257906


PHP, NodeJS, GCC-Toolset, Firefox, Python updates for AlmaLinux

Linux Kernel (AWS) update for Ubuntu

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...