OpenCryptoki, python-Django, Cairo, and more updates for SUSE Linux

SUSE 5641 Published by

SUSE has issued a wide array of security updates for openSUSE Leap and SUSE Linux Enterprise systems that address numerous vulnerabilities across both critical and moderate severity levels. These patches cover essential software including Wireshark, Django, nginx, and multiple Linux kernel live patches, alongside fixes for graphics libraries, container runtimes, and development tools. The resolved issues primarily involve memory corruption flaws, denial-of-service triggers, and privilege escalation risks that could destabilize systems or leak sensitive information. System administrators are advised to deploy these updates immediately through standard zypper patch commands to maintain a secure computing environment.

openSUSE-SU-2026:20699-1: moderate: Security update for openCryptoki
openSUSE-SU-2026:20704-1: moderate: Security update for python-Django
openSUSE-SU-2026:20697-1: low: Security update for cairo
openSUSE-SU-2026:20692-1: moderate: Security update for python-pytest
openSUSE-SU-2026:20688-1: moderate: Security update for Mesa
openSUSE-SU-2026:20685-1: important: Security update for wireshark
SUSE-SU-2026:1776-1: important: Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:1761-1: important: Security update for nginx
SUSE-SU-2026:1768-1: important: Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2026:1771-1: important: Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:1770-1: important: Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5)
openSUSE-SU-2026:10707-1: moderate: postfix-3.11.2-1.1 on GA media
openSUSE-SU-2026:10706-1: moderate: podman-5.8.2-1.1 on GA media
openSUSE-SU-2026:10705-1: moderate: libpcp-devel-6.3.8-1.1 on GA media
openSUSE-SU-2026:10704-1: moderate: micropython-1.28.0-2.1 on GA media




openSUSE-SU-2026:20699-1: moderate: Security update for openCryptoki


openSUSE security update: security update for opencryptoki
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20699-1
Rating: moderate
References:

* bsc#1262283
* bsc#1263819

Cross-References:

* CVE-2026-40253

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has 2 bug fixes can now be installed.

Description:

This update for openCryptoki fixes the following issues

Security issue:

- CVE-2026-40253: Updated fix for malformed BER-encoded cryptographic objects
(bsc#1262283).

Non security issue:

- Refactored .spec file to fully support transactional and immutable operating systems
(jsc#PED-14609):
* Migrated user and group creation (pkcs11, pkcsslotd) from imperative %pre shell commands to
declarative systemd-sysusers configuration.
* Replaced manual /var directory tracking and %ghost directives with
comprehensive systemd-tmpfiles configurations.
* Implemented dynamic, architecture-specific tmpfiles.d generation to properly provision
hardware-specific token directories (e.g., ccatok, ep11tok, lite, and HSM_MK_CHANGE).
- Fixed permissions for /run/opencryptoki within tmpfiles.d to ensure the
daemon can successfully drop privileges and bind its communication socket.
* Moved 32-bit and 64-bit shared library symlink creation (such as PKCS11_API.so, stdll, and methods)
from %post scriptlets into the %install phase,
ensuring they are correctly packaged and tracked on the read-only /usr partition.
* Removed legacy /etc/pkcs11 bash migration logic from %post,
replacing it with a declarative tmpfiles.d symlink rule.
- Cleaned up scriptlets to only execute transaction-safe macros
(such as ldconfig and systemd service handlers).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-718=1

Package List:

- openSUSE Leap 16.0:

openCryptoki-3.26.0-160000.2.1
openCryptoki-64bit-3.26.0-160000.2.1
openCryptoki-devel-3.26.0-160000.2.1

References:

* https://www.suse.com/security/cve/CVE-2026-40253.html



openSUSE-SU-2026:20704-1: moderate: Security update for python-Django


openSUSE security update: security update for python-django
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20704-1
Rating: moderate
References:

* bsc#1264152
* bsc#1264153
* bsc#1264154

Cross-References:

* CVE-2026-35192
* CVE-2026-5766
* CVE-2026-6907

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.

Description:

This update for python-Django fixes the following issues:

Changes in python-Django:

- CVE-2026-5766: Potential denial-of-service vulnerability in ASGI requests
via file upload limit bypass (bsc#1264153)
- CVE-2026-35192: Session fixation via public cached pages and
SESSION_SAVE_EVERY_REQUEST (bsc#1264154)
- CVE-2026-6907: Potential exposure of private data due to incorrect handling
of Vary: * in UpdateCacheMiddleware (bsc#1264152)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-234=1

Package List:

- openSUSE Leap 16.0:

python313-Django-5.2.4-bp160.8.1

References:

* https://www.suse.com/security/cve/CVE-2026-35192.html
* https://www.suse.com/security/cve/CVE-2026-5766.html
* https://www.suse.com/security/cve/CVE-2026-6907.html



openSUSE-SU-2026:20697-1: low: Security update for cairo


openSUSE security update: security update for cairo
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20697-1
Rating: low
References:

* bsc#1247589

Cross-References:

* CVE-2025-50422

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for cairo fixes the following issue:

- CVE-2025-50422: Poppler crash on malformed input (bsc#1247589).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-716=1

Package List:

- openSUSE Leap 16.0:

cairo-devel-1.18.4-160000.3.1
cairo-tools-1.18.4-160000.3.1
libcairo-gobject2-1.18.4-160000.3.1
libcairo-script-interpreter2-1.18.4-160000.3.1
libcairo2-1.18.4-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-50422.html



openSUSE-SU-2026:20692-1: moderate: Security update for python-pytest


openSUSE security update: security update for python-pytest
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20692-1
Rating: moderate
References:

* bsc#1257090

Cross-References:

* CVE-2025-71176

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for python-pytest fixes the following issue:

- CVE-2025-71176: a TOCTOU race condition can cause a denial of service or possibly gain privileges (bsc#1257090).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-711=1

Package List:

- openSUSE Leap 16.0:

python313-pytest-8.3.5-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-71176.html



openSUSE-SU-2026:20688-1: moderate: Security update for Mesa


openSUSE security update: security update for mesa
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20688-1
Rating: moderate
References:

* bsc#1261911
* bsc#1261998

Cross-References:

* CVE-2026-40393

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has 2 bug fixes can now be installed.

Description:

This update for Mesa fixes the following issue:

- CVE-2026-40393: out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party (bsc#1261998).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-707=1

Package List:

- openSUSE Leap 16.0:

Mesa-24.3.3-160000.3.1
Mesa-KHR-devel-24.3.3-160000.3.1
Mesa-devel-24.3.3-160000.3.1
Mesa-dri-24.3.3-160000.3.1
Mesa-dri-devel-24.3.3-160000.3.1
Mesa-dri-nouveau-24.3.3-160000.3.1
Mesa-dri-vc4-24.3.3-160000.3.1
Mesa-gallium-24.3.3-160000.3.1
Mesa-libEGL-devel-24.3.3-160000.3.1
Mesa-libEGL1-24.3.3-160000.3.1
Mesa-libGL-devel-24.3.3-160000.3.1
Mesa-libGL1-24.3.3-160000.3.1
Mesa-libGLESv1_CM-devel-24.3.3-160000.3.1
Mesa-libGLESv2-devel-24.3.3-160000.3.1
Mesa-libGLESv3-devel-24.3.3-160000.3.1
Mesa-libOpenCL-24.3.3-160000.3.1
Mesa-libRusticlOpenCL-24.3.3-160000.3.1
Mesa-libd3d-24.3.3-160000.3.1
Mesa-libd3d-devel-24.3.3-160000.3.1
Mesa-libglapi-devel-24.3.3-160000.3.1
Mesa-libglapi0-24.3.3-160000.3.1
Mesa-libva-24.3.3-160000.3.1
Mesa-vulkan-device-select-24.3.3-160000.3.1
Mesa-vulkan-overlay-24.3.3-160000.3.1
libOSMesa-devel-24.3.3-160000.3.1
libOSMesa8-24.3.3-160000.3.1
libgbm-devel-24.3.3-160000.3.1
libgbm1-24.3.3-160000.3.1
libvdpau_d3d12-24.3.3-160000.3.1
libvdpau_nouveau-24.3.3-160000.3.1
libvdpau_r600-24.3.3-160000.3.1
libvdpau_radeonsi-24.3.3-160000.3.1
libvdpau_virtio_gpu-24.3.3-160000.3.1
libvulkan_broadcom-24.3.3-160000.3.1
libvulkan_freedreno-24.3.3-160000.3.1
libvulkan_intel-24.3.3-160000.3.1
libvulkan_lvp-24.3.3-160000.3.1
libvulkan_radeon-24.3.3-160000.3.1
libxatracker-devel-1.0.0-160000.3.1
libxatracker2-1.0.0-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-40393.html



openSUSE-SU-2026:20685-1: important: Security update for wireshark


openSUSE security update: security update for wireshark
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20685-1
Rating: important
References:

* bsc#1258907
* bsc#1258909
* bsc#1263726
* bsc#1263728
* bsc#1263729
* bsc#1263731
* bsc#1263732
* bsc#1263733
* bsc#1263734
* bsc#1263735
* bsc#1263736
* bsc#1263737
* bsc#1263739
* bsc#1263741
* bsc#1263742
* bsc#1263743
* bsc#1263744
* bsc#1263745
* bsc#1263746
* bsc#1263747
* bsc#1263749
* bsc#1263750
* bsc#1263751
* bsc#1263752
* bsc#1263753
* bsc#1263754
* bsc#1263756
* bsc#1263757
* bsc#1263762
* bsc#1263765
* bsc#1263766
* bsc#1263767
* bsc#1263809

Cross-References:

* CVE-2026-3201
* CVE-2026-3203
* CVE-2026-5299
* CVE-2026-5401
* CVE-2026-5403
* CVE-2026-5404
* CVE-2026-5405
* CVE-2026-5406
* CVE-2026-5407
* CVE-2026-5408
* CVE-2026-5409
* CVE-2026-5653
* CVE-2026-5654
* CVE-2026-5656
* CVE-2026-5657
* CVE-2026-6519
* CVE-2026-6520
* CVE-2026-6521
* CVE-2026-6522
* CVE-2026-6523
* CVE-2026-6524
* CVE-2026-6527
* CVE-2026-6529
* CVE-2026-6530
* CVE-2026-6531
* CVE-2026-6532
* CVE-2026-6533
* CVE-2026-6534
* CVE-2026-6535
* CVE-2026-6537
* CVE-2026-6538
* CVE-2026-6868
* CVE-2026-6869

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 33 vulnerabilities and has 33 bug fixes can now be installed.

Description:

This update for wireshark fixes the following issues

- CVE-2026-3201: missing limit checks in USB HID protocol dissector's `parse_report_descriptor` function can lead to
memory exhaustion (bsc#1258907).
- CVE-2026-3203: missing length checks in the RF4CE Profile protocol dissector can lead to illegal memory access and
crash (bsc#1258909).
- CVE-2026-5299: ICMPv6 dissector crash (bsc#1263757).
- CVE-2026-5401: AFP dissector crash (bsc#1263756).
- CVE-2026-5403: SBC audio codec crash (bsc#1263765).
- CVE-2026-5404: K12 RF5 file parser crash (bsc#1263766).
- CVE-2026-5405: RDP dissector crash (bsc#1263767).
- CVE-2026-5406: FC-SWILS dissector crash (bsc#1263754).
- CVE-2026-5407: SMB2 dissector infinite loop (bsc#1263753).
- CVE-2026-5408: BT-DHT dissector crash (bsc#1263752).
- CVE-2026-5409: Monero dissector crash (bsc#1263751).
- CVE-2026-5653: DCP-ETSI dissector crash (bsc#1263750).
- CVE-2026-5654: AMR-NB audio codec crash (bsc#1263749).
- CVE-2026-5656: Profile import crash and possible code execution (bsc#1263809).
- CVE-2026-5657: iLBC audio codec crash (bsc#1263747).
- CVE-2026-6519: MBIM protocol dissector infinite loop (bsc#1263746).
- CVE-2026-6520: OpenFlow v6 protocol dissector infinite loop (bsc#1263745).
- CVE-2026-6521: OpenFlow v5 protocol dissector infinite loops (bsc#1263744).
- CVE-2026-6522: RPKI-Router protocol dissector infinite loop (bsc#1263743).
- CVE-2026-6523: GNW protocol dissector infinite loop (bsc#1263742).
- CVE-2026-6524: MySQL protocol dissector crash (bsc#1263741).
- CVE-2026-6527: ASN.1 PER dissector crash (bsc#1263739).
- CVE-2026-6529: iLBC audio codec crash (bsc#1263737).
- CVE-2026-6530: DCP-ETSI protocol dissector crash (bsc#1263736).
- CVE-2026-6531: SANE protocol dissector infinite loop (bsc#1263735).
- CVE-2026-6532: Kismet protocol dissector crash (bsc#1263734).
- CVE-2026-6533: Dissection engine LZ77 decompression crash (bsc#1263733).
- CVE-2026-6534: USB HID dissector infinite loop (bsc#1263732).
- CVE-2026-6535: Dissection engine zlib decompression crash (bsc#1263731).
- CVE-2026-6537: ZigBee dissector crash (bsc#1263729).
- CVE-2026-6538: BEEP dissector crash (bsc#1263728).
- CVE-2026-6868: HTTP protocol dissector crash (bsc#1263762).
- CVE-2026-6869: WebSocket protocol dissector crash (bsc#1263726).

Changes for wireshark:

- Updated to 4.4.15

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-702=1

Package List:

- openSUSE Leap 16.0:

libwireshark18-4.4.15-160000.1.1
libwiretap15-4.4.15-160000.1.1
libwsutil16-4.4.15-160000.1.1
wireshark-4.4.15-160000.1.1
wireshark-devel-4.4.15-160000.1.1
wireshark-ui-qt-4.4.15-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-3201.html
* https://www.suse.com/security/cve/CVE-2026-3203.html
* https://www.suse.com/security/cve/CVE-2026-5299.html
* https://www.suse.com/security/cve/CVE-2026-5401.html
* https://www.suse.com/security/cve/CVE-2026-5403.html
* https://www.suse.com/security/cve/CVE-2026-5404.html
* https://www.suse.com/security/cve/CVE-2026-5405.html
* https://www.suse.com/security/cve/CVE-2026-5406.html
* https://www.suse.com/security/cve/CVE-2026-5407.html
* https://www.suse.com/security/cve/CVE-2026-5408.html
* https://www.suse.com/security/cve/CVE-2026-5409.html
* https://www.suse.com/security/cve/CVE-2026-5653.html
* https://www.suse.com/security/cve/CVE-2026-5654.html
* https://www.suse.com/security/cve/CVE-2026-5656.html
* https://www.suse.com/security/cve/CVE-2026-5657.html
* https://www.suse.com/security/cve/CVE-2026-6519.html
* https://www.suse.com/security/cve/CVE-2026-6520.html
* https://www.suse.com/security/cve/CVE-2026-6521.html
* https://www.suse.com/security/cve/CVE-2026-6522.html
* https://www.suse.com/security/cve/CVE-2026-6523.html
* https://www.suse.com/security/cve/CVE-2026-6524.html
* https://www.suse.com/security/cve/CVE-2026-6527.html
* https://www.suse.com/security/cve/CVE-2026-6529.html
* https://www.suse.com/security/cve/CVE-2026-6530.html
* https://www.suse.com/security/cve/CVE-2026-6531.html
* https://www.suse.com/security/cve/CVE-2026-6532.html
* https://www.suse.com/security/cve/CVE-2026-6533.html
* https://www.suse.com/security/cve/CVE-2026-6534.html
* https://www.suse.com/security/cve/CVE-2026-6535.html
* https://www.suse.com/security/cve/CVE-2026-6537.html
* https://www.suse.com/security/cve/CVE-2026-6538.html
* https://www.suse.com/security/cve/CVE-2026-6868.html
* https://www.suse.com/security/cve/CVE-2026-6869.html



SUSE-SU-2026:1776-1: important: Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP6)


# Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:1776-1
Release Date: 2026-05-08T12:33:55Z
Rating: important
References:

* bsc#1252048
* bsc#1258005
* bsc#1258073
* bsc#1258655
* bsc#1259126
* bsc#1263689

Cross-References:

* CVE-2025-38375
* CVE-2025-39977
* CVE-2025-71066
* CVE-2026-23004
* CVE-2026-23204
* CVE-2026-31431

CVSS scores:

* CVE-2025-38375 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39977 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23004 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23204 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.50 fixes
various security issues

The following security issues were fixed:

* CVE-2025-38375: virtio-net: ensure the received length does not exceed
allocated size (bsc#1258073).
* CVE-2025-39977: futex: Prevent use-after-free during requeue-PI
(bsc#1252048).
* CVE-2025-71066: net/sched: ets: Always remove class from active list before
deleting in ets_qdisc_change (bsc#1258005).
* CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and
rt_del_uncached_list() (bsc#1258655).
* CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful()
(bsc#1259126).
* CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place
(bsc#1263689).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1776=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1776=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1774=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1774=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-16-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-16-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-16-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-16-150400.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-16-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_11-debugsource-16-150600.2.1
* kernel-livepatch-6_4_0-150600_23_50-default-16-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-16-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_11-debugsource-16-150600.2.1
* kernel-livepatch-6_4_0-150600_23_50-default-16-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38375.html
* https://www.suse.com/security/cve/CVE-2025-39977.html
* https://www.suse.com/security/cve/CVE-2025-71066.html
* https://www.suse.com/security/cve/CVE-2026-23004.html
* https://www.suse.com/security/cve/CVE-2026-23204.html
* https://www.suse.com/security/cve/CVE-2026-31431.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252048
* https://bugzilla.suse.com/show_bug.cgi?id=1258005
* https://bugzilla.suse.com/show_bug.cgi?id=1258073
* https://bugzilla.suse.com/show_bug.cgi?id=1258655
* https://bugzilla.suse.com/show_bug.cgi?id=1259126
* https://bugzilla.suse.com/show_bug.cgi?id=1263689



SUSE-SU-2026:1761-1: important: Security update for nginx


# Security update for nginx

Announcement ID: SUSE-SU-2026:1761-1
Release Date: 2026-05-08T08:58:17Z
Rating: important
References:

* bsc#1257675
* bsc#1260416
* bsc#1260417
* bsc#1260418

Cross-References:

* CVE-2026-1642
* CVE-2026-27654
* CVE-2026-27784
* CVE-2026-28753

CVSS scores:

* CVE-2026-1642 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-1642 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-1642 ( NVD ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-1642 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-27654 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-27654 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-27654 ( NVD ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-27654 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-27784 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-27784 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-27784 ( NVD ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-27784 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-27784 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-28753 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-28753 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-28753 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-28753 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products:

* openSUSE Leap 15.6
* Server Applications Module 15-SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves four vulnerabilities can now be installed.

## Description:

This update for nginx fixes the following issues:

* CVE-2026-1642: plain text data injection into the response from an upstream
proxied server via MITM attack (bsc#1257675).
* CVE-2026-27654: buffer overflow in the NGINX worker process via the
`ngx_http_dav_module` module (bsc#1260416).
* CVE-2026-27784: NGINX worker memory overread or overwrite via a specially
crafted MP4 file (bsc#1260417).
* CVE-2026-28753: arbitrary header injection into SMTP upstream requests via
attacker-controlled DNS server (bsc#1260418).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1761=1

* Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1761=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1761=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1761=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* nginx-debugsource-1.21.5-150600.10.15.1
* nginx-debuginfo-1.21.5-150600.10.15.1
* nginx-1.21.5-150600.10.15.1
* openSUSE Leap 15.6 (noarch)
* nginx-source-1.21.5-150600.10.15.1
* Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* nginx-debugsource-1.21.5-150600.10.15.1
* nginx-debuginfo-1.21.5-150600.10.15.1
* nginx-1.21.5-150600.10.15.1
* Server Applications Module 15-SP7 (noarch)
* nginx-source-1.21.5-150600.10.15.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* nginx-debugsource-1.21.5-150600.10.15.1
* nginx-debuginfo-1.21.5-150600.10.15.1
* nginx-1.21.5-150600.10.15.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* nginx-source-1.21.5-150600.10.15.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* nginx-debugsource-1.21.5-150600.10.15.1
* nginx-debuginfo-1.21.5-150600.10.15.1
* nginx-1.21.5-150600.10.15.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* nginx-source-1.21.5-150600.10.15.1

## References:

* https://www.suse.com/security/cve/CVE-2026-1642.html
* https://www.suse.com/security/cve/CVE-2026-27654.html
* https://www.suse.com/security/cve/CVE-2026-27784.html
* https://www.suse.com/security/cve/CVE-2026-28753.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257675
* https://bugzilla.suse.com/show_bug.cgi?id=1260416
* https://bugzilla.suse.com/show_bug.cgi?id=1260417
* https://bugzilla.suse.com/show_bug.cgi?id=1260418



SUSE-SU-2026:1768-1: important: Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:1768-1
Release Date: 2026-05-08T11:05:01Z
Rating: important
References:

* bsc#1252048
* bsc#1258073
* bsc#1258655
* bsc#1259126
* bsc#1263689

Cross-References:

* CVE-2025-38375
* CVE-2025-39977
* CVE-2026-23004
* CVE-2026-23204
* CVE-2026-31431

CVSS scores:

* CVE-2025-38375 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39977 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23004 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23204 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.167 fixes
various security issues

The following security issues were fixed:

* CVE-2025-38375: virtio-net: ensure the received length does not exceed
allocated size (bsc#1258073).
* CVE-2025-39977: futex: Prevent use-after-free during requeue-PI
(bsc#1252048).
* CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and
rt_del_uncached_list() (bsc#1258655).
* CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful()
(bsc#1259126).
* CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place
(bsc#1263689).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1768=1 SUSE-2026-1769=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1768=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2026-1769=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_161-default-18-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-17-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_39-debugsource-18-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-18-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-17-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-17-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_161-default-18-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-17-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_39-debugsource-18-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-18-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-17-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-17-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38375.html
* https://www.suse.com/security/cve/CVE-2025-39977.html
* https://www.suse.com/security/cve/CVE-2026-23004.html
* https://www.suse.com/security/cve/CVE-2026-23204.html
* https://www.suse.com/security/cve/CVE-2026-31431.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252048
* https://bugzilla.suse.com/show_bug.cgi?id=1258073
* https://bugzilla.suse.com/show_bug.cgi?id=1258655
* https://bugzilla.suse.com/show_bug.cgi?id=1259126
* https://bugzilla.suse.com/show_bug.cgi?id=1263689



SUSE-SU-2026:1771-1: important: Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP6)


# Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:1771-1
Release Date: 2026-05-08T11:05:28Z
Rating: important
References:

* bsc#1252048
* bsc#1258005
* bsc#1258073
* bsc#1258655
* bsc#1259126
* bsc#1263689

Cross-References:

* CVE-2025-38375
* CVE-2025-39977
* CVE-2025-71066
* CVE-2026-23004
* CVE-2026-23204
* CVE-2026-31431

CVSS scores:

* CVE-2025-38375 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39977 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23004 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23204 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.53 fixes
various security issues

The following security issues were fixed:

* CVE-2025-38375: virtio-net: ensure the received length does not exceed
allocated size (bsc#1258073).
* CVE-2025-39977: futex: Prevent use-after-free during requeue-PI
(bsc#1252048).
* CVE-2025-71066: net/sched: ets: Always remove class from active list before
deleting in ets_qdisc_change (bsc#1258005).
* CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and
rt_del_uncached_list() (bsc#1258655).
* CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful()
(bsc#1259126).
* CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place
(bsc#1263689).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1771=1 SUSE-2026-1772=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1771=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2026-1772=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-17-150600.2.1
* kernel-livepatch-6_4_0-150600_23_47-default-17-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-16-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_10-debugsource-17-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-16-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-16-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-17-150600.2.1
* kernel-livepatch-6_4_0-150600_23_47-default-17-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-16-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_10-debugsource-17-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-16-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-16-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38375.html
* https://www.suse.com/security/cve/CVE-2025-39977.html
* https://www.suse.com/security/cve/CVE-2025-71066.html
* https://www.suse.com/security/cve/CVE-2026-23004.html
* https://www.suse.com/security/cve/CVE-2026-23204.html
* https://www.suse.com/security/cve/CVE-2026-31431.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252048
* https://bugzilla.suse.com/show_bug.cgi?id=1258005
* https://bugzilla.suse.com/show_bug.cgi?id=1258073
* https://bugzilla.suse.com/show_bug.cgi?id=1258655
* https://bugzilla.suse.com/show_bug.cgi?id=1259126
* https://bugzilla.suse.com/show_bug.cgi?id=1263689



SUSE-SU-2026:1770-1: important: Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5)


# Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:1770-1
Release Date: 2026-05-08T11:05:12Z
Rating: important
References:

* bsc#1258005
* bsc#1258073
* bsc#1258655
* bsc#1259126
* bsc#1263689

Cross-References:

* CVE-2025-38375
* CVE-2025-71066
* CVE-2026-23004
* CVE-2026-23204
* CVE-2026-31431

CVSS scores:

* CVE-2025-38375 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23004 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23204 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.133 fixes
various security issues

The following security issues were fixed:

* CVE-2025-38375: virtio-net: ensure the received length does not exceed
allocated size (bsc#1258073).
* CVE-2025-71066: net/sched: ets: Always remove class from active list before
deleting in ets_qdisc_change (bsc#1258005).
* CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and
rt_del_uncached_list() (bsc#1258655).
* CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful()
(bsc#1259126).
* CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place
(bsc#1263689).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1770=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1770=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-6-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_34-debugsource-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_133-default-6-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-6-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_34-debugsource-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_133-default-6-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38375.html
* https://www.suse.com/security/cve/CVE-2025-71066.html
* https://www.suse.com/security/cve/CVE-2026-23004.html
* https://www.suse.com/security/cve/CVE-2026-23204.html
* https://www.suse.com/security/cve/CVE-2026-31431.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258005
* https://bugzilla.suse.com/show_bug.cgi?id=1258073
* https://bugzilla.suse.com/show_bug.cgi?id=1258655
* https://bugzilla.suse.com/show_bug.cgi?id=1259126
* https://bugzilla.suse.com/show_bug.cgi?id=1263689



openSUSE-SU-2026:10707-1: moderate: postfix-3.11.2-1.1 on GA media


# postfix-3.11.2-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10707-1
Rating: moderate

Cross-References:

* CVE-2026-43964

CVSS scores:

* CVE-2026-43964 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-43964 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the postfix-3.11.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* postfix 3.11.2-1.1
* postfix-devel 3.11.2-1.1
* postfix-doc 3.11.2-1.1
* postfix-ldap 3.11.2-1.1
* postfix-mysql 3.11.2-1.1
* postfix-postgresql 3.11.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-43964.html



openSUSE-SU-2026:10706-1: moderate: podman-5.8.2-1.1 on GA media


# podman-5.8.2-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10706-1
Rating: moderate

Cross-References:

* CVE-2026-33414

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the podman-5.8.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* podman 5.8.2-1.1
* podman-docker 5.8.2-1.1
* podman-remote 5.8.2-1.1
* podmansh 5.8.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33414.html



openSUSE-SU-2026:10705-1: moderate: libpcp-devel-6.3.8-1.1 on GA media


# libpcp-devel-6.3.8-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10705-1
Rating: moderate

Cross-References:

* CVE-2024-45769
* CVE-2024-45770

CVSS scores:

* CVE-2024-45769 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-45769 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-45770 ( SUSE ): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-45770 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the libpcp-devel-6.3.8-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libpcp-devel 6.3.8-1.1
* libpcp3 6.3.8-1.1
* libpcp_gui2 6.3.8-1.1
* libpcp_import1 6.3.8-1.1
* libpcp_mmv1 6.3.8-1.1
* libpcp_trace2 6.3.8-1.1
* libpcp_web1 6.3.8-1.1
* pcp 6.3.8-1.1
* pcp-conf 6.3.8-1.1
* pcp-devel 6.3.8-1.1
* pcp-doc 6.3.8-1.1
* pcp-export-pcp2elasticsearch 6.3.8-1.1
* pcp-export-pcp2graphite 6.3.8-1.1
* pcp-export-pcp2influxdb 6.3.8-1.1
* pcp-export-pcp2json 6.3.8-1.1
* pcp-export-pcp2spark 6.3.8-1.1
* pcp-export-pcp2xml 6.3.8-1.1
* pcp-export-pcp2zabbix 6.3.8-1.1
* pcp-gui 6.3.8-1.1
* pcp-import-collectl2pcp 6.3.8-1.1
* pcp-import-ganglia2pcp 6.3.8-1.1
* pcp-import-iostat2pcp 6.3.8-1.1
* pcp-import-mrtg2pcp 6.3.8-1.1
* pcp-import-sar2pcp 6.3.8-1.1
* pcp-import-sheet2pcp 6.3.8-1.1
* pcp-pmda-activemq 6.3.8-1.1
* pcp-pmda-amdgpu 6.3.8-1.1
* pcp-pmda-apache 6.3.8-1.1
* pcp-pmda-bash 6.3.8-1.1
* pcp-pmda-bonding 6.3.8-1.1
* pcp-pmda-cifs 6.3.8-1.1
* pcp-pmda-cisco 6.3.8-1.1
* pcp-pmda-dbping 6.3.8-1.1
* pcp-pmda-dm 6.3.8-1.1
* pcp-pmda-docker 6.3.8-1.1
* pcp-pmda-ds389 6.3.8-1.1
* pcp-pmda-ds389log 6.3.8-1.1
* pcp-pmda-elasticsearch 6.3.8-1.1
* pcp-pmda-gfs2 6.3.8-1.1
* pcp-pmda-gluster 6.3.8-1.1
* pcp-pmda-gpfs 6.3.8-1.1
* pcp-pmda-gpsd 6.3.8-1.1
* pcp-pmda-hacluster 6.3.8-1.1
* pcp-pmda-haproxy 6.3.8-1.1
* pcp-pmda-infiniband 6.3.8-1.1
* pcp-pmda-json 6.3.8-1.1
* pcp-pmda-lio 6.3.8-1.1
* pcp-pmda-lmsensors 6.3.8-1.1
* pcp-pmda-logger 6.3.8-1.1
* pcp-pmda-lustre 6.3.8-1.1
* pcp-pmda-lustrecomm 6.3.8-1.1
* pcp-pmda-mailq 6.3.8-1.1
* pcp-pmda-memcache 6.3.8-1.1
* pcp-pmda-mic 6.3.8-1.1
* pcp-pmda-mounts 6.3.8-1.1
* pcp-pmda-mysql 6.3.8-1.1
* pcp-pmda-named 6.3.8-1.1
* pcp-pmda-netcheck 6.3.8-1.1
* pcp-pmda-netfilter 6.3.8-1.1
* pcp-pmda-news 6.3.8-1.1
* pcp-pmda-nfsclient 6.3.8-1.1
* pcp-pmda-nginx 6.3.8-1.1
* pcp-pmda-nutcracker 6.3.8-1.1
* pcp-pmda-nvidia-gpu 6.3.8-1.1
* pcp-pmda-openmetrics 6.3.8-1.1
* pcp-pmda-openvswitch 6.3.8-1.1
* pcp-pmda-oracle 6.3.8-1.1
* pcp-pmda-pdns 6.3.8-1.1
* pcp-pmda-perfevent 6.3.8-1.1
* pcp-pmda-postfix 6.3.8-1.1
* pcp-pmda-rabbitmq 6.3.8-1.1
* pcp-pmda-redis 6.3.8-1.1
* pcp-pmda-resctrl 6.3.8-1.1
* pcp-pmda-roomtemp 6.3.8-1.1
* pcp-pmda-rsyslog 6.3.8-1.1
* pcp-pmda-samba 6.3.8-1.1
* pcp-pmda-sendmail 6.3.8-1.1
* pcp-pmda-shping 6.3.8-1.1
* pcp-pmda-slurm 6.3.8-1.1
* pcp-pmda-smart 6.3.8-1.1
* pcp-pmda-snmp 6.3.8-1.1
* pcp-pmda-sockets 6.3.8-1.1
* pcp-pmda-summary 6.3.8-1.1
* pcp-pmda-systemd 6.3.8-1.1
* pcp-pmda-trace 6.3.8-1.1
* pcp-pmda-unbound 6.3.8-1.1
* pcp-pmda-uwsgi 6.3.8-1.1
* pcp-pmda-weblog 6.3.8-1.1
* pcp-pmda-zimbra 6.3.8-1.1
* pcp-pmda-zswap 6.3.8-1.1
* pcp-selinux 6.3.8-1.1
* pcp-system-tools 6.3.8-1.1
* pcp-testsuite 6.3.8-1.1
* pcp-zeroconf 6.3.8-1.1
* perl-PCP-LogImport 6.3.8-1.1
* perl-PCP-LogSummary 6.3.8-1.1
* perl-PCP-MMV 6.3.8-1.1
* perl-PCP-PMDA 6.3.8-1.1
* python3-pcp 6.3.8-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-45769.html
* https://www.suse.com/security/cve/CVE-2024-45770.html



openSUSE-SU-2026:10704-1: moderate: micropython-1.28.0-2.1 on GA media


# micropython-1.28.0-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10704-1
Rating: moderate

Cross-References:

* CVE-2024-8947

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the micropython-1.28.0-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* micropython 1.28.0-2.1
* mpremote 1.28.0-2.1
* mpy-tools 1.28.0-2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-8947.html


Firefox, PHP, Libpng-Error, Kernel, Thunderbird updates for Slackware

Lua and NASM updates for Ubuntu Linux

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...