SUSE has distributed a large collection of important and moderate security patches across openSUSE Leap, Tumbleweed, and SLE platforms to protect dozens of widely deployed software packages. These releases patch more than fifty separate vulnerabilities that affect foundational components including OpenSSL, Java OpenJ9 runtimes, Chromium drivers, and several Python modules. System administrators must apply these updates promptly to close dangerous attack surfaces related to heap buffer overflows, privilege escalation pathways, and remote execution flaws. Beyond the critical security hardening, the packages also deliver routine dependency refreshes and stability corrections for utilities like restic, cyrus-imapd, trivy, and GraphicsMagick.

openSUSE-SU-2026:0206-1: important: Security update for restic
openSUSE-SU-2026:0204-1: important: Security update for cyrus-imapd
openSUSE-SU-2026:0208-1: important: Security update for java-17-openj9
openSUSE-SU-2026:0205-1: important: Security update for cheat
openSUSE-SU-2026:0207-1: important: Security update for java-11-openj9
openSUSE-SU-2026:11027-1: moderate: python311-tornado6-6.5.7-1.1 on GA media
openSUSE-SU-2026:11028-1: moderate: librav1e0_8-0.8.1-2.1 on GA media
openSUSE-SU-2026:11026-1: moderate: python311-starlette-1.2.0-1.1 on GA media
openSUSE-SU-2026:11025-1: moderate: python311-paramiko-5.0.0-1.1 on GA media
openSUSE-SU-2026:11024-1: moderate: python311-PyJWT-2.13.0-1.1 on GA media
openSUSE-SU-2026:11021-1: moderate: kitty-0.47.3-1.1 on GA media
openSUSE-SU-2026:11029-1: moderate: chromedriver-149.0.7827.114-1.1 on GA media
openSUSE-SU-2026:11023-1: moderate: libopenssl-3-devel-3.5.3-6.1 on GA media
openSUSE-SU-2026:11022-1: moderate: opensc-0.27.1-2.1 on GA media
openSUSE-SU-2026:11020-1: moderate: freeipmi-1.6.18-1.1 on GA media
SUSE-SU-2026:2393-1: important: Security update for openssl-3
openSUSE-SU-2026:20963-1: important: Security update for neonmodem
openSUSE-SU-2026:20962-1: important: Security update for cyrus-imapd
openSUSE-SU-2026:20956-1: important: Security update for trivy
openSUSE-SU-2026:20961-1: moderate: Security update for GraphicsMagick
openSUSE-SU-2026:20952-1: moderate: Security update for python-python-dotenv
SUSE-SU-2026:2397-1: important: Security update for openssl-3

openSUSE-SU-2026:0206-1: important: Security update for restic

openSUSE Security Update: Security update for restic
_______________________________

Announcement ID: openSUSE-SU-2026:0206-1
Rating: important
References: #1240262 #1265915 #1266211 #1266795
Cross-References: CVE-2026-33814
CVSS scores:
CVE-2026-33814 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that solves one vulnerability and has three fixes
is now available.

Description:

This update for restic fixes the following issues:

Update to 0.19.0 (boo#1266795 boo#1266211):

For all the details see:
https://github.com/restic/restic/releases/tag/v0.19.0

- Fix #2034: Support serving a restic mount of a Windows system via Samba
- Fix #4447: Use mode 0700 for repository directories created
over SFTP
- Fix #4467: Exit with code 3 when some backup source paths do not exist
- Fix #4759: Error out when environment variables hold invalid values
- Fix #5233: Return exit code 3 when failing to remove snapshots
- Fix #5258: Exit with code 130 on SIGINT
- Fix #5280: Reject impossible find time bounds immediately
- Fix #5280: Make find --pack list blobs for tree packs
- Fix #5354: Allow rclone and sftp backends when running in background
- Fix #5427: Correctly restore ACL inheritance state on Windows
- Fix #5477: Password prompt was sometimes not shown for backup
-v
- Fix #5487: Mark repository files read-only when using the SFTP backend
- Fix #5586: Correctly handle snapshots --group-by with --latest
- Fix #5595: Avoid spurious chmod errors on certain file backends
- Fix #5683: Prevent backup --stdin-from-command from hanging
- Fix #5757: Respect --user and --host in key passwd
- Fix #21820: Correct handling of duplicate index entries
- Fix #21820: Correctly handle pack files missing from the index
- Chg #5293: Prune small packfiles more aggressively
- Chg #5767: Prevent excluding paths explicitly passed to backup
- Chg #21791: Update dependencies and require Go 1.25 or newer
- Enh #3326: Limit check to snapshots selected by filters
- Enh #3572: Support restoring ownership by name on UNIX systems
- Enh #3738: Optional GitHub token for self-update API requests
- Enh #4278: Support include filters in the rewrite command
- Enh #4728: Support zstd compression levels fastest and better
- Enh #4868: Include repository ID in the filesystem name used by mount
- Enh #5175: Add status counters to copy in verbose text output
- Enh #5352: Support excluding cloud-backed files on macOS
- Enh #5383: Reduce progress bar refresh rates to decrease energy usage
- Enh #5424: Enable Windows filesystem privileges before file access
- Enh #5440: Make --host override environment variable RESTIC_HOST
- Enh #5448: Support configuring nice and ionice in the Docker image
- Enh #5453: Copy multiple snapshots in batches
- Enh #5523: Add Open Container Initiative labels to release Docker image
- Enh #5531: Reduce Azure storage costs by optimizing uploads
- Enh #5562: Rewrite only changed status lines each frame
- Enh #5588: Show timezone context in snapshots output
- Enh #5610: Reduce check, copy, diff and stats memory usage
- Enh #5689: Show more detailed progress for stats
- Enh #5713: Significantly speed up index loading
- Enh #5718: Stricter and earlier validation of the mount point
- refresh disable-selfupdate.patch

- Update golang.org/x/net to 0.53.0 (boo#1265915 CVE-2026-33814)

- Add fuse recommends as it's needed for mounting restic snapshots and
should as such be part of the package.

update to 0.18.1:

- Fix #5324: Correctly handle backup --stdin-filename with directory
paths
- Fix #5325: Accept RESTIC_HOST environment variable in forget command
- Fix #5342: Ignore "chmod not supported" errors when writing files
- Fix #5344: Ignore EOPNOTSUPP errors for extended attributes
- Fix #5421: Fix rare crash if directory is removed during backup
- Fix #5429: Stop retrying uploads when rest-server runs out of space
- Fix #5467: Improve handling of download retries in check command all
details at https://github.com/restic/restic/releases/tag/v0.18.1

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-206=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le x86_64):

restic-0.19.0-bp157.2.3.1

- openSUSE Backports SLE-15-SP7 (noarch):

restic-bash-completion-0.19.0-bp157.2.3.1
restic-zsh-completion-0.19.0-bp157.2.3.1

References:

https://www.suse.com/security/cve/CVE-2026-33814.html
https://bugzilla.suse.com/1240262
https://bugzilla.suse.com/1265915
https://bugzilla.suse.com/1266211
https://bugzilla.suse.com/1266795

openSUSE-SU-2026:0204-1: important: Security update for cyrus-imapd

openSUSE Security Update: Security update for cyrus-imapd
_______________________________

Announcement ID: openSUSE-SU-2026:0204-1
Rating: important
References: #1241536 #1241543 #1246165 #1251788
Cross-References: CVE-2025-23394 CVE-2025-49812
CVSS scores:
CVE-2025-49812 (SUSE): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that solves two vulnerabilities and has two fixes
is now available.

Description:

This update for cyrus-imapd fixes the following issues:

- Adapt license

- cyrus-imapd don't start because of missing "Requires=var-run.mount" from
systemd (boo#1251788) Remove var-run.mount from Requires and After

- update to version 3.8.6 (bugfix release) VUL-0: CVE-2025-49812:
cyrus-imapd: Opossum Attack Application Layer Desynchronization using
Opportunistic TLS (boo#1246165) The industry is deprecating STARTTLS
(aka opportunistic TLS) in favor of implicit TLS over a dedicated port.
STARTTLS is now disabled by default.
* Fixed issue #5477: master: tighten up pidfile/etc handling
(boo#1241543) VUL-0: cyrus-imapd: privilege drop happens too late,
opening attack vectors from cyrus to root
* Fixed issue #5450: fix zoneinfo_db code for GCC 15 (thanks Yadd)
* Fixed issue #5309: deadlock on shutdown (thanks Mark Cammidge)
* Fixed issue #5424: recognise service-specific SASL options in
``cyr_info conf-lint``
* Fixed issue #5420: fix double-free in http_admin (thanks Wolfgang
Breyha)
* Fixed issue #5460: pop3d: add basic prometheus support (thanks
Wolfgang Breyha)
* Fixed issue #5454: httpd fails to parse OpenSSL version for status
string

- update to version 3.8.5 (bugfix release)
* Fixed Issue #5029: check for unexpected extra tiny-tests directories
* Fixed Issue #5148: added --enable-release-checks configure option for
use when building releases
* Fixed Issue #4489: calendar-color "changes" namespace
* Fixed Issue #5009: various portability warnings and nits
* Fixed Issue #5050: iTIP line endings
* Fixed Issue #5052: iMIP line endings
* Fixed Issue #5072: http_cgi use after free
* Fixed Issue #5094: httpd crash when PROPFIND url is /dav/calendars
* Fixed Issue #5118: broken language checks for "zr-hant" and "sr-me"
* Fixed Issue #5047: proxying UID SEARCH
- rebased patches:

- CVE-2025-23394: cyrus-imapd: daily-backup.sh allows escalation from
cyrus to root (boo#1241536) Adapt backup-cyrus.service to run as user
cyrus:mail

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-204=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

cyradm-3.8.6-bp157.2.3.1
cyrus-imapd-3.8.6-bp157.2.3.1
cyrus-imapd-devel-3.8.6-bp157.2.3.1
cyrus-imapd-snmp-3.8.6-bp157.2.3.1
cyrus-imapd-snmp-mibs-3.8.6-bp157.2.3.1
cyrus-imapd-utils-3.8.6-bp157.2.3.1
libcyrus0-3.8.6-bp157.2.3.1
perl-Cyrus-Annotator-3.8.6-bp157.2.3.1
perl-Cyrus-IMAP-3.8.6-bp157.2.3.1
perl-Cyrus-SIEVE-managesieve-3.8.6-bp157.2.3.1

References:

https://www.suse.com/security/cve/CVE-2025-23394.html
https://www.suse.com/security/cve/CVE-2025-49812.html
https://bugzilla.suse.com/1241536
https://bugzilla.suse.com/1241543
https://bugzilla.suse.com/1246165
https://bugzilla.suse.com/1251788

openSUSE-SU-2026:0208-1: important: Security update for java-17-openj9

openSUSE Security Update: Security update for java-17-openj9
_______________________________

Announcement ID: openSUSE-SU-2026:0208-1
Rating: important
References: #1252414 #1252417 #1257034 #1257036 #1257037
#1257038 #1259118 #1262490 #1262494 #1262495
#1262496 #1262497 #1262500 #1262501 #1265261
#1267355 PED-14507
Cross-References: CVE-2025-53057 CVE-2025-53066 CVE-2026-1188
CVE-2026-21925 CVE-2026-21932 CVE-2026-21933
CVE-2026-21945 CVE-2026-22007 CVE-2026-22013
CVE-2026-22016 CVE-2026-22018 CVE-2026-22021
CVE-2026-23865 CVE-2026-34268 CVE-2026-34282

CVSS scores:
CVE-2025-53057 (SUSE): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
CVE-2025-53066 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVE-2026-1188 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2026-21925 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE-2026-21932 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
CVE-2026-21933 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2026-21945 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2026-22007 (SUSE): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CVE-2026-22013 (SUSE): 6 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVE-2026-22016 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVE-2026-22018 (SUSE): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CVE-2026-22021 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CVE-2026-23865 (SUSE): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
CVE-2026-34268 (SUSE): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CVE-2026-34282 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that solves 15 vulnerabilities, contains one
feature and has one errata is now available.

Description:

This update for java-17-openj9 fixes the following issues:

- Make post scripts less noisy (boo#1267355)

- Use libalternatives instead of update-alternatives for distributions
where libalternatives is available

- Update to OpenJDK 17.0.19 with OpenJ9 0.59.0 virtual machine
- Including Oracle April 2026 CPU changes
* CVE-2026-22007 (boo#1262490), CVE-2026-22013 (boo#1262494),
CVE-2026-22016 (boo#1262495), CVE-2026-22018 (boo#1262496),
CVE-2026-22021 (boo#1262497), CVE-2026-23865 (boo#1259118),
CVE-2026-34268 (boo#1262500), CVE-2026-34282 (boo#1262501)
- OpenJ9 specific security fix
* CVE-2026-1188 (boo#1265261)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.59/

- Update to OpenJDK 17.0.18 with OpenJ9 0.57.0 virtual machine
- Including Oracle January 2026 CPU changes
* CVE-2026-21925 (boo#1257034), CVE-2026-21932 (boo#1257036),
CVE-2026-21933 (boo#1257037), CVE-2026-21945 (boo#1257038)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.57/

- Do not depend on update-desktop-files (jsc#PED-14507)

- Update to OpenJDK 17.0.17 with OpenJ9 0.56.0 virtual machine
- Including Oracle October 2025 CPU changes
* CVE-2025-53057 (boo#1252414), CVE-2025-53066 (boo#1252417)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.56/

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-208=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64):

java-17-openj9-17.0.19.0-bp157.2.6.1
java-17-openj9-demo-17.0.19.0-bp157.2.6.1
java-17-openj9-devel-17.0.19.0-bp157.2.6.1
java-17-openj9-headless-17.0.19.0-bp157.2.6.1
java-17-openj9-jmods-17.0.19.0-bp157.2.6.1
java-17-openj9-src-17.0.19.0-bp157.2.6.1

- openSUSE Backports SLE-15-SP7 (noarch):

java-17-openj9-javadoc-17.0.19.0-bp157.2.6.1

References:

https://www.suse.com/security/cve/CVE-2025-53057.html
https://www.suse.com/security/cve/CVE-2025-53066.html
https://www.suse.com/security/cve/CVE-2026-1188.html
https://www.suse.com/security/cve/CVE-2026-21925.html
https://www.suse.com/security/cve/CVE-2026-21932.html
https://www.suse.com/security/cve/CVE-2026-21933.html
https://www.suse.com/security/cve/CVE-2026-21945.html
https://www.suse.com/security/cve/CVE-2026-22007.html
https://www.suse.com/security/cve/CVE-2026-22013.html
https://www.suse.com/security/cve/CVE-2026-22016.html
https://www.suse.com/security/cve/CVE-2026-22018.html
https://www.suse.com/security/cve/CVE-2026-22021.html
https://www.suse.com/security/cve/CVE-2026-23865.html
https://www.suse.com/security/cve/CVE-2026-34268.html
https://www.suse.com/security/cve/CVE-2026-34282.html
https://bugzilla.suse.com/1252414
https://bugzilla.suse.com/1252417
https://bugzilla.suse.com/1257034
https://bugzilla.suse.com/1257036
https://bugzilla.suse.com/1257037
https://bugzilla.suse.com/1257038
https://bugzilla.suse.com/1259118
https://bugzilla.suse.com/1262490
https://bugzilla.suse.com/1262494
https://bugzilla.suse.com/1262495
https://bugzilla.suse.com/1262496
https://bugzilla.suse.com/1262497
https://bugzilla.suse.com/1262500
https://bugzilla.suse.com/1262501
https://bugzilla.suse.com/1265261
https://bugzilla.suse.com/1267355

openSUSE-SU-2026:0205-1: important: Security update for cheat

openSUSE Security Update: Security update for cheat
_______________________________

Announcement ID: openSUSE-SU-2026:0205-1
Rating: important
References: #1264943 #1265539 #1266184 #1267330
Cross-References: CVE-2026-1229 CVE-2026-39827 CVE-2026-39828
CVE-2026-39829 CVE-2026-39830 CVE-2026-39831
CVE-2026-39832 CVE-2026-39833 CVE-2026-39834
CVE-2026-39835 CVE-2026-41506 CVE-2026-42508
CVE-2026-44740 CVE-2026-46595 CVE-2026-46597
CVE-2026-46598
CVSS scores:
CVE-2026-1229 (SUSE): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
CVE-2026-39827 (SUSE): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVE-2026-39828 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CVE-2026-39829 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVE-2026-39830 (SUSE): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVE-2026-39831 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CVE-2026-39832 (SUSE): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
CVE-2026-39833 (SUSE): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CVE-2026-39834 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVE-2026-39835 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVE-2026-41506 (SUSE): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVE-2026-42508 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CVE-2026-44740 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVE-2026-46595 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CVE-2026-46597 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVE-2026-46598 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes 16 vulnerabilities is now available.

Description:

This update for cheat fixes the following issues:

- CVE-2026-41506: HTTP authentication credential leak (boo#1264943) Bump
go-git to 5.18.0
- CVE-2026-1229: Fix incorrect value (boo#1265539) Bump circl to 1.6.3
-
CVE-2026-39827,CVE-2026-39834,CVE-2026-39828,CVE-2026-39829,CVE-2026-39831,
CVE-2026-42508,CVE-2026-39833,CVE-2026-39830,CVE-2026-39832,CVE-2026-46597,
CVE-2026-46598,CVE-2026-46595,CVE-2026-39835: Fix multiple issues
(boo#1266184) Bump crypto to 0.52.0
- CVE-2026-44740: Improper input handling (boo#1267330) Bump go-billy to
5.9.0

- Update to 5.1.0:
* --update / -u flag: Pull the latest changes for all git-backed
cheatpaths from the CLI. Reports per-path status (ok, skipped, error).
Works with --path filtering to update specific cheatpaths. Supports
SSH remotes via key file discovery and SSH agent. (#552) Documentation:
* Fixed config filename references in man page (conf.yaml ??? conf.yml)
* Added missing /etc/cheat/conf.yml config search path to man page
* Fixed stale code references in CLAUDE.md, HACKING.md, and ADRs
* Updated Go version requirement in INSTALLING.md

- Update to 5.0.0:
* Migrated from docopt to cobra (#768, #705, #632, #476)
* Dynamic shell completions Breaking changes:
* The static completion scripts under scripts/ have been removed. Users
must regenerate completions using cheat --completion .
* The CHEAT_USE_FZF environment variable is no longer supported. Bug
fixes:
* Fixed _init_completion: command not found error (#768)
* Fixed autocompletion not working (#705)
* Fixed zsh autocompletion not resolving cheatsheet names (#632)

- Update to 4.7.1:
* Internal cleanup and project restructuring. No user-facing behavior
changes

- Update to 4.7.0:
* Brief list output (-b/--brief)

- Update to 4.6.0: New Features:
* Recursive .cheat directory discovery: cheat now walks up the directory
tree to find .cheat directories, mirroring how git discovers .git
directories. Place a .cheat directory at your project root and it will
be available from any subdirectory. (#602) Documentation:
* ADR-004: documents the design decisions for recursive .cheat discovery
* Updated README and package docs to describe the new behaviour

- Update to 4.5.2: Bug Fixes:
* Static binaries: Build with CGO_ENABLED=0 to produce fully static
binaries (#744)
* Editor env vars: Respect $VISUAL and $EDITOR environment variables at
runtime (#589)
* .git in path: Fix cheatsheets being silently skipped when the
cheatpath contains a directory ending in .git (#711) Other Changes:
* Remove dead Homebrew formula bump workflow
* Move ADRs from doc/adr/ to adr/ for discoverability

- Update to 4.5.1:
* Fix first-run experience (#721, #730, #771): Declining community
cheatsheets during initial setup no longer causes errors on subsequent
runs. config.New() now skips missing cheatpaths with a warning instead
of a fatal error.
* Fix --init output (#773): cheat --init now comments out the community
cheatpath by default and includes clone instructions, so the output
works as a config file without modification.
* Fix stdin buffering in installer prompts: The installer's interactive
prompts now read stdin without buffering, allowing cheat to be
scripted (e.g., printf "y\nn\n" | cheat).
* Fix frontmatter parsing on Windows: Line ending detection in
cheatsheet frontmatter now inspects file content instead of checking
runtime.GOOS, fixing parsing failures when files have Unix line
endings on Windows.
* CI modernized: Go 1.26, GitHub Actions v4/v5, Windows added to test
matrix
* Dependencies updated (addresses dependabot CVEs in
golang.org/x/crypto, golang.org/x/net)
* End-to-end integration tests added for first-run experience
* Dockerfile updated to Go 1.26

- Update to 4.5.0: Bug Fixes:
* Fix inverted pager detection logic (returned error string instead of
path)
* Fix repo.Clone ignoring destination directory parameter
* Fix sheet loading using append on pre-sized slices, causing nil entries
* Clean up partial files on copy failure
* Trim whitespace from editor config during loading Security:
* Add path traversal protection for cheatsheet names Performance:
* Move regex compilation outside search loop
* Replace O(n??) string concatenation with strings.Join in search Build
& Testing:
* Remove go:generate; embed config and usage as string literals
* Parallelize release builds
* Add fuzz testing infrastructure
* Improve test coverage from 38.9% to 50.2% Documentation:
* Fix inaccurate code examples in HACKING.md
* Add missing --conf and --all options to man page
* Add ADRs for path traversal, env parsing, and search parallelization
* Update CONTRIBUTING.md to reflect project policy

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-205=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

cheat-5.1.0-bp157.2.6.1

References:

https://www.suse.com/security/cve/CVE-2026-1229.html
https://www.suse.com/security/cve/CVE-2026-39827.html
https://www.suse.com/security/cve/CVE-2026-39828.html
https://www.suse.com/security/cve/CVE-2026-39829.html
https://www.suse.com/security/cve/CVE-2026-39830.html
https://www.suse.com/security/cve/CVE-2026-39831.html
https://www.suse.com/security/cve/CVE-2026-39832.html
https://www.suse.com/security/cve/CVE-2026-39833.html
https://www.suse.com/security/cve/CVE-2026-39834.html
https://www.suse.com/security/cve/CVE-2026-39835.html
https://www.suse.com/security/cve/CVE-2026-41506.html
https://www.suse.com/security/cve/CVE-2026-42508.html
https://www.suse.com/security/cve/CVE-2026-44740.html
https://www.suse.com/security/cve/CVE-2026-46595.html
https://www.suse.com/security/cve/CVE-2026-46597.html
https://www.suse.com/security/cve/CVE-2026-46598.html
https://bugzilla.suse.com/1264943
https://bugzilla.suse.com/1265539
https://bugzilla.suse.com/1266184
https://bugzilla.suse.com/1267330

openSUSE-SU-2026:0207-1: important: Security update for java-11-openj9

openSUSE Security Update: Security update for java-11-openj9
_______________________________

Announcement ID: openSUSE-SU-2026:0207-1
Rating: important
References: #1252414 #1252417 #1257034 #1257036 #1257037
#1257038 #1259118 #1262490 #1262494 #1262495
#1262496 #1262497 #1262500 #1262501 #1265261
#1267355 PED-14507
Cross-References: CVE-2025-53057 CVE-2025-53066 CVE-2026-1188
CVE-2026-21925 CVE-2026-21932 CVE-2026-21933
CVE-2026-21945 CVE-2026-22007 CVE-2026-22013
CVE-2026-22016 CVE-2026-22018 CVE-2026-22021
CVE-2026-23865 CVE-2026-34268 CVE-2026-34282

CVSS scores:
CVE-2025-53057 (SUSE): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
CVE-2025-53066 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVE-2026-1188 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2026-21925 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE-2026-21932 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
CVE-2026-21933 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2026-21945 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2026-22007 (SUSE): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CVE-2026-22013 (SUSE): 6 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVE-2026-22016 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVE-2026-22018 (SUSE): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CVE-2026-22021 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CVE-2026-23865 (SUSE): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
CVE-2026-34268 (SUSE): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CVE-2026-34282 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that solves 15 vulnerabilities, contains one
feature and has one errata is now available.

Description:

This update for java-11-openj9 fixes the following issues:

- Make post scripts less noisy (boo#1267355)

- Use libalternatives instead of update-alternatives for distributions
where libalternatives is available

- Update to OpenJDK 11.0.31 with OpenJ9 0.59.0 virtual machine
- Include Oracle April 2026 CPU changes
* CVE-2026-22007 (boo#1262490), CVE-2026-22013 (boo#1262494),
CVE-2026-22016 (boo#1262495), CVE-2026-22018 (boo#1262496),
CVE-2026-22021 (boo#1262497), CVE-2026-23865 (boo#1259118),
CVE-2026-34268 (boo#1262500), CVE-2026-34282 (boo#1262501)
- OpenJ9 specific security fix
* CVE-2026-1188 (boo#1265261)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.59/

- Update to OpenJDK 11.0.30 with OpenJ9 0.57.0 virtual machine
- Including Oracle January 2026 CPU changes
* CVE-2026-21925 (boo#1257034), CVE-2026-21932 (boo#1257036),
CVE-2026-21933 (boo#1257037), CVE-2026-21945 (boo#1257038)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.57/

- Do not depend on update-desktop-files (jsc#PED-14507)

- Update to OpenJDK 11.0.29 with OpenJ9 0.56.0 virtual machine
- Including Oracle October 2025 CPU changes
* CVE-2025-53057 (boo#1252414), CVE-2025-53066 (boo#1252417)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.56/

- Remove pack200 and unpack200 from alternatives

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-207=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64):

java-11-openj9-11.0.31.0-bp157.2.6.1
java-11-openj9-demo-11.0.31.0-bp157.2.6.1
java-11-openj9-devel-11.0.31.0-bp157.2.6.1
java-11-openj9-headless-11.0.31.0-bp157.2.6.1
java-11-openj9-jmods-11.0.31.0-bp157.2.6.1
java-11-openj9-src-11.0.31.0-bp157.2.6.1

- openSUSE Backports SLE-15-SP7 (noarch):

java-11-openj9-javadoc-11.0.31.0-bp157.2.6.1

References:

https://www.suse.com/security/cve/CVE-2025-53057.html
https://www.suse.com/security/cve/CVE-2025-53066.html
https://www.suse.com/security/cve/CVE-2026-1188.html
https://www.suse.com/security/cve/CVE-2026-21925.html
https://www.suse.com/security/cve/CVE-2026-21932.html
https://www.suse.com/security/cve/CVE-2026-21933.html
https://www.suse.com/security/cve/CVE-2026-21945.html
https://www.suse.com/security/cve/CVE-2026-22007.html
https://www.suse.com/security/cve/CVE-2026-22013.html
https://www.suse.com/security/cve/CVE-2026-22016.html
https://www.suse.com/security/cve/CVE-2026-22018.html
https://www.suse.com/security/cve/CVE-2026-22021.html
https://www.suse.com/security/cve/CVE-2026-23865.html
https://www.suse.com/security/cve/CVE-2026-34268.html
https://www.suse.com/security/cve/CVE-2026-34282.html
https://bugzilla.suse.com/1252414
https://bugzilla.suse.com/1252417
https://bugzilla.suse.com/1257034
https://bugzilla.suse.com/1257036
https://bugzilla.suse.com/1257037
https://bugzilla.suse.com/1257038
https://bugzilla.suse.com/1259118
https://bugzilla.suse.com/1262490
https://bugzilla.suse.com/1262494
https://bugzilla.suse.com/1262495
https://bugzilla.suse.com/1262496
https://bugzilla.suse.com/1262497
https://bugzilla.suse.com/1262500
https://bugzilla.suse.com/1262501
https://bugzilla.suse.com/1265261
https://bugzilla.suse.com/1267355

openSUSE-SU-2026:11027-1: moderate: python311-tornado6-6.5.7-1.1 on GA media

# python311-tornado6-6.5.7-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11027-1
Rating: moderate

Cross-References:

* CVE-2026-49853
* CVE-2026-49854
* CVE-2026-49855

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the python311-tornado6-6.5.7-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-tornado6 6.5.7-1.1
* python313-tornado6 6.5.7-1.1
* python314-tornado6 6.5.7-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-49853.html
* https://www.suse.com/security/cve/CVE-2026-49854.html
* https://www.suse.com/security/cve/CVE-2026-49855.html

openSUSE-SU-2026:11028-1: moderate: librav1e0_8-0.8.1-2.1 on GA media

# librav1e0_8-0.8.1-2.1 on GA media

Announcement ID: openSUSE-SU-2026:11028-1
Rating: moderate

Cross-References:

* CVE-2025-58160

CVSS scores:

* CVE-2025-58160 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2025-58160 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the librav1e0_8-0.8.1-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* librav1e0_8 0.8.1-2.1
* librav1e0_8-32bit 0.8.1-2.1
* rav1e 0.8.1-2.1
* rav1e-devel 0.8.1-2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-58160.html

openSUSE-SU-2026:11026-1: moderate: python311-starlette-1.2.0-1.1 on GA media

# python311-starlette-1.2.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11026-1
Rating: moderate

Cross-References:

* CVE-2026-48710

CVSS scores:

* CVE-2026-48710 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-48710 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-starlette-1.2.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-starlette 1.2.0-1.1
* python313-starlette 1.2.0-1.1
* python314-starlette 1.2.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-48710.html

openSUSE-SU-2026:11025-1: moderate: python311-paramiko-5.0.0-1.1 on GA media

# python311-paramiko-5.0.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11025-1
Rating: moderate

Cross-References:

* CVE-2018-1000805
* CVE-2018-7750
* CVE-2026-44405

CVSS scores:

* CVE-2018-1000805 ( SUSE ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2018-7750 ( SUSE ): 10 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-44405 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-44405 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the python311-paramiko-5.0.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-paramiko 5.0.0-1.1
* python313-paramiko 5.0.0-1.1
* python314-paramiko 5.0.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2018-1000805.html
* https://www.suse.com/security/cve/CVE-2018-7750.html
* https://www.suse.com/security/cve/CVE-2026-44405.html

openSUSE-SU-2026:11024-1: moderate: python311-PyJWT-2.13.0-1.1 on GA media

# python311-PyJWT-2.13.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11024-1
Rating: moderate

Cross-References:

* CVE-2026-48522
* CVE-2026-48523
* CVE-2026-48524
* CVE-2026-48525
* CVE-2026-48526

CVSS scores:

* CVE-2026-48522 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-48522 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-48523 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-48523 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-48524 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-48524 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-48525 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-48526 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-48526 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 5 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the python311-PyJWT-2.13.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-PyJWT 2.13.0-1.1
* python313-PyJWT 2.13.0-1.1
* python314-PyJWT 2.13.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-48522.html
* https://www.suse.com/security/cve/CVE-2026-48523.html
* https://www.suse.com/security/cve/CVE-2026-48524.html
* https://www.suse.com/security/cve/CVE-2026-48525.html
* https://www.suse.com/security/cve/CVE-2026-48526.html

openSUSE-SU-2026:11021-1: moderate: kitty-0.47.3-1.1 on GA media

# kitty-0.47.3-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11021-1
Rating: moderate

Cross-References:

* CVE-2026-54057

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the kitty-0.47.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* kitty 0.47.3-1.1
* kitty-shell-integration 0.47.3-1.1
* kitty-terminfo 0.47.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-54057.html

openSUSE-SU-2026:11029-1: moderate: chromedriver-149.0.7827.114-1.1 on GA media

# chromedriver-149.0.7827.114-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11029-1
Rating: moderate

Cross-References:

* CVE-2026-12007
* CVE-2026-12008
* CVE-2026-12009
* CVE-2026-12010
* CVE-2026-12011
* CVE-2026-12012
* CVE-2026-12013
* CVE-2026-12014
* CVE-2026-12015
* CVE-2026-12016
* CVE-2026-12017
* CVE-2026-12018
* CVE-2026-12019
* CVE-2026-12020
* CVE-2026-12022
* CVE-2026-12023
* CVE-2026-12024
* CVE-2026-12025
* CVE-2026-12026
* CVE-2026-12027
* CVE-2026-12028
* CVE-2026-12029
* CVE-2026-12030
* CVE-2026-12031
* CVE-2026-12032
* CVE-2026-12033
* CVE-2026-12034
* CVE-2026-12035

Affected Products:

* openSUSE Tumbleweed

An update that solves 28 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the chromedriver-149.0.7827.114-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* chromedriver 149.0.7827.114-1.1
* chromium 149.0.7827.114-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-12007.html
* https://www.suse.com/security/cve/CVE-2026-12008.html
* https://www.suse.com/security/cve/CVE-2026-12009.html
* https://www.suse.com/security/cve/CVE-2026-12010.html
* https://www.suse.com/security/cve/CVE-2026-12011.html
* https://www.suse.com/security/cve/CVE-2026-12012.html
* https://www.suse.com/security/cve/CVE-2026-12013.html
* https://www.suse.com/security/cve/CVE-2026-12014.html
* https://www.suse.com/security/cve/CVE-2026-12015.html
* https://www.suse.com/security/cve/CVE-2026-12016.html
* https://www.suse.com/security/cve/CVE-2026-12017.html
* https://www.suse.com/security/cve/CVE-2026-12018.html
* https://www.suse.com/security/cve/CVE-2026-12019.html
* https://www.suse.com/security/cve/CVE-2026-12020.html
* https://www.suse.com/security/cve/CVE-2026-12022.html
* https://www.suse.com/security/cve/CVE-2026-12023.html
* https://www.suse.com/security/cve/CVE-2026-12024.html
* https://www.suse.com/security/cve/CVE-2026-12025.html
* https://www.suse.com/security/cve/CVE-2026-12026.html
* https://www.suse.com/security/cve/CVE-2026-12027.html
* https://www.suse.com/security/cve/CVE-2026-12028.html
* https://www.suse.com/security/cve/CVE-2026-12029.html
* https://www.suse.com/security/cve/CVE-2026-12030.html
* https://www.suse.com/security/cve/CVE-2026-12031.html
* https://www.suse.com/security/cve/CVE-2026-12032.html
* https://www.suse.com/security/cve/CVE-2026-12033.html
* https://www.suse.com/security/cve/CVE-2026-12034.html
* https://www.suse.com/security/cve/CVE-2026-12035.html

openSUSE-SU-2026:11023-1: moderate: libopenssl-3-devel-3.5.3-6.1 on GA media

# libopenssl-3-devel-3.5.3-6.1 on GA media

Announcement ID: openSUSE-SU-2026:11023-1
Rating: moderate

Cross-References:

* CVE-2026-34180
* CVE-2026-34182
* CVE-2026-34183
* CVE-2026-42764
* CVE-2026-42766
* CVE-2026-42767
* CVE-2026-42768
* CVE-2026-42769
* CVE-2026-42770
* CVE-2026-45445
* CVE-2026-45446
* CVE-2026-45447
* CVE-2026-7383
* CVE-2026-9076

CVSS scores:

* CVE-2026-34180 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-34180 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-34182 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-34182 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34183 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34183 ( SUSE ): 6 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42764 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-42764 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-42766 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-42766 ( SUSE ): 6.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42767 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42767 ( SUSE ): 6 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42768 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-42768 ( SUSE ): 5.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42769 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42769 ( SUSE ): 7.4 CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42770 ( SUSE ): 5 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N
* CVE-2026-42770 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-45445 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-45445 ( SUSE ): 6 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-45446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-45446 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-45447 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45447 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-7383 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-7383 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-9076 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-9076 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 14 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the libopenssl-3-devel-3.5.3-6.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libopenssl-3-devel 3.5.3-6.1
* libopenssl-3-devel-32bit 3.5.3-6.1
* libopenssl-3-fips-provider 3.5.3-6.1
* libopenssl-3-fips-provider-32bit 3.5.3-6.1
* libopenssl-3-fips-provider-x86-64-v3 3.5.3-6.1
* libopenssl3 3.5.3-6.1
* libopenssl3-32bit 3.5.3-6.1
* libopenssl3-x86-64-v3 3.5.3-6.1
* openssl-3 3.5.3-6.1
* openssl-3-doc 3.5.3-6.1

## References:

* https://www.suse.com/security/cve/CVE-2026-34180.html
* https://www.suse.com/security/cve/CVE-2026-34182.html
* https://www.suse.com/security/cve/CVE-2026-34183.html
* https://www.suse.com/security/cve/CVE-2026-42764.html
* https://www.suse.com/security/cve/CVE-2026-42766.html
* https://www.suse.com/security/cve/CVE-2026-42767.html
* https://www.suse.com/security/cve/CVE-2026-42768.html
* https://www.suse.com/security/cve/CVE-2026-42769.html
* https://www.suse.com/security/cve/CVE-2026-42770.html
* https://www.suse.com/security/cve/CVE-2026-45445.html
* https://www.suse.com/security/cve/CVE-2026-45446.html
* https://www.suse.com/security/cve/CVE-2026-45447.html
* https://www.suse.com/security/cve/CVE-2026-7383.html
* https://www.suse.com/security/cve/CVE-2026-9076.html

openSUSE-SU-2026:11022-1: moderate: opensc-0.27.1-2.1 on GA media

# opensc-0.27.1-2.1 on GA media

Announcement ID: openSUSE-SU-2026:11022-1
Rating: moderate

Cross-References:

* CVE-2026-10275
* CVE-2026-40528

CVSS scores:

* CVE-2026-10275 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-10275 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-40528 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-40528 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the opensc-0.27.1-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* opensc 0.27.1-2.1
* opensc-bash-completion 0.27.1-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-10275.html
* https://www.suse.com/security/cve/CVE-2026-40528.html

openSUSE-SU-2026:11020-1: moderate: freeipmi-1.6.18-1.1 on GA media

# freeipmi-1.6.18-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11020-1
Rating: moderate

Cross-References:

* CVE-2026-50031

CVSS scores:

* CVE-2026-50031 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the freeipmi-1.6.18-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* freeipmi 1.6.18-1.1
* freeipmi-bmc-watchdog 1.6.18-1.1
* freeipmi-devel 1.6.18-1.1
* freeipmi-ipmidetectd 1.6.18-1.1
* freeipmi-ipmiseld 1.6.18-1.1
* libfreeipmi17 1.6.18-1.1
* libipmiconsole2 1.6.18-1.1
* libipmidetect0 1.6.18-1.1
* libipmimonitoring6 1.6.18-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-50031.html

SUSE-SU-2026:2393-1: important: Security update for openssl-3

# Security update for openssl-3

Announcement ID: SUSE-SU-2026:2393-1
Release Date: 2026-06-15T08:06:07Z
Rating: important
References:

* bsc#1266340
* bsc#1266341
* bsc#1266342
* bsc#1266344
* bsc#1266349
* bsc#1266353
* bsc#1266355
* bsc#1266356
* bsc#1266357

Cross-References:

* CVE-2026-34180
* CVE-2026-34182
* CVE-2026-42766
* CVE-2026-42770
* CVE-2026-45445
* CVE-2026-45446
* CVE-2026-45447
* CVE-2026-7383
* CVE-2026-9076

CVSS scores:

* CVE-2026-34180 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-34180 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-34180 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34182 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34182 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-34182 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42766 ( SUSE ): 6.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42766 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-42766 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42770 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42770 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N
* CVE-2026-42770 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-45445 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-45445 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-45445 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-45446 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-45446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-45446 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-45447 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45447 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45447 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-7383 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-7383 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-7383 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-9076 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-9076 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-9076 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves nine vulnerabilities can now be installed.

## Description:

This update for openssl-3 fixes the following issues

* CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String
Conversion (bsc#1266340).
* CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption
(bsc#1266341).
* CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing
(bsc#1266342).
* CVE-2026-34182: CMS AuthEnvelopedData Processing May Accept Forged Messages
(bsc#1266344).
* CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption
(bsc#1266349).
* CVE-2026-42770: FFC-DH Peer Validation Uses Attacker-Supplied q
(bsc#1266353).
* CVE-2026-45445: AES-OCB IV Ignored on EVP_Cipher() Path (bsc#1266355).
* CVE-2026-45446: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV
and AES-SIV modes (bsc#1266356).
* CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify() (bsc#1266357).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2393=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2393=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2393=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libopenssl-3-devel-3.1.4-150600.5.53.1
* libopenssl-3-fips-provider-3.1.4-150600.5.53.1
* openssl-3-debugsource-3.1.4-150600.5.53.1
* libopenssl3-debuginfo-3.1.4-150600.5.53.1
* openssl-3-3.1.4-150600.5.53.1
* openssl-3-debuginfo-3.1.4-150600.5.53.1
* libopenssl3-3.1.4-150600.5.53.1
* libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.53.1
* openSUSE Leap 15.6 (x86_64)
* libopenssl3-32bit-debuginfo-3.1.4-150600.5.53.1
* libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.53.1
* libopenssl-3-fips-provider-32bit-3.1.4-150600.5.53.1
* libopenssl-3-devel-32bit-3.1.4-150600.5.53.1
* libopenssl3-32bit-3.1.4-150600.5.53.1
* openSUSE Leap 15.6 (noarch)
* openssl-3-doc-3.1.4-150600.5.53.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libopenssl-3-fips-provider-64bit-3.1.4-150600.5.53.1
* libopenssl-3-fips-provider-64bit-debuginfo-3.1.4-150600.5.53.1
* libopenssl3-64bit-3.1.4-150600.5.53.1
* libopenssl3-64bit-debuginfo-3.1.4-150600.5.53.1
* libopenssl-3-devel-64bit-3.1.4-150600.5.53.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libopenssl-3-devel-3.1.4-150600.5.53.1
* libopenssl-3-fips-provider-3.1.4-150600.5.53.1
* openssl-3-debugsource-3.1.4-150600.5.53.1
* libopenssl3-debuginfo-3.1.4-150600.5.53.1
* openssl-3-3.1.4-150600.5.53.1
* openssl-3-debuginfo-3.1.4-150600.5.53.1
* libopenssl3-3.1.4-150600.5.53.1
* libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.53.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64)
* libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.53.1
* libopenssl3-32bit-debuginfo-3.1.4-150600.5.53.1
* libopenssl3-32bit-3.1.4-150600.5.53.1
* libopenssl-3-fips-provider-32bit-3.1.4-150600.5.53.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libopenssl-3-devel-3.1.4-150600.5.53.1
* libopenssl-3-fips-provider-3.1.4-150600.5.53.1
* openssl-3-debugsource-3.1.4-150600.5.53.1
* libopenssl3-debuginfo-3.1.4-150600.5.53.1
* openssl-3-3.1.4-150600.5.53.1
* openssl-3-debuginfo-3.1.4-150600.5.53.1
* libopenssl3-3.1.4-150600.5.53.1
* libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.53.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64)
* libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.53.1
* libopenssl3-32bit-debuginfo-3.1.4-150600.5.53.1
* libopenssl3-32bit-3.1.4-150600.5.53.1
* libopenssl-3-fips-provider-32bit-3.1.4-150600.5.53.1

## References:

* https://www.suse.com/security/cve/CVE-2026-34180.html
* https://www.suse.com/security/cve/CVE-2026-34182.html
* https://www.suse.com/security/cve/CVE-2026-42766.html
* https://www.suse.com/security/cve/CVE-2026-42770.html
* https://www.suse.com/security/cve/CVE-2026-45445.html
* https://www.suse.com/security/cve/CVE-2026-45446.html
* https://www.suse.com/security/cve/CVE-2026-45447.html
* https://www.suse.com/security/cve/CVE-2026-7383.html
* https://www.suse.com/security/cve/CVE-2026-9076.html
* https://bugzilla.suse.com/show_bug.cgi?id=1266340
* https://bugzilla.suse.com/show_bug.cgi?id=1266341
* https://bugzilla.suse.com/show_bug.cgi?id=1266342
* https://bugzilla.suse.com/show_bug.cgi?id=1266344
* https://bugzilla.suse.com/show_bug.cgi?id=1266349
* https://bugzilla.suse.com/show_bug.cgi?id=1266353
* https://bugzilla.suse.com/show_bug.cgi?id=1266355
* https://bugzilla.suse.com/show_bug.cgi?id=1266356
* https://bugzilla.suse.com/show_bug.cgi?id=1266357

openSUSE-SU-2026:20963-1: important: Security update for neonmodem

openSUSE security update: security update for neonmodem
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20963-1
Rating: important
References:

* bsc#1260727
* bsc#1267193

Cross-References:

* CVE-2026-25680
* CVE-2026-25681
* CVE-2026-27136
* CVE-2026-33809
* CVE-2026-42502
* CVE-2026-42506

CVSS scores:

* CVE-2026-25680 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25680 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-25681 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-25681 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-27136 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-27136 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-42502 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42502 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-42506 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42506 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 6 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for neonmodem fixes the following issues:

Changes in neonmodem:

- Update golang.org/x/net dependency to v0.55.0 due to bsc#1267193

- Update golang.org/x/image dependency to v0.38.0 due to bsc#1260727
- Update golang.org/x/term dependency to v0.42.0 due to bsc#1260727

- Update to version 1.0.7+git0.346d1d3:
* Update dependencies, remove debug output
* Update GitHub actions
* discourse: APi fixes
* Bump golang.org/x/net from 0.36.0 to 0.38.0
* Bump golang.org/x/net from 0.34.0 to 0.36.0
* Update dependencies
* Change chat button

- Add build option for position-independent executables

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-319=1

Package List:

- openSUSE Leap 16.0:

neonmodem-1.0.7+git0.346d1d3-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-25680.html
* https://www.suse.com/security/cve/CVE-2026-25681.html
* https://www.suse.com/security/cve/CVE-2026-27136.html
* https://www.suse.com/security/cve/CVE-2026-33809.html
* https://www.suse.com/security/cve/CVE-2026-42502.html
* https://www.suse.com/security/cve/CVE-2026-42506.html

openSUSE-SU-2026:20962-1: important: Security update for cyrus-imapd

openSUSE security update: security update for cyrus-imapd
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20962-1
Rating: important
References:

* bsc#1241536
* bsc#1241543
* bsc#1246165
* bsc#1251788

Cross-References:

* CVE-2025-23394
* CVE-2025-49812

CVSS scores:

* CVE-2025-49812 ( SUSE ): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
* CVE-2025-49812 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 4 bug fixes can now be installed.

Description:

This update for cyrus-imapd fixes the following issues:

Changes in cyrus-imapd:

- cyrus-imapd don't start because of missing "Requires=var-run.mount" from systemd (bsc#1251788)
Remove var-run.mount from Requires and After

- update to version 3.8.6 (bugfix release)
VUL-0: CVE-2025-49812: cyrus-imapd: Opossum Attack Application Layer
Desynchronization using Opportunistic TLS (bsc#1246165)
The industry is deprecating STARTTLS (aka opportunistic TLS) in favor of
implicit TLS over a dedicated port. STARTTLS is now disabled by default.
* Fixed issue #5477: master: tighten up pidfile/etc handling (bsc#1241543)
VUL-0: cyrus-imapd: privilege drop happens too late, opening attack vectors from cyrus to root
* Fixed issue #5450: fix zoneinfo_db code for GCC 15 (thanks Yadd)
* Fixed issue #5309: deadlock on shutdown (thanks Mark Cammidge)
* Fixed issue #5424: recognise service-specific SASL options in
``cyr_info conf-lint``
* Fixed issue #5420: fix double-free in http_admin (thanks Wolfgang Breyha)
* Fixed issue #5460: pop3d: add basic prometheus support (thanks Wolfgang
Breyha)
* Fixed issue #5454: httpd fails to parse OpenSSL version for status string

- update to version 3.8.5 (bugfix release)
* Fixed Issue #5029: check for unexpected extra tiny-tests directories
* Fixed Issue #5148: added --enable-release-checks configure option for use when building releases
* Fixed Issue #4489: calendar-color "changes" namespace (thanks ?????????? ????????????????)
* Fixed Issue #5009: various portability warnings and nits
* Fixed Issue #5050: iTIP line endings (thanks ?????????? ????????????????)
* Fixed Issue #5052: iMIP line endings (thanks ?????????? ????????????????)
* Fixed Issue #5072: http_cgi use after free (thanks ?????????? ????????????????)
* Fixed Issue #5094: httpd crash when PROPFIND url is /dav/calendars
* Fixed Issue #5118: broken language checks for "zr-hant" and "sr-me"
* Fixed Issue #5047: proxying UID SEARCH

- CVE-2025-23394: cyrus-imapd: daily-backup.sh allows escalation from cyrus to root (bsc#1241536)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-318=1

Package List:

- openSUSE Leap 16.0:

cyradm-3.8.6-bp160.1.1
cyrus-imapd-3.8.6-bp160.1.1
cyrus-imapd-devel-3.8.6-bp160.1.1
cyrus-imapd-snmp-3.8.6-bp160.1.1
cyrus-imapd-snmp-mibs-3.8.6-bp160.1.1
cyrus-imapd-utils-3.8.6-bp160.1.1
libcyrus0-3.8.6-bp160.1.1
perl-Cyrus-Annotator-3.8.6-bp160.1.1
perl-Cyrus-IMAP-3.8.6-bp160.1.1
perl-Cyrus-SIEVE-managesieve-3.8.6-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-23394.html
* https://www.suse.com/security/cve/CVE-2025-49812.html

openSUSE-SU-2026:20956-1: important: Security update for trivy

openSUSE security update: security update for trivy
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20956-1
Rating: important
References:

* bsc#1265648
* bsc#1266075
* bsc#1266495
* bsc#1267047
* bsc#1267268

Cross-References:

* CVE-2026-25680
* CVE-2026-25681
* CVE-2026-27136
* CVE-2026-33814
* CVE-2026-39821
* CVE-2026-39827
* CVE-2026-39828
* CVE-2026-39829
* CVE-2026-39830
* CVE-2026-39831
* CVE-2026-39832
* CVE-2026-39833
* CVE-2026-39834
* CVE-2026-39835
* CVE-2026-42502
* CVE-2026-42506
* CVE-2026-42508
* CVE-2026-44740
* CVE-2026-46595
* CVE-2026-46597
* CVE-2026-46598

CVSS scores:

* CVE-2026-25680 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25680 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-25681 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-25681 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-27136 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-27136 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39828 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39829 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39830 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39832 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
* CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39833 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39835 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42502 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42502 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-42506 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42506 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42508 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-44740 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-44740 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46595 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46598 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 21 vulnerabilities and has 5 bug fixes can now be installed.

Description:

This update for trivy fixes the following issues

- CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues
when parsing HTML files (bsc#1267047).
- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
(bsc#1265648).
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation
bypass and privilege escalation (bsc#1266495).
- CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266075).
- CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266075).
- CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266075).
- CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
(bsc#1266075).
- CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
(bsc#1266075).
- CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
(bsc#1266075).
- CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266075).
- CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266075).
- CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266075).
- CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
(bsc#1266075).
- CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
(bsc#1266075).
- CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266075).
- CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266075).
- CVE-2026-44740: github.com/go-git/go-billy/v5: improper input handling in many components can lead to DoS via infinite
loops, panics or resource consumption (bsc#1267268).

Changes for trivy:

- Update to version 0.71.0 (bsc#1267268, CVE-2026-44740):
* release: v0.71.0 [main] (#10638)
* ci: use only the first line of commit message in release-please workflow (#10766)
* feat: add WithDriver and WithProvider options to ospkg detector (#10740)
* chore(deps): bump github.com/google/go-containerregistry to v0.21.6 (#10741)
* refactor(secret): normalize configPath once in Init (#10702)
* feat(secret): add Maven rules to detect passwords and passphrases in settings.xml and settings-security.xml
files (#10704)
* chore(deps): bump the common group across 1 directory with 25 updates (#10758)
* chore: migrate from gomodguard to gomodguard_v2 (#10739)
* chore(deps): bump the docker group across 1 directory with 2 updates (#10709)
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.302.0 to 1.303.0 in the aws group (#10752)
* ci: scope GitHub App tokens to minimum required permissions (#10755)
* chore(deps): upgrade go-redis from v8 to v9 (#10736)
* fix(misconf): fix rendering of nested values in terraform plan lists (#10746)
* fix(misconf): skip resources with no after changes (#10352)
* fix(misconf): reject nil plays during playbook parsing (#10273)
* fix(nodejs): silently skip subdirectory package.json files with invalid names (#10609)
* fix(misconf): skip null cty values in AsMapValue to prevent panic (#10723)
* refactor(misconf): replace custom Helm archive parsing with Helm SDK loaders (#10718)
* chore(deps): bump github.com/containerd/containerd/v2 to v2.3.1 (#10738)
* chore(deps): bump github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1 (#10686)
* fix(report): don't produce trailing comma in gitlab.tpl links array (#10728)
* fix(cloudformation): propagate AWS::EC2::Instance MetadataOptions (#10731)
* chore(deps): upgrade github.com/cenkalti/backoff dependency to v5 (#10705)
* chore: bump golangci-lint to v2.12 (#10726)
* feat(spdx): add SHA-512 hash algorithm support to SPDX serializer (#10719)
* feat(sbom): support for CycloneDX 1.7 (#10715)
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.300.0 to 1.302.0 in the aws group (#10708)
* chore: migrate from helm.sh/helm/v3 to helm.sh/helm/v4 (#10678)
* fix(image): correctly reconstruct RUN instructions built without BuildKit (#10714)
* feat(java): support from settings.xml (#10692)
* fix(java): surface 429 from a remote Maven repository as a fatal error when scanning pom.xml files (#10693)
* chore: bump go to 1.26.3 (#10683)
* fix(nodejs): handle legacy license formats in npm lockfile parser (#10684)
* fix(secret): correctly skip secret-scanner config file from scanning (#10666)
* feat(ubuntu): detect Ubuntu 26.04 LTS (#10592)
* refactor(nodejs): deduplicate license traversal across package managers (#10681)
* fix: overwrite OS packages PURLs after overwrite OS (#10298)
* feat(secret): add Azure secret detection rules (#10562)
* fix(misconf): prevent path traversal in Terraform filesystem functions (#10664)
* feat(secret): add a way to customize skipped folders, files and exts (#10550)
* ci: migrate PAT tokens to GitHub App (#10628)
* chore(deps): bump the aws group across 1 directory with 6 updates (#10598)
* chore(deps): bump the docker group across 1 directory with 3 updates (#10596)
* chore(deps): bump the github-actions group across 2 directories with 9 updates (#10608)
* chore(deps): bump github.com/in-toto/in-toto-golang from 0.10.0 to 0.11.0 (#10641)
* chore(deps): bump github.com/go-git/go-git/v5 from 5.18.0 to 5.19.0 (#10648)
* ci: migrate PAT tokens to GITHUB_TOKEN for reusable-release workflow (#10655)
* feat(seal): add vendor support for language file detection. (#10297)
* fix(misconf): make identifiers in ignore rules case-insensitive (#10375)
* fix: pull instead of clone when test repo already exists (#10636)
* docs: document how to disable check.trivy.dev connections (#10623)
* docs(misconf): fix typo in misconfiguration config (#10619)
* ci: remove secrets from run block (#10590)
* docs: fix typos (#10605)
* refactor(deps): replace archived go-homedir with os.UserHomeDir (#10484)
* chore(deps): Bump `go-ini` and fix the import path. (#10489)
* chore(deps): bump the github-actions group across 2 directories with 9 updates (#10495)
* chore(deps): bump github.com/aquasecurity/testdocker (#10543)
* docs: convert README demonstration videos to mp4 (#10419)
* chore(deps): upgrade vm scan dependency for bug fix (#10575)
* docs(nodejs): clarify package.json behavior in image scanning (#10572)
* chore(deps): replace xeipuuv/gojsonschema and invopop/jsonschema with google/jsonschema-go (#10528)
* chore(deps): bump github.com/go-git/go-git/v5 from 5.17.2 to 5.18.0 (#10554)
* chore(deps): bump alpine to 3.23.4 (#10552)
* ci(helm): bump Trivy version to 0.70.0 for Trivy Helm Chart 0.22.0 (#10547)
- update x/net to v0.55.0 (
bsc#1266495, CVE-2026-39821
bsc#1267047, CVE-2026-25680,
CVE-2026-42502,
CVE-2026-27136,
CVE-2026-25681,
CVE-2026-42506)
- update x/crypto to 0.52.0 (bsc#1266075, CVE-2026-39827,
CVE-2026-39834,CVE-2026-39828,CVE-2026-39829,CVE-2026-39831,
CVE-2026-42508,CVE-2026-39833,CVE-2026-39830,CVE-2026-39832,
CVE-2026-46597,CVE-2026-46598,CVE-2026-46595,CVE-2026-39835)
bsc#1265648, CVE-2026-33814,

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-922=1

Package List:

- openSUSE Leap 16.0:

trivy-0.71.0-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-25680.html
* https://www.suse.com/security/cve/CVE-2026-25681.html
* https://www.suse.com/security/cve/CVE-2026-27136.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-39821.html
* https://www.suse.com/security/cve/CVE-2026-39827.html
* https://www.suse.com/security/cve/CVE-2026-39828.html
* https://www.suse.com/security/cve/CVE-2026-39829.html
* https://www.suse.com/security/cve/CVE-2026-39830.html
* https://www.suse.com/security/cve/CVE-2026-39831.html
* https://www.suse.com/security/cve/CVE-2026-39832.html
* https://www.suse.com/security/cve/CVE-2026-39833.html
* https://www.suse.com/security/cve/CVE-2026-39834.html
* https://www.suse.com/security/cve/CVE-2026-39835.html
* https://www.suse.com/security/cve/CVE-2026-42502.html
* https://www.suse.com/security/cve/CVE-2026-42506.html
* https://www.suse.com/security/cve/CVE-2026-42508.html
* https://www.suse.com/security/cve/CVE-2026-44740.html
* https://www.suse.com/security/cve/CVE-2026-46595.html
* https://www.suse.com/security/cve/CVE-2026-46597.html
* https://www.suse.com/security/cve/CVE-2026-46598.html

openSUSE-SU-2026:20961-1: moderate: Security update for GraphicsMagick

openSUSE security update: security update for graphicsmagick
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20961-1
Rating: moderate
References:

* bsc#1265048

Cross-References:

* CVE-2026-42050

CVSS scores:

* CVE-2026-42050 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for GraphicsMagick fixes the following issue

- CVE-2026-42050: stack buffer overflow in XTileImage (bsc#1265048).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-927=1

Package List:

- openSUSE Leap 16.0:

GraphicsMagick-1.3.45-160000.7.1
GraphicsMagick-devel-1.3.45-160000.7.1
libGraphicsMagick++-Q16-12-1.3.45-160000.7.1
libGraphicsMagick++-devel-1.3.45-160000.7.1
libGraphicsMagick-Q16-3-1.3.45-160000.7.1
libGraphicsMagick3-config-1.3.45-160000.7.1
libGraphicsMagickWand-Q16-2-1.3.45-160000.7.1
perl-GraphicsMagick-1.3.45-160000.7.1

References:

* https://www.suse.com/security/cve/CVE-2026-42050.html

openSUSE-SU-2026:20952-1: moderate: Security update for python-python-dotenv

openSUSE security update: security update for python-python-dotenv
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20952-1
Rating: moderate
References:

* bsc#1262423

Cross-References:

* CVE-2026-28684

CVSS scores:

* CVE-2026-28684 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2026-28684 ( SUSE ): 5.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for python-python-dotenv fixes the following issue:

- CVE-2026-28684: Prior to version 1.2.2, `set_key()` and `unset_key()` in python-dotenv follow symbolic links when
rewriting `.env` files, allowing a local attacker to overwrite arbitrary files via a crafted symlink (bsc#1262423).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-918=1

Package List:

- openSUSE Leap 16.0:

python313-python-dotenv-1.1.0-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-28684.html

SUSE-SU-2026:2397-1: important: Security update for openssl-3

# Security update for openssl-3

Announcement ID: SUSE-SU-2026:2397-1
Release Date: 2026-06-15T14:34:41Z
Rating: important
References:

* bsc#1266340
* bsc#1266341
* bsc#1266342
* bsc#1266349
* bsc#1266353
* bsc#1266355
* bsc#1266356
* bsc#1266357

Cross-References:

* CVE-2026-34180
* CVE-2026-42766
* CVE-2026-42770
* CVE-2026-45445
* CVE-2026-45446
* CVE-2026-45447
* CVE-2026-7383
* CVE-2026-9076

CVSS scores:

* CVE-2026-34180 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-34180 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-34180 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42766 ( SUSE ): 6.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42766 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-42766 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42770 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42770 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N
* CVE-2026-42770 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-45445 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-45445 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-45445 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-45446 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-45446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-45446 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-45447 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45447 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45447 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-7383 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-7383 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-7383 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-9076 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-9076 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-9076 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for openssl-3 fixes the following issues

* CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String
Conversion (bsc#1266340).
* CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption
(bsc#1266341).
* CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing
(bsc#1266342).
* CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption
(bsc#1266349).
* CVE-2026-42770: FFC-DH Peer Validation Uses Attacker-Supplied q
(bsc#1266353).
* CVE-2026-45445: AES-OCB IV Ignored on EVP_Cipher() Path (bsc#1266355).
* CVE-2026-45446: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV
and AES-SIV modes (bsc#1266356).
* CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify() (bsc#1266357).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2397=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2397=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2397=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2397=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2397=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* openssl-3-debuginfo-3.0.8-150500.5.66.1
* openssl-3-3.0.8-150500.5.66.1
* openssl-3-debugsource-3.0.8-150500.5.66.1
* libopenssl3-3.0.8-150500.5.66.1
* libopenssl-3-devel-3.0.8-150500.5.66.1
* libopenssl3-debuginfo-3.0.8-150500.5.66.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* openssl-3-debuginfo-3.0.8-150500.5.66.1
* openssl-3-3.0.8-150500.5.66.1
* openssl-3-debugsource-3.0.8-150500.5.66.1
* libopenssl3-3.0.8-150500.5.66.1
* libopenssl-3-devel-3.0.8-150500.5.66.1
* libopenssl3-debuginfo-3.0.8-150500.5.66.1
* openSUSE Leap 15.5 (x86_64)
* libopenssl3-32bit-3.0.8-150500.5.66.1
* libopenssl3-32bit-debuginfo-3.0.8-150500.5.66.1
* libopenssl-3-devel-32bit-3.0.8-150500.5.66.1
* openSUSE Leap 15.5 (noarch)
* openssl-3-doc-3.0.8-150500.5.66.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* libopenssl3-64bit-3.0.8-150500.5.66.1
* libopenssl-3-devel-64bit-3.0.8-150500.5.66.1
* libopenssl3-64bit-debuginfo-3.0.8-150500.5.66.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* openssl-3-debuginfo-3.0.8-150500.5.66.1
* openssl-3-3.0.8-150500.5.66.1
* openssl-3-debugsource-3.0.8-150500.5.66.1
* libopenssl3-3.0.8-150500.5.66.1
* libopenssl-3-devel-3.0.8-150500.5.66.1
* libopenssl3-debuginfo-3.0.8-150500.5.66.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* openssl-3-debuginfo-3.0.8-150500.5.66.1
* openssl-3-3.0.8-150500.5.66.1
* openssl-3-debugsource-3.0.8-150500.5.66.1
* libopenssl3-3.0.8-150500.5.66.1
* libopenssl-3-devel-3.0.8-150500.5.66.1
* libopenssl3-debuginfo-3.0.8-150500.5.66.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* openssl-3-debuginfo-3.0.8-150500.5.66.1
* openssl-3-3.0.8-150500.5.66.1
* openssl-3-debugsource-3.0.8-150500.5.66.1
* libopenssl3-3.0.8-150500.5.66.1
* libopenssl-3-devel-3.0.8-150500.5.66.1
* libopenssl3-debuginfo-3.0.8-150500.5.66.1

## References:

* https://www.suse.com/security/cve/CVE-2026-34180.html
* https://www.suse.com/security/cve/CVE-2026-42766.html
* https://www.suse.com/security/cve/CVE-2026-42770.html
* https://www.suse.com/security/cve/CVE-2026-45445.html
* https://www.suse.com/security/cve/CVE-2026-45446.html
* https://www.suse.com/security/cve/CVE-2026-45447.html
* https://www.suse.com/security/cve/CVE-2026-7383.html
* https://www.suse.com/security/cve/CVE-2026-9076.html
* https://bugzilla.suse.com/show_bug.cgi?id=1266340
* https://bugzilla.suse.com/show_bug.cgi?id=1266341
* https://bugzilla.suse.com/show_bug.cgi?id=1266342
* https://bugzilla.suse.com/show_bug.cgi?id=1266349
* https://bugzilla.suse.com/show_bug.cgi?id=1266353
* https://bugzilla.suse.com/show_bug.cgi?id=1266355
* https://bugzilla.suse.com/show_bug.cgi?id=1266356
* https://bugzilla.suse.com/show_bug.cgi?id=1266357