SUSE-SU-2026:3005-1: moderate: Security update for openssl-3
SUSE-SU-2026:3000-1: important: Security update for rootlesskit
SUSE-SU-2026:3004-1: moderate: Security update for openssl-3
SUSE-SU-2026:3001-1: important: Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2026:2997-1: important: Security update for the Linux Kernel (Live Patch 26 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:3002-1: important: Security update for the Linux Kernel (Live Patch 27 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:3009-1: important: Security update for the Linux Kernel (Live Patch 42 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2026:3008-1: important: Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:2993-1: important: Security update for the Linux Kernel (Live Patch 55 for SUSE Linux Enterprise 15 SP4)
openSUSE-SU-2026:21351-1: moderate: Security update for grafana
openSUSE-SU-2026:21342-1: important: Security update for python-soupsieve
openSUSE-SU-2026:21343-1: moderate: Security update for python-sqlparse
openSUSE-SU-2026:21339-1: moderate: Security update for python-mistune
openSUSE-SU-2026:21333-1: low: Security update for nasm
openSUSE-SU-2026:21332-1: low: Security update for patch
openSUSE-SU-2026:21331-1: low: Security update for helm
openSUSE-SU-2026:21329-1: moderate: Security update for tomcat11
openSUSE-SU-2026:21327-1: moderate: Security update for tomcat
openSUSE-SU-2026:21324-1: important: Security update for go1.25
openSUSE-SU-2026:21321-1: important: Security update for go1.26-openssl
openSUSE-SU-2026:21319-1: critical: Security update for go1.25-openssl
openSUSE-SU-2026:21317-1: important: Security update for libxml2
openSUSE-SU-2026:11271-1: moderate: python313-django-debug-toolbar-7.0.0-1.1 on GA media
SUSE-SU-2026:3022-1: important: Security update for sccache
SUSE-SU-2026:3023-1: important: Security update for ImageMagick
SUSE-SU-2026:3025-1: important: Security update for sssd
SUSE-SU-2026:3026-1: important: Security update for python-cryptography
SUSE-SU-2026:3028-1: important: Security update for dnsmasq
SUSE-SU-2026:3029-1: moderate: Security update for glibc
SUSE-SU-2026:3030-1: moderate: Security update for glibc
SUSE-SU-2026:3032-1: moderate: Security update for glib-networking
SUSE-SU-2026:3036-1: important: Security update for yelp
SUSE-SU-2026:3037-1: important: Security update for yelp
SUSE-SU-2026:3040-1: important: Security update for python-cryptography
SUSE-SU-2026:3042-1: important: Security update for gnutls
SUSE-SU-2026:3043-1: important: Security update for curl
SUSE-SU-2026:3044-1: important: Security update for the Linux Kernel
SUSE-SU-2026:3049-1: important: Security update for distribution
SUSE-SU-2026:3053-1: important: Security update for ImageMagick
SUSE-SU-2026:3058-1: important: Security update for gstreamer-plugins-bad
SUSE-SU-2026:3063-1: important: Security update for buildah
SUSE-SU-2026:3005-1: moderate: Security update for openssl-3
# Security update for openssl-3
Announcement ID: SUSE-SU-2026:3005-1
Release Date: 2026-07-15T07:26:31Z
Rating: moderate
References:
* bsc#1266344
* bsc#1266350
Cross-References:
* CVE-2026-34182
* CVE-2026-42767
CVSS scores:
* CVE-2026-34182 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34182 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-34182 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42767 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42767 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42767 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves two vulnerabilities can now be installed.
## Description:
This update for openssl-3 fixes the following issues
* CVE-2026-34182: CMS AuthEnvelopedData Processing May Accept Forged Messages
(bsc#1266344).
* CVE-2026-42767: NULL Pointer Dereference in CRMF EncryptedValue Decryption
(bsc#1266350).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-3005=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-3005=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-3005=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-3005=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-3005=1
## Package List:
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libopenssl3-debuginfo-3.0.8-150500.5.69.1
* openssl-3-3.0.8-150500.5.69.1
* openssl-3-debuginfo-3.0.8-150500.5.69.1
* openssl-3-debugsource-3.0.8-150500.5.69.1
* libopenssl3-3.0.8-150500.5.69.1
* libopenssl-3-devel-3.0.8-150500.5.69.1
* openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64)
* libopenssl3-debuginfo-3.0.8-150500.5.69.1
* openssl-3-3.0.8-150500.5.69.1
* openssl-3-debuginfo-3.0.8-150500.5.69.1
* openssl-3-debugsource-3.0.8-150500.5.69.1
* libopenssl3-3.0.8-150500.5.69.1
* libopenssl-3-devel-3.0.8-150500.5.69.1
* openSUSE Leap 15.5 (noarch)
* openssl-3-doc-3.0.8-150500.5.69.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* libopenssl3-64bit-3.0.8-150500.5.69.1
* libopenssl-3-devel-64bit-3.0.8-150500.5.69.1
* libopenssl3-64bit-debuginfo-3.0.8-150500.5.69.1
* openSUSE Leap 15.5 (x86_64)
* libopenssl3-32bit-3.0.8-150500.5.69.1
* libopenssl-3-devel-32bit-3.0.8-150500.5.69.1
* libopenssl3-32bit-debuginfo-3.0.8-150500.5.69.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libopenssl3-debuginfo-3.0.8-150500.5.69.1
* openssl-3-debuginfo-3.0.8-150500.5.69.1
* openssl-3-3.0.8-150500.5.69.1
* openssl-3-debugsource-3.0.8-150500.5.69.1
* libopenssl3-3.0.8-150500.5.69.1
* libopenssl-3-devel-3.0.8-150500.5.69.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libopenssl3-debuginfo-3.0.8-150500.5.69.1
* openssl-3-debuginfo-3.0.8-150500.5.69.1
* openssl-3-3.0.8-150500.5.69.1
* openssl-3-debugsource-3.0.8-150500.5.69.1
* libopenssl3-3.0.8-150500.5.69.1
* libopenssl-3-devel-3.0.8-150500.5.69.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libopenssl3-debuginfo-3.0.8-150500.5.69.1
* openssl-3-debuginfo-3.0.8-150500.5.69.1
* openssl-3-3.0.8-150500.5.69.1
* openssl-3-debugsource-3.0.8-150500.5.69.1
* libopenssl3-3.0.8-150500.5.69.1
* libopenssl-3-devel-3.0.8-150500.5.69.1
## References:
* https://www.suse.com/security/cve/CVE-2026-34182.html
* https://www.suse.com/security/cve/CVE-2026-42767.html
* https://bugzilla.suse.com/show_bug.cgi?id=1266344
* https://bugzilla.suse.com/show_bug.cgi?id=1266350
SUSE-SU-2026:3000-1: important: Security update for rootlesskit
# Security update for rootlesskit
Announcement ID: SUSE-SU-2026:3000-1
Release Date: 2026-07-15T05:04:34Z
Rating: important
References:
Affected Products:
* Containers Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that can now be installed.
## Description:
This update for rootlesskit rebuilds it against the current go security release.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-3000=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3000=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3000=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3000=1
## Package List:
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* rootlesskit-1.1.1-150600.3.8.1
* rootlesskit-debuginfo-1.1.1-150600.3.8.1
* Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* rootlesskit-1.1.1-150600.3.8.1
* rootlesskit-debuginfo-1.1.1-150600.3.8.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* rootlesskit-1.1.1-150600.3.8.1
* rootlesskit-debuginfo-1.1.1-150600.3.8.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* rootlesskit-1.1.1-150600.3.8.1
* rootlesskit-debuginfo-1.1.1-150600.3.8.1
SUSE-SU-2026:3004-1: moderate: Security update for openssl-3
# Security update for openssl-3
Announcement ID: SUSE-SU-2026:3004-1
Release Date: 2026-07-15T07:26:12Z
Rating: moderate
References:
* bsc#1266350
Cross-References:
* CVE-2026-42767
CVSS scores:
* CVE-2026-42767 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42767 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42767 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves one vulnerability can now be installed.
## Description:
This update for openssl-3 fixes the following issue
* CVE-2026-42767: NULL Pointer Dereference in CRMF EncryptedValue Decryption
(bsc#1266350).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3004=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3004=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3004=1
## Package List:
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libopenssl-3-devel-3.1.4-150600.5.56.1
* libopenssl-3-fips-provider-3.1.4-150600.5.56.1
* libopenssl3-debuginfo-3.1.4-150600.5.56.1
* openssl-3-debuginfo-3.1.4-150600.5.56.1
* openssl-3-3.1.4-150600.5.56.1
* libopenssl3-3.1.4-150600.5.56.1
* openssl-3-debugsource-3.1.4-150600.5.56.1
* libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.56.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64)
* libopenssl-3-fips-provider-32bit-3.1.4-150600.5.56.1
* libopenssl3-32bit-3.1.4-150600.5.56.1
* libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.56.1
* libopenssl3-32bit-debuginfo-3.1.4-150600.5.56.1
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* libopenssl-3-devel-3.1.4-150600.5.56.1
* libopenssl-3-fips-provider-3.1.4-150600.5.56.1
* libopenssl3-debuginfo-3.1.4-150600.5.56.1
* openssl-3-debuginfo-3.1.4-150600.5.56.1
* openssl-3-3.1.4-150600.5.56.1
* libopenssl3-3.1.4-150600.5.56.1
* openssl-3-debugsource-3.1.4-150600.5.56.1
* libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.56.1
* openSUSE Leap 15.6 (x86_64)
* libopenssl-3-devel-32bit-3.1.4-150600.5.56.1
* libopenssl-3-fips-provider-32bit-3.1.4-150600.5.56.1
* libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.56.1
* libopenssl3-32bit-3.1.4-150600.5.56.1
* libopenssl3-32bit-debuginfo-3.1.4-150600.5.56.1
* openSUSE Leap 15.6 (noarch)
* openssl-3-doc-3.1.4-150600.5.56.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libopenssl-3-devel-64bit-3.1.4-150600.5.56.1
* libopenssl3-64bit-3.1.4-150600.5.56.1
* libopenssl-3-fips-provider-64bit-3.1.4-150600.5.56.1
* libopenssl-3-fips-provider-64bit-debuginfo-3.1.4-150600.5.56.1
* libopenssl3-64bit-debuginfo-3.1.4-150600.5.56.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64)
* libopenssl-3-fips-provider-32bit-3.1.4-150600.5.56.1
* libopenssl3-32bit-3.1.4-150600.5.56.1
* libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.56.1
* libopenssl3-32bit-debuginfo-3.1.4-150600.5.56.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libopenssl-3-devel-3.1.4-150600.5.56.1
* libopenssl-3-fips-provider-3.1.4-150600.5.56.1
* libopenssl3-debuginfo-3.1.4-150600.5.56.1
* openssl-3-debuginfo-3.1.4-150600.5.56.1
* openssl-3-3.1.4-150600.5.56.1
* libopenssl3-3.1.4-150600.5.56.1
* openssl-3-debugsource-3.1.4-150600.5.56.1
* libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.56.1
## References:
* https://www.suse.com/security/cve/CVE-2026-42767.html
* https://bugzilla.suse.com/show_bug.cgi?id=1266350
SUSE-SU-2026:3001-1: important: Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise 15 SP5)
# Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise
15 SP5)
Announcement ID: SUSE-SU-2026:3001-1
Release Date: 2026-07-15T06:05:06Z
Rating: important
References:
* bsc#1264094
* bsc#1265117
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023
Cross-References:
* CVE-2026-31758
* CVE-2026-43366
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-52909
* CVE-2026-52943
CVSS scores:
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43366 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43366 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43366 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves eight vulnerabilities can now be installed.
## Description:
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.169 fixes
various security issues
The following security issues were fixed:
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy
on recycle (bsc#1265117).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-3001=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-3001=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_169-default-2-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_41-debugsource-2-150500.2.2
* kernel-livepatch-5_14_21-150500_55_169-default-debuginfo-2-150500.2.2
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_169-default-debuginfo-2-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_41-debugsource-2-150500.2.2
* kernel-livepatch-5_14_21-150500_55_169-default-2-150500.2.2
## References:
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43366.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1265117
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023
SUSE-SU-2026:2997-1: important: Security update for the Linux Kernel (Live Patch 26 for SUSE Linux Enterprise 15 SP6)
# Security update for the Linux Kernel (Live Patch 26 for SUSE Linux Enterprise
15 SP6)
Announcement ID: SUSE-SU-2026:2997-1
Release Date: 2026-07-15T04:04:34Z
Rating: important
References:
* bsc#1264094
* bsc#1265197
* bsc#1266015
* bsc#1266265
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023
* bsc#1269495
Cross-References:
* CVE-2026-31758
* CVE-2026-43037
* CVE-2026-43501
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-46243
* CVE-2026-52909
* CVE-2026-52943
* CVE-2026-53362
CVSS scores:
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53362 ( SUSE ): 9.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-53362 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves 11 vulnerabilities can now be installed.
## Description:
This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.112 fixes
various security issues
The following security issues were fixed:
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266015).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(CIFSwitch) (bsc#1266265).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).
* CVE-2026-53362: ipv6: account for fraggap on the paged allocation path
(bsc#1269495).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2997=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-2997=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_26-debugsource-3-150600.2.2
* kernel-livepatch-6_4_0-150600_23_112-default-3-150600.2.2
* kernel-livepatch-6_4_0-150600_23_112-default-debuginfo-3-150600.2.2
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_26-debugsource-3-150600.2.2
* kernel-livepatch-6_4_0-150600_23_112-default-3-150600.2.2
* kernel-livepatch-6_4_0-150600_23_112-default-debuginfo-3-150600.2.2
## References:
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://www.suse.com/security/cve/CVE-2026-53362.html
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1265197
* https://bugzilla.suse.com/show_bug.cgi?id=1266015
* https://bugzilla.suse.com/show_bug.cgi?id=1266265
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023
* https://bugzilla.suse.com/show_bug.cgi?id=1269495
SUSE-SU-2026:3002-1: important: Security update for the Linux Kernel (Live Patch 27 for SUSE Linux Enterprise 15 SP6)
# Security update for the Linux Kernel (Live Patch 27 for SUSE Linux Enterprise
15 SP6)
Announcement ID: SUSE-SU-2026:3002-1
Release Date: 2026-07-15T06:05:21Z
Rating: important
References:
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023
* bsc#1269495
Cross-References:
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-52909
* CVE-2026-52943
* CVE-2026-53362
CVSS scores:
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53362 ( SUSE ): 9.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-53362 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves six vulnerabilities can now be installed.
## Description:
This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.115 fixes
various security issues
The following security issues were fixed:
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).
* CVE-2026-53362: ipv6: account for fraggap on the paged allocation path
(bsc#1269495).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-3002=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3002=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_115-default-2-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_27-debugsource-2-150600.2.2
* kernel-livepatch-6_4_0-150600_23_115-default-debuginfo-2-150600.2.2
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_115-default-2-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_27-debugsource-2-150600.2.2
* kernel-livepatch-6_4_0-150600_23_115-default-debuginfo-2-150600.2.2
## References:
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://www.suse.com/security/cve/CVE-2026-53362.html
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023
* https://bugzilla.suse.com/show_bug.cgi?id=1269495
SUSE-SU-2026:3009-1: important: Security update for the Linux Kernel (Live Patch 42 for SUSE Linux Enterprise 15 SP5)
# Security update for the Linux Kernel (Live Patch 42 for SUSE Linux Enterprise
15 SP5)
Announcement ID: SUSE-SU-2026:3009-1
Release Date: 2026-07-15T07:34:15Z
Rating: important
References:
* bsc#1267723
* bsc#1268662
* bsc#1269023
Cross-References:
* CVE-2026-46173
* CVE-2026-52909
* CVE-2026-52943
CVSS scores:
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves three vulnerabilities can now be installed.
## Description:
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.172 fixes
various security issues
The following security issues were fixed:
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-3009=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-3007=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-3007=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-3009=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_56-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_225-default-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_225-default-debuginfo-2-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_56-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_225-default-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_225-default-debuginfo-2-150400.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_172-default-2-150500.2.2
* kernel-livepatch-5_14_21-150500_55_172-default-debuginfo-2-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_42-debugsource-2-150500.2.2
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_172-default-2-150500.2.2
* kernel-livepatch-5_14_21-150500_55_172-default-debuginfo-2-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_42-debugsource-2-150500.2.2
## References:
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023
SUSE-SU-2026:3008-1: important: Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise 15 SP6)
# Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise
15 SP6)
Announcement ID: SUSE-SU-2026:3008-1
Release Date: 2026-07-15T07:34:00Z
Rating: important
References:
* bsc#1267723
* bsc#1268662
* bsc#1269023
* bsc#1269495
Cross-References:
* CVE-2026-46173
* CVE-2026-52909
* CVE-2026-52943
* CVE-2026-53362
CVSS scores:
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53362 ( SUSE ): 9.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-53362 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves four vulnerabilities can now be installed.
## Description:
This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.118 fixes
various security issues
The following security issues were fixed:
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).
* CVE-2026-53362: ipv6: account for fraggap on the paged allocation path
(bsc#1269495).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3008=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-3008=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_118-default-debuginfo-2-150600.2.2
* kernel-livepatch-6_4_0-150600_23_118-default-2-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_28-debugsource-2-150600.2.2
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_118-default-2-150600.2.2
* kernel-livepatch-6_4_0-150600_23_118-default-debuginfo-2-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_28-debugsource-2-150600.2.2
## References:
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://www.suse.com/security/cve/CVE-2026-53362.html
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023
* https://bugzilla.suse.com/show_bug.cgi?id=1269495
SUSE-SU-2026:2993-1: important: Security update for the Linux Kernel (Live Patch 55 for SUSE Linux Enterprise 15 SP4)
# Security update for the Linux Kernel (Live Patch 55 for SUSE Linux Enterprise
15 SP4)
Announcement ID: SUSE-SU-2026:2993-1
Release Date: 2026-07-14T16:33:46Z
Rating: important
References:
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023
Cross-References:
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-52909
* CVE-2026-52943
CVSS scores:
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves five vulnerabilities can now be installed.
## Description:
This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.222 fixes
various security issues
The following security issues were fixed:
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2993=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2993=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_222-default-debuginfo-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_222-default-2-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_55-debugsource-2-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_222-default-debuginfo-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_222-default-2-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_55-debugsource-2-150400.2.1
## References:
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023
openSUSE-SU-2026:21351-1: moderate: Security update for grafana
openSUSE security update: security update for grafana
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21351-1
Rating: moderate
References:
* bsc#1262187
* bsc#1263272
Cross-References:
* CVE-2025-12141
* CVE-2026-21725
* CVE-2026-41607
CVSS scores:
* CVE-2025-12141 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-12141 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
* CVE-2026-21725 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L
* CVE-2026-21725 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-41607 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-41607 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 3 vulnerabilities and has 2 bug fixes can now be installed.
Description:
This update for grafana fixes the following issues:
Changes in grafana:
- Add UI web assets as additional source tarball
- Update to version 12.4.5 (jsc#PED-16512):
* Datasources: return 400 when payload UID does not match URL UID
in PUT /api/datasources/uid/:uid
- Update to version 12.4.4:
* Security and quality updates.
* Various bug fixes and enhancements.
- Update to version 12.4.3:
* Analytics: Keep internal dashboard id.
* Go: Update to 1.25.9.
* Reporting: Correctly apply appSubURL to report settings
requests.
* Alerting: Document Grafana HA Alertmanager cluster metrics
prefix change.
- Update to version 12.4.2:
* Various bug fixes and performance improvements.
* Dependency updates to core plugins and UI libraries.
- Update to version 12.4.1:
* Bug fixes and minor quality-of-life enhancements.
* Updates to data source provisioning and dashboard schemas.
- Update to version 12.4.0:
* Introduced dynamic dashboards in public preview.
* Added a new side toolbar that replaces the second top toolbar
to provide additional vertical space.
* Added the ability to create dashboards from templates using
sample data.
* Revamped the gauge visualization with rounded bars,
configurable bar thickness, and endpoint markers.
* Added support to map one variable to multiple values.
* CVE-2025-12141: Fixed information leakage in Grafana Alerting
(bsc#1262187)
- Update to version 12.3.0:
* Released a completely redesigned logs visualization.
* Added the ability to export dashboards directly as PNG images.
* Introduced an interactive learning experience within the
Grafana UI.
* Added a Switch template variable type to quickly toggle between
values in queries.
* Added functionality to style table cells using CSS properties
via the field cell option.
- Update to version 12.2.0:
* Routine feature enhancements, minor bug fixes, and security
patches.
- Update to version 12.1.0:
* Added support for Entra Workload Identity to enhance
authentication capabilities with federated credentials.
* Redesigned the alert rule list page.
* Renamed Mute Timings to Active Time Intervals in Grafana
Alerting.
* Added support for Service Account Impersonation in the BigQuery
data source.
* Introduced the Grafana Advisor in public preview.
- Update to version 12.0.0:
* BREAKING: Removed AngularJS and all deprecated UI Extensions
APIs.
* BREAKING: Enforced stricter version compatibility checks in
plugin CLI install commands.
* BREAKING: Enabled the failWrongDSUID feature flag by default,
which rejects data sources with incorrect UIDs.
* MIGRATION: Triggered a full-table rewrite for the annotation
table, which may temporarily increase disk usage.
* Introduced a new dashboard schema to replace the original
single grid layout.
- CVE-2026-41607: Fix potential information disclosure in Apache
Thrift (bsc#1263272)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-packagehub-416=1
Package List:
- openSUSE Leap 16.0:
grafana-12.4.5-bp160.1.1
References:
* https://www.suse.com/security/cve/CVE-2025-12141.html
* https://www.suse.com/security/cve/CVE-2026-21725.html
* https://www.suse.com/security/cve/CVE-2026-41607.html
openSUSE-SU-2026:21342-1: important: Security update for python-soupsieve
openSUSE security update: security update for python-soupsieve
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21342-1
Rating: important
References:
* bsc#1271187
* bsc#1271188
Cross-References:
* CVE-2026-49476
* CVE-2026-49477
CVSS scores:
* CVE-2026-49476 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-49477 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.
Description:
This update for python-soupsieve fixes the following issues
- CVE-2026-49476: Memory Exhaustion via Large Comma-Separated Selector Lists (bsc#1271187).
- CVE-2026-49477: Regular Expression Denial of Service (ReDoS) via Selector Parser (bsc#1271188).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1246=1
Package List:
- openSUSE Leap 16.0:
python313-soupsieve-2.6-160000.4.1
References:
* https://www.suse.com/security/cve/CVE-2026-49476.html
* https://www.suse.com/security/cve/CVE-2026-49477.html
openSUSE-SU-2026:21343-1: moderate: Security update for python-sqlparse
openSUSE security update: security update for python-sqlparse
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21343-1
Rating: moderate
References:
* bsc#1268597
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that has one bug fix can now be installed.
Description:
This update for python-sqlparse fixes the following issues:
Changes in python-sqlparse:
- GHSA-27jp-wm6q-gp25: Limit recursion during parsing of tuples. (bsc#1268597)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1247=1
Package List:
- openSUSE Leap 16.0:
python313-sqlparse-0.5.3-160000.3.1
openSUSE-SU-2026:21339-1: moderate: Security update for python-mistune
openSUSE security update: security update for python-mistune
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21339-1
Rating: moderate
References:
* bsc#1271082
* bsc#1271117
* bsc#1271119
* bsc#1271121
* bsc#1271125
* bsc#1271127
* bsc#1271128
* bsc#1271131
* bsc#1271132
Cross-References:
* CVE-2026-44896
* CVE-2026-59922
* CVE-2026-59923
* CVE-2026-59924
* CVE-2026-59925
* CVE-2026-59926
* CVE-2026-59927
* CVE-2026-59928
* CVE-2026-59929
* CVE-2026-59930
CVSS scores:
* CVE-2026-44896 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-44896 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-59922 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-59922 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-59923 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-59923 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-59924 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-59924 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-59925 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-59925 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-59926 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-59926 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-59927 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-59927 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-59928 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-59928 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-59929 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-59930 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 10 vulnerabilities and has 9 bug fixes can now be installed.
Description:
This update for python-mistune fixes the following issues
- CVE-2026-59922: quadratic-time parsing on long runs of some markers in `formatting.py` can lead to DoS (bsc#1271117).
- CVE-2026-59923: `HTMLRenderer.safe_url()` does not block percent-encoded javascript URIs and allows for XSS
(bsc#1271119).
- CVE-2026-59924: improper processing of user-supplied include paths in `Include.parse()` can lead to path traversal
and arbitrary file reads (bsc#1271121).
- CVE-2026-59925: quadratic-time parsing on long runs of some emphasis pairs in `inline_parser` can lead to DoS
(bsc#1271125).
- CVE-2026-59926: improper escaping in `render_admonition()` can lead to atribute injection and XSS (bsc#1271127).
- CVE-2026-59927: uncontrolled recursion when processing two markdown files that include each other can lead to a DoS
(bsc#1271128).
- CVE-2026-59928: quadratic-time parsing on long lists of repeated reference-link definitions in `block_parser` can
lead to DoS (bsc#1271131).
- CVE-2026-59929: HARMFUL_PROTOCOLS list misses legacy and chained schemes and allow arbitrary script execution in
user agents (bsc#1271132).
- CVE-2026-59930: the `toc` plugin and `TableOfContents` directive generate heading IDs with predictable values and
allow for collisions with attacker-controlled `id="toc_N"` content (bsc#1271082).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1243=1
Package List:
- openSUSE Leap 16.0:
python313-mistune-3.1.3-160000.5.1
References:
* https://www.suse.com/security/cve/CVE-2026-44896.html
* https://www.suse.com/security/cve/CVE-2026-59922.html
* https://www.suse.com/security/cve/CVE-2026-59923.html
* https://www.suse.com/security/cve/CVE-2026-59924.html
* https://www.suse.com/security/cve/CVE-2026-59925.html
* https://www.suse.com/security/cve/CVE-2026-59926.html
* https://www.suse.com/security/cve/CVE-2026-59927.html
* https://www.suse.com/security/cve/CVE-2026-59928.html
* https://www.suse.com/security/cve/CVE-2026-59929.html
* https://www.suse.com/security/cve/CVE-2026-59930.html
openSUSE-SU-2026:21333-1: low: Security update for nasm
openSUSE security update: security update for nasm
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21333-1
Rating: low
References:
* bsc#1261985
* bsc#1261986
Cross-References:
* CVE-2026-6067
* CVE-2026-6068
CVSS scores:
* CVE-2026-6067 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2026-6067 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-6068 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2026-6068 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.
Description:
This update for nasm fixes the following issues
- CVE-2026-6067: heap buffer overflow vulnerability due to a lack of bounds checking in the obj_directive() function
(bsc#1261986).
- CVE-2026-6068: heap use after free vulnerability in response file processing (bsc#1261985).
Changes for nasm:
- Update to 3.02:
* Fix build problems on C23 compilers using a pre-C23 version of
which defines bool as a macro in violation of the C23 specification.
* The immediate form of the JMPE instruction (opcode 0F B8) has been changed
to an absolute address, as in the Itanium Architecture Software Developer's
Manual, version 2.3, Volume 4, page 4:249. Hopefully this won't break
whatever virtual environments use JMPE, but it is the closest thing there
is to an official specification for this opcode.
* Being an absolute address, treat it equivalent to a FAR jump and do not
default to 64 bits in 64-bit mode.
* That JMPE has apparently been wrong all these years is probably as good of
a hint as any how much it has been actually used, but it does have the
possibility of breaking virtual environments. In that case, please file a
bug report to https://bugs.nasm.us with details about the virtual
environment, and we will figure out a suitable solution.
* Various build fixes. Fix the documentation not building on MacOS because of
the cp utility lacking -u there. Also fix not building generally due to
wrong link formatting. Another fix was a typo in compiler.h related to a
C++ check.
* Corrections to assembling encodings:
+ Fix CMP allowing LOCK which is illegal.
+ Correct multiple AVX512 instructions such as VCVTSD2SI, VCVTSD2USI,
VCVTSS2SI, VCVTSS2USI, VCVTTSD2SI, VCVTTSD2USI, VCVTTSS2SI, VCVTTSS2USI,
VGETEXPSH, VGETMANTSH, MOVDDUP, VMOVDDUP.
+ Fixed other encodings or instruction formats for instructions UWRMSR,
CMPSD, VCMPSS, V4FMADDSS, V4FNMADDSS, VCVTDQ2PH, VCVTPD2PH, VCVTPH2UDQ,
VCVTQQ2PH, VCVTUDQ2PH, VCVTUQQ2PH, VGETEXPSH, VGETMANTSH, VRCPPH,
VRSQRTPH, VCVTPH2BF8, VCVTPH2BF8S, VCVTPH2HF8, VCVTPH2HF8S.
+ Fixed typos in VP4DPWSSD mnemonic.
+ Fixed BYTE and WORD operands getting the same encoding on arithmetic
instructions such as CMP.
+ Fixed PUSH not assembling when used with a DWORD in 64-bit mode. This is
not a recommended syntax as the operand size is still 64 bits, but was
permitted by earlier versions of NASM.
+ Fix parsing of $--escaped symbols in directives (GLOBAL, STATIC, EXTERN,
REQUIRED, COMMON).
* Corrections to disassembling:
+ Shift instructions with the unity operand were getting disassembled to a
zero operand instead of one.
+ JMP, CALL and JMPE disassembled incorrectly with the register operands.
* Whole bunch of minor fixes to operand sizes, operand size prefixes. Changes
mostly return the behavior known from 2.16.03.
* MOV [mem], label would be accepted without size specifiers which could
cause unintended consequences. Raise an error if no size was specified and
one of the operands is a memory reference and another operands is a label.
* JMP NEAR is now the same as JMP STRICT NEAR as the STRICT is redundant
here. JMP WORD on the other hand is up for optimization as NEAR and WORD
relate to different things -- jump lengths and operation sizes respectively.
* Using redundant (or not) but valid operands size prefixes was fixed on
instructions such as IRET, PUSHF, POPF, PUSH and POP.
* Using an operand size prefix on a JMP or CALL instruction could generate an
invalid instruction. This appears to have been a long-standing bug.
Specifying the operand size by specifying the size of the immediate
explicitly (e.g. JMP DWORD label) has always worked correctly, however.
* Add support for C2y-style \o escape sequences, braced escape sequences, and
as NASM extensions, decimal escape sequences (\d) and control-character
escape sequences (\^). See section 3.4.2.
* Fix generation of the short opcodes for ADD, OR, ADC, SBB, AND, SUB, XOR, and CMP AL,imm8.
* Fix truncation of the generated constant to 63 bits when invoking a
single-line macro when an argument is defined as =/b or =/ub.
* Add an %env() preprocessor function as a more robust and flexible
alternative to the %! construct. See section 5.5.7.
* The maximum number of multi-line macro parameters is now a configurable
limit. See section 2.1.32.
* The --limit- options and %pragma limit now accept the keywords default,
maximum, and reset. See section 2.1.32.
* Fix parsing of seg:offs--style FAR pointers in EQU.
* Fix the %clear preprocessor directive hanging when given parameters.
* The never properly implemented (or documented) preprocessor directives
%rmacro and %irmacro are now properly disabled; to avoid breaking existing
code, they fall back to %macro and %imacro with a suitable warning.
Programmers should not rely on this behavior: in the future, these
directives might actually be (properly) implemented.
* New listing option -Lc to include the contents of INCBIN files, see section 2.1.4.
* New listing option -Lt to include the output from every iteration of TIMES
and ALIGN directives, see section 2.1.4.
* The %pragma list options directive now support resetting options to their
command-line default, see section 2.1.4.
* New predefined macros __?LIST_OPTIONS?__ and __?LIST_OPTIONS_DEFAULT?__ to
query the active and command-line default listing options. See section 2.1.4.
- Update to 3.01:
* A new obj2 version of the obj output format, intended for use on OS/2. See section 9.5.
* The condition after %if or %elif would be evaluated while output is suppressed
after %exitrep or %exitmacro. Although no output would be generated in either case,
assembly would fail if evaluating the expression triggered an error.
* Fix encoding of TCVTROWPS2PHL, correct multiple AVX512-BF16 instructions' operand
formats and typoed mnemonics.
* The unofficial but obvious alternate form TEST reg,mem was not accepted by NASM 3.00;
corrected.
* For the obj output format, multiple GROUP directives can now be specified for the same
group; the resulting group includes all sections specified in all GROUP directives for
the group.
* A new %selbits() preprocessor function. See section 5.4.19.
* A new --bits option as convenience shorthand for --before "BITS ...". See section 2.1.31.
* The options and pragmas for configuring external label mangling were inconsistent, the
former using the spelling postfix and the latter suffix. Furthermore, these were also
documented as directives in addition to pragmas. Implement the already documented
directives (bracketed forms only) and allow both postfix and suffix in all cases.
See section 2.1.28 and section 8.10.
* Define additional permissive patterns and fix several opcode bugs.
* Fix parsing of two-operand forms of x87 instructions.
* Fix bogus "absolute address can not be RIP-relative" warning.
* Hopefully fix building with OpenWatcom.
* Generate a warning, promoted to error by default, on the use of o64 prefixes in
16- or 32-bit mode. If demoted to a warning or suppressed the prefix is ignored, but
likely will trigger subsequent, harder to debug, error messages.
* More consistent handling of jump and call instructions with specified operand sizes.
* Fix an operand size handling bug in the CMPXCHG instruction.
- Update to 3.00:
* Improve the documentation for building from source (appendix D).
* Add support for the APX and AVX10 instruction sets, and various miscellaneous new instructions.
* Add new preprocessor functions: %b2hs(), %chr(), %depend(), %find(),
%findi(), %hs2b(), %null(), %ord(), %pathsearch(), and %realpath(). See section 5.4.
* New preprocessor directive %note to insert a note in the list file,
without issuing an external diagnosic. Unlike a comment, it is optionally
macro-expanded, see section 5.11.
* New preprocessor directive %iffile (and corresponding function %isfile()) to
test for the existence of a file. See section 5.6.12.
* New preprocessor directive %ifdirective to test for the existence of a
preprocessor directive, assembly directive, or pseudo-instruction; see section 5.6.10.
* Fix a number of invalid memory references (usually causing crashes) on various invalid inputs.
* Fix multiple bugs in the handling of $--escaped symbols.
* The use of $ as a prefix for hexadecimal numbers has been deprecated,
and will now issue a warning. A new directive [DOLLARHEX] can be used to disable
this syntax entirely, see section 8.12.
* Fix the generation of segment selector references (mainly used in the obj output format.)
* Fix crash in the obj backend when code was emitted into the default segment,
without any labels having been defined.
* Clean up the command-line help text (-h) and break it down into individual
topics, as the previous output was just too verbose to be practical as a quick reference.
* The implicit DEFAULT ABS in 64-bit mode is deprecated and may be changed to REL
in the future. See section 8.2. A warning is now emitted for this condition.
* It is now possible to set the REL/ABS default for memory accesses using FS: or GS:,
see section 8.2.
* The __?DEFAULT?__ standard macro now reflects the settings of the DEFAULT directive.
See section 6.4.
* The NASM preprocessor now assumes that an unknown directive starting with %if or %elif
is a misspelled or not yet implemented conditional directive, and tries to match it
with a corresponding %endif. See section 5.6.14.
* The masm macro package now defines a macro for x87 register syntax. See section 7.5.
* A new macro package, vtern, to simplify generation of the control immediates for
the VPTERNLOGD and VPTERNLOGQ instructions. See section 7.6.
* A new command line option -LF allows overriding [LIST -] directives.
* In the obj output format, allow a segment in the FLAT pseudo-group to also belong to
another (real) group. Used on OS/2.
* Add a new build_version directive to the Mach-O backend. See section 9.8.6.
* Fix a spec violation in the generation of DWARF debugging information on ELF.
* Response files can now be nested.
* Many documentation improvements.
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1237=1
Package List:
- openSUSE Leap 16.0:
nasm-3.02-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2026-6067.html
* https://www.suse.com/security/cve/CVE-2026-6068.html
openSUSE-SU-2026:21332-1: low: Security update for patch
openSUSE security update: security update for patch
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21332-1
Rating: low
References:
* bsc#1271166
* bsc#1271167
Cross-References:
* CVE-2026-56288
* CVE-2026-56289
CVSS scores:
* CVE-2026-56288 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-56288 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-56289 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-56289 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.
Description:
This update for patch fixes the following issues
- CVE-2026-56288: crafted unified-diff patch file can cause null pointer derefence (bsc#1271167).
- CVE-2026-56289: improper validation of hunk line offsets can lead to denial of service (bsc#1271166).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1236=1
Package List:
- openSUSE Leap 16.0:
patch-2.7.6-160000.4.1
References:
* https://www.suse.com/security/cve/CVE-2026-56288.html
* https://www.suse.com/security/cve/CVE-2026-56289.html
openSUSE-SU-2026:21331-1: low: Security update for helm
openSUSE security update: security update for helm
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21331-1
Rating: low
References:
* bsc#1270127
Cross-References:
* CVE-2026-48978
CVSS scores:
* CVE-2026-48978 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-48978 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves one vulnerability and has one bug fix can now be installed.
Description:
This update for helm fixes the following issue
- CVE-2026-48978: oras.land/oras-go/v2/registry/remote/auth: malicious registry can hijack Bearer token realm to
exfiltrate credentials and refresh tokens (bsc#1270127).
Changes for helm:
- Update to version 3.21.2.
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1235=1
Package List:
- openSUSE Leap 16.0:
helm-3.21.2-160000.2.1
helm-bash-completion-3.21.2-160000.2.1
helm-fish-completion-3.21.2-160000.2.1
helm-zsh-completion-3.21.2-160000.2.1
References:
* https://www.suse.com/security/cve/CVE-2026-48978.html
openSUSE-SU-2026:21329-1: moderate: Security update for tomcat11
openSUSE security update: security update for tomcat11
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21329-1
Rating: moderate
References:
* bsc#1232390
* bsc#1269791
* bsc#1269824
* bsc#1269907
* bsc#1269908
* bsc#1269909
* bsc#1269910
Cross-References:
* CVE-2026-50229
* CVE-2026-53404
* CVE-2026-53434
* CVE-2026-55276
* CVE-2026-55955
* CVE-2026-55956
CVSS scores:
* CVE-2026-50229 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-50229 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-53404 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-53404 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-53434 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-53434 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-55276 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-55276 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-55955 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-55955 ( SUSE ): 2.3 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-55956 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-55956 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 6 vulnerabilities and has 7 bug fixes can now be installed.
Description:
This update for tomcat11 fixes the following issues
Update to Tomcat 11.0.23.
Security issues fixed:
- CVE-2026-50229: improper neutralization of script-related HTML tags in the number guess example (bsc#1269791).
- CVE-2026-53404: always-incorrect control flow implementation in the rewrite valve caused non-OR conditions to be
skipped if the first condition in an OR chain matched (bsc#1269910).
- CVE-2026-53434: error condition not handled when configuring CRLs for a FFM based connector (bsc#1269824).
- CVE-2026-55276: always-incorrect control flow implementation caused special roles and empty authorization constraints
to not be included when the effective web.xml was logged (bsc#1269909).
- CVE-2026-55955: improper authentication allows a replay attack against the EncryptionInterceptor in the cluster
component (bsc#1269908).
- CVE-2026-55956: improper authorization leads to security constraints specified for the default servlet ignoring any
method or method omission configured as part of the constraint (bsc#1269907).
Other updates and bugfixes:
- Upgrade libtcnative to v2 (bsc#1232390)
- Tomcat 11.0.23:
* Catalina
+ Add: Add support for literal '%' characters in access log output. Based on
pull request #1002 by Fabian Hahn. (markt)
+ Fix: Lower the log level to debug when OpenSSL initialization fails in
OpenSSLLifecycleListener to avoid stack traces when libssl.so is not
present and to align the behavior of the isAvailable() check with the
AprLifecycleListener and gracefully fail when natives are not present.
(csutherl)
+ Fix: 70038: Cookie.clone() should also clone the internal attribute map.
(markt)
+ Code: Remove unnecessary code from the SSI processing engine that was
duplicating some of the normalisation checks. (markt)
+ Fix: Cleaner handling of invalid SPNEGO tokens. (remm)
+ Fix: Avoid some NPEs in the Connector class on an uninitialize protocol.
(remm)
+ Fix: Incorrect session average life calculation. (remm)
+ Fix: Improve robustness on using Pipeline.setBasic on a running pipeline.
(remm)
+ Fix: Avoid any init parameter updates when conflicts are found for
filters, similar to what is done for servlets, as required by the servlet
specification. (remm)
+ Fix: Fix container event cleanups in some edge cases. (remm)
+ Fix: Check for last-modified header in ExpiresFilter when a servlet uses
addDateHeader to avoid wrongly considering it has been set. (remm)
+ Fix: Fix hour unit used by ExpiresFilter. (remm)
+ Fix: Remove exception swallowing in DataSourceStore to align it with
FileStore and avoid session loss on errors. (remm)
+ Fix: Add support for single-quote escaped literal as well as quoted
literals in DateFormatCache. (schultz)
+ Fix: On JAAS logout, clear out role principals on the subject that were
added on commit, as recommended by the JAAS specification. (remm)
+ Fix: MemoryRealm should not add a dummy role when none is specified in the
configuration. (remm)
+ Fix: DataSourceUserDatabase should return a null principal on a non
existing user. (remm)
+ Fix: Fix shared lock expiration in WebDAV. (remm)
+ Fix: Inaccurate session exipration statistics when using the persistent
manager. (remm)
+ Fix: Skip BOM when serving files with UTF-32 encoding. (remm)
+ Fix: Mixup of WrapperListener and WrapperLifecycle elements in
storeconfig. (remm)
+ Fix: Incorrect processing of modified users in DataSourceUserDatabase.
(remm)
+ Update: Clarify behavior in the UserDatabase for user, role and group
creation that it does not immediately override existing elements. Removal
(or update) needs to be used instead. (remm)
+ Fix: 70049: Align the web application class loader with parent class
loaders and swallow any errors caused by invalid paths when looking up
resources and behave as if the resources were not found in that case.
(markt)
+ Fix: Improve validation of Range and Content-Range parsers so invalid
ranges trigger a 4xx response rather than a 500 response. Pull request
#1012 provided by Sahana Surendra Bogar. (markt)
+ Fix: Fix connection leak in ProxyErrorReportValve. (remm)
+ Fix: When using the RewriteValve, %{SSL:HTTPS} now returns on or off
rather than true or false to align with httpd. (markt)
+ Fix: Reset the encoding used for query string parameters between requests
in case an application changed the encoding in a previous request. (markt)
+ Fix: When encoding URLs with the CsrfPreventionFilter, don't add the nonce
to URLs that are known not to require it. (markt)
+ Fix: Fix SSO cookie partitioned configuration. (remm)
+ Fix: Fix CombinedRealm isAvailable, it allows authentication if at least
one sub realm is available. (remm)
+ Fix: 70048: Correctly handle asynchronous requests in PersistentValve.
(markt)
+ Fix: Improve the detection of cross-context dispatches when using a
RequestDispatcher. (markt)
+ Fix: Fix various instances of double decoding of URL patterns configured
either programmatically or in web.xml. (remm/markt)
+ Fix: Align the rewrite conditions ornext flag processing with mod_rewrite,
which follows a purely sequential evaluation strategy. (remm)
+ Fix: Update default web.xml version to match supported Servlet
specification version. (markt)
+ Fix: Change the default for the useRedirect attribute of the
ProxyErrorReportValve from true to false. (markt)
+ Add: Add support for the showReport attribute in JsonErrorReportValve and
ProxyErrorReportValve. When set to false, detailed error information
(message, description, stack trace) is suppressed from error responses.
(dsoumis)
+ Fix: Avoid a NoClassDefFoundError at startup when catalina-tribes.jar is
removed but catalina-ha.jar is present and the Cluster element is enabled
in server.xml. Cluster digester rules are now fully conditional on both
JARs being available. (dsoumis)
+ Fix: Fix a potential deadlock when copying resources using WebDAV. (markt)
+ Fix: Add jakarta., org.apache.catalina. and org.apache.tomcat.to the list
of reserved prefixes for SSI variables and request attributes. (markt)
+ Fix: Missing URL decoding when processing addMapping on a Servlet
registration. (remm)
+ Fix: The Timeout WebDAV header allows comma separated values (according to
the examples in the RFC). Use the first acceptable value. (remm)
+ Fix: Fix various issues when logging the effective web.xml for a web
application. Empty sections are no longer logged. Special roles and empty
authorisation constraints are included. All session cookie attributes are
included. (markt)
+ Fix: Expand the write lock for the save process in the MemoryUserDatabase
to avoid concurrency issues with the file save operations. (markt)
+ Fix: Ensure atomic session persistence in FileStore. Based on pull request
#1016 by sahvx655-wq. (markt)
+ Fix: Do not ignore methods configured on security constraints that map to
the default servlet. (markt)
* Cluster
+ Fix: Expand wording and increase visibility of log message when cloud
membership is configured without a trust store as all certificates will be
trusted in this configuration. (markt)
+ Fix: Ensure listeners are correctly added and removed when configuring the
channel coordinator. (markt)
+ Fix: Fix some concurrency issues in FragmentationInterceptor. (markt)
+ Fix: Fix some concurrency issues in OrderInterceptor. (markt)
+ Fix: Fix some concurrency issues in TwoPhaseCommitInterceptor. (markt)
+ Fix: Fix concurrency issues generating MD5 digests in the
CloudMembershipProvider implementations. (markt)
+ Add: Add replay protection to the EncryptInterceptor. This us a breaking
change for the EncryptInterceptor.(markt)
* Coyote
+ Add: Log a suitable warning if an encrypted PEM file is detected using an
insecure form for encryption. (markt)
+ Fix: If TLS groups have been configured, use the configured groups rather
than using OpenSSL's default TLS groups when using Tomcat Native with
OpenSSL based connectors. (markt)
+ Fix: For HTTP/2, ensure that any in progress request body reads are
cancelled if the container resets the associated stream. This prevents
delays waiting for reads to time out when it is known that no more data
will be received. (markt)
+ Fix: Ensure that malformed HTTP/2 messages that should trigger a stream
reset do so, rather than triggered a connection close. (markt)
+ Fix: Improve enforcement of header trailer allow list for HTTP/2. (remm)
+ Fix: 70050: Avoid NPE when no header frame is processed in HTTP/2,
following refactor clean-up of header buffer. (remm)
+ Fix: Properly use pollerThreadPriority for the NIO poller thread. (remm)
+ Fix: Fix MessageByte.equals if called on a null MB. (remm)
+ Fix: Call the delegate key manager in JSSE to retrieve the server key.
(remm)
+ Fix: Avoid overflow scenarios in Asn1Parser. (remm)
+ Fix: 70091: Add a new attribute, allowSchemeMismatch to Http2Protocol that
allows the consistency check for the scheme provided by the user agent to
be bypassed. (markt)
+ Fix: isTrailerFieldsReady was always returning true. (remm)
+ Fix: Align OpenSSL/Panama TLS implementation with other implementations
and throw an exception if there is an error loading the provided CRL(s).
(markt)
+ Fix: Parsing of OpenSSL format cipher expressions incorrectly stopped if
@STRENGTH was encountered, ignoring any subsequent expressions. (markt)
+ Fix: Handle the case where the HTTP/2 payload length is insufficient for
the mandatory data required by the flags set in the header. (markt)
+ Fix: 70102: Correct expected size of ticket keys when calling
setSessionTicketKeys with an FFM connector. (markt)
+ Fix: 69988: Fix post handshake authentication for TLS 1.3. It was broken
by a breaking change in OpenSSL between 1.1.1 and 3.0.0. (markt)
+ Fix: When processing an OpenSSL cipher specification, fully align the
order of the resulting ciphers with the order produced by OpenSSL. (markt)
+ Add: Add support for Brainpool TLS groups. Patch provided by YStankov.
(schultz)
+ Update: Update both the minimum and recommended version for Tomcat Native
2.x to 2.0.15. (markt)
+ Update: Update the minimum version for Tomcat Native 1.x to 1.3.8. (markt)
* Jasper
+ Fix: Fix possible EL argument mismatch when it was set to null. (remm)
+ Fix: Fix thread safety of TagPluginManager. (remm)
+ Fix: Correctly use flush on JSP include. (remm)
* Web applications
+ Add: Manager: Add checks to ensure that any uploaded files are uploaded to
the expected location. (markt)
+ Add: Manager: Add checks to ensure that the requested context path for a
deployed WAR, directory or descriptor file is valid. (markt)
+ Add: Documentation: Expand the description of some of the attributes of
the CrawlerSessionManagerValve. (markt)
+ Fix: Documentation: Clearer description and correct documented default for
ocspSoftFail. (markt)
+ Fix: Fix double escaping in the context names for the JSON mode of the
manager servlet. (remm)
+ Fix: Manager: Ensure automatic deployment does not trigger an undeployment
during a Manager triggered web application reload. (markt)
+ Fix: Documentation: Provide better documentation for the scheme and secure
attributes of a Connector. (markt)
* Websocket
+ Fix: Incorrect Future.isDone() return by AsyncChannelWrapperSecure. (remm)
+ Fix: Trigger standard WebSocket error handling if a call to
Endpoint.onOpen() fails for a programmatic endpoint. (markt)
+ Fix: 70110: Fix memory leak if a call to Endpoint.onOpen() fails for a
programmatic endpoint. Test case provided by uabdur. (markt)
+ Fix: If a client presents invalid parameters when negotiating a WebSocket
extension, decline the negotiation offer that includes the invalid
parameters rather than failing the connection. Pull request #1019 provided
by sahvx655-wq. (markt)
* Other
+ Fix: Use per connection authenticator when executing an Ant task.
(remm/markt)
+ Update: Update Commons Daemon to 1.6.1. (markt)
+ Fix: Prevent duplicate log messages when clustering JARs are not present
on startup. (csutherl)
+ Update: Improvements to French translations. (remm)
+ Update: Improvements to Japanese translations provided by tak7iji. (markt)
+ Update: Update the packaged version of the Tomcat Migration Tool for
Jakarta EE to 1.0.12. (markt)
+ Update: Update Tomcat Native to 2.0.15. (markt)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1233=1
Package List:
- openSUSE Leap 16.0:
tomcat11-11.0.23-160000.1.1
tomcat11-admin-webapps-11.0.23-160000.1.1
tomcat11-doc-11.0.23-160000.1.1
tomcat11-docs-webapp-11.0.23-160000.1.1
tomcat11-el-6_0-api-11.0.23-160000.1.1
tomcat11-embed-11.0.23-160000.1.1
tomcat11-jsp-4_0-api-11.0.23-160000.1.1
tomcat11-jsvc-11.0.23-160000.1.1
tomcat11-lib-11.0.23-160000.1.1
tomcat11-servlet-6_1-api-11.0.23-160000.1.1
tomcat11-webapps-11.0.23-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2026-50229.html
* https://www.suse.com/security/cve/CVE-2026-53404.html
* https://www.suse.com/security/cve/CVE-2026-53434.html
* https://www.suse.com/security/cve/CVE-2026-55276.html
* https://www.suse.com/security/cve/CVE-2026-55955.html
* https://www.suse.com/security/cve/CVE-2026-55956.html
openSUSE-SU-2026:21327-1: moderate: Security update for tomcat
openSUSE security update: security update for tomcat
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21327-1
Rating: moderate
References:
* bsc#1269791
* bsc#1269824
* bsc#1269907
* bsc#1269908
* bsc#1269909
* bsc#1269910
Cross-References:
* CVE-2026-50229
* CVE-2026-53404
* CVE-2026-53434
* CVE-2026-55276
* CVE-2026-55955
* CVE-2026-55956
CVSS scores:
* CVE-2026-50229 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-50229 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-53404 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-53404 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-53434 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-53434 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-55276 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-55276 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-55955 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-55955 ( SUSE ): 2.3 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-55956 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-55956 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 6 vulnerabilities and has 6 bug fixes can now be installed.
Description:
This update for tomcat fixes the following issues
Update to Tomcat 9.0.119.
Security issues fixed:
- CVE-2026-50229: improper neutralization of script-related HTML tags in the number guess example (bsc#1269791).
- CVE-2026-53404: always-incorrect control flow implementation in the rewrite valve caused non-OR conditions to be
skipped if the first condition in an OR chain matched (bsc#1269910).
- CVE-2026-53434: error condition not handled when configuring CRLs for a FFM based connector (bsc#1269824).
- CVE-2026-55276: always-incorrect control flow implementation caused special roles and empty authorization constraints
to not be included when the effective web.xml was logged (bsc#1269909).
- CVE-2026-55955: improper authentication allows a replay attack against the EncryptionInterceptor in the cluster
component (bsc#1269908).
- CVE-2026-55956: improper authorization leads to security constraints specified for the default servlet ignoring any
method or method omission configured as part of the constraint (bsc#1269907).
Other updates and bugfixes:
- Tomcat 9.0.119:
* Catalina
+ Add: Add support for literal '%' characters in access log output. Based on
pull request #1002 by Fabian Hahn. (markt)
+ Fix: Prevent duplicate log messages when clustering JARs are not present
on startup. (csutherl)
+ Code: Remove unnecessary code from the SSI processing engine that was
duplicating some of the normalisation checks. (markt)
+ Fix: Cleaner handling of invalid SPNEGO tokens. (remm)
+ Fix: Avoid some NPEs in the Connector class on an uninitialize protocol.
(remm)
+ Fix: Incorrect session average life calculation. (remm)
+ Fix: Improve robustness on using Pipeline.setBasic on a running pipeline.
(remm)
+ Fix: Avoid any init parameter updates when conflicts are found for
filters, similar to what is done for servlets, as required by the servlet
specification. (remm)
+ Fix: Fix container event cleanups in some edge cases. (remm)
+ Fix: Check for last-modified header in ExpiresFilter when a servlet uses
addDateHeader to avoid wrongly considering it has been set. (remm)
+ Fix: Fix hour unit used by ExpiresFilter. (remm)
+ Fix: Remove exception swallowing in DataSourceStore to align it with
FileStore and avoid session loss on errors. (remm)
+ Fix: Add support for single-quote escaped literal as well as quoted
literals in DateFormatCache. (schultz)
+ Fix: On JAAS logout, clear out role principals on the subject that were
added on commit, as recommended by the JAAS specification. (remm)
+ Fix: MemoryRealm should not add a dummy role when none is specified in the
configuration. (remm)
+ Fix: DataSourceUserDatabase should return a null principal on a non
existing user. (remm)
+ Fix: Fix shared lock expiration in WebDAV. (remm)
+ Fix: Inaccurate session exipration statistics when using the persistent
manager. (remm)
+ Fix: Skip BOM when serving files with UTF-32 encoding. (remm)
+ Fix: Mixup of WrapperListener and WrapperLifecycle elements in
storeconfig. (remm)
+ Fix: Incorrect processing of modified users in DataSourceUserDatabase.
(remm)
+ Update: Clarify behavior in the UserDatabase for user, role and group
creation that it does not immediately override existing elements. Removal
(or update) needs to be used instead. (remm)
+ Fix: 70049: Align the web application class loader with parent class
loaders and swallow any errors caused by invalid paths when looking up
resources and behave as if the resources were not found in that case.
(markt)
+ Fix: Improve validation of Range and Content-Range parsers so invalid
ranges trigger a 4xx response rather than a 500 response. Pull request
#1012 provided by Sahana Surendra Bogar. (markt)
+ Fix: Fix connection leak in ProxyErrorReportValve. (remm)
+ Fix: When using the RewriteValve, %{SSL:HTTPS} now returns on or off
rather than true or false to align with httpd. (markt)
+ Fix: Reset the encoding used for query string parameters between requests
in case an application changed the encoding in a previous request. (markt)
+ Fix: When encoding URLs with the CsrfPreventionFilter, don't add the nonce
to URLs that are known not to require it. (markt)
+ Fix: Fix CombinedRealm isAvailable, it allows authentication if at least
one sub realm is available. (remm)
+ Fix: 70048: Correctly handle asynchronous requests in PersistentValve.
(markt)
+ Fix: Improve the detection of cross-context dispatches when using a
RequestDispatcher. (markt)
+ Fix: Fix various instances of double decoding of URL patterns configured
either programmatically or in web.xml. (remm/markt)
+ Fix: Align the rewrite conditions ornext flag processing with mod_rewrite,
which follows a purely sequential evaluation strategy. (remm)
+ Fix: Change the default for the useRedirect attribute of the
ProxyErrorReportValve from true to false. (markt)
+ Add: Add support for the showReport attribute in JsonErrorReportValve and
ProxyErrorReportValve. When set to false, detailed error information
(message, description, stack trace) is suppressed from error responses.
(dsoumis)
+ Fix: Avoid a NoClassDefFoundError at startup when catalina-tribes.jar is
removed but catalina-ha.jar is present and the Cluster element is enabled
in server.xml. Cluster digester rules are now fully conditional on both
JARs being available. (dsoumis)
+ Fix: Fix a potential deadlock when copying resources using WebDAV. (markt)
+ Fix: Add jakarta., org.apache.catalina. and org.apache.tomcat.to the list
of reserved prefixes for SSI variables and request attributes. (markt)
+ Fix: Missing URL decoding when processing addMapping on a Servlet
registration. (remm)
+ Fix: The Timeout WebDAV header allows comma separated values (according to
the examples in the RFC). Use the first acceptable value. (remm)
+ Fix: Fix various issues when logging the effective web.xml for a web
application. Empty sections are no longer logged. Special roles and empty
authorisation constraints are included. (markt)
+ Fix: Expand the write lock for the save process in the MemoryUserDatabase
to avoid concurrency issues with the file save operations. (markt)
+ Fix: Ensure atomic session persistence in FileStore. Based on pull request
#1016 by sahvx655-wq. (markt)
+ Fix: Do not ignore methods configured on security constraints that map to
the default servlet. (markt)
* Cluster
+ Fix: Expand wording and increase visibility of log message when cloud
membership is configured without a trust store as all certificates will be
trusted in this configuration. (markt)
+ Fix: Ensure listeners are correctly added and removed when configuring the
channel coordinator. (markt)
+ Fix: Fix some concurrency issues in FragmentationInterceptor. (markt)
+ Fix: Fix some concurrency issues in OrderInterceptor. (markt)
+ Fix: Fix some concurrency issues in TwoPhaseCommitInterceptor. (markt)
+ Fix: Fix concurrency issues generating MD5 digests in the
CloudMembershipProvider implementations. (markt)
+ Add: Add replay protection to the EncryptInterceptor. This is a breaking
change for the EncryptInterceptor. (markt)
* Coyote
+ Add: Log a suitable warning if an encrypted PEM file is detected using an
insecure form for encryption. (markt)
+ Fix: If TLS groups have been configured, use the configured groups rather
than using OpenSSL's default TLS groups when using Tomcat Native with
OpenSSL based connectors. (markt)
+ Fix: For HTTP/2, ensure that any in progress request body reads are
cancelled if the container resets the associated stream. This prevents
delays waiting for reads to time out when it is known that no more data
will be received. (markt)
+ Fix: Ensure that malformed HTTP/2 messages that should trigger a stream
reset do so, rather than triggered a connection close. (markt)
+ Fix: Improve enforcement of header trailer allow list for HTTP/2. (remm)
+ Fix: 70050: Avoid NPE when no header frame is processed in HTTP/2,
following refactor clean-up of header buffer. (remm)
+ Fix: Properly use pollerThreadPriority for the NIO poller thread. (remm)
+ Fix: Fix MessageByte.equals if called on a null MB. (remm)
+ Fix: Call the delegate key manager in JSSE to retrieve the server key.
(remm)
+ Fix: Avoid overflow scenarios in Asn1Parser. (remm)
+ Fix: 70091: Add a new attribute, allowSchemeMismatch to Http2Protocol that
allows the consistency check for the scheme provided by the user agent to
be bypassed. (markt)
+ Fix: isTrailerFieldsReady was always returning true. (remm)
+ Fix: Align OpenSSL/Panama TLS implementation with other implementations
and throw an exception if there is an error loading the provided CRL(s).
(markt)
+ Fix: Parsing of OpenSSL format cipher expressions incorrectly stopped if
@STRENGTH was encountered, ignoring any subsequent expressions. (markt)
+ Fix: Handle the case where the HTTP/2 payload length is insufficient for
the mandatory data required by the flags set in the header. (markt)
+ Fix: 70102: Correct expected size of ticket keys when calling
setSessionTicketKeys with an FFM connector. (markt)
+ Fix: 69988: Fix post handshake authentication for TLS 1.3. It was broken
by a breaking change in OpenSSL between 1.1.1 and 3.0.0. (markt)
+ Fix: When processing an OpenSSL cipher specification, fully align the
order of the resulting ciphers with the order produced by OpenSSL. (markt)
+ Add: Add support for Brainpool TLS groups. Patch provided by YStankov.
(schultz)
+ Update: Update both the minimum and recommended version for Tomcat Native
1.x to 1.3.8. (markt)
* Jasper
+ Fix: Fix possible EL argument mismatch when it was set to null. (remm)
+ Fix: Fix thread safety of TagPluginManager. (remm)
+ Fix: Correctly use flush on JSP include. (remm)
* Web applications
+ Add: Manager: Add checks to ensure that any uploaded files are uploaded to
the expected location. (markt)
+ Add: Manager: Add checks to ensure that the requested context path for a
deployed WAR, directory or descriptor file is valid. (markt)
+ Add: Documentation: Expand the description of some of the attributes of
the CrawlerSessionManagerValve. (markt)
+ Fix: Documentation: Clearer description and correct documented default for
ocspSoftFail. (markt)
+ Fix: Fix double escaping in the context names for the JSON mode of the
manager servlet. (remm)
+ Fix: Manager: Ensure automatic deployment does not trigger an undeployment
during a Manager triggered web application reload. (markt)
+ Fix: Documentation: Provide better documentation for the scheme and secure
attributes of a Connector. (markt)
* Websocket
+ Fix: Incorrect Future.isDone() return by AsyncChannelWrapperSecure. (remm)
+ Fix: Trigger standard WebSocket error handling if a call to
Endpoint.onOpen() fails for a programmatic endpoint. (markt)
+ Fix: 70110: Fix memory leak if a call to Endpoint.onOpen() fails for a
programmatic endpoint. Test case provided by uabdur. (markt)
+ Fix: If a client presents invalid parameters when negotiating a WebSocket
extension, decline the negotiation offer that includes the invalid
parameters rather than failing the connection. Pull request #1019 provided
by sahvx655-wq. (markt)
* Other
+ Fix: Wrong references to jakarta instead of javax. (remm)
+ Fix: Restore default authenticator to nullafter executing an Ant task.
(remm)
+ Update: Update Commons Daemon to 1.6.1. (markt)
+ Update: Improvements to French translations. (remm)
+ Update: Improvements to Japanese translations provided by tak7iji. (markt)
+ Update: Update Tomcat Native to 1.3.8. (markt)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1231=1
Package List:
- openSUSE Leap 16.0:
tomcat-9.0.119-160000.1.1
tomcat-admin-webapps-9.0.119-160000.1.1
tomcat-docs-webapp-9.0.119-160000.1.1
tomcat-el-3_0-api-9.0.119-160000.1.1
tomcat-embed-9.0.119-160000.1.1
tomcat-javadoc-9.0.119-160000.1.1
tomcat-jsp-2_3-api-9.0.119-160000.1.1
tomcat-jsvc-9.0.119-160000.1.1
tomcat-lib-9.0.119-160000.1.1
tomcat-servlet-4_0-api-9.0.119-160000.1.1
tomcat-webapps-9.0.119-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2026-50229.html
* https://www.suse.com/security/cve/CVE-2026-53404.html
* https://www.suse.com/security/cve/CVE-2026-53434.html
* https://www.suse.com/security/cve/CVE-2026-55276.html
* https://www.suse.com/security/cve/CVE-2026-55955.html
* https://www.suse.com/security/cve/CVE-2026-55956.html
openSUSE-SU-2026:21324-1: important: Security update for go1.25
openSUSE security update: security update for go1.25
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21324-1
Rating: important
References:
* bsc#1244485
* bsc#1245878
* bsc#1259264
* bsc#1259265
* bsc#1259268
* bsc#1264394
* bsc#1271014
* bsc#1271015
Cross-References:
* CVE-2026-25679
* CVE-2026-27139
* CVE-2026-27142
* CVE-2026-39822
* CVE-2026-42505
CVSS scores:
* CVE-2026-25679 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2026-25679 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-27139 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-27139 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-27142 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-27142 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39822 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-42505 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 5 vulnerabilities and has 8 bug fixes can now be installed.
Description:
This update for go1.25 fixes the following issues
- Update to version go1.25.12 (bsc#1244485).
- CVE-2026-25679: net/url: reject IPv6 literal not at start of host (bsc#1259264).
- CVE-2026-27139: os: FileInfo can escape from a Root (bsc#1259268).
- CVE-2026-27142: html/template: URLs in meta content attribute actions are not escaped (bsc#1259265).
- CVE-2026-39822: os: Root escape via symlink plus trailing slash (bsc#1271014).
- CVE-2026-42505: crypto/tls: omit PSK in ECH outer client hello (bsc#1271015).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1228=1
Package List:
- openSUSE Leap 16.0:
go1.25-1.25.12-160000.1.1
go1.25-doc-1.25.12-160000.1.1
go1.25-race-1.25.12-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2026-25679.html
* https://www.suse.com/security/cve/CVE-2026-27139.html
* https://www.suse.com/security/cve/CVE-2026-27142.html
* https://www.suse.com/security/cve/CVE-2026-39822.html
* https://www.suse.com/security/cve/CVE-2026-42505.html
openSUSE-SU-2026:21321-1: important: Security update for go1.26-openssl
openSUSE security update: security update for go1.26-openssl
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21321-1
Rating: important
References:
* bsc#1245878
* bsc#1255111
* bsc#1264395
* bsc#1271014
* bsc#1271015
Cross-References:
* CVE-2026-39822
* CVE-2026-42505
CVSS scores:
* CVE-2026-39822 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-42505 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 2 vulnerabilities and has 5 bug fixes can now be installed.
Description:
This update for go1.26-openssl fixes the following issues
- Update to version go1.26.5 (bsc#1255111).
- CVE-2026-39822: os: Root escape via symlink plus trailing slash (bsc#1271014).
- CVE-2026-42505: crypto/tls: omit PSK in ECH outer client hello (bsc#1271015).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1225=1
Package List:
- openSUSE Leap 16.0:
go1.26-openssl-1.26.5-160000.1.1
go1.26-openssl-doc-1.26.5-160000.1.1
go1.26-openssl-race-1.26.5-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2026-39822.html
* https://www.suse.com/security/cve/CVE-2026-42505.html
openSUSE-SU-2026:21319-1: critical: Security update for go1.25-openssl
openSUSE security update: security update for go1.25-openssl
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21319-1
Rating: critical
References:
* bsc#1170826
* bsc#1244485
* bsc#1245878
* bsc#1256818
* bsc#1257692
* bsc#1259264
* bsc#1259265
* bsc#1259268
* bsc#1261653
* bsc#1261654
* bsc#1261655
* bsc#1261656
* bsc#1261657
* bsc#1261658
* bsc#1261659
* bsc#1261660
* bsc#1261661
* bsc#1264394
* bsc#1264499
* bsc#1264500
* bsc#1264501
* bsc#1264502
* bsc#1264503
* bsc#1264504
* bsc#1264505
* bsc#1264506
* bsc#1264507
* bsc#1264508
* bsc#1264509
* bsc#1267442
* bsc#1267444
* bsc#1267450
* bsc#1271014
* bsc#1271015
Cross-References:
* CVE-2025-61732
* CVE-2025-68121
* CVE-2026-25679
* CVE-2026-27139
* CVE-2026-27140
* CVE-2026-27142
* CVE-2026-27143
* CVE-2026-27144
* CVE-2026-27145
* CVE-2026-32280
* CVE-2026-32281
* CVE-2026-32282
* CVE-2026-32283
* CVE-2026-32288
* CVE-2026-32289
* CVE-2026-33811
* CVE-2026-33814
* CVE-2026-39817
* CVE-2026-39819
* CVE-2026-39820
* CVE-2026-39822
* CVE-2026-39823
* CVE-2026-39825
* CVE-2026-39826
* CVE-2026-39836
* CVE-2026-42499
* CVE-2026-42501
* CVE-2026-42504
* CVE-2026-42505
* CVE-2026-42507
CVSS scores:
* CVE-2025-61732 ( SUSE ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-61732 ( SUSE ): 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-68121 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-68121 ( SUSE ): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-25679 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2026-25679 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-27139 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-27139 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-27140 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-27142 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-27142 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-27143 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-27144 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-27145 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-27145 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-32280 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-32281 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-32282 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-32283 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-32288 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-32289 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-33811 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39817 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
* CVE-2026-39819 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
* CVE-2026-39820 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39822 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-39823 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-39825 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-39826 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-39836 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42499 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42501 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-42504 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-42504 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42505 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-42507 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-42507 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 30 vulnerabilities and has 34 bug fixes can now be installed.
Description:
This update for go1.25-openssl fixes the following issues
- Update to version go1.25.12 (bsc#1244485).
- CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692).
- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818).
- CVE-2026-25679: net/url: reject IPv6 literal not at start of host (bsc#1259264).
- CVE-2026-27139: os: FileInfo can escape from a Root (bsc#1259268).
- CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG (bsc#1261653).
- CVE-2026-27142: html/template: URLs in meta content attribute actions are not escaped (bsc#1259265).
- CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination (bsc#1261654).
- CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking (bsc#1261655).
- CVE-2026-27145: crypto/x509: split candidate hostname only once (bsc#1267450).
- CVE-2026-32280: crypto/x509: unexpected work during chain building (bsc#1261656).
- CVE-2026-32281: crypto/x509: inefficient policy validation (bsc#1261657).
- CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux (bsc#1261658).
- CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock (bsc#1261659).
- CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map (bsc#1261660).
- CVE-2026-32289: html/template: JS template literal context incorrectly tracked (bsc#1261661).
- CVE-2026-33811: net: crash when handling long CNAME response (bsc#1264508).
- CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1264506).
- CVE-2026-39817: cmd/go: "go tool pack" does not sanitize output paths (bsc#1264505).
- CVE-2026-39819: cmd/go: "go bug" follows symlinks in predictable temporary filenames (bsc#1264504).
- CVE-2026-39820: net/mail: quadratic string concatentation in consumeComment (bsc#1264503).
- CVE-2026-39822: os: Root escape via symlink plus trailing slash (bsc#1271014).
- CVE-2026-39823: html/template: bypass of meta content URL escaping causes XSS (bsc#1264509).
- CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with more than urlmaxqueryparams parameters (bsc#1264500).
- CVE-2026-39826: html/template: escaper bypass leads to XSS (bsc#1264507).
- CVE-2026-39836: net: panic in Dial and LookupPort when handling NUL byte on Windows (bsc#1264501).
- CVE-2026-42499: net/mail: quadratic string concatenation in consumePhrase (bsc#1264502).
- CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum database (bsc#1264499).
- CVE-2026-42504: mime: quadratic complexity in WordDecoder.DecodeHeader (bsc#1267442).
- CVE-2026-42505: crypto/tls: omit PSK in ECH outer client hello (bsc#1271015).
- CVE-2026-42507: net/textproto: arbitrary input are included in errors without any escaping (bsc#1267444).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1223=1
Package List:
- openSUSE Leap 16.0:
go1.25-openssl-1.25.12-160000.1.1
go1.25-openssl-doc-1.25.12-160000.1.1
go1.25-openssl-race-1.25.12-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2025-61732.html
* https://www.suse.com/security/cve/CVE-2025-68121.html
* https://www.suse.com/security/cve/CVE-2026-25679.html
* https://www.suse.com/security/cve/CVE-2026-27139.html
* https://www.suse.com/security/cve/CVE-2026-27140.html
* https://www.suse.com/security/cve/CVE-2026-27142.html
* https://www.suse.com/security/cve/CVE-2026-27143.html
* https://www.suse.com/security/cve/CVE-2026-27144.html
* https://www.suse.com/security/cve/CVE-2026-27145.html
* https://www.suse.com/security/cve/CVE-2026-32280.html
* https://www.suse.com/security/cve/CVE-2026-32281.html
* https://www.suse.com/security/cve/CVE-2026-32282.html
* https://www.suse.com/security/cve/CVE-2026-32283.html
* https://www.suse.com/security/cve/CVE-2026-32288.html
* https://www.suse.com/security/cve/CVE-2026-32289.html
* https://www.suse.com/security/cve/CVE-2026-33811.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-39817.html
* https://www.suse.com/security/cve/CVE-2026-39819.html
* https://www.suse.com/security/cve/CVE-2026-39820.html
* https://www.suse.com/security/cve/CVE-2026-39822.html
* https://www.suse.com/security/cve/CVE-2026-39823.html
* https://www.suse.com/security/cve/CVE-2026-39825.html
* https://www.suse.com/security/cve/CVE-2026-39826.html
* https://www.suse.com/security/cve/CVE-2026-39836.html
* https://www.suse.com/security/cve/CVE-2026-42499.html
* https://www.suse.com/security/cve/CVE-2026-42501.html
* https://www.suse.com/security/cve/CVE-2026-42504.html
* https://www.suse.com/security/cve/CVE-2026-42505.html
* https://www.suse.com/security/cve/CVE-2026-42507.html
openSUSE-SU-2026:21317-1: important: Security update for libxml2
openSUSE security update: security update for libxml2
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21317-1
Rating: important
References:
* bsc#1262719
* bsc#1269790
Cross-References:
* CVE-2026-11979
* CVE-2026-6732
CVSS scores:
* CVE-2026-11979 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-11979 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-6732 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-6732 ( SUSE ): 6 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.
Description:
This update for libxml2 fixes the following issues
- CVE-2026-6732: crafted XSD-validated document can cause a denial of service (bsc#1262719).
- CVE-2026-11979: stack-based buffer overflows in the `xmlcatalog` utility when running in `--shell` mode (bsc#1269790).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1220=1
Package List:
- openSUSE Leap 16.0:
libxml2-2-2.13.8-160000.5.1
libxml2-devel-2.13.8-160000.5.1
libxml2-doc-2.13.8-160000.5.1
libxml2-tools-2.13.8-160000.5.1
python313-libxml2-2.13.8-160000.5.1
References:
* https://www.suse.com/security/cve/CVE-2026-11979.html
* https://www.suse.com/security/cve/CVE-2026-6732.html
openSUSE-SU-2026:11271-1: moderate: python313-django-debug-toolbar-7.0.0-1.1 on GA media
# python313-django-debug-toolbar-7.0.0-1.1 on GA media
Announcement ID: openSUSE-SU-2026:11271-1
Rating: moderate
Cross-References:
* CVE-2021-30459
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the python313-django-debug-toolbar-7.0.0-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* python313-django-debug-toolbar 7.0.0-1.1
* python314-django-debug-toolbar 7.0.0-1.1
## References:
* https://www.suse.com/security/cve/CVE-2021-30459.html
SUSE-SU-2026:3022-1: important: Security update for sccache
# Security update for sccache
Announcement ID: SUSE-SU-2026:3022-1
Release Date: 2026-07-15T09:48:48Z
Rating: important
References:
* bsc#1210346
* bsc#1223238
* bsc#1229955
* bsc#1242611
* bsc#1243868
* bsc#1257923
* bsc#1270206
* bsc#1270512
* bsc#1270559
* bsc#1270693
* bsc#1270736
* bsc#1270869
* bsc#1270938
* bsc#1270948
Cross-References:
* CVE-2023-26964
* CVE-2024-12224
* CVE-2024-32650
* CVE-2024-43806
* CVE-2025-3416
* CVE-2026-25727
* CVE-2026-41676
* CVE-2026-41677
* CVE-2026-41678
* CVE-2026-41681
* CVE-2026-41898
* CVE-2026-42327
* CVE-2026-44662
* CVE-2026-45784
CVSS scores:
* CVE-2023-26964 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-26964 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-26964 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-12224 ( SUSE ): 2.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-12224 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2024-12224 ( NVD ): 5.1
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-32650 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-43806 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-3416 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-3416 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-3416 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-25727 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25727 ( NVD ): 6.8
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-41676 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-41676 ( NVD ): 7.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41676 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41677 ( SUSE ): 1.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
* CVE-2026-41677 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-41677 ( NVD ): 1.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41677 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-41678 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41678 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-41678 ( NVD ): 7.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41678 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41681 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-41681 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-41681 ( NVD ): 8.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41681 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41898 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-41898 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-41898 ( NVD ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41898 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-42327 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42327 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-42327 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-44662 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-44662 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-44662 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-45784 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-45784 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Affected Products:
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves 14 vulnerabilities can now be installed.
## Description:
This update for sccache fixes the following issues:
Update to version 0.15.0~17.
* CVE-2023-26964: hyper,h2: high resource consumption due to stream stacking
when H2 component processes `HTTP2 RST_STREAM` frames (bsc#1210346).
* CVE-2024-32650: rust-rustls: infinite loop in
`rustls::conn::ConnectionCommon:complete_io()` when processing client input
network input (bsc#1223238).
* CVE-2025-3416: openssl: use-after-free in `Md::fetch` and `Cipher::fetch`
(bsc#1242611).
* CVE-2026-25727: time: stack exhaustion in the RFC 2822 date parser when
processing certain user provided input (bsc#1257923).
* CVE-2026-41676: openssl: short buffer overflow via `Deriver:derive` and
`PkeyCtxRef:derive` when using OpenSSL 1.1.1 (bsc#1270206).
* CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when
returning an oversized length (bsc#1270559).
* CVE-2026-41678: openssl: OOB write due to incorrect bounds assertion in
`aes::unwrap_key()` (bsc#1270693).
* CVE-2026-41681: openssl: stack corruption due to `MdCtxRef::digest_final()`
writing past caller buffer with no length check (bsc#1270736).
* CVE-2026-41898: openssl: information leak to network peers due to unchecked
callback-returned length in PSK and cookie generate trampolines
(bsc#1270869).
* CVE-2026-42327: openssl: undefined behavior in `X509Ref::ocsp_responders`
when processing certificates with non-UTF-8 OCSP URLs (bsc#1270512).
* CVE-2026-44662: openssl: heap buffer overflow when encrypting with AES key-
wrap-with-padding (bsc#1270938).
* CVE-2026-45784: openssl: out-of-bounds write in
`CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers (bsc#1270948).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3022=1
* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-3022=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3022=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3022=1
## Package List:
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* sccache-debuginfo-0.16.0~0-150600.10.11.1
* sccache-0.16.0~0-150600.10.11.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* sccache-debuginfo-0.16.0~0-150600.10.11.1
* sccache-0.16.0~0-150600.10.11.1
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* sccache-debuginfo-0.16.0~0-150600.10.11.1
* sccache-debugsource-0.16.0~0-150600.10.11.1
* sccache-0.16.0~0-150600.10.11.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* sccache-debuginfo-0.16.0~0-150600.10.11.1
* sccache-0.16.0~0-150600.10.11.1
## References:
* https://www.suse.com/security/cve/CVE-2023-26964.html
* https://www.suse.com/security/cve/CVE-2024-12224.html
* https://www.suse.com/security/cve/CVE-2024-32650.html
* https://www.suse.com/security/cve/CVE-2024-43806.html
* https://www.suse.com/security/cve/CVE-2025-3416.html
* https://www.suse.com/security/cve/CVE-2026-25727.html
* https://www.suse.com/security/cve/CVE-2026-41676.html
* https://www.suse.com/security/cve/CVE-2026-41677.html
* https://www.suse.com/security/cve/CVE-2026-41678.html
* https://www.suse.com/security/cve/CVE-2026-41681.html
* https://www.suse.com/security/cve/CVE-2026-41898.html
* https://www.suse.com/security/cve/CVE-2026-42327.html
* https://www.suse.com/security/cve/CVE-2026-44662.html
* https://www.suse.com/security/cve/CVE-2026-45784.html
* https://bugzilla.suse.com/show_bug.cgi?id=1210346
* https://bugzilla.suse.com/show_bug.cgi?id=1223238
* https://bugzilla.suse.com/show_bug.cgi?id=1229955
* https://bugzilla.suse.com/show_bug.cgi?id=1242611
* https://bugzilla.suse.com/show_bug.cgi?id=1243868
* https://bugzilla.suse.com/show_bug.cgi?id=1257923
* https://bugzilla.suse.com/show_bug.cgi?id=1270206
* https://bugzilla.suse.com/show_bug.cgi?id=1270512
* https://bugzilla.suse.com/show_bug.cgi?id=1270559
* https://bugzilla.suse.com/show_bug.cgi?id=1270693
* https://bugzilla.suse.com/show_bug.cgi?id=1270736
* https://bugzilla.suse.com/show_bug.cgi?id=1270869
* https://bugzilla.suse.com/show_bug.cgi?id=1270938
* https://bugzilla.suse.com/show_bug.cgi?id=1270948
SUSE-SU-2026:3023-1: important: Security update for ImageMagick
# Security update for ImageMagick
Announcement ID: SUSE-SU-2026:3023-1
Release Date: 2026-07-15T09:48:59Z
Rating: important
References:
* bsc#1265048
* bsc#1268092
* bsc#1268094
* bsc#1268095
* bsc#1268096
* bsc#1268101
* bsc#1268102
* bsc#1268103
* bsc#1268105
* bsc#1268107
* bsc#1268108
* bsc#1268110
* bsc#1268111
* bsc#1268112
* bsc#1268113
* bsc#1268114
* bsc#1268117
* bsc#1268120
* bsc#1268121
* bsc#1268122
* bsc#1268123
* bsc#1268124
* bsc#1268125
* bsc#1268126
* bsc#1268640
* bsc#1268645
* bsc#1268878
* bsc#1268879
* bsc#1268880
* bsc#1269063
* bsc#1269064
* bsc#1270001
* bsc#1270002
* bsc#1270003
* bsc#1270004
* bsc#1270073
* bsc#1270074
* bsc#1270077
* bsc#1270079
* bsc#1270080
* bsc#1271099
Cross-References:
* CVE-2026-40169
* CVE-2026-42050
* CVE-2026-42326
* CVE-2026-45031
* CVE-2026-45358
* CVE-2026-45359
* CVE-2026-45624
* CVE-2026-45664
* CVE-2026-46520
* CVE-2026-46521
* CVE-2026-46522
* CVE-2026-46523
* CVE-2026-46557
* CVE-2026-46559
* CVE-2026-46692
* CVE-2026-46693
* CVE-2026-47165
* CVE-2026-47166
* CVE-2026-48734
* CVE-2026-48994
* CVE-2026-49218
* CVE-2026-53460
* CVE-2026-53461
* CVE-2026-53463
* CVE-2026-53464
* CVE-2026-53466
* CVE-2026-53467
* CVE-2026-55594
* CVE-2026-55595
* CVE-2026-55597
* CVE-2026-56361
* CVE-2026-56363
* CVE-2026-56364
* CVE-2026-56365
* CVE-2026-56367
* CVE-2026-56368
* CVE-2026-56370
* CVE-2026-56371
* CVE-2026-56374
* CVE-2026-56376
* CVE-2026-56379
CVSS scores:
* CVE-2026-40169 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-40169 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40169 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40169 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42050 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-42050 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-42326 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-42326 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
* CVE-2026-42326 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-45031 ( SUSE ): 4.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-45031 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-45031 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-45031 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-45358 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-45358 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-45358 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-45359 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-45359 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-45359 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-45359 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-45624 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-45624 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-45624 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-45664 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-45664 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-45664 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-45664 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-46520 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46520 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-46520 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46520 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46521 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46521 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-46521 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-46522 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46522 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-46522 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46522 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46523 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46523 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-46523 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46523 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46557 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46557 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46557 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46559 ( SUSE ): 4.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-46559 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-46559 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-46692 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46692 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46692 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46693 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46693 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-46693 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-47165 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-47165 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-47165 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-47166 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-47166 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-47166 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-48734 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-48734 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-48734 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-48994 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-48994 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-48994 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-49218 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-49218 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-49218 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-49218 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-53460 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-53460 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-53460 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-53460 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-53461 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-53461 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-53461 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-53461 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-53463 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-53463 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-53463 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-53464 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-53464 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-53464 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-53466 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-53466 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-53466 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-53467 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-53467 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-53467 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-55594 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-55594 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-55594 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-55595 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-55595 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-55595 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-55597 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-55597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-55597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-56361 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-56361 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-56361 ( NVD ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56361 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-56361 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
* CVE-2026-56363 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-56363 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-56363 ( NVD ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56363 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-56364 ( SUSE ): 1.8
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56364 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56364 ( NVD ): 1.8
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56364 ( NVD ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56365 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-56365 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56365 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56365 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56365 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56367 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-56367 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56367 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-56367 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-56368 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-56368 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56368 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56368 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56368 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-56370 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-56370 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-56370 ( NVD ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56370 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-56370 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-56371 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-56371 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56371 ( NVD ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56371 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56371 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56374 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-56374 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-56374 ( NVD ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56374 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-56374 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
* CVE-2026-56376 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-56376 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-56376 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56376 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56376 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-56379 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-56379 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-56379 ( NVD ): 9.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56379 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-56379 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2026-56379 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves 41 vulnerabilities can now be installed.
## Description:
This update for ImageMagick fixes the following issues
* CVE-2026-42050: stack buffer overflow in XTileImage (bsc#1265048).
* CVE-2026-42326: information disclosure via malicious IPTC input file
(bsc#1268092).
* CVE-2026-45031: denial of Service due to resource policy bypass in PSD
decoder (bsc#1268094).
* CVE-2026-45358: off by one in the meta encoder could result in an out of
bounds read of a single byte in the meta encoder (bsc#1268102).
* CVE-2026-45359: information Disclosure via Invalid Connected-Components
Value (bsc#1268095).
* CVE-2026-45624: data exposure due to image processing vulnerability
(bsc#1268096).
* CVE-2026-45664: denial of Service due to excessive resource use in MNG coder
(bsc#1268101).
* CVE-2026-46520: denial of Service via out-of-bounds write when processing
multiple images (bsc#1268112).
* CVE-2026-46521: out of bounds write can occur due to a missing check when
using LZMA compression in the MIFF encoder (bsc#1268124).
* CVE-2026-46522: denial of service via crafted MIFF file due to a missing
check in the MIFF decoder (bsc#1268126).
* CVE-2026-46523: heap-use-after-free via a crafted MSL image (bsc#1268125).
* CVE-2026-46557: stack overflow can occur in the fx operation by passing a
crafted argument due to a missing depth check (bsc#1268123).
* CVE-2026-46559: heap buffer over-write of a single byte when specifying
certain options due to n incorrect check in the JP2 (bsc#1268121).
* CVE-2026-46692: heap buffer over-write in the server process via an attacker
who can connect to a magick -distribute- cache service (bsc#1268120).
* CVE-2026-46693: file descriptor hijacking in the server process when a race
condition is met via an attacker who can connect to a magick -distribute-
cache service (bsc#1268117).
* CVE-2026-47165: distributed pixel cache was originally designed to operate
without a challenge--response authentication model (bsc#1268114).
* CVE-2026-47166: heap buffer over-read in the server process via an attacker
who can connect to a magick -distribute- cache service (bsc#1268113).
* CVE-2026-48734: Stack Overflow in MVG decoder (bsc#1268122).
* CVE-2026-48994: heap buffer over-write due to a missing check of a return
value in the MAT decoder on 32-bit systems (bsc#1268111).
* CVE-2026-49218: denial of service due to a missing check in the DCM decoder
(bsc#1268110).
* CVE-2026-53460: out-of-Memory condition due to a missing check for maximum
memory request in AcquireAlignedMemory (bsc#1268108).
* CVE-2026-53461: out of bounds heap write due to an incorrect loop in the
ICON decoder (bsc#1268107).
* CVE-2026-53463: null pointer deference due to passing incorrect arguments in
the distort operation (bsc#1268105).
* CVE-2026-53464: small memory leak due to providing invalid options to the
wand option parser (bsc#1268103).
* CVE-2026-53466: heap Buffer Over-Read in XCF decoder due to integer
conversion overflow (bsc#1270073).
* CVE-2026-53467: information Disclosure in MNG decoder because allocated
memory is left unchanged (bsc#1270074).
* CVE-2026-55594: stack Overflow in MVG decoder due to missing depth check
(bsc#1270077).
* CVE-2026-55595: infinite Loop in connected-components when providing invalid
arguments (bsc#1270079).
* CVE-2026-55597: heap Buffer Over-Write in JP2 encoder when due to incorrect
handling of arguments (bsc#1270080).
* CVE-2026-56361: off-by-one origin validation in allows out-of-bounds read in
morphology processing (bsc#1270001).
* CVE-2026-56363: division by Zero in binomial kernel (bsc#1270002).
* CVE-2026-56364: memory Leak in LoadOpenCLDeviceBenchmark() when parsing
malformed XML (bsc#1270003).
* CVE-2026-56365: memory leak in PNG encoder when writing a MNG image
(bsc#1270004).
* CVE-2026-56367: integer overflow in the PSB (PSD v2) RLE decoding path that
causes a heap out-of-bounds read (bsc#1268645).
* CVE-2026-56368: memory leak in multiple coders that write raw pixel data
(bsc#1269064).
* CVE-2026-56370: out-of-bounds access in `ConnectedComponentsImage()` when
processing connected-components:* artifacts with invalid indices
(bsc#1269063).
* CVE-2026-56371: memory leak in coders/txt.c when processing TXT files with
texture attributes (bsc#1268879).
* CVE-2026-56374: heap-buffer-overflow in FTXT encoder (bsc#1271099).
* CVE-2026-56376: heap use-after-free in the meta coder can lead to denial of
service via specially crafted image files (bsc#1268880).
* CVE-2026-56379: arbitrary MVG drawing command injection via the SVG decoder
when processing specially crafted SVG files (bsc#1268878).
* GHSA-3j4x-rwrx-xxj9: possible use-after-free write in PDB decoder
(bsc#1268640).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3023=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3023=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3023=1
## Package List:
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.73.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.73.1
* perl-PerlMagick-7.1.1.21-150600.3.73.1
* ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.73.1
* libMagick++-devel-7.1.1.21-150600.3.73.1
* ImageMagick-config-7-SUSE-7.1.1.21-150600.3.73.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.73.1
* ImageMagick-7.1.1.21-150600.3.73.1
* ImageMagick-debugsource-7.1.1.21-150600.3.73.1
* perl-PerlMagick-debuginfo-7.1.1.21-150600.3.73.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.73.1
* ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.73.1
* libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.73.1
* ImageMagick-debuginfo-7.1.1.21-150600.3.73.1
* ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.73.1
* libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.73.1
* ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.73.1
* ImageMagick-devel-7.1.1.21-150600.3.73.1
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.73.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.73.1
* ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.73.1
* ImageMagick-config-7-SUSE-7.1.1.21-150600.3.73.1
* perl-PerlMagick-debuginfo-7.1.1.21-150600.3.73.1
* ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.73.1
* ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.73.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.73.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.73.1
* ImageMagick-debugsource-7.1.1.21-150600.3.73.1
* ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.73.1
* ImageMagick-7.1.1.21-150600.3.73.1
* libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.73.1
* ImageMagick-debuginfo-7.1.1.21-150600.3.73.1
* libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.73.1
* ImageMagick-devel-7.1.1.21-150600.3.73.1
* perl-PerlMagick-7.1.1.21-150600.3.73.1
* libMagick++-devel-7.1.1.21-150600.3.73.1
* ImageMagick-extra-7.1.1.21-150600.3.73.1
* ImageMagick-extra-debuginfo-7.1.1.21-150600.3.73.1
* openSUSE Leap 15.6 (x86_64)
* libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.1.21-150600.3.73.1
* libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.73.1
* libMagick++-7_Q16HDRI5-32bit-7.1.1.21-150600.3.73.1
* libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.73.1
* libMagickWand-7_Q16HDRI10-32bit-7.1.1.21-150600.3.73.1
* libMagickCore-7_Q16HDRI10-32bit-7.1.1.21-150600.3.73.1
* ImageMagick-devel-32bit-7.1.1.21-150600.3.73.1
* libMagick++-devel-32bit-7.1.1.21-150600.3.73.1
* openSUSE Leap 15.6 (noarch)
* ImageMagick-doc-7.1.1.21-150600.3.73.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libMagickCore-7_Q16HDRI10-64bit-7.1.1.21-150600.3.73.1
* ImageMagick-devel-64bit-7.1.1.21-150600.3.73.1
* libMagick++-devel-64bit-7.1.1.21-150600.3.73.1
* libMagickWand-7_Q16HDRI10-64bit-7.1.1.21-150600.3.73.1
* libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.73.1
* libMagick++-7_Q16HDRI5-64bit-7.1.1.21-150600.3.73.1
* libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.1.21-150600.3.73.1
* libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.73.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.73.1
* perl-PerlMagick-7.1.1.21-150600.3.73.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.73.1
* ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.73.1
* libMagick++-devel-7.1.1.21-150600.3.73.1
* libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.73.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.73.1
* ImageMagick-config-7-SUSE-7.1.1.21-150600.3.73.1
* ImageMagick-7.1.1.21-150600.3.73.1
* ImageMagick-debugsource-7.1.1.21-150600.3.73.1
* perl-PerlMagick-debuginfo-7.1.1.21-150600.3.73.1
* ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.73.1
* libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.73.1
* ImageMagick-debuginfo-7.1.1.21-150600.3.73.1
* ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.73.1
* ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.73.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.73.1
* ImageMagick-devel-7.1.1.21-150600.3.73.1
## References:
* https://www.suse.com/security/cve/CVE-2026-40169.html
* https://www.suse.com/security/cve/CVE-2026-42050.html
* https://www.suse.com/security/cve/CVE-2026-42326.html
* https://www.suse.com/security/cve/CVE-2026-45031.html
* https://www.suse.com/security/cve/CVE-2026-45358.html
* https://www.suse.com/security/cve/CVE-2026-45359.html
* https://www.suse.com/security/cve/CVE-2026-45624.html
* https://www.suse.com/security/cve/CVE-2026-45664.html
* https://www.suse.com/security/cve/CVE-2026-46520.html
* https://www.suse.com/security/cve/CVE-2026-46521.html
* https://www.suse.com/security/cve/CVE-2026-46522.html
* https://www.suse.com/security/cve/CVE-2026-46523.html
* https://www.suse.com/security/cve/CVE-2026-46557.html
* https://www.suse.com/security/cve/CVE-2026-46559.html
* https://www.suse.com/security/cve/CVE-2026-46692.html
* https://www.suse.com/security/cve/CVE-2026-46693.html
* https://www.suse.com/security/cve/CVE-2026-47165.html
* https://www.suse.com/security/cve/CVE-2026-47166.html
* https://www.suse.com/security/cve/CVE-2026-48734.html
* https://www.suse.com/security/cve/CVE-2026-48994.html
* https://www.suse.com/security/cve/CVE-2026-49218.html
* https://www.suse.com/security/cve/CVE-2026-53460.html
* https://www.suse.com/security/cve/CVE-2026-53461.html
* https://www.suse.com/security/cve/CVE-2026-53463.html
* https://www.suse.com/security/cve/CVE-2026-53464.html
* https://www.suse.com/security/cve/CVE-2026-53466.html
* https://www.suse.com/security/cve/CVE-2026-53467.html
* https://www.suse.com/security/cve/CVE-2026-55594.html
* https://www.suse.com/security/cve/CVE-2026-55595.html
* https://www.suse.com/security/cve/CVE-2026-55597.html
* https://www.suse.com/security/cve/CVE-2026-56361.html
* https://www.suse.com/security/cve/CVE-2026-56363.html
* https://www.suse.com/security/cve/CVE-2026-56364.html
* https://www.suse.com/security/cve/CVE-2026-56365.html
* https://www.suse.com/security/cve/CVE-2026-56367.html
* https://www.suse.com/security/cve/CVE-2026-56368.html
* https://www.suse.com/security/cve/CVE-2026-56370.html
* https://www.suse.com/security/cve/CVE-2026-56371.html
* https://www.suse.com/security/cve/CVE-2026-56374.html
* https://www.suse.com/security/cve/CVE-2026-56376.html
* https://www.suse.com/security/cve/CVE-2026-56379.html
* https://bugzilla.suse.com/show_bug.cgi?id=1265048
* https://bugzilla.suse.com/show_bug.cgi?id=1268092
* https://bugzilla.suse.com/show_bug.cgi?id=1268094
* https://bugzilla.suse.com/show_bug.cgi?id=1268095
* https://bugzilla.suse.com/show_bug.cgi?id=1268096
* https://bugzilla.suse.com/show_bug.cgi?id=1268101
* https://bugzilla.suse.com/show_bug.cgi?id=1268102
* https://bugzilla.suse.com/show_bug.cgi?id=1268103
* https://bugzilla.suse.com/show_bug.cgi?id=1268105
* https://bugzilla.suse.com/show_bug.cgi?id=1268107
* https://bugzilla.suse.com/show_bug.cgi?id=1268108
* https://bugzilla.suse.com/show_bug.cgi?id=1268110
* https://bugzilla.suse.com/show_bug.cgi?id=1268111
* https://bugzilla.suse.com/show_bug.cgi?id=1268112
* https://bugzilla.suse.com/show_bug.cgi?id=1268113
* https://bugzilla.suse.com/show_bug.cgi?id=1268114
* https://bugzilla.suse.com/show_bug.cgi?id=1268117
* https://bugzilla.suse.com/show_bug.cgi?id=1268120
* https://bugzilla.suse.com/show_bug.cgi?id=1268121
* https://bugzilla.suse.com/show_bug.cgi?id=1268122
* https://bugzilla.suse.com/show_bug.cgi?id=1268123
* https://bugzilla.suse.com/show_bug.cgi?id=1268124
* https://bugzilla.suse.com/show_bug.cgi?id=1268125
* https://bugzilla.suse.com/show_bug.cgi?id=1268126
* https://bugzilla.suse.com/show_bug.cgi?id=1268640
* https://bugzilla.suse.com/show_bug.cgi?id=1268645
* https://bugzilla.suse.com/show_bug.cgi?id=1268878
* https://bugzilla.suse.com/show_bug.cgi?id=1268879
* https://bugzilla.suse.com/show_bug.cgi?id=1268880
* https://bugzilla.suse.com/show_bug.cgi?id=1269063
* https://bugzilla.suse.com/show_bug.cgi?id=1269064
* https://bugzilla.suse.com/show_bug.cgi?id=1270001
* https://bugzilla.suse.com/show_bug.cgi?id=1270002
* https://bugzilla.suse.com/show_bug.cgi?id=1270003
* https://bugzilla.suse.com/show_bug.cgi?id=1270004
* https://bugzilla.suse.com/show_bug.cgi?id=1270073
* https://bugzilla.suse.com/show_bug.cgi?id=1270074
* https://bugzilla.suse.com/show_bug.cgi?id=1270077
* https://bugzilla.suse.com/show_bug.cgi?id=1270079
* https://bugzilla.suse.com/show_bug.cgi?id=1270080
* https://bugzilla.suse.com/show_bug.cgi?id=1271099
SUSE-SU-2026:3025-1: important: Security update for sssd
# Security update for sssd
Announcement ID: SUSE-SU-2026:3025-1
Release Date: 2026-07-15T09:49:27Z
Rating: important
References:
* bsc#1270708
* bsc#1270709
Cross-References:
* CVE-2026-14474
* CVE-2026-14476
CVSS scores:
* CVE-2026-14474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-14474 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-14476 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-14476 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves two vulnerabilities can now be installed.
## Description:
This update for sssd fixes the following issues
* CVE-2026-14474: sudo LDAP provider searches entire directory tree for
sudoRole objects by default, enabling privilege escalation (bsc#1270709).
* CVE-2026-14476: GPO cache path traversal via unsanitized gPCFileSysPath
allows Kerberos authentication bypass (bsc#1270708).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3025=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3025=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3025=1
## Package List:
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* sssd-dbus-2.10.2-150600.3.53.1
* libsss_simpleifp0-debuginfo-2.10.2-150600.3.53.1
* sssd-ipa-debuginfo-2.10.2-150600.3.53.1
* sssd-tools-debuginfo-2.10.2-150600.3.53.1
* python3-sss_nss_idmap-2.10.2-150600.3.53.1
* sssd-krb5-2.10.2-150600.3.53.1
* libsss_certmap0-debuginfo-2.10.2-150600.3.53.1
* libsss_simpleifp-devel-2.10.2-150600.3.53.1
* libnfsidmap-sss-debuginfo-2.10.2-150600.3.53.1
* python3-sss_nss_idmap-debuginfo-2.10.2-150600.3.53.1
* python3-sssd-config-2.10.2-150600.3.53.1
* sssd-krb5-common-debuginfo-2.10.2-150600.3.53.1
* python3-sssd-config-debuginfo-2.10.2-150600.3.53.1
* sssd-debugsource-2.10.2-150600.3.53.1
* sssd-proxy-2.10.2-150600.3.53.1
* sssd-ad-2.10.2-150600.3.53.1
* python3-ipa_hbac-debuginfo-2.10.2-150600.3.53.1
* sssd-ldap-debuginfo-2.10.2-150600.3.53.1
* libsss_idmap0-2.10.2-150600.3.53.1
* python3-ipa_hbac-2.10.2-150600.3.53.1
* libsss_nss_idmap0-2.10.2-150600.3.53.1
* sssd-ad-debuginfo-2.10.2-150600.3.53.1
* sssd-winbind-idmap-debuginfo-2.10.2-150600.3.53.1
* sssd-krb5-debuginfo-2.10.2-150600.3.53.1
* libipa_hbac0-debuginfo-2.10.2-150600.3.53.1
* libsss_nss_idmap0-debuginfo-2.10.2-150600.3.53.1
* libsss_nss_idmap-devel-2.10.2-150600.3.53.1
* sssd-winbind-idmap-2.10.2-150600.3.53.1
* sssd-proxy-debuginfo-2.10.2-150600.3.53.1
* sssd-tools-2.10.2-150600.3.53.1
* sssd-2.10.2-150600.3.53.1
* libsss_idmap0-debuginfo-2.10.2-150600.3.53.1
* sssd-debuginfo-2.10.2-150600.3.53.1
* libnfsidmap-sss-2.10.2-150600.3.53.1
* sssd-ldap-2.10.2-150600.3.53.1
* sssd-kcm-debuginfo-2.10.2-150600.3.53.1
* sssd-kcm-2.10.2-150600.3.53.1
* libsss_simpleifp0-2.10.2-150600.3.53.1
* sssd-krb5-common-2.10.2-150600.3.53.1
* libipa_hbac0-2.10.2-150600.3.53.1
* python3-sss-murmur-debuginfo-2.10.2-150600.3.53.1
* libsss_certmap0-2.10.2-150600.3.53.1
* libsss_certmap-devel-2.10.2-150600.3.53.1
* sssd-dbus-debuginfo-2.10.2-150600.3.53.1
* sssd-ipa-2.10.2-150600.3.53.1
* python3-sss-murmur-2.10.2-150600.3.53.1
* libipa_hbac-devel-2.10.2-150600.3.53.1
* libsss_idmap-devel-2.10.2-150600.3.53.1
* openSUSE Leap 15.6 (x86_64)
* sssd-32bit-2.10.2-150600.3.53.1
* sssd-32bit-debuginfo-2.10.2-150600.3.53.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* sssd-64bit-2.10.2-150600.3.53.1
* sssd-64bit-debuginfo-2.10.2-150600.3.53.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* sssd-dbus-2.10.2-150600.3.53.1
* libsss_certmap0-debuginfo-2.10.2-150600.3.53.1
* sssd-ipa-debuginfo-2.10.2-150600.3.53.1
* sssd-tools-debuginfo-2.10.2-150600.3.53.1
* libsss_simpleifp0-debuginfo-2.10.2-150600.3.53.1
* sssd-krb5-2.10.2-150600.3.53.1
* libsss_simpleifp-devel-2.10.2-150600.3.53.1
* python3-sssd-config-2.10.2-150600.3.53.1
* sssd-krb5-common-debuginfo-2.10.2-150600.3.53.1
* python3-sssd-config-debuginfo-2.10.2-150600.3.53.1
* sssd-debugsource-2.10.2-150600.3.53.1
* sssd-proxy-2.10.2-150600.3.53.1
* sssd-ad-2.10.2-150600.3.53.1
* sssd-ldap-debuginfo-2.10.2-150600.3.53.1
* libsss_idmap0-2.10.2-150600.3.53.1
* libsss_nss_idmap0-2.10.2-150600.3.53.1
* sssd-ad-debuginfo-2.10.2-150600.3.53.1
* sssd-winbind-idmap-debuginfo-2.10.2-150600.3.53.1
* sssd-krb5-debuginfo-2.10.2-150600.3.53.1
* libipa_hbac0-debuginfo-2.10.2-150600.3.53.1
* libsss_nss_idmap0-debuginfo-2.10.2-150600.3.53.1
* libsss_nss_idmap-devel-2.10.2-150600.3.53.1
* sssd-winbind-idmap-2.10.2-150600.3.53.1
* sssd-proxy-debuginfo-2.10.2-150600.3.53.1
* sssd-tools-2.10.2-150600.3.53.1
* sssd-2.10.2-150600.3.53.1
* libsss_idmap0-debuginfo-2.10.2-150600.3.53.1
* sssd-debuginfo-2.10.2-150600.3.53.1
* sssd-kcm-debuginfo-2.10.2-150600.3.53.1
* sssd-ldap-2.10.2-150600.3.53.1
* libipa_hbac0-2.10.2-150600.3.53.1
* libsss_simpleifp0-2.10.2-150600.3.53.1
* sssd-kcm-2.10.2-150600.3.53.1
* sssd-krb5-common-2.10.2-150600.3.53.1
* libsss_certmap0-2.10.2-150600.3.53.1
* libsss_certmap-devel-2.10.2-150600.3.53.1
* sssd-dbus-debuginfo-2.10.2-150600.3.53.1
* sssd-ipa-2.10.2-150600.3.53.1
* libipa_hbac-devel-2.10.2-150600.3.53.1
* libsss_idmap-devel-2.10.2-150600.3.53.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64)
* sssd-32bit-2.10.2-150600.3.53.1
* sssd-32bit-debuginfo-2.10.2-150600.3.53.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* sssd-dbus-2.10.2-150600.3.53.1
* libsss_certmap0-debuginfo-2.10.2-150600.3.53.1
* sssd-ipa-debuginfo-2.10.2-150600.3.53.1
* sssd-tools-debuginfo-2.10.2-150600.3.53.1
* libsss_simpleifp0-debuginfo-2.10.2-150600.3.53.1
* sssd-krb5-2.10.2-150600.3.53.1
* libsss_simpleifp-devel-2.10.2-150600.3.53.1
* python3-sssd-config-2.10.2-150600.3.53.1
* sssd-krb5-common-debuginfo-2.10.2-150600.3.53.1
* python3-sssd-config-debuginfo-2.10.2-150600.3.53.1
* sssd-debugsource-2.10.2-150600.3.53.1
* sssd-proxy-2.10.2-150600.3.53.1
* sssd-ad-2.10.2-150600.3.53.1
* sssd-ldap-debuginfo-2.10.2-150600.3.53.1
* libsss_idmap0-2.10.2-150600.3.53.1
* libsss_nss_idmap0-2.10.2-150600.3.53.1
* sssd-ad-debuginfo-2.10.2-150600.3.53.1
* sssd-winbind-idmap-debuginfo-2.10.2-150600.3.53.1
* sssd-krb5-debuginfo-2.10.2-150600.3.53.1
* libipa_hbac0-debuginfo-2.10.2-150600.3.53.1
* libsss_nss_idmap0-debuginfo-2.10.2-150600.3.53.1
* libsss_nss_idmap-devel-2.10.2-150600.3.53.1
* sssd-winbind-idmap-2.10.2-150600.3.53.1
* sssd-proxy-debuginfo-2.10.2-150600.3.53.1
* sssd-tools-2.10.2-150600.3.53.1
* sssd-2.10.2-150600.3.53.1
* libsss_idmap0-debuginfo-2.10.2-150600.3.53.1
* sssd-krb5-common-2.10.2-150600.3.53.1
* sssd-kcm-debuginfo-2.10.2-150600.3.53.1
* sssd-ldap-2.10.2-150600.3.53.1
* libipa_hbac0-2.10.2-150600.3.53.1
* sssd-debuginfo-2.10.2-150600.3.53.1
* sssd-kcm-2.10.2-150600.3.53.1
* libsss_simpleifp0-2.10.2-150600.3.53.1
* libsss_certmap0-2.10.2-150600.3.53.1
* libsss_certmap-devel-2.10.2-150600.3.53.1
* sssd-dbus-debuginfo-2.10.2-150600.3.53.1
* sssd-ipa-2.10.2-150600.3.53.1
* libipa_hbac-devel-2.10.2-150600.3.53.1
* libsss_idmap-devel-2.10.2-150600.3.53.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64)
* sssd-32bit-2.10.2-150600.3.53.1
* sssd-32bit-debuginfo-2.10.2-150600.3.53.1
## References:
* https://www.suse.com/security/cve/CVE-2026-14474.html
* https://www.suse.com/security/cve/CVE-2026-14476.html
* https://bugzilla.suse.com/show_bug.cgi?id=1270708
* https://bugzilla.suse.com/show_bug.cgi?id=1270709
SUSE-SU-2026:3026-1: important: Security update for python-cryptography
# Security update for python-cryptography
Announcement ID: SUSE-SU-2026:3026-1
Release Date: 2026-07-15T09:49:44Z
Rating: important
References:
* bsc#1270208
* bsc#1270515
* bsc#1270620
* bsc#1270706
* bsc#1270772
* bsc#1270801
* bsc#1270936
* bsc#1270994
Cross-References:
* CVE-2026-41676
* CVE-2026-41677
* CVE-2026-41678
* CVE-2026-41681
* CVE-2026-41898
* CVE-2026-42327
* CVE-2026-44662
* CVE-2026-45784
CVSS scores:
* CVE-2026-41676 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-41676 ( NVD ): 7.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41676 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41677 ( SUSE ): 1.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
* CVE-2026-41677 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-41677 ( NVD ): 1.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41677 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-41678 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41678 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-41678 ( NVD ): 7.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41678 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41681 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-41681 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-41681 ( NVD ): 8.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41681 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41898 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-41898 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-41898 ( NVD ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41898 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-42327 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42327 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-42327 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-44662 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-44662 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-44662 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-45784 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-45784 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Affected Products:
* openSUSE Leap 15.6
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves eight vulnerabilities can now be installed.
## Description:
This update for python-cryptography fixes the following issues
* CVE-2026-41676: openssl: `Deriver:derive` and `PkeyCtxRef:derive` can
overflow short buffers on OpenSSL 1.1.1 (bsc#1270208).
* CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when
returning an oversized length in rust- openssl crate (bsc#1270620).
* CVE-2026-41678: openssl: incorrect bounds assertion in aes key wrap in rust-
openssl crate (bsc#1270706).
* CVE-2026-41681: openssl: MdCtxRef::digest_final() writes past caller buffer
with no length check in rust-openssl crate (bsc#1270772).
* CVE-2026-41898: openssl: unchecked callback-returned length in PSK and
cookie generate trampolines can leak adjacent memory in rust-openssl crate
(bsc#1270801).
* CVE-2026-42327: openssl: arbitrary code execution via specially crafted
certificate in rust-openssl crate (bsc#1270515).
* CVE-2026-44662: openssl: heap buffer overflow when encrypting with AES key-
wrap-with-padding in rust-openssl crate (bsc#1270936).
* CVE-2026-45784: openssl: out-of-bounds write in
`CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers in rust-
openssl crate (bsc#1270994).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-3026=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3026=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3026=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3026=1
## Package List:
* Python 3 Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* python311-cryptography-41.0.3-150600.23.9.1
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* python311-cryptography-41.0.3-150600.23.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* python311-cryptography-41.0.3-150600.23.9.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* python311-cryptography-41.0.3-150600.23.9.1
## References:
* https://www.suse.com/security/cve/CVE-2026-41676.html
* https://www.suse.com/security/cve/CVE-2026-41677.html
* https://www.suse.com/security/cve/CVE-2026-41678.html
* https://www.suse.com/security/cve/CVE-2026-41681.html
* https://www.suse.com/security/cve/CVE-2026-41898.html
* https://www.suse.com/security/cve/CVE-2026-42327.html
* https://www.suse.com/security/cve/CVE-2026-44662.html
* https://www.suse.com/security/cve/CVE-2026-45784.html
* https://bugzilla.suse.com/show_bug.cgi?id=1270208
* https://bugzilla.suse.com/show_bug.cgi?id=1270515
* https://bugzilla.suse.com/show_bug.cgi?id=1270620
* https://bugzilla.suse.com/show_bug.cgi?id=1270706
* https://bugzilla.suse.com/show_bug.cgi?id=1270772
* https://bugzilla.suse.com/show_bug.cgi?id=1270801
* https://bugzilla.suse.com/show_bug.cgi?id=1270936
* https://bugzilla.suse.com/show_bug.cgi?id=1270994
SUSE-SU-2026:3028-1: important: Security update for dnsmasq
# Security update for dnsmasq
Announcement ID: SUSE-SU-2026:3028-1
Release Date: 2026-07-15T09:51:44Z
Rating: important
References:
* bsc#1268764
* bsc#1268882
Cross-References:
* CVE-2026-12725
* CVE-2026-12969
CVSS scores:
* CVE-2026-12725 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-12725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-12725 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-12969 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-12969 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-12969 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:
* Basesystem Module 15-SP7
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves two vulnerabilities can now be installed.
## Description:
This update for dnsmasq fixes the following issues
* CVE-2026-12725: heap buffer overflow in `log_query()` when logging
unsupported DS/DNSKEY replies (bsc#1268764).
* CVE-2026-12969: out-of-bounds read in `find_soa()` due to missing extrabytes
validation (bsc#1268882).
Changes for dnsmasq:
* Update to 2.93:
* Fix a corner-case in DNSSEC validation with wildcards.
* Fix DNSSEC failure with spurious RRSIGs.
* Fix DNSSEC fail with CNAME replies to DS queries.
* Fix regression in 2.92 release which broke DHCPv6 when a DHCP relay is in
use.
* Modify the inotify implementation so that inotify watches are only created
after dnsmasq has changed permissions and userid.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-3028=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-3028=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-3028=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-3028=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-3028=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3028=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-3028=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-3028=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-3028=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-3028=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-3028=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-3028=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-3028=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-3028=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-3028=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3028=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-3028=1
## Package List:
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-utils-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* dnsmasq-utils-2.93-150400.16.17.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
## References:
* https://www.suse.com/security/cve/CVE-2026-12725.html
* https://www.suse.com/security/cve/CVE-2026-12969.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268764
* https://bugzilla.suse.com/show_bug.cgi?id=1268882
SUSE-SU-2026:3029-1: moderate: Security update for glibc
# Security update for glibc
Announcement ID: SUSE-SU-2026:3029-1
Release Date: 2026-07-15T09:52:53Z
Rating: moderate
References:
* bsc#1263656
* bsc#1263658
Cross-References:
* CVE-2026-5435
* CVE-2026-6238
CVSS scores:
* CVE-2026-5435 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-5435 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-5435 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-6238 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-6238 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-6238 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Affected Products:
* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves two vulnerabilities can now be installed.
## Description:
This update for glibc fixes the following issues
* CVE-2026-5435: unchecked buffer writing in TSIG handling can lead to an out-
of-bounds write (bsc#1263656).
* CVE-2026-6238: insufficient RDATA length validation can lead to application
crashes or uninitialized memory disclosure (bsc#1263658).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-3029=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-3029=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-3029=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-3029=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-3029=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-3029=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-3029=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-3029=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-3029=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-3029=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-3029=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-3029=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-3029=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-3029=1
## Package List:
* openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64)
* glibc-utils-src-debugsource-2.31-150300.104.1
* glibc-utils-debuginfo-2.31-150300.104.1
* nscd-2.31-150300.104.1
* glibc-utils-2.31-150300.104.1
* glibc-extra-debuginfo-2.31-150300.104.1
* nscd-debuginfo-2.31-150300.104.1
* glibc-extra-2.31-150300.104.1
* openSUSE Leap 15.3 (aarch64 i586 i686 ppc64le s390x x86_64)
* glibc-locale-2.31-150300.104.1
* glibc-profile-2.31-150300.104.1
* glibc-devel-2.31-150300.104.1
* glibc-locale-base-2.31-150300.104.1
* glibc-locale-base-debuginfo-2.31-150300.104.1
* glibc-devel-debuginfo-2.31-150300.104.1
* glibc-2.31-150300.104.1
* glibc-devel-static-2.31-150300.104.1
* glibc-debugsource-2.31-150300.104.1
* glibc-debuginfo-2.31-150300.104.1
* openSUSE Leap 15.3 (x86_64)
* glibc-profile-32bit-2.31-150300.104.1
* glibc-utils-32bit-debuginfo-2.31-150300.104.1
* glibc-devel-32bit-2.31-150300.104.1
* glibc-locale-base-32bit-debuginfo-2.31-150300.104.1
* glibc-devel-32bit-debuginfo-2.31-150300.104.1
* glibc-utils-32bit-2.31-150300.104.1
* glibc-32bit-debuginfo-2.31-150300.104.1
* glibc-locale-base-32bit-2.31-150300.104.1
* glibc-devel-static-32bit-2.31-150300.104.1
* glibc-32bit-2.31-150300.104.1
* openSUSE Leap 15.3 (noarch)
* glibc-html-2.31-150300.104.1
* glibc-lang-2.31-150300.104.1
* glibc-i18ndata-2.31-150300.104.1
* glibc-info-2.31-150300.104.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* glibc-locale-base-64bit-debuginfo-2.31-150300.104.1
* glibc-64bit-2.31-150300.104.1
* glibc-profile-64bit-2.31-150300.104.1
* glibc-devel-64bit-2.31-150300.104.1
* glibc-64bit-debuginfo-2.31-150300.104.1
* glibc-devel-static-64bit-2.31-150300.104.1
* glibc-devel-64bit-debuginfo-2.31-150300.104.1
* glibc-utils-64bit-debuginfo-2.31-150300.104.1
* glibc-locale-base-64bit-2.31-150300.104.1
* glibc-utils-64bit-2.31-150300.104.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* glibc-utils-src-debugsource-2.31-150300.104.1
* glibc-locale-2.31-150300.104.1
* glibc-utils-debuginfo-2.31-150300.104.1
* glibc-locale-base-2.31-150300.104.1
* glibc-profile-2.31-150300.104.1
* glibc-locale-base-debuginfo-2.31-150300.104.1
* glibc-devel-2.31-150300.104.1
* glibc-2.31-150300.104.1
* nscd-2.31-150300.104.1
* glibc-devel-debuginfo-2.31-150300.104.1
* glibc-utils-2.31-150300.104.1
* glibc-devel-static-2.31-150300.104.1
* glibc-extra-debuginfo-2.31-150300.104.1
* glibc-debugsource-2.31-150300.104.1
* nscd-debuginfo-2.31-150300.104.1
* glibc-extra-2.31-150300.104.1
* glibc-debuginfo-2.31-150300.104.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* glibc-lang-2.31-150300.104.1
* glibc-i18ndata-2.31-150300.104.1
* glibc-info-2.31-150300.104.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
* glibc-devel-32bit-2.31-150300.104.1
* glibc-locale-base-32bit-debuginfo-2.31-150300.104.1
* glibc-devel-32bit-debuginfo-2.31-150300.104.1
* glibc-32bit-debuginfo-2.31-150300.104.1
* glibc-locale-base-32bit-2.31-150300.104.1
* glibc-32bit-2.31-150300.104.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* glibc-locale-2.31-150300.104.1
* glibc-locale-base-2.31-150300.104.1
* glibc-devel-2.31-150300.104.1
* glibc-locale-base-debuginfo-2.31-150300.104.1
* glibc-2.31-150300.104.1
* glibc-devel-debuginfo-2.31-150300.104.1
* glibc-debugsource-2.31-150300.104.1
* glibc-debuginfo-2.31-150300.104.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* glibc-utils-src-debugsource-2.31-150300.104.1
* glibc-locale-2.31-150300.104.1
* glibc-locale-base-2.31-150300.104.1
* glibc-devel-2.31-150300.104.1
* glibc-profile-2.31-150300.104.1
* glibc-locale-base-debuginfo-2.31-150300.104.1
* glibc-utils-debuginfo-2.31-150300.104.1
* glibc-devel-debuginfo-2.31-150300.104.1
* glibc-2.31-150300.104.1
* nscd-2.31-150300.104.1
* glibc-utils-2.31-150300.104.1
* glibc-devel-static-2.31-150300.104.1
* glibc-extra-debuginfo-2.31-150300.104.1
* glibc-extra-2.31-150300.104.1
* nscd-debuginfo-2.31-150300.104.1
* glibc-debugsource-2.31-150300.104.1
* glibc-debuginfo-2.31-150300.104.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64)
* glibc-devel-32bit-2.31-150300.104.1
* glibc-locale-base-32bit-debuginfo-2.31-150300.104.1
* glibc-devel-32bit-debuginfo-2.31-150300.104.1
* glibc-32bit-debuginfo-2.31-150300.104.1
* glibc-locale-base-32bit-2.31-150300.104.1
* glibc-32bit-2.31-150300.104.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* glibc-i18ndata-2.31-150300.104.1
* glibc-lang-2.31-150300.104.1
* glibc-info-2.31-150300.104.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* glibc-utils-src-debugsource-2.31-150300.104.1
* glibc-locale-2.31-150300.104.1
* glibc-locale-base-2.31-150300.104.1
* glibc-profile-2.31-150300.104.1
* glibc-utils-debuginfo-2.31-150300.104.1
* glibc-locale-base-debuginfo-2.31-150300.104.1
* glibc-devel-2.31-150300.104.1
* nscd-2.31-150300.104.1
* glibc-devel-debuginfo-2.31-150300.104.1
* glibc-2.31-150300.104.1
* glibc-utils-2.31-150300.104.1
* glibc-extra-debuginfo-2.31-150300.104.1
* glibc-devel-static-2.31-150300.104.1
* glibc-debugsource-2.31-150300.104.1
* nscd-debuginfo-2.31-150300.104.1
* glibc-extra-2.31-150300.104.1
* glibc-debuginfo-2.31-150300.104.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* glibc-devel-32bit-2.31-150300.104.1
* glibc-locale-base-32bit-debuginfo-2.31-150300.104.1
* glibc-devel-32bit-debuginfo-2.31-150300.104.1
* glibc-32bit-debuginfo-2.31-150300.104.1
* glibc-locale-base-32bit-2.31-150300.104.1
* glibc-32bit-2.31-150300.104.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* glibc-lang-2.31-150300.104.1
* glibc-i18ndata-2.31-150300.104.1
* glibc-info-2.31-150300.104.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* glibc-i18ndata-2.31-150300.104.1
* glibc-lang-2.31-150300.104.1
* glibc-info-2.31-150300.104.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* glibc-utils-src-debugsource-2.31-150300.104.1
* glibc-locale-2.31-150300.104.1
* glibc-profile-2.31-150300.104.1
* glibc-devel-2.31-150300.104.1
* glibc-locale-base-2.31-150300.104.1
* glibc-locale-base-debuginfo-2.31-150300.104.1
* glibc-utils-debuginfo-2.31-150300.104.1
* glibc-2.31-150300.104.1
* glibc-devel-debuginfo-2.31-150300.104.1
* nscd-2.31-150300.104.1
* glibc-utils-2.31-150300.104.1
* glibc-devel-static-2.31-150300.104.1
* glibc-extra-debuginfo-2.31-150300.104.1
* glibc-debugsource-2.31-150300.104.1
* nscd-debuginfo-2.31-150300.104.1
* glibc-extra-2.31-150300.104.1
* glibc-debuginfo-2.31-150300.104.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64)
* glibc-devel-32bit-2.31-150300.104.1
* glibc-locale-base-32bit-debuginfo-2.31-150300.104.1
* glibc-devel-32bit-debuginfo-2.31-150300.104.1
* glibc-32bit-debuginfo-2.31-150300.104.1
* glibc-locale-base-32bit-2.31-150300.104.1
* glibc-32bit-2.31-150300.104.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* glibc-utils-src-debugsource-2.31-150300.104.1
* glibc-locale-2.31-150300.104.1
* glibc-utils-debuginfo-2.31-150300.104.1
* glibc-locale-base-2.31-150300.104.1
* glibc-devel-2.31-150300.104.1
* glibc-locale-base-debuginfo-2.31-150300.104.1
* glibc-profile-2.31-150300.104.1
* glibc-2.31-150300.104.1
* glibc-devel-debuginfo-2.31-150300.104.1
* nscd-2.31-150300.104.1
* glibc-utils-2.31-150300.104.1
* glibc-devel-static-2.31-150300.104.1
* glibc-extra-debuginfo-2.31-150300.104.1
* glibc-debugsource-2.31-150300.104.1
* nscd-debuginfo-2.31-150300.104.1
* glibc-extra-2.31-150300.104.1
* glibc-debuginfo-2.31-150300.104.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* glibc-devel-32bit-2.31-150300.104.1
* glibc-locale-base-32bit-debuginfo-2.31-150300.104.1
* glibc-devel-32bit-debuginfo-2.31-150300.104.1
* glibc-32bit-debuginfo-2.31-150300.104.1
* glibc-locale-base-32bit-2.31-150300.104.1
* glibc-32bit-2.31-150300.104.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* glibc-lang-2.31-150300.104.1
* glibc-i18ndata-2.31-150300.104.1
* glibc-info-2.31-150300.104.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* glibc-utils-src-debugsource-2.31-150300.104.1
* glibc-locale-2.31-150300.104.1
* glibc-utils-debuginfo-2.31-150300.104.1
* glibc-profile-2.31-150300.104.1
* glibc-devel-2.31-150300.104.1
* glibc-locale-base-2.31-150300.104.1
* glibc-locale-base-debuginfo-2.31-150300.104.1
* glibc-devel-debuginfo-2.31-150300.104.1
* nscd-2.31-150300.104.1
* glibc-2.31-150300.104.1
* glibc-utils-2.31-150300.104.1
* glibc-devel-static-2.31-150300.104.1
* glibc-extra-debuginfo-2.31-150300.104.1
* glibc-extra-2.31-150300.104.1
* nscd-debuginfo-2.31-150300.104.1
* glibc-debugsource-2.31-150300.104.1
* glibc-debuginfo-2.31-150300.104.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* glibc-lang-2.31-150300.104.1
* glibc-i18ndata-2.31-150300.104.1
* glibc-info-2.31-150300.104.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
* glibc-devel-32bit-2.31-150300.104.1
* glibc-locale-base-32bit-debuginfo-2.31-150300.104.1
* glibc-devel-32bit-debuginfo-2.31-150300.104.1
* glibc-32bit-debuginfo-2.31-150300.104.1
* glibc-locale-base-32bit-2.31-150300.104.1
* glibc-32bit-2.31-150300.104.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* glibc-locale-2.31-150300.104.1
* glibc-locale-base-2.31-150300.104.1
* glibc-devel-2.31-150300.104.1
* glibc-locale-base-debuginfo-2.31-150300.104.1
* glibc-devel-debuginfo-2.31-150300.104.1
* glibc-2.31-150300.104.1
* glibc-debugsource-2.31-150300.104.1
* glibc-debuginfo-2.31-150300.104.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* glibc-locale-2.31-150300.104.1
* glibc-locale-base-2.31-150300.104.1
* glibc-devel-2.31-150300.104.1
* glibc-locale-base-debuginfo-2.31-150300.104.1
* glibc-devel-debuginfo-2.31-150300.104.1
* glibc-2.31-150300.104.1
* glibc-debugsource-2.31-150300.104.1
* glibc-debuginfo-2.31-150300.104.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* glibc-devel-32bit-2.31-150300.104.1
* glibc-locale-base-32bit-debuginfo-2.31-150300.104.1
* glibc-devel-32bit-debuginfo-2.31-150300.104.1
* glibc-32bit-debuginfo-2.31-150300.104.1
* glibc-locale-base-32bit-2.31-150300.104.1
* glibc-32bit-2.31-150300.104.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* glibc-utils-src-debugsource-2.31-150300.104.1
* glibc-locale-2.31-150300.104.1
* glibc-utils-debuginfo-2.31-150300.104.1
* glibc-profile-2.31-150300.104.1
* glibc-devel-2.31-150300.104.1
* glibc-locale-base-debuginfo-2.31-150300.104.1
* glibc-locale-base-2.31-150300.104.1
* glibc-2.31-150300.104.1
* glibc-devel-debuginfo-2.31-150300.104.1
* nscd-2.31-150300.104.1
* glibc-utils-2.31-150300.104.1
* glibc-extra-debuginfo-2.31-150300.104.1
* glibc-devel-static-2.31-150300.104.1
* glibc-extra-2.31-150300.104.1
* nscd-debuginfo-2.31-150300.104.1
* glibc-debugsource-2.31-150300.104.1
* glibc-debuginfo-2.31-150300.104.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* glibc-i18ndata-2.31-150300.104.1
* glibc-lang-2.31-150300.104.1
* glibc-info-2.31-150300.104.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* glibc-devel-32bit-2.31-150300.104.1
* glibc-locale-base-32bit-debuginfo-2.31-150300.104.1
* glibc-devel-32bit-debuginfo-2.31-150300.104.1
* glibc-32bit-debuginfo-2.31-150300.104.1
* glibc-locale-base-32bit-2.31-150300.104.1
* glibc-32bit-2.31-150300.104.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* glibc-utils-src-debugsource-2.31-150300.104.1
* glibc-locale-2.31-150300.104.1
* glibc-utils-debuginfo-2.31-150300.104.1
* glibc-profile-2.31-150300.104.1
* glibc-locale-base-2.31-150300.104.1
* glibc-locale-base-debuginfo-2.31-150300.104.1
* glibc-devel-2.31-150300.104.1
* nscd-2.31-150300.104.1
* glibc-devel-debuginfo-2.31-150300.104.1
* glibc-2.31-150300.104.1
* glibc-utils-2.31-150300.104.1
* glibc-devel-static-2.31-150300.104.1
* glibc-extra-debuginfo-2.31-150300.104.1
* glibc-extra-2.31-150300.104.1
* nscd-debuginfo-2.31-150300.104.1
* glibc-debugsource-2.31-150300.104.1
* glibc-debuginfo-2.31-150300.104.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* glibc-i18ndata-2.31-150300.104.1
* glibc-lang-2.31-150300.104.1
* glibc-info-2.31-150300.104.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* glibc-locale-2.31-150300.104.1
* glibc-locale-base-2.31-150300.104.1
* glibc-devel-2.31-150300.104.1
* glibc-locale-base-debuginfo-2.31-150300.104.1
* glibc-2.31-150300.104.1
* glibc-devel-debuginfo-2.31-150300.104.1
* glibc-debugsource-2.31-150300.104.1
* glibc-debuginfo-2.31-150300.104.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* glibc-locale-2.31-150300.104.1
* glibc-locale-base-2.31-150300.104.1
* glibc-devel-2.31-150300.104.1
* glibc-locale-base-debuginfo-2.31-150300.104.1
* glibc-2.31-150300.104.1
* glibc-devel-debuginfo-2.31-150300.104.1
* glibc-debugsource-2.31-150300.104.1
* glibc-debuginfo-2.31-150300.104.1
## References:
* https://www.suse.com/security/cve/CVE-2026-5435.html
* https://www.suse.com/security/cve/CVE-2026-6238.html
* https://bugzilla.suse.com/show_bug.cgi?id=1263656
* https://bugzilla.suse.com/show_bug.cgi?id=1263658
SUSE-SU-2026:3030-1: moderate: Security update for glibc
# Security update for glibc
Announcement ID: SUSE-SU-2026:3030-1
Release Date: 2026-07-15T09:53:19Z
Rating: moderate
References:
* bsc#1263656
* bsc#1263658
Cross-References:
* CVE-2026-5435
* CVE-2026-6238
CVSS scores:
* CVE-2026-5435 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-5435 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-5435 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-6238 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-6238 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-6238 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Affected Products:
* Basesystem Module 15-SP7
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves two vulnerabilities can now be installed.
## Description:
This update for glibc fixes the following issues
* CVE-2026-5435: unchecked buffer writing in TSIG handling can lead to an out-
of-bounds write (bsc#1263656).
* CVE-2026-6238: insufficient RDATA length validation can lead to application
crashes or uninitialized memory disclosure (bsc#1263658).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-3030=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3030=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3030=1
* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-3030=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3030=1
## Package List:
* SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64)
* libnsl1-32bit-2.38-150600.14.52.1
* glibc-32bit-2.38-150600.14.52.1
* glibc-locale-base-32bit-2.38-150600.14.52.1
* libnsl1-32bit-debuginfo-2.38-150600.14.52.1
* glibc-32bit-debuginfo-2.38-150600.14.52.1
* glibc-devel-32bit-debuginfo-2.38-150600.14.52.1
* glibc-devel-32bit-2.38-150600.14.52.1
* glibc-locale-base-32bit-debuginfo-2.38-150600.14.52.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* glibc-extra-2.38-150600.14.52.1
* glibc-locale-base-debuginfo-2.38-150600.14.52.1
* glibc-utils-2.38-150600.14.52.1
* libnsl1-2.38-150600.14.52.1
* glibc-extra-debuginfo-2.38-150600.14.52.1
* nscd-2.38-150600.14.52.1
* glibc-devel-debuginfo-2.38-150600.14.52.1
* glibc-debugsource-2.38-150600.14.52.1
* glibc-2.38-150600.14.52.1
* glibc-devel-static-2.38-150600.14.52.1
* glibc-locale-base-2.38-150600.14.52.1
* glibc-devel-2.38-150600.14.52.1
* glibc-profile-2.38-150600.14.52.1
* glibc-locale-2.38-150600.14.52.1
* libnsl1-debuginfo-2.38-150600.14.52.1
* glibc-debuginfo-2.38-150600.14.52.1
* nscd-debuginfo-2.38-150600.14.52.1
* glibc-utils-src-debugsource-2.38-150600.14.52.1
* glibc-utils-debuginfo-2.38-150600.14.52.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* glibc-lang-2.38-150600.14.52.1
* glibc-i18ndata-2.38-150600.14.52.1
* glibc-info-2.38-150600.14.52.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* glibc-devel-2.38-150600.14.52.1
* glibc-profile-2.38-150600.14.52.1
* nscd-2.38-150600.14.52.1
* glibc-extra-2.38-150600.14.52.1
* glibc-locale-2.38-150600.14.52.1
* glibc-devel-debuginfo-2.38-150600.14.52.1
* glibc-debugsource-2.38-150600.14.52.1
* libnsl1-debuginfo-2.38-150600.14.52.1
* glibc-locale-base-debuginfo-2.38-150600.14.52.1
* glibc-2.38-150600.14.52.1
* glibc-debuginfo-2.38-150600.14.52.1
* glibc-locale-base-2.38-150600.14.52.1
* libnsl1-2.38-150600.14.52.1
* glibc-extra-debuginfo-2.38-150600.14.52.1
* nscd-debuginfo-2.38-150600.14.52.1
* Basesystem Module 15-SP7 (noarch)
* glibc-lang-2.38-150600.14.52.1
* glibc-i18ndata-2.38-150600.14.52.1
* glibc-info-2.38-150600.14.52.1
* Basesystem Module 15-SP7 (x86_64)
* libnsl1-32bit-2.38-150600.14.52.1
* glibc-32bit-2.38-150600.14.52.1
* glibc-locale-base-32bit-2.38-150600.14.52.1
* libnsl1-32bit-debuginfo-2.38-150600.14.52.1
* glibc-32bit-debuginfo-2.38-150600.14.52.1
* glibc-locale-base-32bit-debuginfo-2.38-150600.14.52.1
* openSUSE Leap 15.6 (aarch64 i586 i686 ppc64le s390x x86_64)
* glibc-devel-2.38-150600.14.52.1
* glibc-profile-2.38-150600.14.52.1
* glibc-locale-2.38-150600.14.52.1
* glibc-devel-debuginfo-2.38-150600.14.52.1
* glibc-debugsource-2.38-150600.14.52.1
* libnsl1-debuginfo-2.38-150600.14.52.1
* glibc-locale-base-debuginfo-2.38-150600.14.52.1
* glibc-2.38-150600.14.52.1
* glibc-debuginfo-2.38-150600.14.52.1
* glibc-devel-static-2.38-150600.14.52.1
* glibc-locale-base-2.38-150600.14.52.1
* libnsl1-2.38-150600.14.52.1
* openSUSE Leap 15.6 (x86_64)
* libnsl1-32bit-2.38-150600.14.52.1
* glibc-32bit-2.38-150600.14.52.1
* glibc-locale-base-32bit-2.38-150600.14.52.1
* libnsl1-32bit-debuginfo-2.38-150600.14.52.1
* glibc-32bit-debuginfo-2.38-150600.14.52.1
* glibc-utils-32bit-2.38-150600.14.52.1
* glibc-devel-32bit-debuginfo-2.38-150600.14.52.1
* glibc-profile-32bit-2.38-150600.14.52.1
* glibc-locale-base-32bit-debuginfo-2.38-150600.14.52.1
* glibc-devel-32bit-2.38-150600.14.52.1
* glibc-devel-static-32bit-2.38-150600.14.52.1
* glibc-utils-32bit-debuginfo-2.38-150600.14.52.1
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* glibc-utils-src-debugsource-2.38-150600.14.52.1
* nscd-2.38-150600.14.52.1
* glibc-extra-2.38-150600.14.52.1
* glibc-utils-debuginfo-2.38-150600.14.52.1
* glibc-utils-2.38-150600.14.52.1
* glibc-extra-debuginfo-2.38-150600.14.52.1
* nscd-debuginfo-2.38-150600.14.52.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* glibc-locale-base-64bit-debuginfo-2.38-150600.14.52.1
* glibc-utils-64bit-debuginfo-2.38-150600.14.52.1
* glibc-devel-static-64bit-2.38-150600.14.52.1
* glibc-64bit-debuginfo-2.38-150600.14.52.1
* libnsl1-64bit-2.38-150600.14.52.1
* glibc-devel-64bit-2.38-150600.14.52.1
* glibc-64bit-2.38-150600.14.52.1
* glibc-profile-64bit-2.38-150600.14.52.1
* glibc-utils-64bit-2.38-150600.14.52.1
* glibc-locale-base-64bit-2.38-150600.14.52.1
* glibc-devel-64bit-debuginfo-2.38-150600.14.52.1
* libnsl1-64bit-debuginfo-2.38-150600.14.52.1
* openSUSE Leap 15.6 (noarch)
* glibc-lang-2.38-150600.14.52.1
* glibc-i18ndata-2.38-150600.14.52.1
* glibc-info-2.38-150600.14.52.1
* glibc-html-2.38-150600.14.52.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64)
* libnsl1-32bit-2.38-150600.14.52.1
* glibc-32bit-2.38-150600.14.52.1
* libnsl1-32bit-debuginfo-2.38-150600.14.52.1
* glibc-locale-base-32bit-2.38-150600.14.52.1
* glibc-32bit-debuginfo-2.38-150600.14.52.1
* glibc-devel-32bit-debuginfo-2.38-150600.14.52.1
* glibc-locale-base-32bit-debuginfo-2.38-150600.14.52.1
* glibc-devel-32bit-2.38-150600.14.52.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* glibc-extra-2.38-150600.14.52.1
* glibc-locale-base-debuginfo-2.38-150600.14.52.1
* glibc-utils-2.38-150600.14.52.1
* libnsl1-2.38-150600.14.52.1
* glibc-extra-debuginfo-2.38-150600.14.52.1
* nscd-2.38-150600.14.52.1
* glibc-devel-debuginfo-2.38-150600.14.52.1
* glibc-debugsource-2.38-150600.14.52.1
* glibc-2.38-150600.14.52.1
* glibc-devel-static-2.38-150600.14.52.1
* glibc-locale-base-2.38-150600.14.52.1
* glibc-devel-2.38-150600.14.52.1
* glibc-profile-2.38-150600.14.52.1
* glibc-locale-2.38-150600.14.52.1
* libnsl1-debuginfo-2.38-150600.14.52.1
* glibc-debuginfo-2.38-150600.14.52.1
* nscd-debuginfo-2.38-150600.14.52.1
* glibc-utils-src-debugsource-2.38-150600.14.52.1
* glibc-utils-debuginfo-2.38-150600.14.52.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* glibc-lang-2.38-150600.14.52.1
* glibc-i18ndata-2.38-150600.14.52.1
* glibc-info-2.38-150600.14.52.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* glibc-utils-src-debugsource-2.38-150600.14.52.1
* glibc-utils-debuginfo-2.38-150600.14.52.1
* glibc-debugsource-2.38-150600.14.52.1
* glibc-utils-2.38-150600.14.52.1
* glibc-debuginfo-2.38-150600.14.52.1
* glibc-devel-static-2.38-150600.14.52.1
* Development Tools Module 15-SP7 (x86_64)
* glibc-devel-32bit-debuginfo-2.38-150600.14.52.1
* glibc-32bit-debuginfo-2.38-150600.14.52.1
* glibc-devel-32bit-2.38-150600.14.52.1
## References:
* https://www.suse.com/security/cve/CVE-2026-5435.html
* https://www.suse.com/security/cve/CVE-2026-6238.html
* https://bugzilla.suse.com/show_bug.cgi?id=1263656
* https://bugzilla.suse.com/show_bug.cgi?id=1263658
SUSE-SU-2026:3032-1: moderate: Security update for glib-networking
# Security update for glib-networking
Announcement ID: SUSE-SU-2026:3032-1
Release Date: 2026-07-15T09:53:56Z
Rating: moderate
References:
* bsc#1267979
Cross-References:
* CVE-2026-10028
CVSS scores:
* CVE-2026-10028 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-10028 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-10028 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Affected Products:
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for glib-networking fixes the following issue
* CVE-2026-10028: two certificates which are each signed by the other can lead
to an infinite loop (bsc#1267979).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-3032=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3032=1
## Package List:
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* glib-networking-debugsource-2.78.0-150600.3.3.1
* glib-networking-2.78.0-150600.3.3.1
* glib-networking-debuginfo-2.78.0-150600.3.3.1
* openSUSE Leap 15.6 (x86_64)
* glib-networking-32bit-debuginfo-2.78.0-150600.3.3.1
* glib-networking-32bit-2.78.0-150600.3.3.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* glib-networking-64bit-debuginfo-2.78.0-150600.3.3.1
* glib-networking-64bit-2.78.0-150600.3.3.1
* openSUSE Leap 15.6 (noarch)
* glib-networking-lang-2.78.0-150600.3.3.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* glib-networking-debugsource-2.78.0-150600.3.3.1
* glib-networking-2.78.0-150600.3.3.1
* glib-networking-debuginfo-2.78.0-150600.3.3.1
* Basesystem Module 15-SP7 (noarch)
* glib-networking-lang-2.78.0-150600.3.3.1
## References:
* https://www.suse.com/security/cve/CVE-2026-10028.html
* https://bugzilla.suse.com/show_bug.cgi?id=1267979
SUSE-SU-2026:3036-1: important: Security update for yelp
# Security update for yelp
Announcement ID: SUSE-SU-2026:3036-1
Release Date: 2026-07-15T11:44:33Z
Rating: important
References:
* bsc#1269625
Cross-References:
* CVE-2026-13601
CVSS scores:
* CVE-2026-13601 ( SUSE ): 6.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
* CVE-2026-13601 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2026-13601 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2026-13601 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2026-13601 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products:
* Desktop Applications Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for yelp fixes the following issue
* CVE-2026-13601: overly permissive Content Security Policy allows host file
disclosure via Flatpak applications (bsc#1269625).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-3036=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3036=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3036=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3036=1
## Package List:
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* yelp-debugsource-42.2-150600.3.6.1
* libyelp0-42.2-150600.3.6.1
* yelp-devel-42.2-150600.3.6.1
* libyelp0-debuginfo-42.2-150600.3.6.1
* yelp-debuginfo-42.2-150600.3.6.1
* yelp-42.2-150600.3.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* yelp-lang-42.2-150600.3.6.1
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* yelp-debugsource-42.2-150600.3.6.1
* libyelp0-42.2-150600.3.6.1
* yelp-devel-42.2-150600.3.6.1
* libyelp0-debuginfo-42.2-150600.3.6.1
* yelp-debuginfo-42.2-150600.3.6.1
* yelp-42.2-150600.3.6.1
* openSUSE Leap 15.6 (noarch)
* yelp-lang-42.2-150600.3.6.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* yelp-debugsource-42.2-150600.3.6.1
* libyelp0-42.2-150600.3.6.1
* yelp-devel-42.2-150600.3.6.1
* libyelp0-debuginfo-42.2-150600.3.6.1
* yelp-debuginfo-42.2-150600.3.6.1
* yelp-42.2-150600.3.6.1
* Desktop Applications Module 15-SP7 (noarch)
* yelp-lang-42.2-150600.3.6.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* yelp-debugsource-42.2-150600.3.6.1
* libyelp0-42.2-150600.3.6.1
* yelp-devel-42.2-150600.3.6.1
* libyelp0-debuginfo-42.2-150600.3.6.1
* yelp-debuginfo-42.2-150600.3.6.1
* yelp-42.2-150600.3.6.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* yelp-lang-42.2-150600.3.6.1
## References:
* https://www.suse.com/security/cve/CVE-2026-13601.html
* https://bugzilla.suse.com/show_bug.cgi?id=1269625
SUSE-SU-2026:3037-1: important: Security update for yelp
# Security update for yelp
Announcement ID: SUSE-SU-2026:3037-1
Release Date: 2026-07-15T11:45:09Z
Rating: important
References:
* bsc#1269625
Cross-References:
* CVE-2026-13601
CVSS scores:
* CVE-2026-13601 ( SUSE ): 6.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
* CVE-2026-13601 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2026-13601 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2026-13601 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2026-13601 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves one vulnerability can now be installed.
## Description:
This update for yelp fixes the following issue
* CVE-2026-13601: overly permissive Content Security Policy allows host file
disclosure via Flatpak applications (bsc#1269625).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-3037=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-3037=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-3037=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-3037=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-3037=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-3037=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-3037=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-3037=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-3037=1
## Package List:
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* yelp-debugsource-41.2-150400.3.6.1
* libyelp0-41.2-150400.3.6.1
* yelp-devel-41.2-150400.3.6.1
* libyelp0-debuginfo-41.2-150400.3.6.1
* yelp-41.2-150400.3.6.1
* yelp-debuginfo-41.2-150400.3.6.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* yelp-lang-41.2-150400.3.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* yelp-debugsource-41.2-150400.3.6.1
* libyelp0-41.2-150400.3.6.1
* yelp-devel-41.2-150400.3.6.1
* libyelp0-debuginfo-41.2-150400.3.6.1
* yelp-41.2-150400.3.6.1
* yelp-debuginfo-41.2-150400.3.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* yelp-lang-41.2-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* yelp-debugsource-41.2-150400.3.6.1
* yelp-devel-41.2-150400.3.6.1
* yelp-debuginfo-41.2-150400.3.6.1
* libyelp0-debuginfo-41.2-150400.3.6.1
* yelp-41.2-150400.3.6.1
* libyelp0-41.2-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* yelp-lang-41.2-150400.3.6.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* yelp-lang-41.2-150400.3.6.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* yelp-debugsource-41.2-150400.3.6.1
* yelp-devel-41.2-150400.3.6.1
* yelp-debuginfo-41.2-150400.3.6.1
* libyelp0-debuginfo-41.2-150400.3.6.1
* yelp-41.2-150400.3.6.1
* libyelp0-41.2-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* yelp-debugsource-41.2-150400.3.6.1
* yelp-devel-41.2-150400.3.6.1
* yelp-debuginfo-41.2-150400.3.6.1
* libyelp0-debuginfo-41.2-150400.3.6.1
* yelp-41.2-150400.3.6.1
* libyelp0-41.2-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* yelp-lang-41.2-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* yelp-debugsource-41.2-150400.3.6.1
* libyelp0-41.2-150400.3.6.1
* yelp-devel-41.2-150400.3.6.1
* libyelp0-debuginfo-41.2-150400.3.6.1
* yelp-41.2-150400.3.6.1
* yelp-debuginfo-41.2-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* yelp-lang-41.2-150400.3.6.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* yelp-debugsource-41.2-150400.3.6.1
* yelp-devel-41.2-150400.3.6.1
* yelp-debuginfo-41.2-150400.3.6.1
* libyelp0-debuginfo-41.2-150400.3.6.1
* yelp-41.2-150400.3.6.1
* libyelp0-41.2-150400.3.6.1
* openSUSE Leap 15.4 (noarch)
* yelp-lang-41.2-150400.3.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* yelp-debugsource-41.2-150400.3.6.1
* libyelp0-41.2-150400.3.6.1
* yelp-devel-41.2-150400.3.6.1
* libyelp0-debuginfo-41.2-150400.3.6.1
* yelp-41.2-150400.3.6.1
* yelp-debuginfo-41.2-150400.3.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* yelp-lang-41.2-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* yelp-debugsource-41.2-150400.3.6.1
* yelp-devel-41.2-150400.3.6.1
* yelp-debuginfo-41.2-150400.3.6.1
* libyelp0-debuginfo-41.2-150400.3.6.1
* yelp-41.2-150400.3.6.1
* libyelp0-41.2-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* yelp-lang-41.2-150400.3.6.1
## References:
* https://www.suse.com/security/cve/CVE-2026-13601.html
* https://bugzilla.suse.com/show_bug.cgi?id=1269625
SUSE-SU-2026:3040-1: important: Security update for python-cryptography
# Security update for python-cryptography
Announcement ID: SUSE-SU-2026:3040-1
Release Date: 2026-07-15T11:48:45Z
Rating: important
References:
* bsc#1270208
* bsc#1270515
* bsc#1270620
* bsc#1270706
* bsc#1270772
* bsc#1270801
* bsc#1270936
* bsc#1270994
Cross-References:
* CVE-2026-41676
* CVE-2026-41677
* CVE-2026-41678
* CVE-2026-41681
* CVE-2026-41898
* CVE-2026-42327
* CVE-2026-44662
* CVE-2026-45784
CVSS scores:
* CVE-2026-41676 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-41676 ( NVD ): 7.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41676 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41677 ( SUSE ): 1.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
* CVE-2026-41677 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-41677 ( NVD ): 1.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41677 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-41678 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41678 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-41678 ( NVD ): 7.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41678 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41681 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-41681 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-41681 ( NVD ): 8.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41681 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41898 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-41898 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-41898 ( NVD ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41898 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-42327 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42327 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-42327 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-44662 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-44662 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-44662 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-45784 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-45784 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Affected Products:
* openSUSE Leap 15.4
* Public Cloud Module 15-SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves eight vulnerabilities can now be installed.
## Description:
This update for python-cryptography fixes the following issues:
* CVE-2026-41676: openssl: `Deriver:derive` and `PkeyCtxRef:derive` can
overflow short buffers on OpenSSL 1.1.1 (bsc#1270208).
* CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when
returning an oversized length (bsc#1270620).
* CVE-2026-41678: openssl: out-of-bounds write due to incorrect bounds
assertion in `aes::unwrap_key()` (bsc#1270706).
* CVE-2026-41681: openssl: `MdCtxRef::digest_final()` writes past caller
buffer with no length check (bsc#1270772).
* CVE-2026-41898: openssl: unchecked callback-returned length in PSK and
cookie generate trampolines can leak adjacent memory to the network
(bsc#1270801).
* CVE-2026-42327: openssl: undefined behavior in `X509Ref::ocsp_responders`
for certificates with non-UTF-8 OCSP URLs (bsc#1270515).
* CVE-2026-44662: openssl: heap buffer overflow when encrypting with AES key-
wrap-with-padding due to incorrectly sized output buffers (bsc#1270936).
* CVE-2026-45784: openssl: out-of-bounds write in
`CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers due to
incorrectly sized output buffer (bsc#1270994).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-3040=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-3040=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-3040=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-3040=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-3040=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-3040=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-3040=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-3040=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-3040=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-3040=1
## Package List:
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* python311-cryptography-41.0.3-150400.16.25.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* python311-cryptography-41.0.3-150400.16.25.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* python311-cryptography-41.0.3-150400.16.25.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* python311-cryptography-41.0.3-150400.16.25.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* python311-cryptography-41.0.3-150400.16.25.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* python311-cryptography-41.0.3-150400.16.25.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* python311-cryptography-41.0.3-150400.16.25.1
* Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* python311-cryptography-41.0.3-150400.16.25.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* python311-cryptography-41.0.3-150400.16.25.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* python311-cryptography-41.0.3-150400.16.25.1
## References:
* https://www.suse.com/security/cve/CVE-2026-41676.html
* https://www.suse.com/security/cve/CVE-2026-41677.html
* https://www.suse.com/security/cve/CVE-2026-41678.html
* https://www.suse.com/security/cve/CVE-2026-41681.html
* https://www.suse.com/security/cve/CVE-2026-41898.html
* https://www.suse.com/security/cve/CVE-2026-42327.html
* https://www.suse.com/security/cve/CVE-2026-44662.html
* https://www.suse.com/security/cve/CVE-2026-45784.html
* https://bugzilla.suse.com/show_bug.cgi?id=1270208
* https://bugzilla.suse.com/show_bug.cgi?id=1270515
* https://bugzilla.suse.com/show_bug.cgi?id=1270620
* https://bugzilla.suse.com/show_bug.cgi?id=1270706
* https://bugzilla.suse.com/show_bug.cgi?id=1270772
* https://bugzilla.suse.com/show_bug.cgi?id=1270801
* https://bugzilla.suse.com/show_bug.cgi?id=1270936
* https://bugzilla.suse.com/show_bug.cgi?id=1270994
SUSE-SU-2026:3042-1: important: Security update for gnutls
# Security update for gnutls
Announcement ID: SUSE-SU-2026:3042-1
Release Date: 2026-07-15T11:50:16Z
Rating: important
References:
* bsc#1263713
Cross-References:
* CVE-2026-42014
CVSS scores:
* CVE-2026-42014 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-42014 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-42014 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves one vulnerability can now be installed.
## Description:
This update for gnutls fixes the following issue
* Rebase the CVE-2026-42014 patch to include a missing call to
`p11_kit_uri_free()` in `gnutls_pkcs11_token_set_pin()` (bsc#1263713).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-3042=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-3042=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-3042=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-3042=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-3042=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-3042=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-3042=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-3042=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-3042=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-3042=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-3042=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-3042=1
## Package List:
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* libgnutls-devel-3.7.3-150400.4.62.1
* gnutls-guile-3.7.3-150400.4.62.1
* gnutls-debugsource-3.7.3-150400.4.62.1
* gnutls-guile-debuginfo-3.7.3-150400.4.62.1
* libgnutls30-debuginfo-3.7.3-150400.4.62.1
* gnutls-debuginfo-3.7.3-150400.4.62.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.62.1
* gnutls-3.7.3-150400.4.62.1
* libgnutlsxx-devel-3.7.3-150400.4.62.1
* libgnutlsxx28-3.7.3-150400.4.62.1
* libgnutls30-3.7.3-150400.4.62.1
* libgnutls30-hmac-3.7.3-150400.4.62.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libgnutls-devel-64bit-3.7.3-150400.4.62.1
* libgnutls30-64bit-debuginfo-3.7.3-150400.4.62.1
* libgnutls30-hmac-64bit-3.7.3-150400.4.62.1
* libgnutls30-64bit-3.7.3-150400.4.62.1
* openSUSE Leap 15.4 (x86_64)
* libgnutls30-32bit-3.7.3-150400.4.62.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.62.1
* libgnutls-devel-32bit-3.7.3-150400.4.62.1
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.62.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libgnutls-devel-3.7.3-150400.4.62.1
* gnutls-guile-3.7.3-150400.4.62.1
* gnutls-debugsource-3.7.3-150400.4.62.1
* libgnutls30-debuginfo-3.7.3-150400.4.62.1
* gnutls-guile-debuginfo-3.7.3-150400.4.62.1
* gnutls-debuginfo-3.7.3-150400.4.62.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.62.1
* gnutls-3.7.3-150400.4.62.1
* libgnutlsxx-devel-3.7.3-150400.4.62.1
* libgnutlsxx28-3.7.3-150400.4.62.1
* libgnutls30-3.7.3-150400.4.62.1
* libgnutls30-hmac-3.7.3-150400.4.62.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
* libgnutls30-32bit-3.7.3-150400.4.62.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.62.1
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.62.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libgnutls-devel-3.7.3-150400.4.62.1
* gnutls-debugsource-3.7.3-150400.4.62.1
* libgnutls30-debuginfo-3.7.3-150400.4.62.1
* gnutls-debuginfo-3.7.3-150400.4.62.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.62.1
* gnutls-3.7.3-150400.4.62.1
* libgnutlsxx-devel-3.7.3-150400.4.62.1
* libgnutlsxx28-3.7.3-150400.4.62.1
* libgnutls30-3.7.3-150400.4.62.1
* libgnutls30-hmac-3.7.3-150400.4.62.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* libgnutls30-32bit-3.7.3-150400.4.62.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.62.1
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.62.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libgnutls-devel-3.7.3-150400.4.62.1
* gnutls-debugsource-3.7.3-150400.4.62.1
* libgnutls30-debuginfo-3.7.3-150400.4.62.1
* gnutls-debuginfo-3.7.3-150400.4.62.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.62.1
* gnutls-3.7.3-150400.4.62.1
* libgnutlsxx-devel-3.7.3-150400.4.62.1
* libgnutlsxx28-3.7.3-150400.4.62.1
* libgnutls30-3.7.3-150400.4.62.1
* libgnutls30-hmac-3.7.3-150400.4.62.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* libgnutls30-32bit-3.7.3-150400.4.62.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.62.1
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.62.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* gnutls-debugsource-3.7.3-150400.4.62.1
* libgnutls30-debuginfo-3.7.3-150400.4.62.1
* gnutls-debuginfo-3.7.3-150400.4.62.1
* gnutls-3.7.3-150400.4.62.1
* libgnutls30-3.7.3-150400.4.62.1
* libgnutls30-hmac-3.7.3-150400.4.62.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
* libgnutls30-32bit-3.7.3-150400.4.62.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.62.1
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.62.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libgnutls-devel-3.7.3-150400.4.62.1
* gnutls-debugsource-3.7.3-150400.4.62.1
* libgnutls30-debuginfo-3.7.3-150400.4.62.1
* gnutls-debuginfo-3.7.3-150400.4.62.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.62.1
* gnutls-3.7.3-150400.4.62.1
* libgnutlsxx-devel-3.7.3-150400.4.62.1
* libgnutlsxx28-3.7.3-150400.4.62.1
* libgnutls30-3.7.3-150400.4.62.1
* libgnutls30-hmac-3.7.3-150400.4.62.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libgnutls-devel-3.7.3-150400.4.62.1
* gnutls-guile-3.7.3-150400.4.62.1
* gnutls-debugsource-3.7.3-150400.4.62.1
* libgnutls30-debuginfo-3.7.3-150400.4.62.1
* gnutls-guile-debuginfo-3.7.3-150400.4.62.1
* gnutls-debuginfo-3.7.3-150400.4.62.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.62.1
* gnutls-3.7.3-150400.4.62.1
* libgnutlsxx-devel-3.7.3-150400.4.62.1
* libgnutlsxx28-3.7.3-150400.4.62.1
* libgnutls30-3.7.3-150400.4.62.1
* libgnutls30-hmac-3.7.3-150400.4.62.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64)
* libgnutls30-32bit-3.7.3-150400.4.62.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.62.1
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.62.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* libgnutls30-32bit-3.7.3-150400.4.62.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.62.1
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.62.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libgnutls-devel-3.7.3-150400.4.62.1
* gnutls-guile-3.7.3-150400.4.62.1
* gnutls-debugsource-3.7.3-150400.4.62.1
* gnutls-guile-debuginfo-3.7.3-150400.4.62.1
* libgnutls30-debuginfo-3.7.3-150400.4.62.1
* gnutls-debuginfo-3.7.3-150400.4.62.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.62.1
* gnutls-3.7.3-150400.4.62.1
* libgnutlsxx-devel-3.7.3-150400.4.62.1
* libgnutlsxx28-3.7.3-150400.4.62.1
* libgnutls30-3.7.3-150400.4.62.1
* libgnutls30-hmac-3.7.3-150400.4.62.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libgnutls-devel-3.7.3-150400.4.62.1
* gnutls-guile-3.7.3-150400.4.62.1
* gnutls-debugsource-3.7.3-150400.4.62.1
* libgnutls30-debuginfo-3.7.3-150400.4.62.1
* gnutls-guile-debuginfo-3.7.3-150400.4.62.1
* gnutls-debuginfo-3.7.3-150400.4.62.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.62.1
* gnutls-3.7.3-150400.4.62.1
* libgnutlsxx-devel-3.7.3-150400.4.62.1
* libgnutlsxx28-3.7.3-150400.4.62.1
* libgnutls30-3.7.3-150400.4.62.1
* libgnutls30-hmac-3.7.3-150400.4.62.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64)
* libgnutls30-32bit-3.7.3-150400.4.62.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.62.1
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.62.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* gnutls-debugsource-3.7.3-150400.4.62.1
* libgnutls30-debuginfo-3.7.3-150400.4.62.1
* gnutls-debuginfo-3.7.3-150400.4.62.1
* gnutls-3.7.3-150400.4.62.1
* libgnutls30-3.7.3-150400.4.62.1
* libgnutls30-hmac-3.7.3-150400.4.62.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* gnutls-debugsource-3.7.3-150400.4.62.1
* libgnutls30-debuginfo-3.7.3-150400.4.62.1
* gnutls-debuginfo-3.7.3-150400.4.62.1
* gnutls-3.7.3-150400.4.62.1
* libgnutls30-3.7.3-150400.4.62.1
* libgnutls30-hmac-3.7.3-150400.4.62.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libgnutls-devel-3.7.3-150400.4.62.1
* gnutls-debugsource-3.7.3-150400.4.62.1
* libgnutls30-debuginfo-3.7.3-150400.4.62.1
* gnutls-debuginfo-3.7.3-150400.4.62.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.62.1
* gnutls-3.7.3-150400.4.62.1
* libgnutlsxx-devel-3.7.3-150400.4.62.1
* libgnutlsxx28-3.7.3-150400.4.62.1
* libgnutls30-3.7.3-150400.4.62.1
* libgnutls30-hmac-3.7.3-150400.4.62.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* libgnutls30-32bit-3.7.3-150400.4.62.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.62.1
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.62.1
## References:
* https://www.suse.com/security/cve/CVE-2026-42014.html
* https://bugzilla.suse.com/show_bug.cgi?id=1263713
SUSE-SU-2026:3043-1: important: Security update for curl
# Security update for curl
Announcement ID: SUSE-SU-2026:3043-1
Release Date: 2026-07-15T11:51:45Z
Rating: important
References:
* bsc#1268402
* bsc#1268407
* bsc#1268409
* bsc#1268413
* bsc#1268415
* bsc#1268416
* bsc#1268417
* bsc#1268420
* bsc#1268422
* bsc#1268427
Cross-References:
* CVE-2026-10536
* CVE-2026-12064
* CVE-2026-8286
* CVE-2026-8458
* CVE-2026-8924
* CVE-2026-8927
* CVE-2026-9079
* CVE-2026-9080
* CVE-2026-9545
* CVE-2026-9547
CVSS scores:
* CVE-2026-10536 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-10536 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-10536 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-12064 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-12064 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-12064 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-8286 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-8286 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-8286 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-8458 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-8458 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-8458 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-8924 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-8924 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2026-8924 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-8927 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-8927 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-8927 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-9079 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-9079 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-9079 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-9080 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-9080 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-9080 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-9545 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-9545 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-9545 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-9547 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-9547 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-9547 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves 10 vulnerabilities can now be installed.
## Description:
This update for curl fixes the following issues
* CVE-2026-8286: wrong STARTTLS connection reuse (bsc#1268402).
* CVE-2026-8458: wrong reuse for different services (bsc#1268407).
* CVE-2026-8924: traling dot domain super cookie (bsc#1268409).
* CVE-2026-8927: env-set cross-proxy Digest auth state leak (bsc#1268413).
* CVE-2026-9079: stale proxy password leak (bsc#1268415).
* CVE-2026-9080: UAF after pause in socket callback (bsc#1268416).
* CVE-2026-9545: exposing HTTP/3 early data (bsc#1268417).
* CVE-2026-9547: SSH improper host validation (bsc#1268420).
* CVE-2026-10536: HTTP/2 stream-dependency tree UAF (bsc#1268422).
* CVE-2026-12064: proto-default skips SSH verification (bsc#1268427).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-3043=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-3043=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-3043=1
* SUSE Linux Enterprise Server 15 SP5
zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-3043=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-3043=1 SUSE-SLE-Product-
SLES_SAP-15-SP5-2026-3043=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-3043=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-3043=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-3043=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-3043=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-3043=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-3043=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-3043=1
* SUSE Linux Enterprise High Performance Computing 15 SP4
zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-3043=1
* SUSE Linux Enterprise Server 15 SP4
zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-3043=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-3043=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-3043=1 SUSE-SLE-Product-
SLES_SAP-15-SP4-2026-3043=1
* SUSE Linux Enterprise Desktop 15 SP4
zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-3043=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-3043=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-3043=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-3043=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-3043=1
* SUSE Linux Enterprise High Performance Computing 15 SP5
zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-3043=1
* SUSE Linux Enterprise Desktop 15 SP5
zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-3043=1
## Package List:
* SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
* libcurl4-32bit-debuginfo-8.14.1-150400.5.86.1
* libcurl4-32bit-8.14.1-150400.5.86.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libcurl4-8.14.1-150400.5.86.1
* curl-debuginfo-8.14.1-150400.5.86.1
* libcurl-devel-8.14.1-150400.5.86.1
* libcurl4-debuginfo-8.14.1-150400.5.86.1
* curl-debugsource-8.14.1-150400.5.86.1
* curl-8.14.1-150400.5.86.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libcurl4-8.14.1-150400.5.86.1
* curl-debuginfo-8.14.1-150400.5.86.1
* libcurl4-debuginfo-8.14.1-150400.5.86.1
* curl-debugsource-8.14.1-150400.5.86.1
* curl-8.14.1-150400.5.86.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* curl-mini-debugsource-8.14.1-150400.5.86.1
* libcurl-mini4-8.14.1-150400.5.86.1
* libcurl4-8.14.1-150400.5.86.1
* curl-debuginfo-8.14.1-150400.5.86.1
* libcurl-mini4-debuginfo-8.14.1-150400.5.86.1
* libcurl-devel-8.14.1-150400.5.86.1
* libcurl4-debuginfo-8.14.1-150400.5.86.1
* curl-debugsource-8.14.1-150400.5.86.1
* curl-8.14.1-150400.5.86.1
* openSUSE Leap 15.4 (x86_64)
* libcurl4-32bit-debuginfo-8.14.1-150400.5.86.1
* libcurl-devel-32bit-8.14.1-150400.5.86.1
* libcurl4-32bit-8.14.1-150400.5.86.1
* openSUSE Leap 15.4 (noarch)
* curl-zsh-completion-8.14.1-150400.5.86.1
* libcurl-devel-doc-8.14.1-150400.5.86.1
* curl-fish-completion-8.14.1-150400.5.86.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libcurl4-64bit-8.14.1-150400.5.86.1
* libcurl-devel-64bit-8.14.1-150400.5.86.1
* libcurl4-64bit-debuginfo-8.14.1-150400.5.86.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libcurl4-8.14.1-150400.5.86.1
* curl-debuginfo-8.14.1-150400.5.86.1
* libcurl-devel-8.14.1-150400.5.86.1
* libcurl4-debuginfo-8.14.1-150400.5.86.1
* curl-debugsource-8.14.1-150400.5.86.1
* curl-8.14.1-150400.5.86.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* libcurl4-32bit-debuginfo-8.14.1-150400.5.86.1
* libcurl4-32bit-8.14.1-150400.5.86.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libcurl4-8.14.1-150400.5.86.1
* curl-debuginfo-8.14.1-150400.5.86.1
* libcurl-devel-8.14.1-150400.5.86.1
* libcurl4-debuginfo-8.14.1-150400.5.86.1
* curl-debugsource-8.14.1-150400.5.86.1
* curl-8.14.1-150400.5.86.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* libcurl4-32bit-debuginfo-8.14.1-150400.5.86.1
* libcurl4-32bit-8.14.1-150400.5.86.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libcurl4-8.14.1-150400.5.86.1
* curl-debuginfo-8.14.1-150400.5.86.1
* libcurl4-debuginfo-8.14.1-150400.5.86.1
* curl-debugsource-8.14.1-150400.5.86.1
* curl-8.14.1-150400.5.86.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libcurl4-8.14.1-150400.5.86.1
* curl-debuginfo-8.14.1-150400.5.86.1
* libcurl4-debuginfo-8.14.1-150400.5.86.1
* curl-debugsource-8.14.1-150400.5.86.1
* curl-8.14.1-150400.5.86.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libcurl4-8.14.1-150400.5.86.1
* curl-debuginfo-8.14.1-150400.5.86.1
* libcurl-devel-8.14.1-150400.5.86.1
* libcurl4-debuginfo-8.14.1-150400.5.86.1
* curl-debugsource-8.14.1-150400.5.86.1
* curl-8.14.1-150400.5.86.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64)
* libcurl4-32bit-debuginfo-8.14.1-150400.5.86.1
* libcurl4-32bit-8.14.1-150400.5.86.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libcurl4-8.14.1-150400.5.86.1
* curl-debuginfo-8.14.1-150400.5.86.1
* libcurl-devel-8.14.1-150400.5.86.1
* libcurl4-debuginfo-8.14.1-150400.5.86.1
* curl-debugsource-8.14.1-150400.5.86.1
* curl-8.14.1-150400.5.86.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64)
* libcurl4-32bit-debuginfo-8.14.1-150400.5.86.1
* libcurl4-32bit-8.14.1-150400.5.86.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libcurl4-8.14.1-150400.5.86.1
* curl-debuginfo-8.14.1-150400.5.86.1
* libcurl4-debuginfo-8.14.1-150400.5.86.1
* curl-debugsource-8.14.1-150400.5.86.1
* curl-8.14.1-150400.5.86.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libcurl4-8.14.1-150400.5.86.1
* curl-debuginfo-8.14.1-150400.5.86.1
* libcurl4-debuginfo-8.14.1-150400.5.86.1
* curl-debugsource-8.14.1-150400.5.86.1
* curl-8.14.1-150400.5.86.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* libcurl4-32bit-debuginfo-8.14.1-150400.5.86.1
* libcurl4-32bit-8.14.1-150400.5.86.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libcurl4-8.14.1-150400.5.86.1
* curl-debuginfo-8.14.1-150400.5.86.1
* libcurl-devel-8.14.1-150400.5.86.1
* libcurl4-debuginfo-8.14.1-150400.5.86.1
* curl-debugsource-8.14.1-150400.5.86.1
* curl-8.14.1-150400.5.86.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libcurl4-8.14.1-150400.5.86.1
* curl-debuginfo-8.14.1-150400.5.86.1
* libcurl-devel-8.14.1-150400.5.86.1
* libcurl4-debuginfo-8.14.1-150400.5.86.1
* curl-debugsource-8.14.1-150400.5.86.1
* curl-8.14.1-150400.5.86.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* libcurl4-32bit-debuginfo-8.14.1-150400.5.86.1
* libcurl4-32bit-8.14.1-150400.5.86.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libcurl4-8.14.1-150400.5.86.1
* curl-debuginfo-8.14.1-150400.5.86.1
* libcurl-devel-8.14.1-150400.5.86.1
* libcurl4-debuginfo-8.14.1-150400.5.86.1
* curl-debugsource-8.14.1-150400.5.86.1
* curl-8.14.1-150400.5.86.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
* libcurl4-32bit-debuginfo-8.14.1-150400.5.86.1
* libcurl4-32bit-8.14.1-150400.5.86.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* libcurl4-8.14.1-150400.5.86.1
* SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64)
* libcurl4-8.14.1-150400.5.86.1
* SUSE Linux Enterprise High Performance Computing 15 SP5 (aarch64 x86_64)
* libcurl4-8.14.1-150400.5.86.1
* SUSE Linux Enterprise Desktop 15 SP5 (x86_64)
* libcurl4-8.14.1-150400.5.86.1
* SUSE Linux Enterprise Server 15 SP5 (aarch64 ppc64le s390x x86_64)
* libcurl4-8.14.1-150400.5.86.1
* SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64)
* libcurl4-8.14.1-150400.5.86.1
* SUSE Linux Enterprise Desktop 15 SP4 (x86_64)
* libcurl4-8.14.1-150400.5.86.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* libcurl4-8.14.1-150400.5.86.1
* SUSE Manager Proxy 4.3 (x86_64)
* libcurl4-8.14.1-150400.5.86.1
## References:
* https://www.suse.com/security/cve/CVE-2026-10536.html
* https://www.suse.com/security/cve/CVE-2026-12064.html
* https://www.suse.com/security/cve/CVE-2026-8286.html
* https://www.suse.com/security/cve/CVE-2026-8458.html
* https://www.suse.com/security/cve/CVE-2026-8924.html
* https://www.suse.com/security/cve/CVE-2026-8927.html
* https://www.suse.com/security/cve/CVE-2026-9079.html
* https://www.suse.com/security/cve/CVE-2026-9080.html
* https://www.suse.com/security/cve/CVE-2026-9545.html
* https://www.suse.com/security/cve/CVE-2026-9547.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268402
* https://bugzilla.suse.com/show_bug.cgi?id=1268407
* https://bugzilla.suse.com/show_bug.cgi?id=1268409
* https://bugzilla.suse.com/show_bug.cgi?id=1268413
* https://bugzilla.suse.com/show_bug.cgi?id=1268415
* https://bugzilla.suse.com/show_bug.cgi?id=1268416
* https://bugzilla.suse.com/show_bug.cgi?id=1268417
* https://bugzilla.suse.com/show_bug.cgi?id=1268420
* https://bugzilla.suse.com/show_bug.cgi?id=1268422
* https://bugzilla.suse.com/show_bug.cgi?id=1268427
SUSE-SU-2026:3044-1: important: Security update for the Linux Kernel
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2026:3044-1
Release Date: 2026-07-15T11:59:54Z
Rating: important
References:
* bsc#1264097
* bsc#1264145
* bsc#1265421
* bsc#1267531
* bsc#1267567
* bsc#1267635
* bsc#1267684
* bsc#1267722
* bsc#1267918
* bsc#1267993
* bsc#1268022
* bsc#1268660
* bsc#1269022
* bsc#1269033
* bsc#1269036
* bsc#1269090
* bsc#1269100
* bsc#1269159
* bsc#1269184
* bsc#1269193
* bsc#1269195
* bsc#1269310
* bsc#1269398
* bsc#1269574
* bsc#1269678
* bsc#1269681
* bsc#1269821
* bsc#1270059
Cross-References:
* CVE-2026-31771
* CVE-2026-43038
* CVE-2026-46090
* CVE-2026-46173
* CVE-2026-46229
* CVE-2026-46253
* CVE-2026-46266
* CVE-2026-46274
* CVE-2026-46319
* CVE-2026-46320
* CVE-2026-46331
* CVE-2026-52909
* CVE-2026-52918
* CVE-2026-52923
* CVE-2026-52924
* CVE-2026-52943
* CVE-2026-52955
* CVE-2026-52969
* CVE-2026-52972
* CVE-2026-52993
* CVE-2026-53016
* CVE-2026-53041
* CVE-2026-53053
* CVE-2026-53071
* CVE-2026-53072
* CVE-2026-53133
* CVE-2026-53253
* CVE-2026-53359
CVSS scores:
* CVE-2026-31771 ( SUSE ): 8.7
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31771 ( SUSE ): 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31771 ( NVD ): 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-43038 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-43038 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43038 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-46090 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46090 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46229 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46229 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-46229 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46253 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46266 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46266 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-46274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46319 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46319 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46320 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-46320 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-46320 ( NVD ): 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
* CVE-2026-46331 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46331 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46331 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52918 ( SUSE ): 8.6
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52918 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52918 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52923 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52923 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52923 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52923 ( NVD ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-52924 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52924 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-52924 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52924 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52955 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-52955 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52955 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-52969 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52969 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52969 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52972 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52972 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52972 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52972 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-52993 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52993 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52993 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52993 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53016 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-53016 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53016 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53041 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-53041 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-53053 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-53053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53053 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-53071 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53071 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53071 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53072 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53072 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53133 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-53133 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53133 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53253 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-53253 ( NVD ): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-53359 ( SUSE ): 9.3
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-53359 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves 28 vulnerabilities can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security
issues
The following security issues were fixed:
* CVE-2026-31771: Bluetooth: hci_event: move wake reason storage into
validated event handlers (bsc#1264145).
* CVE-2026-43038: ipv6: icmp: clear skb2->cb in ip6_err_gen_icmpv6_unreach()
(bsc#1264097).
* CVE-2026-46090: ALSA: aloop: Fix peer runtime UAF during format-change stop
(bsc#1267531).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267722).
* CVE-2026-46229: drm/amdkfd: Clear VRAM on allocation to prevent stale data
exposure (bsc#1267567).
* CVE-2026-46253: pstore/ram: fix buffer overflow in persistent_ram_save_old()
(bsc#1267635).
* CVE-2026-46266: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP
(bsc#1267684).
* CVE-2026-46319: net/sched: act_ct: Only release RCU read lock after ct_ft
(bsc#1268022).
* CVE-2026-46320: tap: free page on error paths in tap_get_user_xdp()
(bsc#1267993).
* CVE-2026-46331: net/sched: fix pedit partial COW leading to page cache
(bsc#1265421).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268660).
* CVE-2026-52918: Bluetooth: serialize accept_q access (bsc#1269100).
* CVE-2026-52923: ipc: limit next_id allocation to the valid ID range
(bsc#1269033).
* CVE-2026-52924: sctp: purge outqueue on stale COOKIE-ECHO handling
(bsc#1269036).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269022).
* CVE-2026-52955: libceph: Fix potential out-of-bounds access in
crush_decode() (bsc#1269159).
* CVE-2026-52969: KVM: Reject wrapped offset in kvm_reset_dirty_gfn()
(bsc#1269184).
* CVE-2026-52972: crypto: af_alg - Cap AEAD AD length to 0x80000000
(bsc#1269195).
* CVE-2026-52993: tipc: fix double-free in tipc_buf_append() (bsc#1269193).
* CVE-2026-53016: crypto: ccp - copy IV using skcipher ivsize (bsc#1269090).
* CVE-2026-53041: ocfs2: fix listxattr handling when the buffer is full
(bsc#1269398).
* CVE-2026-53053: iommu/amd: Fix clone_alias() to use the original device's
devid (bsc#1269310).
* CVE-2026-53071: Bluetooth: l2cap: Add missing chan lock in
l2cap_ecred_reconf_rsp (bsc#1269678).
* CVE-2026-53072: Bluetooth: fix locking in hci_conn_request_evt() with
HCI_PROTO_DEFER (bsc#1269681).
* CVE-2026-53133: RDMA/umem: Fix truncation for block sizes >= 4G
(bsc#1269821).
* CVE-2026-53253: Bluetooth: bnep: fix incorrect length parsing in
bnep_rx_frame() extension handling (bsc#1269574).
* CVE-2026-53359: KVM: x86: Fix shadow paging use-after-free due to unexpected
role (bsc#1270059).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-3044=1
* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2026-3044=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-3044=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-3044=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-3044=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-3044=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-3044=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-3044=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-3044=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-3044=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-3044=1
## Package List:
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* kernel-default-devel-debuginfo-5.14.21-150400.24.228.1
* kernel-default-base-5.14.21-150400.24.228.1.150400.24.116.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.228.1
* kernel-syms-5.14.21-150400.24.228.1
* reiserfs-kmp-default-5.14.21-150400.24.228.1
* kernel-obs-build-debugsource-5.14.21-150400.24.228.1
* kernel-default-debugsource-5.14.21-150400.24.228.1
* kernel-default-devel-5.14.21-150400.24.228.1
* kernel-default-debuginfo-5.14.21-150400.24.228.1
* kernel-obs-build-5.14.21-150400.24.228.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* kernel-macros-5.14.21-150400.24.228.1
* kernel-source-5.14.21-150400.24.228.1
* kernel-devel-5.14.21-150400.24.228.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc
x86_64)
* kernel-default-5.14.21-150400.24.228.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64)
* kernel-64kb-devel-5.14.21-150400.24.228.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.228.1
* kernel-64kb-debuginfo-5.14.21-150400.24.228.1
* kernel-64kb-debugsource-5.14.21-150400.24.228.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.228.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* kernel-macros-5.14.21-150400.24.228.1
* kernel-source-5.14.21-150400.24.228.1
* kernel-devel-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch nosrc)
* kernel-docs-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* kernel-default-debugsource-5.14.21-150400.24.228.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.228.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.228.1
* kernel-syms-5.14.21-150400.24.228.1
* reiserfs-kmp-default-5.14.21-150400.24.228.1
* kernel-obs-build-debugsource-5.14.21-150400.24.228.1
* kernel-default-devel-5.14.21-150400.24.228.1
* kernel-default-debuginfo-5.14.21-150400.24.228.1
* kernel-obs-build-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 nosrc ppc64le s390x
x86_64)
* kernel-default-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (s390x)
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.228.1
* kernel-zfcpdump-debugsource-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64)
* kernel-64kb-devel-5.14.21-150400.24.228.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.228.1
* kernel-64kb-debuginfo-5.14.21-150400.24.228.1
* kernel-64kb-debugsource-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150400.24.228.1.150400.24.116.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.228.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* kernel-macros-5.14.21-150400.24.228.1
* kernel-source-5.14.21-150400.24.228.1
* kernel-devel-5.14.21-150400.24.228.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* kernel-default-debugsource-5.14.21-150400.24.228.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.228.1
* kernel-default-base-5.14.21-150400.24.228.1.150400.24.116.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.228.1
* kernel-syms-5.14.21-150400.24.228.1
* reiserfs-kmp-default-5.14.21-150400.24.228.1
* kernel-obs-build-debugsource-5.14.21-150400.24.228.1
* kernel-default-devel-5.14.21-150400.24.228.1
* kernel-default-debuginfo-5.14.21-150400.24.228.1
* kernel-obs-build-5.14.21-150400.24.228.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc
x86_64)
* kernel-default-5.14.21-150400.24.228.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
nosrc)
* kernel-64kb-5.14.21-150400.24.228.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64)
* kernel-64kb-devel-5.14.21-150400.24.228.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.228.1
* kernel-64kb-debuginfo-5.14.21-150400.24.228.1
* kernel-64kb-debugsource-5.14.21-150400.24.228.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* cluster-md-kmp-default-5.14.21-150400.24.228.1
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.228.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.228.1
* gfs2-kmp-default-5.14.21-150400.24.228.1
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.228.1
* kernel-default-debugsource-5.14.21-150400.24.228.1
* kernel-default-debuginfo-5.14.21-150400.24.228.1
* dlm-kmp-default-debuginfo-5.14.21-150400.24.228.1
* ocfs2-kmp-default-5.14.21-150400.24.228.1
* dlm-kmp-default-5.14.21-150400.24.228.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc)
* kernel-default-5.14.21-150400.24.228.1
* openSUSE Leap 15.4 (aarch64)
* dtb-rockchip-5.14.21-150400.24.228.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.228.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.228.1
* dtb-amazon-5.14.21-150400.24.228.1
* kselftests-kmp-64kb-5.14.21-150400.24.228.1
* dtb-socionext-5.14.21-150400.24.228.1
* dtb-arm-5.14.21-150400.24.228.1
* ocfs2-kmp-64kb-5.14.21-150400.24.228.1
* kernel-64kb-optional-debuginfo-5.14.21-150400.24.228.1
* kernel-64kb-devel-5.14.21-150400.24.228.1
* dlm-kmp-64kb-debuginfo-5.14.21-150400.24.228.1
* gfs2-kmp-64kb-5.14.21-150400.24.228.1
* dtb-exynos-5.14.21-150400.24.228.1
* dtb-broadcom-5.14.21-150400.24.228.1
* dtb-cavium-5.14.21-150400.24.228.1
* dtb-nvidia-5.14.21-150400.24.228.1
* dtb-hisilicon-5.14.21-150400.24.228.1
* dtb-xilinx-5.14.21-150400.24.228.1
* kernel-64kb-optional-5.14.21-150400.24.228.1
* dtb-renesas-5.14.21-150400.24.228.1
* dtb-amd-5.14.21-150400.24.228.1
* dtb-allwinner-5.14.21-150400.24.228.1
* dtb-sprd-5.14.21-150400.24.228.1
* kernel-64kb-debuginfo-5.14.21-150400.24.228.1
* kernel-64kb-extra-5.14.21-150400.24.228.1
* dtb-lg-5.14.21-150400.24.228.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.228.1
* dtb-altera-5.14.21-150400.24.228.1
* dlm-kmp-64kb-5.14.21-150400.24.228.1
* kernel-64kb-debugsource-5.14.21-150400.24.228.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.228.1
* dtb-freescale-5.14.21-150400.24.228.1
* dtb-qcom-5.14.21-150400.24.228.1
* dtb-amlogic-5.14.21-150400.24.228.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.228.1
* dtb-marvell-5.14.21-150400.24.228.1
* reiserfs-kmp-64kb-5.14.21-150400.24.228.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.228.1
* cluster-md-kmp-64kb-5.14.21-150400.24.228.1
* dtb-apple-5.14.21-150400.24.228.1
* kernel-64kb-extra-debuginfo-5.14.21-150400.24.228.1
* dtb-mediatek-5.14.21-150400.24.228.1
* dtb-apm-5.14.21-150400.24.228.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* cluster-md-kmp-default-5.14.21-150400.24.228.1
* kernel-default-extra-5.14.21-150400.24.228.1
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.228.1
* ocfs2-kmp-default-5.14.21-150400.24.228.1
* dlm-kmp-default-5.14.21-150400.24.228.1
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.228.1
* kernel-default-optional-debuginfo-5.14.21-150400.24.228.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.228.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.228.1
* kernel-default-extra-debuginfo-5.14.21-150400.24.228.1
* kernel-obs-qa-5.14.21-150400.24.228.1
* kselftests-kmp-default-5.14.21-150400.24.228.1
* kernel-default-debugsource-5.14.21-150400.24.228.1
* kernel-default-devel-5.14.21-150400.24.228.1
* dlm-kmp-default-debuginfo-5.14.21-150400.24.228.1
* kselftests-kmp-default-debuginfo-5.14.21-150400.24.228.1
* gfs2-kmp-default-5.14.21-150400.24.228.1
* reiserfs-kmp-default-5.14.21-150400.24.228.1
* kernel-obs-build-debugsource-5.14.21-150400.24.228.1
* kernel-obs-build-5.14.21-150400.24.228.1
* kernel-default-livepatch-5.14.21-150400.24.228.1
* kernel-default-optional-5.14.21-150400.24.228.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.228.1
* kernel-syms-5.14.21-150400.24.228.1
* kernel-default-debuginfo-5.14.21-150400.24.228.1
* openSUSE Leap 15.4 (noarch)
* kernel-macros-5.14.21-150400.24.228.1
* kernel-source-5.14.21-150400.24.228.1
* kernel-devel-5.14.21-150400.24.228.1
* kernel-docs-html-5.14.21-150400.24.228.1
* kernel-source-vanilla-5.14.21-150400.24.228.1
* openSUSE Leap 15.4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.228.1
* openSUSE Leap 15.4 (aarch64 nosrc ppc64le s390x x86_64)
* kernel-default-5.14.21-150400.24.228.1
* openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
* kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.228.1
* kernel-kvmsmall-debuginfo-5.14.21-150400.24.228.1
* kernel-kvmsmall-devel-5.14.21-150400.24.228.1
* kernel-default-base-5.14.21-150400.24.228.1.150400.24.116.1
* kernel-default-base-rebuild-5.14.21-150400.24.228.1.150400.24.116.1
* kernel-kvmsmall-debugsource-5.14.21-150400.24.228.1
* openSUSE Leap 15.4 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.228.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-default-livepatch-devel-5.14.21-150400.24.228.1
* kernel-livepatch-5_14_21-150400_24_228-default-1-150400.9.3.1
* kernel-livepatch-5_14_21-150400_24_228-default-debuginfo-1-150400.9.3.1
* kernel-livepatch-SLE15-SP4_Update_57-debugsource-1-150400.9.3.1
* openSUSE Leap 15.4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.228.1
* openSUSE Leap 15.4 (nosrc)
* dtb-aarch64-5.14.21-150400.24.228.1
* openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150400.24.228.1
* openSUSE Leap 15.4 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150400.24.228.1
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-default-livepatch-5.14.21-150400.24.228.1
* kernel-livepatch-5_14_21-150400_24_228-default-debuginfo-1-150400.9.3.1
* kernel-default-livepatch-devel-5.14.21-150400.24.228.1
* kernel-livepatch-5_14_21-150400_24_228-default-1-150400.9.3.1
* kernel-default-debugsource-5.14.21-150400.24.228.1
* kernel-default-debuginfo-5.14.21-150400.24.228.1
* kernel-livepatch-SLE15-SP4_Update_57-debugsource-1-150400.9.3.1
* SUSE Linux Enterprise Live Patching 15-SP4 (nosrc)
* kernel-default-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.228.1.150400.24.116.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
* kernel-macros-5.14.21-150400.24.228.1
* kernel-source-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.228.1
* kernel-default-debugsource-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.228.1.150400.24.116.1
* SUSE Linux Enterprise Micro 5.3 (noarch)
* kernel-macros-5.14.21-150400.24.228.1
* kernel-source-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.228.1
* kernel-default-debugsource-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* kernel-default-debugsource-5.14.21-150400.24.228.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.228.1
* kernel-default-base-5.14.21-150400.24.228.1.150400.24.116.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.228.1
* kernel-syms-5.14.21-150400.24.228.1
* reiserfs-kmp-default-5.14.21-150400.24.228.1
* kernel-obs-build-debugsource-5.14.21-150400.24.228.1
* kernel-default-devel-5.14.21-150400.24.228.1
* kernel-default-debuginfo-5.14.21-150400.24.228.1
* kernel-obs-build-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc ppc64le
x86_64)
* kernel-default-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* kernel-macros-5.14.21-150400.24.228.1
* kernel-source-5.14.21-150400.24.228.1
* kernel-devel-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.228.1
* kernel-default-debugsource-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
* kernel-macros-5.14.21-150400.24.228.1
* kernel-source-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.228.1.150400.24.116.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.228.1
* kernel-default-debugsource-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Micro 5.4 (noarch)
* kernel-macros-5.14.21-150400.24.228.1
* kernel-source-5.14.21-150400.24.228.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.228.1.150400.24.116.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.228.1
## References:
* https://www.suse.com/security/cve/CVE-2026-31771.html
* https://www.suse.com/security/cve/CVE-2026-43038.html
* https://www.suse.com/security/cve/CVE-2026-46090.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46229.html
* https://www.suse.com/security/cve/CVE-2026-46253.html
* https://www.suse.com/security/cve/CVE-2026-46266.html
* https://www.suse.com/security/cve/CVE-2026-46274.html
* https://www.suse.com/security/cve/CVE-2026-46319.html
* https://www.suse.com/security/cve/CVE-2026-46320.html
* https://www.suse.com/security/cve/CVE-2026-46331.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52918.html
* https://www.suse.com/security/cve/CVE-2026-52923.html
* https://www.suse.com/security/cve/CVE-2026-52924.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://www.suse.com/security/cve/CVE-2026-52955.html
* https://www.suse.com/security/cve/CVE-2026-52969.html
* https://www.suse.com/security/cve/CVE-2026-52972.html
* https://www.suse.com/security/cve/CVE-2026-52993.html
* https://www.suse.com/security/cve/CVE-2026-53016.html
* https://www.suse.com/security/cve/CVE-2026-53041.html
* https://www.suse.com/security/cve/CVE-2026-53053.html
* https://www.suse.com/security/cve/CVE-2026-53071.html
* https://www.suse.com/security/cve/CVE-2026-53072.html
* https://www.suse.com/security/cve/CVE-2026-53133.html
* https://www.suse.com/security/cve/CVE-2026-53253.html
* https://www.suse.com/security/cve/CVE-2026-53359.html
* https://bugzilla.suse.com/show_bug.cgi?id=1264097
* https://bugzilla.suse.com/show_bug.cgi?id=1264145
* https://bugzilla.suse.com/show_bug.cgi?id=1265421
* https://bugzilla.suse.com/show_bug.cgi?id=1267531
* https://bugzilla.suse.com/show_bug.cgi?id=1267567
* https://bugzilla.suse.com/show_bug.cgi?id=1267635
* https://bugzilla.suse.com/show_bug.cgi?id=1267684
* https://bugzilla.suse.com/show_bug.cgi?id=1267722
* https://bugzilla.suse.com/show_bug.cgi?id=1267918
* https://bugzilla.suse.com/show_bug.cgi?id=1267993
* https://bugzilla.suse.com/show_bug.cgi?id=1268022
* https://bugzilla.suse.com/show_bug.cgi?id=1268660
* https://bugzilla.suse.com/show_bug.cgi?id=1269022
* https://bugzilla.suse.com/show_bug.cgi?id=1269033
* https://bugzilla.suse.com/show_bug.cgi?id=1269036
* https://bugzilla.suse.com/show_bug.cgi?id=1269090
* https://bugzilla.suse.com/show_bug.cgi?id=1269100
* https://bugzilla.suse.com/show_bug.cgi?id=1269159
* https://bugzilla.suse.com/show_bug.cgi?id=1269184
* https://bugzilla.suse.com/show_bug.cgi?id=1269193
* https://bugzilla.suse.com/show_bug.cgi?id=1269195
* https://bugzilla.suse.com/show_bug.cgi?id=1269310
* https://bugzilla.suse.com/show_bug.cgi?id=1269398
* https://bugzilla.suse.com/show_bug.cgi?id=1269574
* https://bugzilla.suse.com/show_bug.cgi?id=1269678
* https://bugzilla.suse.com/show_bug.cgi?id=1269681
* https://bugzilla.suse.com/show_bug.cgi?id=1269821
* https://bugzilla.suse.com/show_bug.cgi?id=1270059
SUSE-SU-2026:3049-1: important: Security update for distribution
# Security update for distribution
Announcement ID: SUSE-SU-2026:3049-1
Release Date: 2026-07-15T13:08:15Z
Rating: important
References:
Affected Products:
* Containers Module 15-SP7
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that can now be installed.
## Description:
This update for distribution rebuilds it against the current go security
release.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3049=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-3049=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-3049=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3049=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-3049=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-3049=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-3049=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-3049=1
* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-3049=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-3049=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-3049=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-3049=1
## Package List:
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* distribution-registry-2.8.3-150400.9.36.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* distribution-registry-2.8.3-150400.9.36.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* distribution-registry-2.8.3-150400.9.36.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* distribution-registry-2.8.3-150400.9.36.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* distribution-registry-2.8.3-150400.9.36.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* distribution-registry-2.8.3-150400.9.36.1
* Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* distribution-registry-2.8.3-150400.9.36.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* distribution-registry-2.8.3-150400.9.36.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* distribution-registry-2.8.3-150400.9.36.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* distribution-registry-2.8.3-150400.9.36.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* distribution-registry-2.8.3-150400.9.36.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* distribution-registry-2.8.3-150400.9.36.1
SUSE-SU-2026:3053-1: important: Security update for ImageMagick
# Security update for ImageMagick
Announcement ID: SUSE-SU-2026:3053-1
Release Date: 2026-07-15T13:18:11Z
Rating: important
References:
* bsc#1268640
* bsc#1268645
* bsc#1268878
* bsc#1268879
* bsc#1268880
* bsc#1269063
* bsc#1269064
* bsc#1270001
* bsc#1270002
* bsc#1270003
* bsc#1270004
* bsc#1270073
* bsc#1270074
* bsc#1270077
* bsc#1270079
* bsc#1270080
Cross-References:
* CVE-2026-53466
* CVE-2026-53467
* CVE-2026-55594
* CVE-2026-55595
* CVE-2026-55597
* CVE-2026-56361
* CVE-2026-56363
* CVE-2026-56364
* CVE-2026-56365
* CVE-2026-56367
* CVE-2026-56368
* CVE-2026-56370
* CVE-2026-56371
* CVE-2026-56376
* CVE-2026-56379
CVSS scores:
* CVE-2026-53466 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-53466 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-53466 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-53467 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-53467 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-53467 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-55594 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-55594 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-55594 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-55595 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-55595 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-55595 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-55597 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-55597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-55597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-56361 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-56361 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-56361 ( NVD ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56361 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-56361 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
* CVE-2026-56363 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-56363 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-56363 ( NVD ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56363 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-56364 ( SUSE ): 1.8
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56364 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56364 ( NVD ): 1.8
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56364 ( NVD ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56365 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-56365 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56365 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56365 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56365 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56367 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-56367 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56367 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-56367 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-56368 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-56368 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56368 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56368 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-56368 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56370 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-56370 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-56370 ( NVD ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56370 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-56370 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-56371 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-56371 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56371 ( NVD ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56371 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56371 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56376 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-56376 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-56376 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56376 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56376 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-56379 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-56379 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-56379 ( NVD ): 9.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56379 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-56379 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2026-56379 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Desktop Applications Module 15-SP7
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves 15 vulnerabilities and has one security fix can now be
installed.
## Description:
This update for ImageMagick fixes the following issues
* CVE-2026-53466: integer overflow in the XCF decoder can result in an out-of-
bounds read when a crafted image is read (bsc#1270073).
* CVE-2026-53467: allocated memory left unchanged in the MNG decoder can lead
to a heap information disclosure (bsc#1270074).
* CVE-2026-55594: missing depth check in the MVG decoder will result in a
stack overflow when a crafted image is provided (bsc#1270077).
* CVE-2026-55595: providing invalid arguments to the `connected-components`
option can lead to an infinite loop (bsc#1270079).
* CVE-2026-55597: incorrect handling of arguments can cause a heap buffer
over-write in the JP2 encoder (bsc#1270080).
* CVE-2026-56361: off-by-one error in morphology validation can lead to an
out-of-bounds read (bsc#1270001).
* CVE-2026-56363: integer overflow leading to a division by zero in binomial
kernel processing can cause an application crash (bsc#1270002).
* CVE-2026-56364: memory leak in `LoadOpenCLDeviceBenchmark` function when
parsing malformed OpenCL device profile XML files with unclosed device
elements (bsc#1270003).
* CVE-2026-56365: memory leak in PNG encoder when writing a MNG image
(bsc#1270004).
* CVE-2026-56367: integer overflow in the PSB (PSD v2) RLE decoding path can
lead to an heap out-of-bounds read (bsc#1268645).
* CVE-2026-56368: improper memory management can lead to memory leak in
multiple coders that write raw pixel data (bsc#1269064).
* CVE-2026-56370: out-of-bounds access in `ConnectedComponentsImage()` when
processing `connected-components:*` artifacts with invalid indices
(bsc#1269063).
* CVE-2026-56371: memory leak in `coders/txt.c` when processing TXT files with
texture attributes (bsc#1268879).
* CVE-2026-56376: heap use-after-free in the meta coder can lead to denial of
service via specially crafted image files (bsc#1268880).
* CVE-2026-56379: arbitrary MVG drawing command injection via the SVG decoder
when processing specially crafted SVG files (bsc#1268878).
* GHSA-3j4x-rwrx-xxj9: possible use-after-free write in PDB decoder
(bsc#1268640).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-3053=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-3053=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-3053=1
* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-3053=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-3053=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3053=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-3053=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-3053=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-3053=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3053=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-3053=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-3053=1
## Package List:
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1
* ImageMagick-devel-7.1.0.9-150400.6.96.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1
* ImageMagick-7.1.0.9-150400.6.96.1
* libMagick++-devel-7.1.0.9-150400.6.96.1
* ImageMagick-debugsource-7.1.0.9-150400.6.96.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.96.1
* perl-PerlMagick-7.1.0.9-150400.6.96.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1
* ImageMagick-extra-debuginfo-7.1.0.9-150400.6.96.1
* ImageMagick-devel-7.1.0.9-150400.6.96.1
* ImageMagick-7.1.0.9-150400.6.96.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1
* libMagick++-devel-7.1.0.9-150400.6.96.1
* ImageMagick-debugsource-7.1.0.9-150400.6.96.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1
* ImageMagick-extra-7.1.0.9-150400.6.96.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.96.1
* perl-PerlMagick-7.1.0.9-150400.6.96.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libMagickCore-7_Q16HDRI10-64bit-7.1.0.9-150400.6.96.1
* libMagickWand-7_Q16HDRI10-64bit-7.1.0.9-150400.6.96.1
* libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.96.1
* libMagick++-7_Q16HDRI5-64bit-7.1.0.9-150400.6.96.1
* ImageMagick-devel-64bit-7.1.0.9-150400.6.96.1
* libMagick++-devel-64bit-7.1.0.9-150400.6.96.1
* libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.96.1
* libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.0.9-150400.6.96.1
* openSUSE Leap 15.4 (x86_64)
* libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.96.1
* libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.96.1
* libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.96.1
* libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.96.1
* libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.96.1
* libMagick++-devel-32bit-7.1.0.9-150400.6.96.1
* ImageMagick-devel-32bit-7.1.0.9-150400.6.96.1
* libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.96.1
* openSUSE Leap 15.4 (noarch)
* ImageMagick-doc-7.1.0.9-150400.6.96.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1
* ImageMagick-devel-7.1.0.9-150400.6.96.1
* ImageMagick-7.1.0.9-150400.6.96.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1
* libMagick++-devel-7.1.0.9-150400.6.96.1
* ImageMagick-debugsource-7.1.0.9-150400.6.96.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.96.1
* perl-PerlMagick-7.1.0.9-150400.6.96.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1
* ImageMagick-devel-7.1.0.9-150400.6.96.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1
* ImageMagick-7.1.0.9-150400.6.96.1
* libMagick++-devel-7.1.0.9-150400.6.96.1
* ImageMagick-debugsource-7.1.0.9-150400.6.96.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.96.1
* perl-PerlMagick-7.1.0.9-150400.6.96.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1
* ImageMagick-devel-7.1.0.9-150400.6.96.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1
* ImageMagick-7.1.0.9-150400.6.96.1
* libMagick++-devel-7.1.0.9-150400.6.96.1
* ImageMagick-debugsource-7.1.0.9-150400.6.96.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.96.1
* perl-PerlMagick-7.1.0.9-150400.6.96.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1
* ImageMagick-devel-7.1.0.9-150400.6.96.1
* ImageMagick-7.1.0.9-150400.6.96.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1
* libMagick++-devel-7.1.0.9-150400.6.96.1
* ImageMagick-debugsource-7.1.0.9-150400.6.96.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.96.1
* perl-PerlMagick-7.1.0.9-150400.6.96.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1
* ImageMagick-devel-7.1.0.9-150400.6.96.1
* ImageMagick-7.1.0.9-150400.6.96.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1
* libMagick++-devel-7.1.0.9-150400.6.96.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1
* ImageMagick-debugsource-7.1.0.9-150400.6.96.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.96.1
* perl-PerlMagick-7.1.0.9-150400.6.96.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1
* ImageMagick-devel-7.1.0.9-150400.6.96.1
* ImageMagick-7.1.0.9-150400.6.96.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1
* libMagick++-devel-7.1.0.9-150400.6.96.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1
* ImageMagick-debugsource-7.1.0.9-150400.6.96.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.96.1
* perl-PerlMagick-7.1.0.9-150400.6.96.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1
* ImageMagick-devel-7.1.0.9-150400.6.96.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1
* ImageMagick-7.1.0.9-150400.6.96.1
* libMagick++-devel-7.1.0.9-150400.6.96.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1
* ImageMagick-debugsource-7.1.0.9-150400.6.96.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.96.1
* perl-PerlMagick-7.1.0.9-150400.6.96.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* ImageMagick-debuginfo-7.1.0.9-150400.6.96.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1
* ImageMagick-debugsource-7.1.0.9-150400.6.96.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* ImageMagick-debuginfo-7.1.0.9-150400.6.96.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1
* ImageMagick-debugsource-7.1.0.9-150400.6.96.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* ImageMagick-debuginfo-7.1.0.9-150400.6.96.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1
* ImageMagick-debugsource-7.1.0.9-150400.6.96.1
## References:
* https://www.suse.com/security/cve/CVE-2026-53466.html
* https://www.suse.com/security/cve/CVE-2026-53467.html
* https://www.suse.com/security/cve/CVE-2026-55594.html
* https://www.suse.com/security/cve/CVE-2026-55595.html
* https://www.suse.com/security/cve/CVE-2026-55597.html
* https://www.suse.com/security/cve/CVE-2026-56361.html
* https://www.suse.com/security/cve/CVE-2026-56363.html
* https://www.suse.com/security/cve/CVE-2026-56364.html
* https://www.suse.com/security/cve/CVE-2026-56365.html
* https://www.suse.com/security/cve/CVE-2026-56367.html
* https://www.suse.com/security/cve/CVE-2026-56368.html
* https://www.suse.com/security/cve/CVE-2026-56370.html
* https://www.suse.com/security/cve/CVE-2026-56371.html
* https://www.suse.com/security/cve/CVE-2026-56376.html
* https://www.suse.com/security/cve/CVE-2026-56379.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268640
* https://bugzilla.suse.com/show_bug.cgi?id=1268645
* https://bugzilla.suse.com/show_bug.cgi?id=1268878
* https://bugzilla.suse.com/show_bug.cgi?id=1268879
* https://bugzilla.suse.com/show_bug.cgi?id=1268880
* https://bugzilla.suse.com/show_bug.cgi?id=1269063
* https://bugzilla.suse.com/show_bug.cgi?id=1269064
* https://bugzilla.suse.com/show_bug.cgi?id=1270001
* https://bugzilla.suse.com/show_bug.cgi?id=1270002
* https://bugzilla.suse.com/show_bug.cgi?id=1270003
* https://bugzilla.suse.com/show_bug.cgi?id=1270004
* https://bugzilla.suse.com/show_bug.cgi?id=1270073
* https://bugzilla.suse.com/show_bug.cgi?id=1270074
* https://bugzilla.suse.com/show_bug.cgi?id=1270077
* https://bugzilla.suse.com/show_bug.cgi?id=1270079
* https://bugzilla.suse.com/show_bug.cgi?id=1270080
SUSE-SU-2026:3058-1: important: Security update for gstreamer-plugins-bad
# Security update for gstreamer-plugins-bad
Announcement ID: SUSE-SU-2026:3058-1
Release Date: 2026-07-15T13:32:28Z
Rating: important
References:
* bsc#1268168
* bsc#1268406
* bsc#1268408
* bsc#1268410
* bsc#1268971
* bsc#1271051
* bsc#1271168
Cross-References:
* CVE-2026-12892
* CVE-2026-14935
* CVE-2026-52720
* CVE-2026-52721
* CVE-2026-52722
* CVE-2026-53702
* CVE-2026-59692
CVSS scores:
* CVE-2026-12892 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-12892 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-12892 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
* CVE-2026-14935 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-14935 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-14935 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-52720 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-52720 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-52720 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-52721 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L
* CVE-2026-52721 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-52722 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-52722 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-52722 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-53702 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-53702 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-59692 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-59692 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-59692 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP7
* Desktop Applications Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7
An update that solves seven vulnerabilities can now be installed.
## Description:
This update for gstreamer-plugins-bad fixes the following issues
* CVE-2026-12892: 1-byte heap out-of-bounds read in H.264 NAL extension slice
parser (bsc#1268971).
* CVE-2026-14935: webrtcbin accepts remote SDP without a=fingerprint due to
inverted presence check (bsc#1271051).
* CVE-2026-52720: invalid check of total area instead of individual dimensions
could trigger a heap out-of-bounds write (bsc#1268406).
* CVE-2026-52721: crafted PCAP records during IPv4 or TCP header parsing could
cause an out-of-bounds read (bsc#1268408).
* CVE-2026-52722: crafted VMnc stream with large cursor dimensions can
overflow signed integer (bsc#1268410).
* CVE-2026-53702: incorrect loop bound during H.265 SEI message parsing could
result in a stack buffer overflow (bsc#1268168).
* CVE-2026-59692: unvalidated peer certificate Subject DN printed during a
DTLS handshake could cause a stack buffer overflow (bsc#1271168).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3058=1
* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-3058=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3058=1
* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-3058=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3058=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-3058=1
## Package List:
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libgstmse-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstvulkan-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstisoff-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstwebrtcnice-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstwebrtc-1_0-0-1.24.0-150600.4.9.1
* libgstcodecs-1_0-0-1.24.0-150600.4.9.1
* libgstcuda-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstmpegts-1_0-0-1.24.0-150600.4.9.1
* typelib-1_0-GstPlay-1_0-1.24.0-150600.4.9.1
* typelib-1_0-GstVa-1_0-1.24.0-150600.4.9.1
* typelib-1_0-CudaGst-1_0-1.24.0-150600.4.9.1
* libgstisoff-1_0-0-1.24.0-150600.4.9.1
* typelib-1_0-GstCodecs-1_0-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-debugsource-1.24.0-150600.4.9.1
* libgstcodecparsers-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgsttranscoder-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstplay-1_0-0-1.24.0-150600.4.9.1
* typelib-1_0-GstBadAudio-1_0-1.24.0-150600.4.9.1
* libgstcuda-1_0-0-1.24.0-150600.4.9.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.24.0-150600.4.9.1
* typelib-1_0-GstMpegts-1_0-1.24.0-150600.4.9.1
* typelib-1_0-GstWebRTC-1_0-1.24.0-150600.4.9.1
* libgsttranscoder-1_0-0-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-1.24.0-150600.4.9.1
* typelib-1_0-GstInsertBin-1_0-1.24.0-150600.4.9.1
* libgstdxva-1_0-0-1.24.0-150600.4.9.1
* libgstcodecparsers-1_0-0-1.24.0-150600.4.9.1
* libgstsctp-1_0-0-1.24.0-150600.4.9.1
* libgstmse-1_0-0-1.24.0-150600.4.9.1
* libgstinsertbin-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstphotography-1_0-0-1.24.0-150600.4.9.1
* libgstmpegts-1_0-0-debuginfo-1.24.0-150600.4.9.1
* typelib-1_0-GstPlayer-1_0-1.24.0-150600.4.9.1
* libgstphotography-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstbadaudio-1_0-0-debuginfo-1.24.0-150600.4.9.1
* typelib-1_0-GstMse-1_0-1.24.0-150600.4.9.1
* libgstanalytics-1_0-0-1.24.0-150600.4.9.1
* libgstva-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstinsertbin-1_0-0-1.24.0-150600.4.9.1
* libgstplay-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstva-1_0-0-1.24.0-150600.4.9.1
* libgstwayland-1_0-0-debuginfo-1.24.0-150600.4.9.1
* typelib-1_0-GstCuda-1_0-1.24.0-150600.4.9.1
* libgstwayland-1_0-0-1.24.0-150600.4.9.1
* libgstadaptivedemux-1_0-0-1.24.0-150600.4.9.1
* libgsturidownloader-1_0-0-debuginfo-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-devel-1.24.0-150600.4.9.1
* libgstanalytics-1_0-0-debuginfo-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-debuginfo-1.24.0-150600.4.9.1
* libgsturidownloader-1_0-0-1.24.0-150600.4.9.1
* libgstcodecs-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstwebrtcnice-1_0-0-1.24.0-150600.4.9.1
* typelib-1_0-GstAnalytics-1_0-1.24.0-150600.4.9.1
* libgstadaptivedemux-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstplayer-1_0-0-1.24.0-150600.4.9.1
* libgstsctp-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstplayer-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstvulkan-1_0-0-1.24.0-150600.4.9.1
* libgstbasecamerabinsrc-1_0-0-1.24.0-150600.4.9.1
* libgstbadaudio-1_0-0-1.24.0-150600.4.9.1
* libgstdxva-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstwebrtc-1_0-0-debuginfo-1.24.0-150600.4.9.1
* typelib-1_0-GstDxva-1_0-1.24.0-150600.4.9.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* gstreamer-plugins-bad-lang-1.24.0-150600.4.9.1
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* libgstmse-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstisoff-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstvulkan-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstwebrtcnice-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstwebrtc-1_0-0-1.24.0-150600.4.9.1
* libgstcodecs-1_0-0-1.24.0-150600.4.9.1
* libgstcuda-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstmpegts-1_0-0-1.24.0-150600.4.9.1
* typelib-1_0-GstPlay-1_0-1.24.0-150600.4.9.1
* typelib-1_0-GstVa-1_0-1.24.0-150600.4.9.1
* typelib-1_0-CudaGst-1_0-1.24.0-150600.4.9.1
* libgstisoff-1_0-0-1.24.0-150600.4.9.1
* typelib-1_0-GstCodecs-1_0-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-debugsource-1.24.0-150600.4.9.1
* libgstcodecparsers-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgsttranscoder-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstplay-1_0-0-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-chromaprint-1.24.0-150600.4.9.1
* libgstcuda-1_0-0-1.24.0-150600.4.9.1
* typelib-1_0-GstBadAudio-1_0-1.24.0-150600.4.9.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.24.0-150600.4.9.1
* gstreamer-transcoder-1.24.0-150600.4.9.1
* typelib-1_0-GstMpegts-1_0-1.24.0-150600.4.9.1
* typelib-1_0-GstWebRTC-1_0-1.24.0-150600.4.9.1
* libgsttranscoder-1_0-0-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-1.24.0-150600.4.9.1
* typelib-1_0-GstInsertBin-1_0-1.24.0-150600.4.9.1
* libgstdxva-1_0-0-1.24.0-150600.4.9.1
* libgstcodecparsers-1_0-0-1.24.0-150600.4.9.1
* typelib-1_0-GstVulkanXCB-1_0-1.24.0-150600.4.9.1
* libgstsctp-1_0-0-1.24.0-150600.4.9.1
* libgstmse-1_0-0-1.24.0-150600.4.9.1
* libgstinsertbin-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstphotography-1_0-0-1.24.0-150600.4.9.1
* libgstmpegts-1_0-0-debuginfo-1.24.0-150600.4.9.1
* typelib-1_0-GstPlayer-1_0-1.24.0-150600.4.9.1
* libgstphotography-1_0-0-debuginfo-1.24.0-150600.4.9.1
* typelib-1_0-GstTranscoder-1_0-1.24.0-150600.4.9.1
* libgstbadaudio-1_0-0-debuginfo-1.24.0-150600.4.9.1
* gstreamer-transcoder-debuginfo-1.24.0-150600.4.9.1
* typelib-1_0-GstMse-1_0-1.24.0-150600.4.9.1
* libgstanalytics-1_0-0-1.24.0-150600.4.9.1
* libgstva-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstinsertbin-1_0-0-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.24.0-150600.4.9.1
* gstreamer-transcoder-devel-1.24.0-150600.4.9.1
* libgstplay-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstwayland-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstva-1_0-0-1.24.0-150600.4.9.1
* typelib-1_0-GstCuda-1_0-1.24.0-150600.4.9.1
* libgstwayland-1_0-0-1.24.0-150600.4.9.1
* libgsturidownloader-1_0-0-debuginfo-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-devel-1.24.0-150600.4.9.1
* libgstadaptivedemux-1_0-0-1.24.0-150600.4.9.1
* libgstanalytics-1_0-0-debuginfo-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-debuginfo-1.24.0-150600.4.9.1
* typelib-1_0-GstVulkanWayland-1_0-1.24.0-150600.4.9.1
* libgsturidownloader-1_0-0-1.24.0-150600.4.9.1
* libgstcodecs-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstwebrtcnice-1_0-0-1.24.0-150600.4.9.1
* libgstadaptivedemux-1_0-0-debuginfo-1.24.0-150600.4.9.1
* typelib-1_0-GstAnalytics-1_0-1.24.0-150600.4.9.1
* libgstplayer-1_0-0-1.24.0-150600.4.9.1
* typelib-1_0-GstVulkan-1_0-1.24.0-150600.4.9.1
* libgstsctp-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstplayer-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstvulkan-1_0-0-1.24.0-150600.4.9.1
* libgstbadaudio-1_0-0-1.24.0-150600.4.9.1
* libgstbasecamerabinsrc-1_0-0-1.24.0-150600.4.9.1
* libgstdxva-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstwebrtc-1_0-0-debuginfo-1.24.0-150600.4.9.1
* typelib-1_0-GstDxva-1_0-1.24.0-150600.4.9.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libgstwayland-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-64bit-debuginfo-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-chromaprint-64bit-1.24.0-150600.4.9.1
* libgsttranscoder-1_0-0-64bit-1.24.0-150600.4.9.1
* libgstbadaudio-1_0-0-64bit-1.24.0-150600.4.9.1
* libgstplayer-1_0-0-64bit-1.24.0-150600.4.9.1
* libgstcodecparsers-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* libgstvulkan-1_0-0-64bit-1.24.0-150600.4.9.1
* libgstanalytics-1_0-0-64bit-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.24.0-150600.4.9.1
* libgstadaptivedemux-1_0-0-64bit-1.24.0-150600.4.9.1
* libgstphotography-1_0-0-64bit-1.24.0-150600.4.9.1
* libgstva-1_0-0-64bit-1.24.0-150600.4.9.1
* libgstmse-1_0-0-64bit-1.24.0-150600.4.9.1
* libgstplay-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* libgstbadaudio-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* libgstdxva-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* libgstisoff-1_0-0-64bit-1.24.0-150600.4.9.1
* libgstvulkan-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* libgstdxva-1_0-0-64bit-1.24.0-150600.4.9.1
* libgsturidownloader-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* libgstva-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* libgstcodecparsers-1_0-0-64bit-1.24.0-150600.4.9.1
* libgstcodecs-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* libgstisoff-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* libgstcuda-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* libgstcodecs-1_0-0-64bit-1.24.0-150600.4.9.1
* libgstadaptivedemux-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* libgstbasecamerabinsrc-1_0-0-64bit-1.24.0-150600.4.9.1
* libgstmpegts-1_0-0-64bit-1.24.0-150600.4.9.1
* libgstplayer-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* libgstwebrtc-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* libgstwayland-1_0-0-64bit-1.24.0-150600.4.9.1
* libgstplay-1_0-0-64bit-1.24.0-150600.4.9.1
* libgstwebrtcnice-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* libgstwebrtcnice-1_0-0-64bit-1.24.0-150600.4.9.1
* libgsturidownloader-1_0-0-64bit-1.24.0-150600.4.9.1
* libgstsctp-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* libgstanalytics-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* libgstcuda-1_0-0-64bit-1.24.0-150600.4.9.1
* libgsttranscoder-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* libgstsctp-1_0-0-64bit-1.24.0-150600.4.9.1
* libgstphotography-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* libgstmse-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* libgstwebrtc-1_0-0-64bit-1.24.0-150600.4.9.1
* libgstmpegts-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-64bit-1.24.0-150600.4.9.1
* libgstinsertbin-1_0-0-64bit-1.24.0-150600.4.9.1
* libgstinsertbin-1_0-0-64bit-debuginfo-1.24.0-150600.4.9.1
* openSUSE Leap 15.6 (x86_64)
* libgstwayland-1_0-0-32bit-1.24.0-150600.4.9.1
* libgstwebrtc-1_0-0-32bit-1.24.0-150600.4.9.1
* libgstcodecparsers-1_0-0-32bit-1.24.0-150600.4.9.1
* libgstanalytics-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* libgstwebrtcnice-1_0-0-32bit-1.24.0-150600.4.9.1
* libgstcodecs-1_0-0-32bit-1.24.0-150600.4.9.1
* libgstdxva-1_0-0-32bit-1.24.0-150600.4.9.1
* libgstbadaudio-1_0-0-32bit-1.24.0-150600.4.9.1
* libgstinsertbin-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* libgstwayland-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* libgstbadaudio-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* libgstanalytics-1_0-0-32bit-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-32bit-debuginfo-1.24.0-150600.4.9.1
* libgstmpegts-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* libgstcuda-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* libgstmse-1_0-0-32bit-1.24.0-150600.4.9.1
* libgsttranscoder-1_0-0-32bit-1.24.0-150600.4.9.1
* libgstvulkan-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* libgstadaptivedemux-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* libgstplayer-1_0-0-32bit-1.24.0-150600.4.9.1
* libgstwebrtc-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* libgstcodecparsers-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.24.0-150600.4.9.1
* libgsturidownloader-1_0-0-32bit-1.24.0-150600.4.9.1
* libgstvulkan-1_0-0-32bit-1.24.0-150600.4.9.1
* libgstdxva-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* libgstcuda-1_0-0-32bit-1.24.0-150600.4.9.1
* libgsttranscoder-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* libgstplay-1_0-0-32bit-1.24.0-150600.4.9.1
* libgstsctp-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* libgstinsertbin-1_0-0-32bit-1.24.0-150600.4.9.1
* libgsturidownloader-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* libgstbasecamerabinsrc-1_0-0-32bit-1.24.0-150600.4.9.1
* libgstcodecs-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* libgstadaptivedemux-1_0-0-32bit-1.24.0-150600.4.9.1
* libgstphotography-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* libgstmpegts-1_0-0-32bit-1.24.0-150600.4.9.1
* libgstva-1_0-0-32bit-1.24.0-150600.4.9.1
* libgstplay-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-32bit-1.24.0-150600.4.9.1
* libgstphotography-1_0-0-32bit-1.24.0-150600.4.9.1
* libgstsctp-1_0-0-32bit-1.24.0-150600.4.9.1
* libgstisoff-1_0-0-32bit-1.24.0-150600.4.9.1
* libgstwebrtcnice-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* libgstmse-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* libgstplayer-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-chromaprint-32bit-1.24.0-150600.4.9.1
* libgstva-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* libgstisoff-1_0-0-32bit-debuginfo-1.24.0-150600.4.9.1
* openSUSE Leap 15.6 (noarch)
* gstreamer-plugins-bad-lang-1.24.0-150600.4.9.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* gstreamer-plugins-bad-debuginfo-1.24.0-150600.4.9.1
* libgstphotography-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgsttranscoder-1_0-0-1.24.0-150600.4.9.1
* libgstplayer-1_0-0-1.24.0-150600.4.9.1
* libgstplayer-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstplay-1_0-0-debuginfo-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-debugsource-1.24.0-150600.4.9.1
* libgsttranscoder-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstplay-1_0-0-1.24.0-150600.4.9.1
* libgstphotography-1_0-0-1.24.0-150600.4.9.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libgstmse-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstisoff-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstwebrtcnice-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstvulkan-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstwebrtc-1_0-0-1.24.0-150600.4.9.1
* libgstcodecs-1_0-0-1.24.0-150600.4.9.1
* libgstcuda-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstmpegts-1_0-0-1.24.0-150600.4.9.1
* typelib-1_0-GstPlay-1_0-1.24.0-150600.4.9.1
* typelib-1_0-GstVa-1_0-1.24.0-150600.4.9.1
* typelib-1_0-CudaGst-1_0-1.24.0-150600.4.9.1
* libgstisoff-1_0-0-1.24.0-150600.4.9.1
* typelib-1_0-GstCodecs-1_0-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-debugsource-1.24.0-150600.4.9.1
* libgstcodecparsers-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstcuda-1_0-0-1.24.0-150600.4.9.1
* typelib-1_0-GstBadAudio-1_0-1.24.0-150600.4.9.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.24.0-150600.4.9.1
* typelib-1_0-GstMpegts-1_0-1.24.0-150600.4.9.1
* typelib-1_0-GstWebRTC-1_0-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-1.24.0-150600.4.9.1
* typelib-1_0-GstInsertBin-1_0-1.24.0-150600.4.9.1
* libgstdxva-1_0-0-1.24.0-150600.4.9.1
* libgstcodecparsers-1_0-0-1.24.0-150600.4.9.1
* libgstsctp-1_0-0-1.24.0-150600.4.9.1
* libgstmse-1_0-0-1.24.0-150600.4.9.1
* libgstinsertbin-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstmpegts-1_0-0-debuginfo-1.24.0-150600.4.9.1
* typelib-1_0-GstPlayer-1_0-1.24.0-150600.4.9.1
* libgstbadaudio-1_0-0-debuginfo-1.24.0-150600.4.9.1
* typelib-1_0-GstMse-1_0-1.24.0-150600.4.9.1
* libgstanalytics-1_0-0-1.24.0-150600.4.9.1
* libgstva-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstinsertbin-1_0-0-1.24.0-150600.4.9.1
* libgstva-1_0-0-1.24.0-150600.4.9.1
* libgstwayland-1_0-0-debuginfo-1.24.0-150600.4.9.1
* typelib-1_0-GstCuda-1_0-1.24.0-150600.4.9.1
* libgstwayland-1_0-0-1.24.0-150600.4.9.1
* libgstadaptivedemux-1_0-0-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-devel-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-debuginfo-1.24.0-150600.4.9.1
* libgstanalytics-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgsturidownloader-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgsturidownloader-1_0-0-1.24.0-150600.4.9.1
* libgstcodecs-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstadaptivedemux-1_0-0-debuginfo-1.24.0-150600.4.9.1
* typelib-1_0-GstAnalytics-1_0-1.24.0-150600.4.9.1
* libgstwebrtcnice-1_0-0-1.24.0-150600.4.9.1
* libgstbadaudio-1_0-0-1.24.0-150600.4.9.1
* libgstsctp-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstbasecamerabinsrc-1_0-0-1.24.0-150600.4.9.1
* libgstvulkan-1_0-0-1.24.0-150600.4.9.1
* libgstdxva-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstwebrtc-1_0-0-debuginfo-1.24.0-150600.4.9.1
* typelib-1_0-GstDxva-1_0-1.24.0-150600.4.9.1
* Desktop Applications Module 15-SP7 (noarch)
* gstreamer-plugins-bad-lang-1.24.0-150600.4.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libgstmse-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstisoff-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstwebrtcnice-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstvulkan-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstwebrtc-1_0-0-1.24.0-150600.4.9.1
* libgstcuda-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstmpegts-1_0-0-1.24.0-150600.4.9.1
* typelib-1_0-GstPlay-1_0-1.24.0-150600.4.9.1
* typelib-1_0-GstVa-1_0-1.24.0-150600.4.9.1
* typelib-1_0-CudaGst-1_0-1.24.0-150600.4.9.1
* libgstisoff-1_0-0-1.24.0-150600.4.9.1
* typelib-1_0-GstCodecs-1_0-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-debugsource-1.24.0-150600.4.9.1
* libgstcodecparsers-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgsttranscoder-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstplay-1_0-0-1.24.0-150600.4.9.1
* libgstcuda-1_0-0-1.24.0-150600.4.9.1
* typelib-1_0-GstBadAudio-1_0-1.24.0-150600.4.9.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.24.0-150600.4.9.1
* typelib-1_0-GstMpegts-1_0-1.24.0-150600.4.9.1
* typelib-1_0-GstWebRTC-1_0-1.24.0-150600.4.9.1
* libgsttranscoder-1_0-0-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-1.24.0-150600.4.9.1
* libgstdxva-1_0-0-1.24.0-150600.4.9.1
* typelib-1_0-GstInsertBin-1_0-1.24.0-150600.4.9.1
* libgstcodecparsers-1_0-0-1.24.0-150600.4.9.1
* libgstsctp-1_0-0-1.24.0-150600.4.9.1
* libgstmse-1_0-0-1.24.0-150600.4.9.1
* libgstinsertbin-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstphotography-1_0-0-1.24.0-150600.4.9.1
* libgstmpegts-1_0-0-debuginfo-1.24.0-150600.4.9.1
* typelib-1_0-GstPlayer-1_0-1.24.0-150600.4.9.1
* libgstphotography-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstbadaudio-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstanalytics-1_0-0-1.24.0-150600.4.9.1
* typelib-1_0-GstMse-1_0-1.24.0-150600.4.9.1
* libgstva-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstinsertbin-1_0-0-1.24.0-150600.4.9.1
* libgstplay-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstwayland-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstva-1_0-0-1.24.0-150600.4.9.1
* typelib-1_0-GstCuda-1_0-1.24.0-150600.4.9.1
* libgstwayland-1_0-0-1.24.0-150600.4.9.1
* libgsturidownloader-1_0-0-debuginfo-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-devel-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-debuginfo-1.24.0-150600.4.9.1
* libgstanalytics-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstadaptivedemux-1_0-0-1.24.0-150600.4.9.1
* libgsturidownloader-1_0-0-1.24.0-150600.4.9.1
* libgstcodecs-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstadaptivedemux-1_0-0-debuginfo-1.24.0-150600.4.9.1
* typelib-1_0-GstAnalytics-1_0-1.24.0-150600.4.9.1
* libgstwebrtcnice-1_0-0-1.24.0-150600.4.9.1
* libgstplayer-1_0-0-1.24.0-150600.4.9.1
* libgstplayer-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstbadaudio-1_0-0-1.24.0-150600.4.9.1
* libgstvulkan-1_0-0-1.24.0-150600.4.9.1
* libgstcodecs-1_0-0-1.24.0-150600.4.9.1
* libgstbasecamerabinsrc-1_0-0-1.24.0-150600.4.9.1
* libgstdxva-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstsctp-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstwebrtc-1_0-0-debuginfo-1.24.0-150600.4.9.1
* typelib-1_0-GstDxva-1_0-1.24.0-150600.4.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* gstreamer-plugins-bad-lang-1.24.0-150600.4.9.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* libgsttranscoder-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgsttranscoder-1_0-0-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-debuginfo-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-debugsource-1.24.0-150600.4.9.1
## References:
* https://www.suse.com/security/cve/CVE-2026-12892.html
* https://www.suse.com/security/cve/CVE-2026-14935.html
* https://www.suse.com/security/cve/CVE-2026-52720.html
* https://www.suse.com/security/cve/CVE-2026-52721.html
* https://www.suse.com/security/cve/CVE-2026-52722.html
* https://www.suse.com/security/cve/CVE-2026-53702.html
* https://www.suse.com/security/cve/CVE-2026-59692.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268168
* https://bugzilla.suse.com/show_bug.cgi?id=1268406
* https://bugzilla.suse.com/show_bug.cgi?id=1268408
* https://bugzilla.suse.com/show_bug.cgi?id=1268410
* https://bugzilla.suse.com/show_bug.cgi?id=1268971
* https://bugzilla.suse.com/show_bug.cgi?id=1271051
* https://bugzilla.suse.com/show_bug.cgi?id=1271168
SUSE-SU-2026:3063-1: important: Security update for buildah
# Security update for buildah
Announcement ID: SUSE-SU-2026:3063-1
Release Date: 2026-07-15T15:01:02Z
Rating: important
References:
Affected Products:
* Containers Module 15-SP7
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that can now be installed.
## Description:
This update for buildah rebuilds it against the current go security release.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3063=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-3063=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-3063=1
* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-3063=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-3063=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3063=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-3063=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-3063=1
## Package List:
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* buildah-1.35.5-150500.3.64.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.64.1
* Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.64.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* buildah-1.35.5-150500.3.64.1
* openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.64.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.64.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* buildah-1.35.5-150500.3.64.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* buildah-1.35.5-150500.3.64.1