OVMF, Libminizip, FreeRDP, and more updates for SUSE

SUSE 5631 Published 2026-04-27 06:27 by Philipp Esselbach

News

openSUSE has released a series of security updates targeting multiple packages across Tumbleweed and SLE Backports distributions. These patches address numerous vulnerabilities rated from moderate to important, including critical flaws in Chromium and Kyverno alongside several issues affecting OVMF, FreeRDP2, and Mako templates. Administrators managing these systems should prioritize installing the fixes through zypper or YaST to prevent potential exploitation of the listed CVEs. Each announcement provides detailed package lists and direct links to SUSE security pages for further technical reference.

openSUSE-SU-2026:10615-1: moderate: ovmf-202602-9.1 on GA media
openSUSE-SU-2026:10617-1: moderate: libminizip1-1.3.1-2.1 on GA media
openSUSE-SU-2026:10611-1: moderate: freerdp2-2.11.7-8.1 on GA media
openSUSE-SU-2026:10612-1: moderate: golang-github-prometheus-alertmanager-0.31.1-3.1 on GA media
openSUSE-SU-2026:10616-1: moderate: python311-Mako-1.3.11-1.1 on GA media
openSUSE-SU-2026:10613-1: moderate: kyverno-1.17.2-1.1 on GA media
openSUSE-SU-2026:0152-1: important: Security update for chromium
openSUSE-SU-2026:0153-1: important: Security update for chromium

openSUSE-SU-2026:10615-1: moderate: ovmf-202602-9.1 on GA media

# ovmf-202602-9.1 on GA media

Announcement ID: openSUSE-SU-2026:10615-1
Rating: moderate

Cross-References:

* CVE-2026-25833
* CVE-2026-34874

CVSS scores:

* CVE-2026-25833 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25833 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34874 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34874 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the ovmf-202602-9.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ovmf 202602-9.1
* ovmf-tools 202602-9.1
* qemu-ovmf-x86_64 202602-9.1
* qemu-ovmf-x86_64-debug 202602-9.1
* qemu-uefi-aarch64 202602-9.1
* qemu-uefi-riscv64 202602-9.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25833.html
* https://www.suse.com/security/cve/CVE-2026-34874.html

openSUSE-SU-2026:10617-1: moderate: libminizip1-1.3.1-2.1 on GA media

# libminizip1-1.3.1-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10617-1
Rating: moderate

Cross-References:

* CVE-2026-27171

CVSS scores:

* CVE-2026-27171 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-27171 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libminizip1-1.3.1-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libminizip1 1.3.1-2.1
* libminizip1-32bit 1.3.1-2.1
* libminizip1-x86-64-v3 1.3.1-2.1
* libz1 1.3.1-2.1
* libz1-32bit 1.3.1-2.1
* libz1-x86-64-v3 1.3.1-2.1
* minizip-devel 1.3.1-2.1
* zlib-devel 1.3.1-2.1
* zlib-devel-32bit 1.3.1-2.1
* zlib-devel-static 1.3.1-2.1
* zlib-devel-static-32bit 1.3.1-2.1
* zlib-testsuite 1.3.1-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-27171.html

openSUSE-SU-2026:10611-1: moderate: freerdp2-2.11.7-8.1 on GA media

# freerdp2-2.11.7-8.1 on GA media

Announcement ID: openSUSE-SU-2026:10611-1
Rating: moderate

Cross-References:

* CVE-2026-25941
* CVE-2026-25942
* CVE-2026-25952
* CVE-2026-25954
* CVE-2026-25997
* CVE-2026-26986
* CVE-2026-27015
* CVE-2026-27951

CVSS scores:

* CVE-2026-25941 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-25941 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-25942 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-25942 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-25952 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-25952 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-25954 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-25954 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-25997 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-25997 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-26986 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-26986 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-27015 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-27015 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-27951 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-27951 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 8 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the freerdp2-2.11.7-8.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* freerdp2 2.11.7-8.1
* freerdp2-devel 2.11.7-8.1
* freerdp2-proxy 2.11.7-8.1
* freerdp2-server 2.11.7-8.1
* libfreerdp2-2 2.11.7-8.1
* libwinpr2-2 2.11.7-8.1
* winpr2-devel 2.11.7-8.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25941.html
* https://www.suse.com/security/cve/CVE-2026-25942.html
* https://www.suse.com/security/cve/CVE-2026-25952.html
* https://www.suse.com/security/cve/CVE-2026-25954.html
* https://www.suse.com/security/cve/CVE-2026-25997.html
* https://www.suse.com/security/cve/CVE-2026-26986.html
* https://www.suse.com/security/cve/CVE-2026-27015.html
* https://www.suse.com/security/cve/CVE-2026-27951.html

openSUSE-SU-2026:10612-1: moderate: golang-github-prometheus-alertmanager-0.31.1-3.1 on GA media

# golang-github-prometheus-alertmanager-0.31.1-3.1 on GA media

Announcement ID: openSUSE-SU-2026:10612-1
Rating: moderate

Cross-References:

* CVE-2026-33186

CVSS scores:

* CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the golang-github-prometheus-alertmanager-0.31.1-3.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* golang-github-prometheus-alertmanager 0.31.1-3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33186.html

openSUSE-SU-2026:10616-1: moderate: python311-Mako-1.3.11-1.1 on GA media

# python311-Mako-1.3.11-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10616-1
Rating: moderate

Cross-References:

* CVE-2026-41205

CVSS scores:

* CVE-2026-41205 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-41205 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-Mako-1.3.11-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-Mako 1.3.11-1.1
* python313-Mako 1.3.11-1.1
* python314-Mako 1.3.11-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-41205.html

openSUSE-SU-2026:10613-1: moderate: kyverno-1.17.2-1.1 on GA media

# kyverno-1.17.2-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10613-1
Rating: moderate

Cross-References:

* CVE-2026-1229
* CVE-2026-24051
* CVE-2026-33186
* CVE-2026-34986
* CVE-2026-4789

CVSS scores:

* CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 5 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the kyverno-1.17.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* kyverno 1.17.2-1.1
* kyverno-bash-completion 1.17.2-1.1
* kyverno-fish-completion 1.17.2-1.1
* kyverno-zsh-completion 1.17.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-1229.html
* https://www.suse.com/security/cve/CVE-2026-24051.html
* https://www.suse.com/security/cve/CVE-2026-33186.html
* https://www.suse.com/security/cve/CVE-2026-34986.html
* https://www.suse.com/security/cve/CVE-2026-4789.html

openSUSE-SU-2026:0152-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2026:0152-1
Rating: important
References: #1262586
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that contains security fixes can now be installed.

Description:

This update for chromium fixes the following issues:

- Chromium 147.0.7727.116 (boo#1262586)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-152=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le x86_64):

chromedriver-147.0.7727.116-bp157.2.151.1
chromium-147.0.7727.116-bp157.2.151.1

References:

https://bugzilla.suse.com/1262586

openSUSE-SU-2026:0153-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2026:0153-1
Rating: important
References: #1262586
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that contains security fixes can now be installed.

Description:

This update for chromium fixes the following issues:

- Chromium 147.0.7727.116 (boo#1262586)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2026-153=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le x86_64):

chromedriver-147.0.7727.116-bp156.2.266.1
chromium-147.0.7727.116-bp156.2.266.1

References:

https://bugzilla.suse.com/1262586

Container-Tools, OpenSSH, Webkit2GTK3, and more updates for RHEL

Apache 2.4.67 RC1 released

OVMF, Libminizip, FreeRDP, and more updates for SUSE

openSUSE-SU-2026:10615-1: moderate: ovmf-202602-9.1 on GA media

openSUSE-SU-2026:10617-1: moderate: libminizip1-1.3.1-2.1 on GA media

openSUSE-SU-2026:10611-1: moderate: freerdp2-2.11.7-8.1 on GA media

openSUSE-SU-2026:10612-1: moderate: golang-github-prometheus-alertmanager-0.31.1-3.1 on GA media

openSUSE-SU-2026:10616-1: moderate: python311-Mako-1.3.11-1.1 on GA media

openSUSE-SU-2026:10613-1: moderate: kyverno-1.17.2-1.1 on GA media

openSUSE-SU-2026:0152-1: important: Security update for chromium

openSUSE-SU-2026:0153-1: important: Security update for chromium

Windows

Linux

macOS

Community