SUSE 5695 Published by

SUSE issued a series of security advisories addressing critical and moderate flaws in pacemaker, dracut, python-pytest-html, lrzip, python-zeroconf, cadvisor, and several Perl and Python packages. The updates resolve vulnerabilities that allow denial of service via integer overflows and quadratic complexity, unauthorized root code execution through DHCP option injection, and memory exhaustion caused by crafted DNS or YAML payloads.

SUSE-SU-2026:2716-1: important: Security update for pacemaker
openSUSE-SU-2026:21176-1: important: Security update for python-pytest-html
openSUSE-SU-2026:21179-1: important: Security update for lrzip
openSUSE-SU-2026:21175-1: moderate: Security update for python-zeroconf
openSUSE-SU-2026:11159-1: moderate: python311-jupyter-server-2.20.0-1.1 on GA media
openSUSE-SU-2026:11157-1: moderate: perl-CSS-Minifier-XS-0.140.0-1.1 on GA media
openSUSE-SU-2026:11158-1: moderate: perl-JavaScript-Minifier-XS-0.160.0-1.1 on GA media
openSUSE-SU-2026:11154-1: moderate: hauler-2.0.1-1.1 on GA media
openSUSE-SU-2026:0224-1: important: Security update for cadvisor
SUSE-SU-2026:2721-1: important: Security update for dracut
SUSE-SU-2026:2720-1: important: Security update for dracut




SUSE-SU-2026:2716-1: important: Security update for pacemaker


# Security update for pacemaker

Announcement ID: SUSE-SU-2026:2716-1
Release Date: 2026-06-30T15:34:32Z
Rating: important
References:

* bsc#1268381

Cross-References:

* CVE-2026-10649

CVSS scores:

* CVE-2026-10649 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-10649 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-10649 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise High Availability Extension 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for pacemaker fixes the following issue

* CVE-2026-10649: denial of service via integer overflow in remote message
decompression (bsc#1268381).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Availability Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-2716=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2716=1

## Package List:

* SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le
s390x x86_64)
* pacemaker-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-debugsource-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-debuginfo-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-cli-debuginfo-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-devel-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-cli-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-libs-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-libs-debuginfo-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-remote-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-remote-debuginfo-2.1.7+20231219.0f7f88312-150600.6.15.1
* SUSE Linux Enterprise High Availability Extension 15 SP6 (noarch)
* pacemaker-schemas-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-cts-2.1.7+20231219.0f7f88312-150600.6.15.1
* python3-pacemaker-2.1.7+20231219.0f7f88312-150600.6.15.1
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* pacemaker-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-debugsource-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-devel-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-cli-debuginfo-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-debuginfo-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-cli-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-libs-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-libs-debuginfo-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-remote-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-remote-debuginfo-2.1.7+20231219.0f7f88312-150600.6.15.1
* openSUSE Leap 15.6 (noarch)
* pacemaker-schemas-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-cts-2.1.7+20231219.0f7f88312-150600.6.15.1
* python3-pacemaker-2.1.7+20231219.0f7f88312-150600.6.15.1

## References:

* https://www.suse.com/security/cve/CVE-2026-10649.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268381



openSUSE-SU-2026:21176-1: important: Security update for python-pytest-html


openSUSE security update: security update for python-pytest-html
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21176-1
Rating: important
References:

* bsc#1268818
* bsc#1269361

Cross-References:

* CVE-2026-13311
* CVE-2026-53550

CVSS scores:

* CVE-2026-13311 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-13311 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-53550 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-53550 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for python-pytest-html fixes the following issues:

Changes in python-pytest-html:

- Revendor updating shell-quote and js-yaml deps:
- CVE-2026-13311: shell-quote: inefficient input parsing can lead to a
denial of service (bsc#1269361)
- CVE-2026-53550: js-yaml: quadratic complexity when processing a
crafted YAML document can lead to CPU exhaustion (bsc#1268818)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-371=1

Package List:

- openSUSE Leap 16.0:

python313-pytest-html-4.1.1-bp160.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-13311.html
* https://www.suse.com/security/cve/CVE-2026-53550.html



openSUSE-SU-2026:21179-1: important: Security update for lrzip


openSUSE security update: security update for lrzip
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21179-1
Rating: important
References:

* bsc#1248598
* bsc#1258016
* bsc#1258023

Cross-References:

* CVE-2025-15570
* CVE-2025-15571
* CVE-2025-9396

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.

Description:

This update for lrzip fixes the following issues:

Changes in lrzip:

- Update to version 0.660:
* Do not clean up thread structures in decompression failure
conditions, fixing a use-after-free in lzma_decompress_buf() and a
NULL pointer dereference in ucompthread() on corrupt/malicious
archives (CVE-2025-15570, boo#1258016; CVE-2025-15571, boo#1258023)
* Handle -L given without a parameter, fixing a NULL pointer
dereference (CVE-2025-9396, boo#1248598)
* Add write bounds checking in libzpaq and sanity checks for
maliciously encoded headers and oversized allocations
* Various STDIO, portability and build fixes (OpenBSD support,
non-x86 zpaq, autoconf warnings); drop Doxygen doc build

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-374=1

Package List:

- openSUSE Leap 16.0:

lrzip-0.660-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-15570.html
* https://www.suse.com/security/cve/CVE-2025-15571.html
* https://www.suse.com/security/cve/CVE-2025-9396.html



openSUSE-SU-2026:21175-1: moderate: Security update for python-zeroconf


openSUSE security update: security update for python-zeroconf
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21175-1
Rating: moderate
References:

* bsc#1268235
* bsc#1268341
* bsc#1268342
* bsc#1268343
* bsc#1268388

Cross-References:

* CVE-2026-47180
* CVE-2026-47183
* CVE-2026-47184
* CVE-2026-48045
* CVE-2026-48487

CVSS scores:

* CVE-2026-47180 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-47183 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-47184 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed.

Description:

This update for python-zeroconf fixes the following issues:

Changes in python-zeroconf:

- CVE-2026-47180: zeroconf has unbounded recursion in DNS
compression-pointer decoder that allows LAN-local denial of service
(bsc#1268341)
- CVE-2026-47183: zeroconf: Unbounded exception-dedup state retains
packet buffers via traceback frame locals, enabling LAN-local memory
exhaustion (bsc#1268342)
- CVE-2026-47184: zeroconf has unbounded DNS record cache that allows
LAN-local memory exhaustion via multicast flood (bsc#1268343)
- CVE-2026-48045: python-zeroconf: Unbounded TC-deferred queue allows
LAN-local memory exhaustion via spoofed-source flood (bsc#1268388)
- CVE-2026-48487: python-zeroconf: Unvalidated rdlength in record
payload readers allows LAN-local cache corruption via crafted mDNS
packet (bsc#1268235)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-370=1

Package List:

- openSUSE Leap 16.0:

python313-zeroconf-0.136.0-bp160.2.1

References:

* https://www.suse.com/security/cve/CVE-2026-47180.html
* https://www.suse.com/security/cve/CVE-2026-47183.html
* https://www.suse.com/security/cve/CVE-2026-47184.html
* https://www.suse.com/security/cve/CVE-2026-48045.html
* https://www.suse.com/security/cve/CVE-2026-48487.html



openSUSE-SU-2026:11159-1: moderate: python311-jupyter-server-2.20.0-1.1 on GA media


# python311-jupyter-server-2.20.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11159-1
Rating: moderate

Cross-References:

* CVE-2026-44727

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-jupyter-server-2.20.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-jupyter-server 2.20.0-1.1
* python311-jupyter-server-test 2.20.0-1.1
* python313-jupyter-server 2.20.0-1.1
* python313-jupyter-server-test 2.20.0-1.1
* python314-jupyter-server 2.20.0-1.1
* python314-jupyter-server-test 2.20.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-44727.html



openSUSE-SU-2026:11157-1: moderate: perl-CSS-Minifier-XS-0.140.0-1.1 on GA media


# perl-CSS-Minifier-XS-0.140.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11157-1
Rating: moderate

Cross-References:

* CVE-2026-13593

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the perl-CSS-Minifier-XS-0.140.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* perl-CSS-Minifier-XS 0.140.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-13593.html



openSUSE-SU-2026:11158-1: moderate: perl-JavaScript-Minifier-XS-0.160.0-1.1 on GA media


# perl-JavaScript-Minifier-XS-0.160.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11158-1
Rating: moderate

Cross-References:

* CVE-2026-56017
* CVE-2026-56018

CVSS scores:

* CVE-2026-56017 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-56017 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-56018 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-56018 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the perl-JavaScript-Minifier-XS-0.160.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* perl-JavaScript-Minifier-XS 0.160.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-56017.html
* https://www.suse.com/security/cve/CVE-2026-56018.html



openSUSE-SU-2026:11154-1: moderate: hauler-2.0.1-1.1 on GA media


# hauler-2.0.1-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11154-1
Rating: moderate

Cross-References:

* CVE-2026-48702

CVSS scores:

* CVE-2026-48702 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-48702 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the hauler-2.0.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* hauler 2.0.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-48702.html



openSUSE-SU-2026:0224-1: important: Security update for cadvisor


openSUSE Security Update: Security update for cadvisor
_______________________________

Announcement ID: openSUSE-SU-2026:0224-1
Rating: important
References: #1257429 #1260305 #1266645 #1267788
Cross-References: CVE-2024-45310 CVE-2026-10722 CVE-2026-33186
CVE-2026-39821
CVSS scores:
CVE-2024-45310 (SUSE): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
CVE-2026-10722 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVE-2026-33186 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CVE-2026-39821 (SUSE): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for cadvisor fixes the following issues:

- CVE-2026-39821: Update golang.org/x/net/idna reference (boo#1266645).
- CVE-2026-33186: Update google.golang.org/grpc reference (boo#1260305).
- CVE-2024-45310: Update github.com/opencontainers/runc/libcontainer/utils
reference (boo#1257429).
- CVE-2026-10722: Update github.com/cilium/ebpf reference (boo#1267788).

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-224=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

cadvisor-0.60.3-bp157.2.3.1

References:

https://www.suse.com/security/cve/CVE-2024-45310.html
https://www.suse.com/security/cve/CVE-2026-10722.html
https://www.suse.com/security/cve/CVE-2026-33186.html
https://www.suse.com/security/cve/CVE-2026-39821.html
https://bugzilla.suse.com/1257429
https://bugzilla.suse.com/1260305
https://bugzilla.suse.com/1266645
https://bugzilla.suse.com/1267788



SUSE-SU-2026:2721-1: important: Security update for dracut


# Security update for dracut

Announcement ID: SUSE-SU-2026:2721-1
Release Date: 2026-07-01T13:15:53Z
Rating: important
References:

* bsc#1268322

Cross-References:

* CVE-2026-6893

CVSS scores:

* CVE-2026-6893 ( SUSE ): 8.7
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-6893 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for dracut fixes the following issue

* CVE-2026-6893: Root code execution via DHCP options command injection
(bsc#1268322).

Changes for dracut:

* Update to version 055+suse.402.g2720eea:
* fix(network-legacy): sanitize DHCP values in dhclient-script.sh
(bsc#1268322, CVE-2026-6893)
* fix(network-legacy): add input validation to RFC 3442 route parser

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2721=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2721=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-2721=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2721=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2721=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2721=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* dracut-fips-055+suse.402.g2720eea-150500.3.41.1
* dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1
* dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1
* dracut-mkinitrd-deprecated-055+suse.402.g2720eea-150500.3.41.1
* dracut-055+suse.402.g2720eea-150500.3.41.1
* dracut-ima-055+suse.402.g2720eea-150500.3.41.1
* openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64)
* dracut-fips-055+suse.402.g2720eea-150500.3.41.1
* dracut-tools-055+suse.402.g2720eea-150500.3.41.1
* dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1
* dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1
* dracut-mkinitrd-deprecated-055+suse.402.g2720eea-150500.3.41.1
* dracut-055+suse.402.g2720eea-150500.3.41.1
* dracut-ima-055+suse.402.g2720eea-150500.3.41.1
* dracut-extra-055+suse.402.g2720eea-150500.3.41.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* dracut-fips-055+suse.402.g2720eea-150500.3.41.1
* dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1
* dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1
* dracut-mkinitrd-deprecated-055+suse.402.g2720eea-150500.3.41.1
* dracut-055+suse.402.g2720eea-150500.3.41.1
* dracut-ima-055+suse.402.g2720eea-150500.3.41.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1
* dracut-fips-055+suse.402.g2720eea-150500.3.41.1
* dracut-055+suse.402.g2720eea-150500.3.41.1
* dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* dracut-fips-055+suse.402.g2720eea-150500.3.41.1
* dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1
* dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1
* dracut-mkinitrd-deprecated-055+suse.402.g2720eea-150500.3.41.1
* dracut-055+suse.402.g2720eea-150500.3.41.1
* dracut-ima-055+suse.402.g2720eea-150500.3.41.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* dracut-fips-055+suse.402.g2720eea-150500.3.41.1
* dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1
* dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1
* dracut-mkinitrd-deprecated-055+suse.402.g2720eea-150500.3.41.1
* dracut-055+suse.402.g2720eea-150500.3.41.1
* dracut-ima-055+suse.402.g2720eea-150500.3.41.1

## References:

* https://www.suse.com/security/cve/CVE-2026-6893.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268322



SUSE-SU-2026:2720-1: important: Security update for dracut


# Security update for dracut

Announcement ID: SUSE-SU-2026:2720-1
Release Date: 2026-07-01T13:15:19Z
Rating: important
References:

* bsc#1268322

Cross-References:

* CVE-2026-6893

CVSS scores:

* CVE-2026-6893 ( SUSE ): 8.7
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-6893 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves one vulnerability can now be installed.

## Description:

This update for dracut fixes the following issue

* CVE-2026-6893: Root code execution via DHCP options command injection
(bsc#1268322).

Changes for dracut:

* Update to version 055+suse.365.g79144c5:
* fix(network-legacy): sanitize DHCP values in dhclient-script.sh
(bsc#1268322, CVE-2026-6893)
* fix(network-legacy): add input validation to RFC 3442 route parser

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2720=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2720=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2720=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2720=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2720=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2720=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2720=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2720=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2720=1

## Package List:

* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* dracut-extra-055+suse.365.g79144c5-150400.3.49.1
* dracut-055+suse.365.g79144c5-150400.3.49.1
* dracut-mkinitrd-deprecated-055+suse.365.g79144c5-150400.3.49.1
* dracut-debuginfo-055+suse.365.g79144c5-150400.3.49.1
* dracut-tools-055+suse.365.g79144c5-150400.3.49.1
* dracut-ima-055+suse.365.g79144c5-150400.3.49.1
* dracut-fips-055+suse.365.g79144c5-150400.3.49.1
* dracut-debugsource-055+suse.365.g79144c5-150400.3.49.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* dracut-debuginfo-055+suse.365.g79144c5-150400.3.49.1
* dracut-055+suse.365.g79144c5-150400.3.49.1
* dracut-mkinitrd-deprecated-055+suse.365.g79144c5-150400.3.49.1
* dracut-fips-055+suse.365.g79144c5-150400.3.49.1
* dracut-ima-055+suse.365.g79144c5-150400.3.49.1
* dracut-debugsource-055+suse.365.g79144c5-150400.3.49.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* dracut-debuginfo-055+suse.365.g79144c5-150400.3.49.1
* dracut-mkinitrd-deprecated-055+suse.365.g79144c5-150400.3.49.1
* dracut-055+suse.365.g79144c5-150400.3.49.1
* dracut-fips-055+suse.365.g79144c5-150400.3.49.1
* dracut-ima-055+suse.365.g79144c5-150400.3.49.1
* dracut-debugsource-055+suse.365.g79144c5-150400.3.49.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* dracut-055+suse.365.g79144c5-150400.3.49.1
* dracut-mkinitrd-deprecated-055+suse.365.g79144c5-150400.3.49.1
* dracut-debuginfo-055+suse.365.g79144c5-150400.3.49.1
* dracut-fips-055+suse.365.g79144c5-150400.3.49.1
* dracut-debugsource-055+suse.365.g79144c5-150400.3.49.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* dracut-055+suse.365.g79144c5-150400.3.49.1
* dracut-mkinitrd-deprecated-055+suse.365.g79144c5-150400.3.49.1
* dracut-debuginfo-055+suse.365.g79144c5-150400.3.49.1
* dracut-fips-055+suse.365.g79144c5-150400.3.49.1
* dracut-debugsource-055+suse.365.g79144c5-150400.3.49.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* dracut-debuginfo-055+suse.365.g79144c5-150400.3.49.1
* dracut-mkinitrd-deprecated-055+suse.365.g79144c5-150400.3.49.1
* dracut-055+suse.365.g79144c5-150400.3.49.1
* dracut-fips-055+suse.365.g79144c5-150400.3.49.1
* dracut-ima-055+suse.365.g79144c5-150400.3.49.1
* dracut-debugsource-055+suse.365.g79144c5-150400.3.49.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* dracut-055+suse.365.g79144c5-150400.3.49.1
* dracut-mkinitrd-deprecated-055+suse.365.g79144c5-150400.3.49.1
* dracut-debuginfo-055+suse.365.g79144c5-150400.3.49.1
* dracut-fips-055+suse.365.g79144c5-150400.3.49.1
* dracut-debugsource-055+suse.365.g79144c5-150400.3.49.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* dracut-055+suse.365.g79144c5-150400.3.49.1
* dracut-mkinitrd-deprecated-055+suse.365.g79144c5-150400.3.49.1
* dracut-debuginfo-055+suse.365.g79144c5-150400.3.49.1
* dracut-fips-055+suse.365.g79144c5-150400.3.49.1
* dracut-debugsource-055+suse.365.g79144c5-150400.3.49.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* dracut-mkinitrd-deprecated-055+suse.365.g79144c5-150400.3.49.1
* dracut-055+suse.365.g79144c5-150400.3.49.1
* dracut-debuginfo-055+suse.365.g79144c5-150400.3.49.1
* dracut-fips-055+suse.365.g79144c5-150400.3.49.1
* dracut-ima-055+suse.365.g79144c5-150400.3.49.1
* dracut-debugsource-055+suse.365.g79144c5-150400.3.49.1

## References:

* https://www.suse.com/security/cve/CVE-2026-6893.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268322