SUSE-SU-2026:2716-1: important: Security update for pacemaker
openSUSE-SU-2026:21176-1: important: Security update for python-pytest-html
openSUSE-SU-2026:21179-1: important: Security update for lrzip
openSUSE-SU-2026:21175-1: moderate: Security update for python-zeroconf
openSUSE-SU-2026:11159-1: moderate: python311-jupyter-server-2.20.0-1.1 on GA media
openSUSE-SU-2026:11157-1: moderate: perl-CSS-Minifier-XS-0.140.0-1.1 on GA media
openSUSE-SU-2026:11158-1: moderate: perl-JavaScript-Minifier-XS-0.160.0-1.1 on GA media
openSUSE-SU-2026:11154-1: moderate: hauler-2.0.1-1.1 on GA media
openSUSE-SU-2026:0224-1: important: Security update for cadvisor
SUSE-SU-2026:2721-1: important: Security update for dracut
SUSE-SU-2026:2720-1: important: Security update for dracut
SUSE-SU-2026:2716-1: important: Security update for pacemaker
# Security update for pacemaker
Announcement ID: SUSE-SU-2026:2716-1
Release Date: 2026-06-30T15:34:32Z
Rating: important
References:
* bsc#1268381
Cross-References:
* CVE-2026-10649
CVSS scores:
* CVE-2026-10649 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-10649 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-10649 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Availability Extension 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves one vulnerability can now be installed.
## Description:
This update for pacemaker fixes the following issue
* CVE-2026-10649: denial of service via integer overflow in remote message
decompression (bsc#1268381).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise High Availability Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-2716=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2716=1
## Package List:
* SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le
s390x x86_64)
* pacemaker-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-debugsource-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-debuginfo-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-cli-debuginfo-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-devel-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-cli-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-libs-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-libs-debuginfo-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-remote-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-remote-debuginfo-2.1.7+20231219.0f7f88312-150600.6.15.1
* SUSE Linux Enterprise High Availability Extension 15 SP6 (noarch)
* pacemaker-schemas-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-cts-2.1.7+20231219.0f7f88312-150600.6.15.1
* python3-pacemaker-2.1.7+20231219.0f7f88312-150600.6.15.1
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* pacemaker-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-debugsource-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-devel-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-cli-debuginfo-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-debuginfo-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-cli-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-libs-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-libs-debuginfo-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-remote-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-remote-debuginfo-2.1.7+20231219.0f7f88312-150600.6.15.1
* openSUSE Leap 15.6 (noarch)
* pacemaker-schemas-2.1.7+20231219.0f7f88312-150600.6.15.1
* pacemaker-cts-2.1.7+20231219.0f7f88312-150600.6.15.1
* python3-pacemaker-2.1.7+20231219.0f7f88312-150600.6.15.1
## References:
* https://www.suse.com/security/cve/CVE-2026-10649.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268381
openSUSE-SU-2026:21176-1: important: Security update for python-pytest-html
openSUSE security update: security update for python-pytest-html
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21176-1
Rating: important
References:
* bsc#1268818
* bsc#1269361
Cross-References:
* CVE-2026-13311
* CVE-2026-53550
CVSS scores:
* CVE-2026-13311 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-13311 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-53550 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-53550 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.
Description:
This update for python-pytest-html fixes the following issues:
Changes in python-pytest-html:
- Revendor updating shell-quote and js-yaml deps:
- CVE-2026-13311: shell-quote: inefficient input parsing can lead to a
denial of service (bsc#1269361)
- CVE-2026-53550: js-yaml: quadratic complexity when processing a
crafted YAML document can lead to CPU exhaustion (bsc#1268818)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-packagehub-371=1
Package List:
- openSUSE Leap 16.0:
python313-pytest-html-4.1.1-bp160.3.1
References:
* https://www.suse.com/security/cve/CVE-2026-13311.html
* https://www.suse.com/security/cve/CVE-2026-53550.html
openSUSE-SU-2026:21179-1: important: Security update for lrzip
openSUSE security update: security update for lrzip
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21179-1
Rating: important
References:
* bsc#1248598
* bsc#1258016
* bsc#1258023
Cross-References:
* CVE-2025-15570
* CVE-2025-15571
* CVE-2025-9396
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.
Description:
This update for lrzip fixes the following issues:
Changes in lrzip:
- Update to version 0.660:
* Do not clean up thread structures in decompression failure
conditions, fixing a use-after-free in lzma_decompress_buf() and a
NULL pointer dereference in ucompthread() on corrupt/malicious
archives (CVE-2025-15570, boo#1258016; CVE-2025-15571, boo#1258023)
* Handle -L given without a parameter, fixing a NULL pointer
dereference (CVE-2025-9396, boo#1248598)
* Add write bounds checking in libzpaq and sanity checks for
maliciously encoded headers and oversized allocations
* Various STDIO, portability and build fixes (OpenBSD support,
non-x86 zpaq, autoconf warnings); drop Doxygen doc build
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-packagehub-374=1
Package List:
- openSUSE Leap 16.0:
lrzip-0.660-bp160.1.1
References:
* https://www.suse.com/security/cve/CVE-2025-15570.html
* https://www.suse.com/security/cve/CVE-2025-15571.html
* https://www.suse.com/security/cve/CVE-2025-9396.html
openSUSE-SU-2026:21175-1: moderate: Security update for python-zeroconf
openSUSE security update: security update for python-zeroconf
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21175-1
Rating: moderate
References:
* bsc#1268235
* bsc#1268341
* bsc#1268342
* bsc#1268343
* bsc#1268388
Cross-References:
* CVE-2026-47180
* CVE-2026-47183
* CVE-2026-47184
* CVE-2026-48045
* CVE-2026-48487
CVSS scores:
* CVE-2026-47180 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-47183 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-47184 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed.
Description:
This update for python-zeroconf fixes the following issues:
Changes in python-zeroconf:
- CVE-2026-47180: zeroconf has unbounded recursion in DNS
compression-pointer decoder that allows LAN-local denial of service
(bsc#1268341)
- CVE-2026-47183: zeroconf: Unbounded exception-dedup state retains
packet buffers via traceback frame locals, enabling LAN-local memory
exhaustion (bsc#1268342)
- CVE-2026-47184: zeroconf has unbounded DNS record cache that allows
LAN-local memory exhaustion via multicast flood (bsc#1268343)
- CVE-2026-48045: python-zeroconf: Unbounded TC-deferred queue allows
LAN-local memory exhaustion via spoofed-source flood (bsc#1268388)
- CVE-2026-48487: python-zeroconf: Unvalidated rdlength in record
payload readers allows LAN-local cache corruption via crafted mDNS
packet (bsc#1268235)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-packagehub-370=1
Package List:
- openSUSE Leap 16.0:
python313-zeroconf-0.136.0-bp160.2.1
References:
* https://www.suse.com/security/cve/CVE-2026-47180.html
* https://www.suse.com/security/cve/CVE-2026-47183.html
* https://www.suse.com/security/cve/CVE-2026-47184.html
* https://www.suse.com/security/cve/CVE-2026-48045.html
* https://www.suse.com/security/cve/CVE-2026-48487.html
openSUSE-SU-2026:11159-1: moderate: python311-jupyter-server-2.20.0-1.1 on GA media
# python311-jupyter-server-2.20.0-1.1 on GA media
Announcement ID: openSUSE-SU-2026:11159-1
Rating: moderate
Cross-References:
* CVE-2026-44727
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the python311-jupyter-server-2.20.0-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* python311-jupyter-server 2.20.0-1.1
* python311-jupyter-server-test 2.20.0-1.1
* python313-jupyter-server 2.20.0-1.1
* python313-jupyter-server-test 2.20.0-1.1
* python314-jupyter-server 2.20.0-1.1
* python314-jupyter-server-test 2.20.0-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-44727.html
openSUSE-SU-2026:11157-1: moderate: perl-CSS-Minifier-XS-0.140.0-1.1 on GA media
# perl-CSS-Minifier-XS-0.140.0-1.1 on GA media
Announcement ID: openSUSE-SU-2026:11157-1
Rating: moderate
Cross-References:
* CVE-2026-13593
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the perl-CSS-Minifier-XS-0.140.0-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* perl-CSS-Minifier-XS 0.140.0-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-13593.html
openSUSE-SU-2026:11158-1: moderate: perl-JavaScript-Minifier-XS-0.160.0-1.1 on GA media
# perl-JavaScript-Minifier-XS-0.160.0-1.1 on GA media
Announcement ID: openSUSE-SU-2026:11158-1
Rating: moderate
Cross-References:
* CVE-2026-56017
* CVE-2026-56018
CVSS scores:
* CVE-2026-56017 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-56017 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-56018 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-56018 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 2 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the perl-JavaScript-Minifier-XS-0.160.0-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* perl-JavaScript-Minifier-XS 0.160.0-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-56017.html
* https://www.suse.com/security/cve/CVE-2026-56018.html
openSUSE-SU-2026:11154-1: moderate: hauler-2.0.1-1.1 on GA media
# hauler-2.0.1-1.1 on GA media
Announcement ID: openSUSE-SU-2026:11154-1
Rating: moderate
Cross-References:
* CVE-2026-48702
CVSS scores:
* CVE-2026-48702 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-48702 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the hauler-2.0.1-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* hauler 2.0.1-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-48702.html
openSUSE-SU-2026:0224-1: important: Security update for cadvisor
openSUSE Security Update: Security update for cadvisor
_______________________________
Announcement ID: openSUSE-SU-2026:0224-1
Rating: important
References: #1257429 #1260305 #1266645 #1267788
Cross-References: CVE-2024-45310 CVE-2026-10722 CVE-2026-33186
CVE-2026-39821
CVSS scores:
CVE-2024-45310 (SUSE): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
CVE-2026-10722 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVE-2026-33186 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CVE-2026-39821 (SUSE): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for cadvisor fixes the following issues:
- CVE-2026-39821: Update golang.org/x/net/idna reference (boo#1266645).
- CVE-2026-33186: Update google.golang.org/grpc reference (boo#1260305).
- CVE-2024-45310: Update github.com/opencontainers/runc/libcontainer/utils
reference (boo#1257429).
- CVE-2026-10722: Update github.com/cilium/ebpf reference (boo#1267788).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-224=1
Package List:
- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):
cadvisor-0.60.3-bp157.2.3.1
References:
https://www.suse.com/security/cve/CVE-2024-45310.html
https://www.suse.com/security/cve/CVE-2026-10722.html
https://www.suse.com/security/cve/CVE-2026-33186.html
https://www.suse.com/security/cve/CVE-2026-39821.html
https://bugzilla.suse.com/1257429
https://bugzilla.suse.com/1260305
https://bugzilla.suse.com/1266645
https://bugzilla.suse.com/1267788
SUSE-SU-2026:2721-1: important: Security update for dracut
# Security update for dracut
Announcement ID: SUSE-SU-2026:2721-1
Release Date: 2026-07-01T13:15:53Z
Rating: important
References:
* bsc#1268322
Cross-References:
* CVE-2026-6893
CVSS scores:
* CVE-2026-6893 ( SUSE ): 8.7
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-6893 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves one vulnerability can now be installed.
## Description:
This update for dracut fixes the following issue
* CVE-2026-6893: Root code execution via DHCP options command injection
(bsc#1268322).
Changes for dracut:
* Update to version 055+suse.402.g2720eea:
* fix(network-legacy): sanitize DHCP values in dhclient-script.sh
(bsc#1268322, CVE-2026-6893)
* fix(network-legacy): add input validation to RFC 3442 route parser
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2721=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2721=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-2721=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2721=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2721=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2721=1
## Package List:
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* dracut-fips-055+suse.402.g2720eea-150500.3.41.1
* dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1
* dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1
* dracut-mkinitrd-deprecated-055+suse.402.g2720eea-150500.3.41.1
* dracut-055+suse.402.g2720eea-150500.3.41.1
* dracut-ima-055+suse.402.g2720eea-150500.3.41.1
* openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64)
* dracut-fips-055+suse.402.g2720eea-150500.3.41.1
* dracut-tools-055+suse.402.g2720eea-150500.3.41.1
* dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1
* dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1
* dracut-mkinitrd-deprecated-055+suse.402.g2720eea-150500.3.41.1
* dracut-055+suse.402.g2720eea-150500.3.41.1
* dracut-ima-055+suse.402.g2720eea-150500.3.41.1
* dracut-extra-055+suse.402.g2720eea-150500.3.41.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* dracut-fips-055+suse.402.g2720eea-150500.3.41.1
* dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1
* dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1
* dracut-mkinitrd-deprecated-055+suse.402.g2720eea-150500.3.41.1
* dracut-055+suse.402.g2720eea-150500.3.41.1
* dracut-ima-055+suse.402.g2720eea-150500.3.41.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1
* dracut-fips-055+suse.402.g2720eea-150500.3.41.1
* dracut-055+suse.402.g2720eea-150500.3.41.1
* dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* dracut-fips-055+suse.402.g2720eea-150500.3.41.1
* dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1
* dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1
* dracut-mkinitrd-deprecated-055+suse.402.g2720eea-150500.3.41.1
* dracut-055+suse.402.g2720eea-150500.3.41.1
* dracut-ima-055+suse.402.g2720eea-150500.3.41.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* dracut-fips-055+suse.402.g2720eea-150500.3.41.1
* dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1
* dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1
* dracut-mkinitrd-deprecated-055+suse.402.g2720eea-150500.3.41.1
* dracut-055+suse.402.g2720eea-150500.3.41.1
* dracut-ima-055+suse.402.g2720eea-150500.3.41.1
## References:
* https://www.suse.com/security/cve/CVE-2026-6893.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268322
SUSE-SU-2026:2720-1: important: Security update for dracut
# Security update for dracut
Announcement ID: SUSE-SU-2026:2720-1
Release Date: 2026-07-01T13:15:19Z
Rating: important
References:
* bsc#1268322
Cross-References:
* CVE-2026-6893
CVSS scores:
* CVE-2026-6893 ( SUSE ): 8.7
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-6893 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves one vulnerability can now be installed.
## Description:
This update for dracut fixes the following issue
* CVE-2026-6893: Root code execution via DHCP options command injection
(bsc#1268322).
Changes for dracut:
* Update to version 055+suse.365.g79144c5:
* fix(network-legacy): sanitize DHCP values in dhclient-script.sh
(bsc#1268322, CVE-2026-6893)
* fix(network-legacy): add input validation to RFC 3442 route parser
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2720=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2720=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2720=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2720=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2720=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2720=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2720=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2720=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2720=1
## Package List:
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* dracut-extra-055+suse.365.g79144c5-150400.3.49.1
* dracut-055+suse.365.g79144c5-150400.3.49.1
* dracut-mkinitrd-deprecated-055+suse.365.g79144c5-150400.3.49.1
* dracut-debuginfo-055+suse.365.g79144c5-150400.3.49.1
* dracut-tools-055+suse.365.g79144c5-150400.3.49.1
* dracut-ima-055+suse.365.g79144c5-150400.3.49.1
* dracut-fips-055+suse.365.g79144c5-150400.3.49.1
* dracut-debugsource-055+suse.365.g79144c5-150400.3.49.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* dracut-debuginfo-055+suse.365.g79144c5-150400.3.49.1
* dracut-055+suse.365.g79144c5-150400.3.49.1
* dracut-mkinitrd-deprecated-055+suse.365.g79144c5-150400.3.49.1
* dracut-fips-055+suse.365.g79144c5-150400.3.49.1
* dracut-ima-055+suse.365.g79144c5-150400.3.49.1
* dracut-debugsource-055+suse.365.g79144c5-150400.3.49.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* dracut-debuginfo-055+suse.365.g79144c5-150400.3.49.1
* dracut-mkinitrd-deprecated-055+suse.365.g79144c5-150400.3.49.1
* dracut-055+suse.365.g79144c5-150400.3.49.1
* dracut-fips-055+suse.365.g79144c5-150400.3.49.1
* dracut-ima-055+suse.365.g79144c5-150400.3.49.1
* dracut-debugsource-055+suse.365.g79144c5-150400.3.49.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* dracut-055+suse.365.g79144c5-150400.3.49.1
* dracut-mkinitrd-deprecated-055+suse.365.g79144c5-150400.3.49.1
* dracut-debuginfo-055+suse.365.g79144c5-150400.3.49.1
* dracut-fips-055+suse.365.g79144c5-150400.3.49.1
* dracut-debugsource-055+suse.365.g79144c5-150400.3.49.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* dracut-055+suse.365.g79144c5-150400.3.49.1
* dracut-mkinitrd-deprecated-055+suse.365.g79144c5-150400.3.49.1
* dracut-debuginfo-055+suse.365.g79144c5-150400.3.49.1
* dracut-fips-055+suse.365.g79144c5-150400.3.49.1
* dracut-debugsource-055+suse.365.g79144c5-150400.3.49.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* dracut-debuginfo-055+suse.365.g79144c5-150400.3.49.1
* dracut-mkinitrd-deprecated-055+suse.365.g79144c5-150400.3.49.1
* dracut-055+suse.365.g79144c5-150400.3.49.1
* dracut-fips-055+suse.365.g79144c5-150400.3.49.1
* dracut-ima-055+suse.365.g79144c5-150400.3.49.1
* dracut-debugsource-055+suse.365.g79144c5-150400.3.49.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* dracut-055+suse.365.g79144c5-150400.3.49.1
* dracut-mkinitrd-deprecated-055+suse.365.g79144c5-150400.3.49.1
* dracut-debuginfo-055+suse.365.g79144c5-150400.3.49.1
* dracut-fips-055+suse.365.g79144c5-150400.3.49.1
* dracut-debugsource-055+suse.365.g79144c5-150400.3.49.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* dracut-055+suse.365.g79144c5-150400.3.49.1
* dracut-mkinitrd-deprecated-055+suse.365.g79144c5-150400.3.49.1
* dracut-debuginfo-055+suse.365.g79144c5-150400.3.49.1
* dracut-fips-055+suse.365.g79144c5-150400.3.49.1
* dracut-debugsource-055+suse.365.g79144c5-150400.3.49.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* dracut-mkinitrd-deprecated-055+suse.365.g79144c5-150400.3.49.1
* dracut-055+suse.365.g79144c5-150400.3.49.1
* dracut-debuginfo-055+suse.365.g79144c5-150400.3.49.1
* dracut-fips-055+suse.365.g79144c5-150400.3.49.1
* dracut-ima-055+suse.365.g79144c5-150400.3.49.1
* dracut-debugsource-055+suse.365.g79144c5-150400.3.49.1
## References:
* https://www.suse.com/security/cve/CVE-2026-6893.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268322