Podman, Poppler, Tomcat, and more updates for SUSE Linux

SUSE 5531 Published by

There are several updates available for SUSE Linux, including security patches for popular packages like podman, poppler, and tomcat. Additionally, there are multiple openSUSE updates listed, covering a range of applications such as gpg2, curl, squid, apache2, hawk2, python311-urllib3, and more. These updates address various security concerns, with some classified as important or moderate in severity.

SUSE-SU-2026:0125-1: moderate: Security update for podman
SUSE-SU-2026:0126-1: low: Security update for poppler
openSUSE-SU-2026:20034-1: important: Security update for tomcat
openSUSE-SU-2026:20029-1: important: Security update for gpg2
openSUSE-SU-2026:20031-1: moderate: Security update for curl
openSUSE-SU-2026:20027-1: important: Security update for squid
openSUSE-SU-2026:20030-1: moderate: Security update for apache2
openSUSE-SU-2026:20025-1: important: Security update for hawk2
openSUSE-SU-2026:10049-1: moderate: python311-urllib3-2.6.3-1.1 on GA media
openSUSE-SU-2026:10048-1: moderate: openCryptoki-3.26.0-3.1 on GA media
openSUSE-SU-2026:10050-1: moderate: rke2-1.34-1.34.3+rke2r1-1.1 on GA media
openSUSE-SU-2026:10047-1: moderate: libcryptopp-devel-8.9.0-6.1 on GA media
openSUSE-SU-2026:10046-1: moderate: MozillaFirefox-147.0-1.1 on GA media
SUSE-SU-2026:0130-1: moderate: Security update for python310



SUSE-SU-2026:0125-1: moderate: Security update for podman


# Security update for podman

Announcement ID: SUSE-SU-2026:0125-1
Release Date: 2026-01-14T16:57:38Z
Rating: moderate
References:

* bsc#1253993

Cross-References:

* CVE-2025-47914

CVSS scores:

* CVE-2025-47914 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-47914 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-47914 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves one vulnerability can now be installed.

## Description:

This update for podman fixes the following issues:

* CVE-2025-47914: Fixed ssh-agent that could cause a panic due to an out-of-
bounds read with non validated message size (bsc#1253993)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-125=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-125=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-125=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-125=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-125=1

## Package List:

* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* podman-4.9.5-150400.4.65.2
* podman-remote-4.9.5-150400.4.65.2
* podman-debuginfo-4.9.5-150400.4.65.2
* podman-remote-debuginfo-4.9.5-150400.4.65.2
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* podman-4.9.5-150400.4.65.2
* podman-remote-4.9.5-150400.4.65.2
* podman-debuginfo-4.9.5-150400.4.65.2
* podman-remote-debuginfo-4.9.5-150400.4.65.2
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* podman-remote-debuginfo-4.9.5-150400.4.65.2
* podman-debuginfo-4.9.5-150400.4.65.2
* podman-remote-4.9.5-150400.4.65.2
* podman-4.9.5-150400.4.65.2
* podmansh-4.9.5-150400.4.65.2
* openSUSE Leap 15.4 (noarch)
* podman-docker-4.9.5-150400.4.65.2
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* podman-4.9.5-150400.4.65.2
* podman-remote-4.9.5-150400.4.65.2
* podman-debuginfo-4.9.5-150400.4.65.2
* podman-remote-debuginfo-4.9.5-150400.4.65.2
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* podman-4.9.5-150400.4.65.2
* podman-remote-4.9.5-150400.4.65.2
* podman-debuginfo-4.9.5-150400.4.65.2
* podman-remote-debuginfo-4.9.5-150400.4.65.2

## References:

* https://www.suse.com/security/cve/CVE-2025-47914.html
* https://bugzilla.suse.com/show_bug.cgi?id=1253993



SUSE-SU-2026:0126-1: low: Security update for poppler


# Security update for poppler

Announcement ID: SUSE-SU-2026:0126-1
Release Date: 2026-01-14T16:57:49Z
Rating: low
References:

* bsc#1252337

Cross-References:

* CVE-2025-11896

CVSS scores:

* CVE-2025-11896 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-11896 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-11896 ( NVD ): 2.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.4

An update that solves one vulnerability can now be installed.

## Description:

This update for poppler fixes the following issues:

* CVE-2025-11896: Fixed infinite recursion leading to stack overflow due to
object loop in PDF CMap (bsc#1252337)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-126=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* poppler-qt5-debugsource-22.01.0-150400.3.44.1
* libpoppler-cpp0-22.01.0-150400.3.44.1
* libpoppler117-debuginfo-22.01.0-150400.3.44.1
* libpoppler-qt5-devel-22.01.0-150400.3.44.1
* libpoppler-qt6-3-22.01.0-150400.3.44.1
* libpoppler-qt6-3-debuginfo-22.01.0-150400.3.44.1
* libpoppler-qt5-1-22.01.0-150400.3.44.1
* libpoppler-qt6-devel-22.01.0-150400.3.44.1
* poppler-debugsource-22.01.0-150400.3.44.1
* libpoppler-qt5-1-debuginfo-22.01.0-150400.3.44.1
* libpoppler-glib8-22.01.0-150400.3.44.1
* poppler-tools-debuginfo-22.01.0-150400.3.44.1
* typelib-1_0-Poppler-0_18-22.01.0-150400.3.44.1
* poppler-qt6-debugsource-22.01.0-150400.3.44.1
* poppler-tools-22.01.0-150400.3.44.1
* libpoppler-cpp0-debuginfo-22.01.0-150400.3.44.1
* libpoppler-glib8-debuginfo-22.01.0-150400.3.44.1
* libpoppler-devel-22.01.0-150400.3.44.1
* libpoppler117-22.01.0-150400.3.44.1
* libpoppler-glib-devel-22.01.0-150400.3.44.1
* openSUSE Leap 15.4 (x86_64)
* libpoppler-glib8-32bit-22.01.0-150400.3.44.1
* libpoppler-qt5-1-32bit-debuginfo-22.01.0-150400.3.44.1
* libpoppler-cpp0-32bit-22.01.0-150400.3.44.1
* libpoppler-qt5-1-32bit-22.01.0-150400.3.44.1
* libpoppler117-32bit-debuginfo-22.01.0-150400.3.44.1
* libpoppler117-32bit-22.01.0-150400.3.44.1
* libpoppler-glib8-32bit-debuginfo-22.01.0-150400.3.44.1
* libpoppler-cpp0-32bit-debuginfo-22.01.0-150400.3.44.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libpoppler-cpp0-64bit-debuginfo-22.01.0-150400.3.44.1
* libpoppler-glib8-64bit-debuginfo-22.01.0-150400.3.44.1
* libpoppler-glib8-64bit-22.01.0-150400.3.44.1
* libpoppler-qt5-1-64bit-22.01.0-150400.3.44.1
* libpoppler-qt5-1-64bit-debuginfo-22.01.0-150400.3.44.1
* libpoppler-cpp0-64bit-22.01.0-150400.3.44.1
* libpoppler117-64bit-22.01.0-150400.3.44.1
* libpoppler117-64bit-debuginfo-22.01.0-150400.3.44.1

## References:

* https://www.suse.com/security/cve/CVE-2025-11896.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252337



openSUSE-SU-2026:20034-1: important: Security update for tomcat


openSUSE security update: security update for tomcat
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20034-1
Rating: important
References:

* bsc#1252753
* bsc#1252756
* bsc#1252905

Cross-References:

* CVE-2025-55752
* CVE-2025-55754
* CVE-2025-61795

CVSS scores:

* CVE-2025-55752 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-55752 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-55754 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-55754 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-61795 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61795 ( SUSE ): 6 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.

Description:

This update for tomcat fixes the following issues:

- Update to Tomcat 9.0.111
- Security fixes:
- CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).
- CVE-2025-55754: improper neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat
(bsc#1252905).
- CVE-2025-61795: temporary copies during the processing of multipart upload can lead to a denial of service
(bsc#1252756).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-143=1

Package List:

- openSUSE Leap 16.0:

tomcat-9.0.111-160000.1.1
tomcat-admin-webapps-9.0.111-160000.1.1
tomcat-docs-webapp-9.0.111-160000.1.1
tomcat-el-3_0-api-9.0.111-160000.1.1
tomcat-embed-9.0.111-160000.1.1
tomcat-javadoc-9.0.111-160000.1.1
tomcat-jsp-2_3-api-9.0.111-160000.1.1
tomcat-jsvc-9.0.111-160000.1.1
tomcat-lib-9.0.111-160000.1.1
tomcat-servlet-4_0-api-9.0.111-160000.1.1
tomcat-webapps-9.0.111-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-55752.html
* https://www.suse.com/security/cve/CVE-2025-55754.html
* https://www.suse.com/security/cve/CVE-2025-61795.html



openSUSE-SU-2026:20029-1: important: Security update for gpg2


openSUSE security update: security update for gpg2
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20029-1
Rating: important
References:

* bsc#1255715
* bsc#1256244
* bsc#1256246
* bsc#1256390

Cross-References:

* CVE-2025-68973

CVSS scores:

* CVE-2025-68973 ( SUSE ): 8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has 4 bug fixes can now be installed.

Description:

This update for gpg2 fixes the following issues:

- CVE-2025-68973: out-of-bounds write when processing specially crafted input in the armor parser can lead to memory corruption (bsc#1255715).

Other security fixes:

- gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures (bsc#1256246).
- gpg: Error out on unverified output for non-detached signatures (bsc#1256244).
- gpg: Deprecate the option --not-dash-escaped (bsc#1256390).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-138=1

Package List:

- openSUSE Leap 16.0:

dirmngr-2.5.5-160000.3.1
gpg2-2.5.5-160000.3.1
gpg2-lang-2.5.5-160000.3.1
gpg2-tpm-2.5.5-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-68973.html



openSUSE-SU-2026:20031-1: moderate: Security update for curl


openSUSE security update: security update for curl
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20031-1
Rating: moderate
References:

* bsc#1255731
* bsc#1255732
* bsc#1255733
* bsc#1255734
* bsc#1256105

Cross-References:

* CVE-2025-14017
* CVE-2025-14524
* CVE-2025-14819
* CVE-2025-15079
* CVE-2025-15224

CVSS scores:

* CVE-2025-14017 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2025-14017 ( SUSE ): 7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-14524 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-14524 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-14819 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-14819 ( SUSE ): 6 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-15079 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-15079 ( SUSE ): 6 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-15224 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2025-15224 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed.

Description:

This update for curl fixes the following issues:

This update for curl fixes the following issues:

- CVE-2025-14017: broken TLS options for threaded LDAPS (bsc#1256105).
- CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
- CVE-2025-14819: libssh global knownhost override (bsc#1255732).
- CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733).
- CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-140=1

Package List:

- openSUSE Leap 16.0:

curl-8.14.1-160000.4.1
curl-fish-completion-8.14.1-160000.4.1
curl-zsh-completion-8.14.1-160000.4.1
libcurl-devel-8.14.1-160000.4.1
libcurl-devel-doc-8.14.1-160000.4.1
libcurl4-8.14.1-160000.4.1

References:

* https://www.suse.com/security/cve/CVE-2025-14017.html
* https://www.suse.com/security/cve/CVE-2025-14524.html
* https://www.suse.com/security/cve/CVE-2025-14819.html
* https://www.suse.com/security/cve/CVE-2025-15079.html
* https://www.suse.com/security/cve/CVE-2025-15224.html



openSUSE-SU-2026:20027-1: important: Security update for squid


openSUSE security update: security update for squid
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20027-1
Rating: important
References:

* bsc#1250627
* bsc#1252281

Cross-References:

* CVE-2025-59362
* CVE-2025-62168

CVSS scores:

* CVE-2025-59362 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-59362 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-62168 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-62168 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for squid fixes the following issues:

- CVE-2025-62168: failure to redact HTTP authentication credentials in error handling leads to the disclosure of credentials a trusted client uses to authenticate (bsc#1252281).
- CVE-2025-59362: SNMP message processing component of Squid Cache can lead to stack-based buffer overflow (bsc#1250627).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-136=1

Package List:

- openSUSE Leap 16.0:

squid-6.12-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-59362.html
* https://www.suse.com/security/cve/CVE-2025-62168.html



openSUSE-SU-2026:20030-1: moderate: Security update for apache2


openSUSE security update: security update for apache2
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20030-1
Rating: moderate
References:

* bsc#1254511
* bsc#1254512
* bsc#1254514
* bsc#1254515

Cross-References:

* CVE-2025-55753
* CVE-2025-58098
* CVE-2025-65082
* CVE-2025-66200

CVSS scores:

* CVE-2025-55753 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-55753 ( SUSE ): 6 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-58098 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-58098 ( SUSE ): 6 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-65082 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-65082 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-66200 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-66200 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 4 vulnerabilities and has 4 bug fixes can now be installed.

Description:

This update for apache2 fixes the following issues:

- CVE-2025-55753: Fixed mod_md (ACME), unintended retry intervals (bsc#1254511)
- CVE-2025-58098: Fixed Server Side Includes adds query string to #exec cmd (bsc#1254512)
- CVE-2025-65082: Fixed CGI environment variable override (bsc#1254514)
- CVE-2025-66200: Fixed mod_userdir+suexec bypass via AllowOverride FileInfo (bsc#1254515)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-139=1

Package List:

- openSUSE Leap 16.0:

apache2-2.4.63-160000.3.1
apache2-devel-2.4.63-160000.3.1
apache2-event-2.4.63-160000.3.1
apache2-manual-2.4.63-160000.3.1
apache2-prefork-2.4.63-160000.3.1
apache2-utils-2.4.63-160000.3.1
apache2-worker-2.4.63-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-55753.html
* https://www.suse.com/security/cve/CVE-2025-58098.html
* https://www.suse.com/security/cve/CVE-2025-65082.html
* https://www.suse.com/security/cve/CVE-2025-66200.html



openSUSE-SU-2026:20025-1: important: Security update for hawk2


openSUSE security update: security update for hawk2
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20025-1
Rating: important
References:

* bsc#1230275
* bsc#1247899
* bsc#1248100
* bsc#1251939

Cross-References:

* CVE-2025-55193
* CVE-2025-61919

CVSS scores:

* CVE-2025-55193 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-55193 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-61919 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61919 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 4 bug fixes can now be installed.

Description:

This update for hawk2 fixes the following issues:

- Bump ruby gem rack to 3.1.18 (bsc#1251939).
- Bump ruby gem uri to 1.0.4.
- Fix the mtime in manifest.json (bsc#1230275).
- Make builds determinitstic (bsc#1230275).
- Bump rails version from 8.0.2 to 8.0.2.1 (bsc#1248100).
- Require openssl explicitly (bsc#1247899).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-134=1

Package List:

- openSUSE Leap 16.0:

hawk2-2.7.0+git.1742310530.bfcd0e2c-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-55193.html
* https://www.suse.com/security/cve/CVE-2025-61919.html



openSUSE-SU-2026:10049-1: moderate: python311-urllib3-2.6.3-1.1 on GA media


# python311-urllib3-2.6.3-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10049-1
Rating: moderate

Cross-References:

* CVE-2026-21441

CVSS scores:

* CVE-2026-21441 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-21441 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-urllib3-2.6.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-urllib3 2.6.3-1.1
* python312-urllib3 2.6.3-1.1
* python313-urllib3 2.6.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-21441.html



openSUSE-SU-2026:10048-1: moderate: openCryptoki-3.26.0-3.1 on GA media


# openCryptoki-3.26.0-3.1 on GA media

Announcement ID: openSUSE-SU-2026:10048-1
Rating: moderate

Cross-References:

* CVE-2026-22791

CVSS scores:

* CVE-2026-22791 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-22791 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the openCryptoki-3.26.0-3.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* openCryptoki 3.26.0-3.1
* openCryptoki-64bit 3.26.0-3.1
* openCryptoki-devel 3.26.0-3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-22791.html



openSUSE-SU-2026:10050-1: moderate: rke2-1.34-1.34.3+rke2r1-1.1 on GA media


# rke2-1.34-1.34.3+rke2r1-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10050-1
Rating: moderate

Cross-References:

* CVE-2025-1974

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the rke2-1.34-1.34.3+rke2r1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* rke2-1.34 1.34.3+rke2r1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-1974.html



openSUSE-SU-2026:10047-1: moderate: libcryptopp-devel-8.9.0-6.1 on GA media


# libcryptopp-devel-8.9.0-6.1 on GA media

Announcement ID: openSUSE-SU-2026:10047-1
Rating: moderate

Cross-References:

* CVE-2023-50979

CVSS scores:

* CVE-2023-50979 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libcryptopp-devel-8.9.0-6.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libcryptopp-devel 8.9.0-6.1
* libcryptopp8_9_0 8.9.0-6.1

## References:

* https://www.suse.com/security/cve/CVE-2023-50979.html



openSUSE-SU-2026:10046-1: moderate: MozillaFirefox-147.0-1.1 on GA media


# MozillaFirefox-147.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10046-1
Rating: moderate

Cross-References:

* CVE-2026-0877
* CVE-2026-0878
* CVE-2026-0879
* CVE-2026-0880
* CVE-2026-0881
* CVE-2026-0882
* CVE-2026-0883
* CVE-2026-0884
* CVE-2026-0885
* CVE-2026-0886
* CVE-2026-0887
* CVE-2026-0888
* CVE-2026-0889
* CVE-2026-0890
* CVE-2026-0891
* CVE-2026-0892

Affected Products:

* openSUSE Tumbleweed

An update that solves 16 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the MozillaFirefox-147.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* MozillaFirefox 147.0-1.1
* MozillaFirefox-branding-upstream 147.0-1.1
* MozillaFirefox-devel 147.0-1.1
* MozillaFirefox-translations-common 147.0-1.1
* MozillaFirefox-translations-other 147.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-0877.html
* https://www.suse.com/security/cve/CVE-2026-0878.html
* https://www.suse.com/security/cve/CVE-2026-0879.html
* https://www.suse.com/security/cve/CVE-2026-0880.html
* https://www.suse.com/security/cve/CVE-2026-0881.html
* https://www.suse.com/security/cve/CVE-2026-0882.html
* https://www.suse.com/security/cve/CVE-2026-0883.html
* https://www.suse.com/security/cve/CVE-2026-0884.html
* https://www.suse.com/security/cve/CVE-2026-0885.html
* https://www.suse.com/security/cve/CVE-2026-0886.html
* https://www.suse.com/security/cve/CVE-2026-0887.html
* https://www.suse.com/security/cve/CVE-2026-0888.html
* https://www.suse.com/security/cve/CVE-2026-0889.html
* https://www.suse.com/security/cve/CVE-2026-0890.html
* https://www.suse.com/security/cve/CVE-2026-0891.html
* https://www.suse.com/security/cve/CVE-2026-0892.html



SUSE-SU-2026:0130-1: moderate: Security update for python310


# Security update for python310

Announcement ID: SUSE-SU-2026:0130-1
Release Date: 2026-01-15T13:11:13Z
Rating: moderate
References:

* bsc#1254400
* bsc#1254401
* bsc#1254997

Cross-References:

* CVE-2025-12084
* CVE-2025-13836
* CVE-2025-13837

CVSS scores:

* CVE-2025-12084 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-12084 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-12084 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-12084 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-13836 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13836 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-13836 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13836 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-13837 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13837 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-13837 ( NVD ): 2.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for python310 fixes the following issues:

* CVE-2025-12084: quadratic complexity when building nested elements using
`xml.dom.minidom` methods that depend on `_clear_id_cache()` can lead to
availability issues when building excessively nested documents
(bsc#1254997).
* CVE-2025-13836: use of `Content-Length` by default when reading an HTTP
response with no read amount specified can lead to OOM issues and DoS when a
client deals with a malicious server (bsc#1254400).
* CVE-2025-13837: data read by the plistlib module according to the size
specified by the file itself can lead to OOM issues and DoS (bsc#1254401).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-130=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-130=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python310-base-debuginfo-3.10.19-150400.4.94.1
* python310-curses-3.10.19-150400.4.94.1
* python310-debugsource-3.10.19-150400.4.94.1
* python310-base-3.10.19-150400.4.94.1
* python310-testsuite-3.10.19-150400.4.94.1
* python310-tk-debuginfo-3.10.19-150400.4.94.1
* python310-doc-devhelp-3.10.19-150400.4.94.1
* python310-curses-debuginfo-3.10.19-150400.4.94.1
* python310-testsuite-debuginfo-3.10.19-150400.4.94.1
* python310-3.10.19-150400.4.94.1
* python310-doc-3.10.19-150400.4.94.1
* libpython3_10-1_0-debuginfo-3.10.19-150400.4.94.1
* python310-dbm-debuginfo-3.10.19-150400.4.94.1
* python310-tk-3.10.19-150400.4.94.1
* python310-idle-3.10.19-150400.4.94.1
* python310-devel-3.10.19-150400.4.94.1
* python310-core-debugsource-3.10.19-150400.4.94.1
* python310-dbm-3.10.19-150400.4.94.1
* python310-tools-3.10.19-150400.4.94.1
* libpython3_10-1_0-3.10.19-150400.4.94.1
* python310-debuginfo-3.10.19-150400.4.94.1
* openSUSE Leap 15.4 (x86_64)
* python310-32bit-3.10.19-150400.4.94.1
* python310-base-32bit-debuginfo-3.10.19-150400.4.94.1
* python310-base-32bit-3.10.19-150400.4.94.1
* libpython3_10-1_0-32bit-3.10.19-150400.4.94.1
* python310-32bit-debuginfo-3.10.19-150400.4.94.1
* libpython3_10-1_0-32bit-debuginfo-3.10.19-150400.4.94.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* python310-64bit-3.10.19-150400.4.94.1
* python310-64bit-debuginfo-3.10.19-150400.4.94.1
* python310-base-64bit-3.10.19-150400.4.94.1
* libpython3_10-1_0-64bit-debuginfo-3.10.19-150400.4.94.1
* python310-base-64bit-debuginfo-3.10.19-150400.4.94.1
* libpython3_10-1_0-64bit-3.10.19-150400.4.94.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python310-base-debuginfo-3.10.19-150400.4.94.1
* python310-curses-3.10.19-150400.4.94.1
* python310-debugsource-3.10.19-150400.4.94.1
* python310-base-3.10.19-150400.4.94.1
* python310-testsuite-3.10.19-150400.4.94.1
* python310-tk-debuginfo-3.10.19-150400.4.94.1
* python310-doc-devhelp-3.10.19-150400.4.94.1
* python310-curses-debuginfo-3.10.19-150400.4.94.1
* python310-testsuite-debuginfo-3.10.19-150400.4.94.1
* python310-3.10.19-150400.4.94.1
* python310-doc-3.10.19-150400.4.94.1
* libpython3_10-1_0-debuginfo-3.10.19-150400.4.94.1
* python310-dbm-debuginfo-3.10.19-150400.4.94.1
* python310-tk-3.10.19-150400.4.94.1
* python310-idle-3.10.19-150400.4.94.1
* python310-devel-3.10.19-150400.4.94.1
* python310-core-debugsource-3.10.19-150400.4.94.1
* python310-dbm-3.10.19-150400.4.94.1
* python310-tools-3.10.19-150400.4.94.1
* libpython3_10-1_0-3.10.19-150400.4.94.1
* python310-debuginfo-3.10.19-150400.4.94.1
* openSUSE Leap 15.6 (x86_64)
* python310-32bit-3.10.19-150400.4.94.1
* python310-base-32bit-debuginfo-3.10.19-150400.4.94.1
* python310-base-32bit-3.10.19-150400.4.94.1
* libpython3_10-1_0-32bit-3.10.19-150400.4.94.1
* python310-32bit-debuginfo-3.10.19-150400.4.94.1
* libpython3_10-1_0-32bit-debuginfo-3.10.19-150400.4.94.1

## References:

* https://www.suse.com/security/cve/CVE-2025-12084.html
* https://www.suse.com/security/cve/CVE-2025-13836.html
* https://www.suse.com/security/cve/CVE-2025-13837.html
* https://bugzilla.suse.com/show_bug.cgi?id=1254400
* https://bugzilla.suse.com/show_bug.cgi?id=1254401
* https://bugzilla.suse.com/show_bug.cgi?id=1254997


.NETm GnuPG2, PostgreSQL, and more updates for Oracle Linux

Rack, CPP-Httplib, Python-APT, Git, SimGear updates for Ubuntu

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...