Python, Chromium, Firefox, and more updates for SUSE

SUSE 5574 Published by

Several security updates have been released for SUSE Linux, including fixes for python-urllib3 and chromium. Additionally, the open-source web browser Firefox has received an update to address security issues on certain media platforms. Other software impacted by these security updates includes gpg2, heroic-games-launcher, docker, evolution-data-server, and valkey.

openSUSE-SU-2026:20271-1: moderate: Security update for python-urllib3_1
openSUSE-SU-2026:20277-1: important: Security update for chromium
SUSE-SU-2026:0690-1: important: Security update for libsoup
SUSE-SU-2026:0689-1: important: Security update for libsoup
SUSE-SU-2026:0692-1: important: Security update for MozillaThunderbird
SUSE-SU-2026:0693-1: important: Security update for python311
SUSE-SU-2026:0694-1: moderate: Security update for gpg2
openSUSE-SU-2026:10257-1: moderate: MozillaFirefox-148.0-1.1 on GA media
openSUSE-SU-2026:10264-1: moderate: python311-Flask-3.1.3-1.1 on GA media
openSUSE-SU-2026:10263-1: moderate: heroic-games-launcher-2.20.0-2.1 on GA media
openSUSE-SU-2026:10261-1: moderate: docker-29.2.1_ce-37.1 on GA media
openSUSE-SU-2026:10260-1: moderate: digger-cli-0.6.143-1.1 on GA media
openSUSE-SU-2026:10262-1: moderate: evolution-data-server-3.58.3-2.1 on GA media
SUSE-SU-2026:0684-1: important: Security update for gimp
SUSE-SU-2026:0685-1: moderate: Security update for valkey




openSUSE-SU-2026:20271-1: moderate: Security update for python-urllib3_1


openSUSE security update: security update for python-urllib3_1
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20271-1
Rating: moderate
References:

* bsc#1254866
* bsc#1254867
* bsc#1256331

Cross-References:

* CVE-2025-66418
* CVE-2025-66471
* CVE-2026-21441

CVSS scores:

* CVE-2025-66418 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-66418 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-66471 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-66471 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-21441 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-21441 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.

Description:

This update for python-urllib3_1 fixes the following issues:

- CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867).
- CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866).
- CVE-2026-21441: excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-313=1

Package List:

- openSUSE Leap 16.0:

python313-urllib3_1-1.26.20-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-66418.html
* https://www.suse.com/security/cve/CVE-2025-66471.html
* https://www.suse.com/security/cve/CVE-2026-21441.html



openSUSE-SU-2026:20277-1: important: Security update for chromium


openSUSE security update: security update for chromium
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20277-1
Rating: important
References:

* bsc#1258733

Cross-References:

* CVE-2025-3063
* CVE-2026-3061
* CVE-2026-3062

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 3 vulnerabilities and has one bug fix can now be installed.

Description:

This update for chromium fixes the following issues:

Changes in chromium:

- Chromium 145.0.7632.116 (boo#1258733):
* CVE-2026-3061: Out of bounds read in Media
* CVE-2026-3062: Out of bounds read and write in Tint
* CVE-2025-3063: Inappropriate implementation in DevTools

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-142=1

Package List:

- openSUSE Leap 16.0:

chromedriver-145.0.7632.116-bp160.1.1
chromium-145.0.7632.116-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-3063.html
* https://www.suse.com/security/cve/CVE-2026-3061.html
* https://www.suse.com/security/cve/CVE-2026-3062.html



SUSE-SU-2026:0690-1: important: Security update for libsoup


# Security update for libsoup

Announcement ID: SUSE-SU-2026:0690-1
Release Date: 2026-02-27T15:11:11Z
Rating: important
References:

* bsc#1240751
* bsc#1258120
* bsc#1258170
* bsc#1258508

Cross-References:

* CVE-2025-32049
* CVE-2026-2369
* CVE-2026-2443
* CVE-2026-2708

CVSS scores:

* CVE-2025-32049 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32049 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32049 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-2369 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-2369 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-2443 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-2443 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-2443 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-2708 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-2708 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves four vulnerabilities can now be installed.

## Description:

This update for libsoup fixes the following issues:

* CVE-2025-32049: denial of Service attack to websocket server (bsc#1240751).
* CVE-2026-2369: buffer overread due to integer underflow when handling zero-
length resources (bsc#1258120).
* CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP
Range headers can lead to heap information disclosure to remote attackers
(bsc#1258170).
* CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers
(bsc#1258508).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-690=1 openSUSE-SLE-15.6-2026-690=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-690=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-690=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-690=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* typelib-1_0-Soup-3_0-3.4.4-150600.3.34.1
* libsoup-3_0-0-debuginfo-3.4.4-150600.3.34.1
* libsoup-3_0-0-3.4.4-150600.3.34.1
* libsoup-devel-3.4.4-150600.3.34.1
* libsoup-debugsource-3.4.4-150600.3.34.1
* openSUSE Leap 15.6 (x86_64)
* libsoup-devel-32bit-3.4.4-150600.3.34.1
* libsoup-3_0-0-32bit-debuginfo-3.4.4-150600.3.34.1
* libsoup-3_0-0-32bit-3.4.4-150600.3.34.1
* openSUSE Leap 15.6 (noarch)
* libsoup-lang-3.4.4-150600.3.34.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libsoup-devel-64bit-3.4.4-150600.3.34.1
* libsoup-3_0-0-64bit-3.4.4-150600.3.34.1
* libsoup-3_0-0-64bit-debuginfo-3.4.4-150600.3.34.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* typelib-1_0-Soup-3_0-3.4.4-150600.3.34.1
* libsoup-3_0-0-debuginfo-3.4.4-150600.3.34.1
* libsoup-3_0-0-3.4.4-150600.3.34.1
* libsoup-devel-3.4.4-150600.3.34.1
* libsoup-debugsource-3.4.4-150600.3.34.1
* Basesystem Module 15-SP7 (noarch)
* libsoup-lang-3.4.4-150600.3.34.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* typelib-1_0-Soup-3_0-3.4.4-150600.3.34.1
* libsoup-3_0-0-debuginfo-3.4.4-150600.3.34.1
* libsoup-3_0-0-3.4.4-150600.3.34.1
* libsoup-devel-3.4.4-150600.3.34.1
* libsoup-debugsource-3.4.4-150600.3.34.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* libsoup-lang-3.4.4-150600.3.34.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* typelib-1_0-Soup-3_0-3.4.4-150600.3.34.1
* libsoup-3_0-0-debuginfo-3.4.4-150600.3.34.1
* libsoup-3_0-0-3.4.4-150600.3.34.1
* libsoup-devel-3.4.4-150600.3.34.1
* libsoup-debugsource-3.4.4-150600.3.34.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* libsoup-lang-3.4.4-150600.3.34.1

## References:

* https://www.suse.com/security/cve/CVE-2025-32049.html
* https://www.suse.com/security/cve/CVE-2026-2369.html
* https://www.suse.com/security/cve/CVE-2026-2443.html
* https://www.suse.com/security/cve/CVE-2026-2708.html
* https://bugzilla.suse.com/show_bug.cgi?id=1240751
* https://bugzilla.suse.com/show_bug.cgi?id=1258120
* https://bugzilla.suse.com/show_bug.cgi?id=1258170
* https://bugzilla.suse.com/show_bug.cgi?id=1258508



SUSE-SU-2026:0689-1: important: Security update for libsoup


# Security update for libsoup

Announcement ID: SUSE-SU-2026:0689-1
Release Date: 2026-02-27T15:10:54Z
Rating: important
References:

* bsc#1240751
* bsc#1258120
* bsc#1258170
* bsc#1258508

Cross-References:

* CVE-2025-32049
* CVE-2026-2369
* CVE-2026-2443
* CVE-2026-2708

CVSS scores:

* CVE-2025-32049 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32049 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32049 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-2369 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-2369 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-2443 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-2443 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-2443 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-2708 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-2708 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves four vulnerabilities can now be installed.

## Description:

This update for libsoup fixes the following issues:

* CVE-2025-32049: denial of Service attack to websocket server (bsc#1240751).
* CVE-2026-2369: buffer overread due to integer underflow when handling zero-
length resources (bsc#1258120).
* CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP
Range headers can lead to heap information disclosure to remote attackers
(bsc#1258170).
* CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers
(bsc#1258508).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-689=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-689=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-689=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-689=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-689=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-689=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-689=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-689=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-689=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libsoup-3_0-0-3.0.4-150400.3.34.1
* libsoup-devel-3.0.4-150400.3.34.1
* typelib-1_0-Soup-3_0-3.0.4-150400.3.34.1
* libsoup-debugsource-3.0.4-150400.3.34.1
* libsoup-3_0-0-debuginfo-3.0.4-150400.3.34.1
* openSUSE Leap 15.4 (x86_64)
* libsoup-devel-32bit-3.0.4-150400.3.34.1
* libsoup-3_0-0-32bit-3.0.4-150400.3.34.1
* libsoup-3_0-0-32bit-debuginfo-3.0.4-150400.3.34.1
* openSUSE Leap 15.4 (noarch)
* libsoup-lang-3.0.4-150400.3.34.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libsoup-devel-64bit-3.0.4-150400.3.34.1
* libsoup-3_0-0-64bit-debuginfo-3.0.4-150400.3.34.1
* libsoup-3_0-0-64bit-3.0.4-150400.3.34.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libsoup-3_0-0-3.0.4-150400.3.34.1
* libsoup-devel-3.0.4-150400.3.34.1
* typelib-1_0-Soup-3_0-3.0.4-150400.3.34.1
* libsoup-debugsource-3.0.4-150400.3.34.1
* libsoup-3_0-0-debuginfo-3.0.4-150400.3.34.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* libsoup-lang-3.0.4-150400.3.34.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libsoup-3_0-0-3.0.4-150400.3.34.1
* libsoup-devel-3.0.4-150400.3.34.1
* typelib-1_0-Soup-3_0-3.0.4-150400.3.34.1
* libsoup-debugsource-3.0.4-150400.3.34.1
* libsoup-3_0-0-debuginfo-3.0.4-150400.3.34.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* libsoup-lang-3.0.4-150400.3.34.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libsoup-3_0-0-3.0.4-150400.3.34.1
* libsoup-devel-3.0.4-150400.3.34.1
* typelib-1_0-Soup-3_0-3.0.4-150400.3.34.1
* libsoup-debugsource-3.0.4-150400.3.34.1
* libsoup-3_0-0-debuginfo-3.0.4-150400.3.34.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* libsoup-lang-3.0.4-150400.3.34.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libsoup-3_0-0-3.0.4-150400.3.34.1
* libsoup-devel-3.0.4-150400.3.34.1
* typelib-1_0-Soup-3_0-3.0.4-150400.3.34.1
* libsoup-debugsource-3.0.4-150400.3.34.1
* libsoup-3_0-0-debuginfo-3.0.4-150400.3.34.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* libsoup-lang-3.0.4-150400.3.34.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libsoup-3_0-0-3.0.4-150400.3.34.1
* libsoup-devel-3.0.4-150400.3.34.1
* typelib-1_0-Soup-3_0-3.0.4-150400.3.34.1
* libsoup-debugsource-3.0.4-150400.3.34.1
* libsoup-3_0-0-debuginfo-3.0.4-150400.3.34.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* libsoup-lang-3.0.4-150400.3.34.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libsoup-3_0-0-3.0.4-150400.3.34.1
* libsoup-devel-3.0.4-150400.3.34.1
* typelib-1_0-Soup-3_0-3.0.4-150400.3.34.1
* libsoup-debugsource-3.0.4-150400.3.34.1
* libsoup-3_0-0-debuginfo-3.0.4-150400.3.34.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* libsoup-lang-3.0.4-150400.3.34.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libsoup-3_0-0-3.0.4-150400.3.34.1
* libsoup-devel-3.0.4-150400.3.34.1
* typelib-1_0-Soup-3_0-3.0.4-150400.3.34.1
* libsoup-debugsource-3.0.4-150400.3.34.1
* libsoup-3_0-0-debuginfo-3.0.4-150400.3.34.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* libsoup-lang-3.0.4-150400.3.34.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libsoup-3_0-0-3.0.4-150400.3.34.1
* libsoup-devel-3.0.4-150400.3.34.1
* typelib-1_0-Soup-3_0-3.0.4-150400.3.34.1
* libsoup-debugsource-3.0.4-150400.3.34.1
* libsoup-3_0-0-debuginfo-3.0.4-150400.3.34.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* libsoup-lang-3.0.4-150400.3.34.1

## References:

* https://www.suse.com/security/cve/CVE-2025-32049.html
* https://www.suse.com/security/cve/CVE-2026-2369.html
* https://www.suse.com/security/cve/CVE-2026-2443.html
* https://www.suse.com/security/cve/CVE-2026-2708.html
* https://bugzilla.suse.com/show_bug.cgi?id=1240751
* https://bugzilla.suse.com/show_bug.cgi?id=1258120
* https://bugzilla.suse.com/show_bug.cgi?id=1258170
* https://bugzilla.suse.com/show_bug.cgi?id=1258508



SUSE-SU-2026:0692-1: important: Security update for MozillaThunderbird


# Security update for MozillaThunderbird

Announcement ID: SUSE-SU-2026:0692-1
Release Date: 2026-02-27T15:12:07Z
Rating: important
References:

* bsc#1258231

Cross-References:

* CVE-2026-2447

CVSS scores:

* CVE-2026-2447 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-2447 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-2447 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Linux Enterprise Workstation Extension 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for MozillaThunderbird fixes the following issues:

* Update to Thunderbird 140.7.2
* CVE-2026-2447: Fixed a heap buffer overflow in libvpx. (bsc#1258231)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-692=1

* SUSE Linux Enterprise Workstation Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-692=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-692=1

## Package List:

* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x)
* MozillaThunderbird-translations-common-140.7.2-150200.8.257.1
* MozillaThunderbird-debugsource-140.7.2-150200.8.257.1
* MozillaThunderbird-translations-other-140.7.2-150200.8.257.1
* MozillaThunderbird-debuginfo-140.7.2-150200.8.257.1
* MozillaThunderbird-140.7.2-150200.8.257.1
* SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64)
* MozillaThunderbird-translations-common-140.7.2-150200.8.257.1
* MozillaThunderbird-debugsource-140.7.2-150200.8.257.1
* MozillaThunderbird-translations-other-140.7.2-150200.8.257.1
* MozillaThunderbird-debuginfo-140.7.2-150200.8.257.1
* MozillaThunderbird-140.7.2-150200.8.257.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* MozillaThunderbird-translations-common-140.7.2-150200.8.257.1
* MozillaThunderbird-debugsource-140.7.2-150200.8.257.1
* MozillaThunderbird-translations-other-140.7.2-150200.8.257.1
* MozillaThunderbird-debuginfo-140.7.2-150200.8.257.1
* MozillaThunderbird-140.7.2-150200.8.257.1

## References:

* https://www.suse.com/security/cve/CVE-2026-2447.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258231



SUSE-SU-2026:0693-1: important: Security update for python311


# Security update for python311

Announcement ID: SUSE-SU-2026:0693-1
Release Date: 2026-02-27T15:14:10Z
Rating: important
References:

* bsc#1257029
* bsc#1257031
* bsc#1257041
* bsc#1257042
* bsc#1257044
* bsc#1257046
* bsc#1257108

Cross-References:

* CVE-2025-11468
* CVE-2025-12781
* CVE-2025-15282
* CVE-2025-15366
* CVE-2025-15367
* CVE-2026-0672
* CVE-2026-0865

CVSS scores:

* CVE-2025-11468 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-11468 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-11468 ( NVD ): 5.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-12781 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-12781 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2025-12781 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-12781 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-15282 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-15282 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-15282 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-15366 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-15366 ( SUSE ): 6.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
* CVE-2025-15366 ( NVD ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-15367 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-15367 ( SUSE ): 6.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
* CVE-2025-15367 ( NVD ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-0672 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-0672 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-0672 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-0865 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-0865 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-0865 ( NVD ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.4
* Public Cloud Module 15-SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for python311 fixes the following issues:

* CVE-2025-11468: header injection when folding a long comment in an email
header containing exclusively unfoldable characters (bsc#1257029).
* CVE-2025-12781: inadequate parameter check can cause data integrity issues
(bsc#1257108).
* CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers
(bsc#1257046).
* CVE-2025-15366: user-controlled command can allow additional commands
injected using newlines (bsc#1257044).
* CVE-2025-15367: control characters may allow the injection of additional
commands (bsc#1257041).
* CVE-2026-0672: HTTP header injection via user-controlled cookie values and
parameters when using http.cookies.Morsel (bsc#1257031).
* CVE-2026-0865: user-controlled header containing newlines can allow
injecting HTTP headers (bsc#1257042).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-693=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-693=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-693=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-693=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-693=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-693=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-693=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-693=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-693=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-693=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python311-testsuite-debuginfo-3.11.14-150400.9.75.1
* python311-devel-3.11.14-150400.9.75.1
* python311-doc-devhelp-3.11.14-150400.9.75.1
* python311-base-3.11.14-150400.9.75.1
* libpython3_11-1_0-debuginfo-3.11.14-150400.9.75.1
* python311-testsuite-3.11.14-150400.9.75.1
* python311-tools-3.11.14-150400.9.75.1
* python311-curses-3.11.14-150400.9.75.1
* python311-dbm-3.11.14-150400.9.75.1
* python311-dbm-debuginfo-3.11.14-150400.9.75.1
* libpython3_11-1_0-3.11.14-150400.9.75.1
* python311-debugsource-3.11.14-150400.9.75.1
* python311-idle-3.11.14-150400.9.75.1
* python311-core-debugsource-3.11.14-150400.9.75.1
* python311-doc-3.11.14-150400.9.75.1
* python311-3.11.14-150400.9.75.1
* python311-curses-debuginfo-3.11.14-150400.9.75.1
* python311-tk-debuginfo-3.11.14-150400.9.75.1
* python311-debuginfo-3.11.14-150400.9.75.1
* python311-base-debuginfo-3.11.14-150400.9.75.1
* python311-tk-3.11.14-150400.9.75.1
* openSUSE Leap 15.4 (x86_64)
* python311-32bit-debuginfo-3.11.14-150400.9.75.1
* libpython3_11-1_0-32bit-3.11.14-150400.9.75.1
* libpython3_11-1_0-32bit-debuginfo-3.11.14-150400.9.75.1
* python311-32bit-3.11.14-150400.9.75.1
* python311-base-32bit-3.11.14-150400.9.75.1
* python311-base-32bit-debuginfo-3.11.14-150400.9.75.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libpython3_11-1_0-64bit-3.11.14-150400.9.75.1
* python311-64bit-debuginfo-3.11.14-150400.9.75.1
* python311-base-64bit-debuginfo-3.11.14-150400.9.75.1
* libpython3_11-1_0-64bit-debuginfo-3.11.14-150400.9.75.1
* python311-base-64bit-3.11.14-150400.9.75.1
* python311-64bit-3.11.14-150400.9.75.1
* Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* libpython3_11-1_0-3.11.14-150400.9.75.1
* python311-3.11.14-150400.9.75.1
* python311-base-3.11.14-150400.9.75.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libpython3_11-1_0-3.11.14-150400.9.75.1
* python311-core-debugsource-3.11.14-150400.9.75.1
* python311-base-3.11.14-150400.9.75.1
* python311-doc-3.11.14-150400.9.75.1
* python311-debugsource-3.11.14-150400.9.75.1
* python311-tools-3.11.14-150400.9.75.1
* python311-3.11.14-150400.9.75.1
* python311-curses-3.11.14-150400.9.75.1
* python311-curses-debuginfo-3.11.14-150400.9.75.1
* python311-debuginfo-3.11.14-150400.9.75.1
* python311-dbm-3.11.14-150400.9.75.1
* python311-devel-3.11.14-150400.9.75.1
* python311-doc-devhelp-3.11.14-150400.9.75.1
* python311-tk-debuginfo-3.11.14-150400.9.75.1
* python311-base-debuginfo-3.11.14-150400.9.75.1
* libpython3_11-1_0-debuginfo-3.11.14-150400.9.75.1
* python311-tk-3.11.14-150400.9.75.1
* python311-idle-3.11.14-150400.9.75.1
* python311-dbm-debuginfo-3.11.14-150400.9.75.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libpython3_11-1_0-3.11.14-150400.9.75.1
* python311-core-debugsource-3.11.14-150400.9.75.1
* python311-base-3.11.14-150400.9.75.1
* python311-doc-3.11.14-150400.9.75.1
* python311-debugsource-3.11.14-150400.9.75.1
* python311-tools-3.11.14-150400.9.75.1
* python311-3.11.14-150400.9.75.1
* python311-curses-3.11.14-150400.9.75.1
* python311-curses-debuginfo-3.11.14-150400.9.75.1
* python311-debuginfo-3.11.14-150400.9.75.1
* python311-dbm-3.11.14-150400.9.75.1
* python311-devel-3.11.14-150400.9.75.1
* python311-doc-devhelp-3.11.14-150400.9.75.1
* python311-tk-debuginfo-3.11.14-150400.9.75.1
* python311-base-debuginfo-3.11.14-150400.9.75.1
* libpython3_11-1_0-debuginfo-3.11.14-150400.9.75.1
* python311-tk-3.11.14-150400.9.75.1
* python311-idle-3.11.14-150400.9.75.1
* python311-dbm-debuginfo-3.11.14-150400.9.75.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libpython3_11-1_0-3.11.14-150400.9.75.1
* python311-core-debugsource-3.11.14-150400.9.75.1
* python311-base-3.11.14-150400.9.75.1
* python311-doc-3.11.14-150400.9.75.1
* python311-debugsource-3.11.14-150400.9.75.1
* python311-tools-3.11.14-150400.9.75.1
* python311-3.11.14-150400.9.75.1
* python311-curses-3.11.14-150400.9.75.1
* python311-curses-debuginfo-3.11.14-150400.9.75.1
* python311-debuginfo-3.11.14-150400.9.75.1
* python311-dbm-3.11.14-150400.9.75.1
* python311-devel-3.11.14-150400.9.75.1
* python311-doc-devhelp-3.11.14-150400.9.75.1
* python311-tk-debuginfo-3.11.14-150400.9.75.1
* python311-base-debuginfo-3.11.14-150400.9.75.1
* libpython3_11-1_0-debuginfo-3.11.14-150400.9.75.1
* python311-tk-3.11.14-150400.9.75.1
* python311-idle-3.11.14-150400.9.75.1
* python311-dbm-debuginfo-3.11.14-150400.9.75.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libpython3_11-1_0-3.11.14-150400.9.75.1
* python311-core-debugsource-3.11.14-150400.9.75.1
* python311-base-3.11.14-150400.9.75.1
* python311-doc-3.11.14-150400.9.75.1
* python311-debugsource-3.11.14-150400.9.75.1
* python311-tools-3.11.14-150400.9.75.1
* python311-3.11.14-150400.9.75.1
* python311-curses-3.11.14-150400.9.75.1
* python311-curses-debuginfo-3.11.14-150400.9.75.1
* python311-debuginfo-3.11.14-150400.9.75.1
* python311-dbm-3.11.14-150400.9.75.1
* python311-devel-3.11.14-150400.9.75.1
* python311-doc-devhelp-3.11.14-150400.9.75.1
* python311-tk-debuginfo-3.11.14-150400.9.75.1
* python311-base-debuginfo-3.11.14-150400.9.75.1
* libpython3_11-1_0-debuginfo-3.11.14-150400.9.75.1
* python311-tk-3.11.14-150400.9.75.1
* python311-idle-3.11.14-150400.9.75.1
* python311-dbm-debuginfo-3.11.14-150400.9.75.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libpython3_11-1_0-3.11.14-150400.9.75.1
* python311-core-debugsource-3.11.14-150400.9.75.1
* python311-base-3.11.14-150400.9.75.1
* python311-doc-3.11.14-150400.9.75.1
* python311-debugsource-3.11.14-150400.9.75.1
* python311-tools-3.11.14-150400.9.75.1
* python311-3.11.14-150400.9.75.1
* python311-curses-3.11.14-150400.9.75.1
* python311-curses-debuginfo-3.11.14-150400.9.75.1
* python311-debuginfo-3.11.14-150400.9.75.1
* python311-dbm-3.11.14-150400.9.75.1
* python311-devel-3.11.14-150400.9.75.1
* python311-doc-devhelp-3.11.14-150400.9.75.1
* python311-tk-debuginfo-3.11.14-150400.9.75.1
* python311-base-debuginfo-3.11.14-150400.9.75.1
* libpython3_11-1_0-debuginfo-3.11.14-150400.9.75.1
* python311-tk-3.11.14-150400.9.75.1
* python311-idle-3.11.14-150400.9.75.1
* python311-dbm-debuginfo-3.11.14-150400.9.75.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libpython3_11-1_0-3.11.14-150400.9.75.1
* python311-core-debugsource-3.11.14-150400.9.75.1
* python311-base-3.11.14-150400.9.75.1
* python311-doc-3.11.14-150400.9.75.1
* python311-debugsource-3.11.14-150400.9.75.1
* python311-tools-3.11.14-150400.9.75.1
* python311-3.11.14-150400.9.75.1
* python311-curses-3.11.14-150400.9.75.1
* python311-curses-debuginfo-3.11.14-150400.9.75.1
* python311-debuginfo-3.11.14-150400.9.75.1
* python311-dbm-3.11.14-150400.9.75.1
* python311-devel-3.11.14-150400.9.75.1
* python311-doc-devhelp-3.11.14-150400.9.75.1
* python311-tk-debuginfo-3.11.14-150400.9.75.1
* python311-base-debuginfo-3.11.14-150400.9.75.1
* libpython3_11-1_0-debuginfo-3.11.14-150400.9.75.1
* python311-tk-3.11.14-150400.9.75.1
* python311-idle-3.11.14-150400.9.75.1
* python311-dbm-debuginfo-3.11.14-150400.9.75.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libpython3_11-1_0-3.11.14-150400.9.75.1
* python311-core-debugsource-3.11.14-150400.9.75.1
* python311-base-3.11.14-150400.9.75.1
* python311-doc-3.11.14-150400.9.75.1
* python311-debugsource-3.11.14-150400.9.75.1
* python311-tools-3.11.14-150400.9.75.1
* python311-3.11.14-150400.9.75.1
* python311-curses-3.11.14-150400.9.75.1
* python311-curses-debuginfo-3.11.14-150400.9.75.1
* python311-debuginfo-3.11.14-150400.9.75.1
* python311-dbm-3.11.14-150400.9.75.1
* python311-devel-3.11.14-150400.9.75.1
* python311-doc-devhelp-3.11.14-150400.9.75.1
* python311-tk-debuginfo-3.11.14-150400.9.75.1
* python311-base-debuginfo-3.11.14-150400.9.75.1
* libpython3_11-1_0-debuginfo-3.11.14-150400.9.75.1
* python311-tk-3.11.14-150400.9.75.1
* python311-idle-3.11.14-150400.9.75.1
* python311-dbm-debuginfo-3.11.14-150400.9.75.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libpython3_11-1_0-3.11.14-150400.9.75.1
* python311-core-debugsource-3.11.14-150400.9.75.1
* python311-base-3.11.14-150400.9.75.1
* python311-doc-3.11.14-150400.9.75.1
* python311-debugsource-3.11.14-150400.9.75.1
* python311-tools-3.11.14-150400.9.75.1
* python311-3.11.14-150400.9.75.1
* python311-curses-3.11.14-150400.9.75.1
* python311-curses-debuginfo-3.11.14-150400.9.75.1
* python311-debuginfo-3.11.14-150400.9.75.1
* python311-dbm-3.11.14-150400.9.75.1
* python311-devel-3.11.14-150400.9.75.1
* python311-doc-devhelp-3.11.14-150400.9.75.1
* python311-tk-debuginfo-3.11.14-150400.9.75.1
* python311-base-debuginfo-3.11.14-150400.9.75.1
* libpython3_11-1_0-debuginfo-3.11.14-150400.9.75.1
* python311-tk-3.11.14-150400.9.75.1
* python311-idle-3.11.14-150400.9.75.1
* python311-dbm-debuginfo-3.11.14-150400.9.75.1

## References:

* https://www.suse.com/security/cve/CVE-2025-11468.html
* https://www.suse.com/security/cve/CVE-2025-12781.html
* https://www.suse.com/security/cve/CVE-2025-15282.html
* https://www.suse.com/security/cve/CVE-2025-15366.html
* https://www.suse.com/security/cve/CVE-2025-15367.html
* https://www.suse.com/security/cve/CVE-2026-0672.html
* https://www.suse.com/security/cve/CVE-2026-0865.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257029
* https://bugzilla.suse.com/show_bug.cgi?id=1257031
* https://bugzilla.suse.com/show_bug.cgi?id=1257041
* https://bugzilla.suse.com/show_bug.cgi?id=1257042
* https://bugzilla.suse.com/show_bug.cgi?id=1257044
* https://bugzilla.suse.com/show_bug.cgi?id=1257046
* https://bugzilla.suse.com/show_bug.cgi?id=1257108



SUSE-SU-2026:0694-1: moderate: Security update for gpg2


# Security update for gpg2

Announcement ID: SUSE-SU-2026:0694-1
Release Date: 2026-02-27T15:14:46Z
Rating: moderate
References:

* bsc#1256389

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4

An update that has one security fix can now be installed.

## Description:

This update for gpg2 fixes the following issues:

Security fix:

* Fixed GnuPG accepting Path Separators and Path Traversals in Literal Data
(bsc#1256389)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-694=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-694=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-694=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-694=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-694=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-694=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-694=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-694=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* gpg2-debugsource-2.2.27-150300.3.19.1
* gpg2-2.2.27-150300.3.19.1
* dirmngr-debuginfo-2.2.27-150300.3.19.1
* dirmngr-2.2.27-150300.3.19.1
* gpg2-debuginfo-2.2.27-150300.3.19.1
* openSUSE Leap 15.3 (noarch)
* gpg2-lang-2.2.27-150300.3.19.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* gpg2-2.2.27-150300.3.19.1
* gpg2-debugsource-2.2.27-150300.3.19.1
* gpg2-debuginfo-2.2.27-150300.3.19.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* gpg2-2.2.27-150300.3.19.1
* gpg2-debugsource-2.2.27-150300.3.19.1
* gpg2-debuginfo-2.2.27-150300.3.19.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* gpg2-2.2.27-150300.3.19.1
* gpg2-debugsource-2.2.27-150300.3.19.1
* gpg2-debuginfo-2.2.27-150300.3.19.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* gpg2-2.2.27-150300.3.19.1
* gpg2-debugsource-2.2.27-150300.3.19.1
* gpg2-debuginfo-2.2.27-150300.3.19.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* gpg2-2.2.27-150300.3.19.1
* gpg2-debugsource-2.2.27-150300.3.19.1
* gpg2-debuginfo-2.2.27-150300.3.19.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* gpg2-2.2.27-150300.3.19.1
* gpg2-debugsource-2.2.27-150300.3.19.1
* gpg2-debuginfo-2.2.27-150300.3.19.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* gpg2-2.2.27-150300.3.19.1
* gpg2-debugsource-2.2.27-150300.3.19.1
* gpg2-debuginfo-2.2.27-150300.3.19.1

## References:

* https://bugzilla.suse.com/show_bug.cgi?id=1256389



openSUSE-SU-2026:10257-1: moderate: MozillaFirefox-148.0-1.1 on GA media


# MozillaFirefox-148.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10257-1
Rating: moderate

Cross-References:

* CVE-2026-2757
* CVE-2026-2758
* CVE-2026-2759
* CVE-2026-2760
* CVE-2026-2761
* CVE-2026-2762
* CVE-2026-2763
* CVE-2026-2764
* CVE-2026-2765
* CVE-2026-2766
* CVE-2026-2767
* CVE-2026-2768
* CVE-2026-2769
* CVE-2026-2770
* CVE-2026-2771
* CVE-2026-2772
* CVE-2026-2773
* CVE-2026-2774
* CVE-2026-2775
* CVE-2026-2776
* CVE-2026-2777
* CVE-2026-2778
* CVE-2026-2779
* CVE-2026-2780
* CVE-2026-2781
* CVE-2026-2782
* CVE-2026-2783
* CVE-2026-2784
* CVE-2026-2785
* CVE-2026-2786
* CVE-2026-2787
* CVE-2026-2788
* CVE-2026-2789
* CVE-2026-2790
* CVE-2026-2791
* CVE-2026-2792
* CVE-2026-2793
* CVE-2026-2794
* CVE-2026-2795
* CVE-2026-2796
* CVE-2026-2797
* CVE-2026-2798
* CVE-2026-2799
* CVE-2026-2800
* CVE-2026-2801
* CVE-2026-2802
* CVE-2026-2803
* CVE-2026-2804
* CVE-2026-2805
* CVE-2026-2806
* CVE-2026-2807

CVSS scores:

* CVE-2026-2757 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2758 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2759 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2760 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-2761 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2762 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2763 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2764 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2765 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2766 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2767 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2768 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2769 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2770 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2771 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2772 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2773 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2774 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2775 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2026-2776 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-2777 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2778 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-2779 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-2780 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-2781 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-2782 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-2783 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-2784 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-2785 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-2786 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-2787 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-2788 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-2789 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-2790 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-2791 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-2792 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2793 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2794 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-2795 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2796 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2797 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2798 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2799 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2800 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-2801 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-2802 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2803 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-2804 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-2805 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-2806 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-2807 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 51 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the MozillaFirefox-148.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* MozillaFirefox 148.0-1.1
* MozillaFirefox-branding-upstream 148.0-1.1
* MozillaFirefox-devel 148.0-1.1
* MozillaFirefox-translations-common 148.0-1.1
* MozillaFirefox-translations-other 148.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-2757.html
* https://www.suse.com/security/cve/CVE-2026-2758.html
* https://www.suse.com/security/cve/CVE-2026-2759.html
* https://www.suse.com/security/cve/CVE-2026-2760.html
* https://www.suse.com/security/cve/CVE-2026-2761.html
* https://www.suse.com/security/cve/CVE-2026-2762.html
* https://www.suse.com/security/cve/CVE-2026-2763.html
* https://www.suse.com/security/cve/CVE-2026-2764.html
* https://www.suse.com/security/cve/CVE-2026-2765.html
* https://www.suse.com/security/cve/CVE-2026-2766.html
* https://www.suse.com/security/cve/CVE-2026-2767.html
* https://www.suse.com/security/cve/CVE-2026-2768.html
* https://www.suse.com/security/cve/CVE-2026-2769.html
* https://www.suse.com/security/cve/CVE-2026-2770.html
* https://www.suse.com/security/cve/CVE-2026-2771.html
* https://www.suse.com/security/cve/CVE-2026-2772.html
* https://www.suse.com/security/cve/CVE-2026-2773.html
* https://www.suse.com/security/cve/CVE-2026-2774.html
* https://www.suse.com/security/cve/CVE-2026-2775.html
* https://www.suse.com/security/cve/CVE-2026-2776.html
* https://www.suse.com/security/cve/CVE-2026-2777.html
* https://www.suse.com/security/cve/CVE-2026-2778.html
* https://www.suse.com/security/cve/CVE-2026-2779.html
* https://www.suse.com/security/cve/CVE-2026-2780.html
* https://www.suse.com/security/cve/CVE-2026-2781.html
* https://www.suse.com/security/cve/CVE-2026-2782.html
* https://www.suse.com/security/cve/CVE-2026-2783.html
* https://www.suse.com/security/cve/CVE-2026-2784.html
* https://www.suse.com/security/cve/CVE-2026-2785.html
* https://www.suse.com/security/cve/CVE-2026-2786.html
* https://www.suse.com/security/cve/CVE-2026-2787.html
* https://www.suse.com/security/cve/CVE-2026-2788.html
* https://www.suse.com/security/cve/CVE-2026-2789.html
* https://www.suse.com/security/cve/CVE-2026-2790.html
* https://www.suse.com/security/cve/CVE-2026-2791.html
* https://www.suse.com/security/cve/CVE-2026-2792.html
* https://www.suse.com/security/cve/CVE-2026-2793.html
* https://www.suse.com/security/cve/CVE-2026-2794.html
* https://www.suse.com/security/cve/CVE-2026-2795.html
* https://www.suse.com/security/cve/CVE-2026-2796.html
* https://www.suse.com/security/cve/CVE-2026-2797.html
* https://www.suse.com/security/cve/CVE-2026-2798.html
* https://www.suse.com/security/cve/CVE-2026-2799.html
* https://www.suse.com/security/cve/CVE-2026-2800.html
* https://www.suse.com/security/cve/CVE-2026-2801.html
* https://www.suse.com/security/cve/CVE-2026-2802.html
* https://www.suse.com/security/cve/CVE-2026-2803.html
* https://www.suse.com/security/cve/CVE-2026-2804.html
* https://www.suse.com/security/cve/CVE-2026-2805.html
* https://www.suse.com/security/cve/CVE-2026-2806.html
* https://www.suse.com/security/cve/CVE-2026-2807.html



openSUSE-SU-2026:10264-1: moderate: python311-Flask-3.1.3-1.1 on GA media


# python311-Flask-3.1.3-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10264-1
Rating: moderate

Cross-References:

* CVE-2026-27205

CVSS scores:

* CVE-2026-27205 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-27205 ( SUSE ): 6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-Flask-3.1.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-Flask 3.1.3-1.1
* python311-Flask-doc 3.1.3-1.1
* python312-Flask 3.1.3-1.1
* python312-Flask-doc 3.1.3-1.1
* python313-Flask 3.1.3-1.1
* python313-Flask-doc 3.1.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-27205.html



openSUSE-SU-2026:10263-1: moderate: heroic-games-launcher-2.20.0-2.1 on GA media


# heroic-games-launcher-2.20.0-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10263-1
Rating: moderate

Cross-References:

* CVE-2026-27606

CVSS scores:

* CVE-2026-27606 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-27606 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the heroic-games-launcher-2.20.0-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* heroic-games-launcher 2.20.0-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-27606.html



openSUSE-SU-2026:10261-1: moderate: docker-29.2.1_ce-37.1 on GA media


# docker-29.2.1_ce-37.1 on GA media

Announcement ID: openSUSE-SU-2026:10261-1
Rating: moderate

Cross-References:

* CVE-2025-67499

CVSS scores:

* CVE-2025-67499 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-67499 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the docker-29.2.1_ce-37.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* docker 29.2.1_ce-37.1
* docker-bash-completion 29.2.1_ce-37.1
* docker-buildx 0.31.1-37.1
* docker-fish-completion 29.2.1_ce-37.1
* docker-rootless-extras 29.2.1_ce-37.1
* docker-zsh-completion 29.2.1_ce-37.1

## References:

* https://www.suse.com/security/cve/CVE-2025-67499.html



openSUSE-SU-2026:10260-1: moderate: digger-cli-0.6.143-1.1 on GA media


# digger-cli-0.6.143-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10260-1
Rating: moderate

Cross-References:

* CVE-2025-61729

CVSS scores:

* CVE-2025-61729 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61729 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the digger-cli-0.6.143-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* digger-cli 0.6.143-1.1
* digger-cli-bash-completion 0.6.143-1.1
* digger-cli-fish-completion 0.6.143-1.1
* digger-cli-zsh-completion 0.6.143-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-61729.html



openSUSE-SU-2026:10262-1: moderate: evolution-data-server-3.58.3-2.1 on GA media


# evolution-data-server-3.58.3-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10262-1
Rating: moderate

Cross-References:

* CVE-2026-2604

CVSS scores:

* CVE-2026-2604 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L
* CVE-2026-2604 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the evolution-data-server-3.58.3-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* evolution-data-server 3.58.3-2.1
* evolution-data-server-devel 3.58.3-2.1
* evolution-data-server-lang 3.58.3-2.1
* libcamel-1_2-66 3.58.3-2.1
* libebackend-1_2-11 3.58.3-2.1
* libebook-1_2-21 3.58.3-2.1
* libebook-contacts-1_2-4 3.58.3-2.1
* libecal-2_0-3 3.58.3-2.1
* libedata-book-1_2-27 3.58.3-2.1
* libedata-cal-2_0-2 3.58.3-2.1
* libedataserver-1_2-27 3.58.3-2.1
* libedataserverui-1_2-4 3.58.3-2.1
* libedataserverui4-1_0-0 3.58.3-2.1
* typelib-1_0-Camel-1_2 3.58.3-2.1
* typelib-1_0-EBackend-1_2 3.58.3-2.1
* typelib-1_0-EBook-1_2 3.58.3-2.1
* typelib-1_0-EBookContacts-1_2 3.58.3-2.1
* typelib-1_0-ECal-2_0 3.58.3-2.1
* typelib-1_0-EDataBook-1_2 3.58.3-2.1
* typelib-1_0-EDataCal-2_0 3.58.3-2.1
* typelib-1_0-EDataServer-1_2 3.58.3-2.1
* typelib-1_0-EDataServerUI-1_2 3.58.3-2.1
* typelib-1_0-EDataServerUI4-1_0 3.58.3-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-2604.html



SUSE-SU-2026:0684-1: important: Security update for gimp


# Security update for gimp

Announcement ID: SUSE-SU-2026:0684-1
Release Date: 2026-02-27T10:44:06Z
Rating: important
References:

* bsc#1258532
* bsc#1258533
* bsc#1258535

Cross-References:

* CVE-2025-10934
* CVE-2026-2044
* CVE-2026-2045
* CVE-2026-2048

CVSS scores:

* CVE-2025-10934 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-10934 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-10934 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2044 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-2044 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2044 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2045 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-2045 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2045 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2048 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-2048 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-2048 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Linux Enterprise Workstation Extension 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves four vulnerabilities can now be installed.

## Description:

This update for gimp fixes the following issues:

* CVE-2026-2044: lack of proper initialization of memory can allow remote
attackers to execute arbitrary code (bsc#1258532).
* CVE-2026-2045: check offset in the colormap is valid before using it
(bsc#1258533).
* CVE-2026-2048: lack of proper validation of user-supplied data can allow
remote attackers to execute arbitrary code (bsc#1258535).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-684=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-684=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-684=1

* SUSE Linux Enterprise Workstation Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-684=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libgimp-2_0-0-2.10.30-150400.3.47.1
* gimp-devel-2.10.30-150400.3.47.1
* gimp-devel-debuginfo-2.10.30-150400.3.47.1
* gimp-debuginfo-2.10.30-150400.3.47.1
* gimp-plugin-aa-debuginfo-2.10.30-150400.3.47.1
* libgimp-2_0-0-debuginfo-2.10.30-150400.3.47.1
* libgimpui-2_0-0-debuginfo-2.10.30-150400.3.47.1
* gimp-debugsource-2.10.30-150400.3.47.1
* gimp-2.10.30-150400.3.47.1
* gimp-plugin-aa-2.10.30-150400.3.47.1
* libgimpui-2_0-0-2.10.30-150400.3.47.1
* openSUSE Leap 15.4 (noarch)
* gimp-lang-2.10.30-150400.3.47.1
* openSUSE Leap 15.4 (x86_64)
* libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.47.1
* libgimpui-2_0-0-32bit-2.10.30-150400.3.47.1
* libgimp-2_0-0-32bit-2.10.30-150400.3.47.1
* libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.47.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libgimpui-2_0-0-64bit-2.10.30-150400.3.47.1
* libgimp-2_0-0-64bit-debuginfo-2.10.30-150400.3.47.1
* libgimp-2_0-0-64bit-2.10.30-150400.3.47.1
* libgimpui-2_0-0-64bit-debuginfo-2.10.30-150400.3.47.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* libgimp-2_0-0-2.10.30-150400.3.47.1
* gimp-devel-2.10.30-150400.3.47.1
* gimp-devel-debuginfo-2.10.30-150400.3.47.1
* gimp-debuginfo-2.10.30-150400.3.47.1
* gimp-plugin-aa-debuginfo-2.10.30-150400.3.47.1
* libgimp-2_0-0-debuginfo-2.10.30-150400.3.47.1
* libgimpui-2_0-0-debuginfo-2.10.30-150400.3.47.1
* gimp-debugsource-2.10.30-150400.3.47.1
* gimp-2.10.30-150400.3.47.1
* gimp-plugin-aa-2.10.30-150400.3.47.1
* libgimpui-2_0-0-2.10.30-150400.3.47.1
* openSUSE Leap 15.6 (noarch)
* gimp-lang-2.10.30-150400.3.47.1
* openSUSE Leap 15.6 (x86_64)
* libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.47.1
* libgimpui-2_0-0-32bit-2.10.30-150400.3.47.1
* libgimp-2_0-0-32bit-2.10.30-150400.3.47.1
* libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.47.1
* SUSE Package Hub 15 15-SP7 (aarch64)
* gimp-devel-2.10.30-150400.3.47.1
* gimp-devel-debuginfo-2.10.30-150400.3.47.1
* gimp-plugin-aa-debuginfo-2.10.30-150400.3.47.1
* gimp-2.10.30-150400.3.47.1
* gimp-plugin-aa-2.10.30-150400.3.47.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x)
* libgimp-2_0-0-2.10.30-150400.3.47.1
* gimp-debuginfo-2.10.30-150400.3.47.1
* libgimp-2_0-0-debuginfo-2.10.30-150400.3.47.1
* libgimpui-2_0-0-debuginfo-2.10.30-150400.3.47.1
* gimp-debugsource-2.10.30-150400.3.47.1
* libgimpui-2_0-0-2.10.30-150400.3.47.1
* SUSE Package Hub 15 15-SP7 (noarch)
* gimp-lang-2.10.30-150400.3.47.1
* SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64)
* libgimp-2_0-0-2.10.30-150400.3.47.1
* gimp-devel-2.10.30-150400.3.47.1
* gimp-devel-debuginfo-2.10.30-150400.3.47.1
* gimp-debuginfo-2.10.30-150400.3.47.1
* libgimp-2_0-0-debuginfo-2.10.30-150400.3.47.1
* libgimpui-2_0-0-debuginfo-2.10.30-150400.3.47.1
* gimp-debugsource-2.10.30-150400.3.47.1
* gimp-2.10.30-150400.3.47.1
* libgimpui-2_0-0-2.10.30-150400.3.47.1
* SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch)
* gimp-lang-2.10.30-150400.3.47.1

## References:

* https://www.suse.com/security/cve/CVE-2025-10934.html
* https://www.suse.com/security/cve/CVE-2026-2044.html
* https://www.suse.com/security/cve/CVE-2026-2045.html
* https://www.suse.com/security/cve/CVE-2026-2048.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258532
* https://bugzilla.suse.com/show_bug.cgi?id=1258533
* https://bugzilla.suse.com/show_bug.cgi?id=1258535



SUSE-SU-2026:0685-1: moderate: Security update for valkey


# Security update for valkey

Announcement ID: SUSE-SU-2026:0685-1
Release Date: 2026-02-27T11:53:26Z
Rating: moderate
References:

* bsc#1258746
* bsc#1258788

Cross-References:

* CVE-2025-67733
* CVE-2026-21863

CVSS scores:

* CVE-2025-67733 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-67733 ( NVD ): 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H
* CVE-2025-67733 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-21863 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21863 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for valkey fixes the following issues:

Update to version 8.0.7.

Security issues fixed:

* CVE-2025-67733: data tampering and denial of service via improper null
character handling in Lua scripts (bsc#1258746).
* CVE-2026-21863: denial of service via invalid clusterbus packet
(bsc#1258788).

Other updates and bugfixes:

* ltrim should not call signalModifiedKey when no elements are removed (#2787)
* chained replica crash when doing dual channel replication (#2983)
* used_memory_dataset underflow due to miscalculated used_memory_overhead
(#3005)
* avoids crash during MODULE UNLOAD when ACL rules reference a module command
and subcommand (#3160)
* server assert on ACL LOAD and resetchannels (#3182)
* bug causing no response flush sometimes when IO threads are busy (#3205)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-685=1 SUSE-2026-685=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* valkey-debugsource-8.0.7-150600.13.20.1
* valkey-8.0.7-150600.13.20.1
* valkey-debuginfo-8.0.7-150600.13.20.1
* valkey-devel-8.0.7-150600.13.20.1
* openSUSE Leap 15.6 (noarch)
* valkey-compat-redis-8.0.7-150600.13.20.1

## References:

* https://www.suse.com/security/cve/CVE-2025-67733.html
* https://www.suse.com/security/cve/CVE-2026-21863.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258746
* https://bugzilla.suse.com/show_bug.cgi?id=1258788


Thunderbird update for Slackware

Git regression updates for Ubuntu

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...