Python, Kea, Xen, and more updates for SUSE

SUSE 5602 Published 2026-03-28 07:25 by Philipp Esselbach

News

SUSE-SU-2026:1090-1: important: Security update for python3

# Security update for python3

Announcement ID: SUSE-SU-2026:1090-1
Release Date: 2026-03-26T17:46:03Z
Rating: important
References:

* bsc#1257181

Cross-References:

* CVE-2026-1299

CVSS scores:

* CVE-2026-1299 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
* CVE-2026-1299 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* Basesystem Module 15-SP7
* Development Tools Module 15-SP7
* openSUSE Leap 15.3
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for python3 fixes the following issues:

* CVE-2026-1299: header injection when an email is serialized due to improper
newline quoting in BytesGenerator (bsc#1257181).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-1090=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1090=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1090=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1090=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1090=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1090=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-1090=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1090=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1090=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1090=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1090=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1090=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1090=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1090=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1090=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1090=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1090=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1090=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1090=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1090=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1090=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* python3-core-debugsource-3.6.15-150300.10.109.1
* python3-idle-3.6.15-150300.10.109.1
* python3-devel-debuginfo-3.6.15-150300.10.109.1
* python3-testsuite-3.6.15-150300.10.109.1
* python3-base-debuginfo-3.6.15-150300.10.109.1
* python3-tk-debuginfo-3.6.15-150300.10.109.1
* python3-doc-3.6.15-150300.10.109.1
* python3-curses-debuginfo-3.6.15-150300.10.109.1
* python3-testsuite-debuginfo-3.6.15-150300.10.109.1
* python3-base-3.6.15-150300.10.109.1
* python3-curses-3.6.15-150300.10.109.1
* python3-tk-3.6.15-150300.10.109.1
* python3-dbm-3.6.15-150300.10.109.1
* libpython3_6m1_0-3.6.15-150300.10.109.1
* python3-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.109.1
* python3-tools-3.6.15-150300.10.109.1
* python3-3.6.15-150300.10.109.1
* python3-debuginfo-3.6.15-150300.10.109.1
* python3-doc-devhelp-3.6.15-150300.10.109.1
* python3-dbm-debuginfo-3.6.15-150300.10.109.1
* python3-devel-3.6.15-150300.10.109.1
* openSUSE Leap 15.3 (x86_64)
* libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.109.1
* libpython3_6m1_0-32bit-3.6.15-150300.10.109.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* libpython3_6m1_0-64bit-3.6.15-150300.10.109.1
* libpython3_6m1_0-64bit-debuginfo-3.6.15-150300.10.109.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python3-core-debugsource-3.6.15-150300.10.109.1
* python3-idle-3.6.15-150300.10.109.1
* python3-devel-debuginfo-3.6.15-150300.10.109.1
* python3-testsuite-3.6.15-150300.10.109.1
* python3-base-debuginfo-3.6.15-150300.10.109.1
* python3-tk-debuginfo-3.6.15-150300.10.109.1
* python3-doc-3.6.15-150300.10.109.1
* python3-curses-debuginfo-3.6.15-150300.10.109.1
* python3-testsuite-debuginfo-3.6.15-150300.10.109.1
* python3-base-3.6.15-150300.10.109.1
* python3-curses-3.6.15-150300.10.109.1
* python3-tk-3.6.15-150300.10.109.1
* python3-dbm-3.6.15-150300.10.109.1
* libpython3_6m1_0-3.6.15-150300.10.109.1
* python3-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.109.1
* python3-tools-3.6.15-150300.10.109.1
* python3-3.6.15-150300.10.109.1
* python3-debuginfo-3.6.15-150300.10.109.1
* python3-doc-devhelp-3.6.15-150300.10.109.1
* python3-dbm-debuginfo-3.6.15-150300.10.109.1
* python3-devel-3.6.15-150300.10.109.1
* openSUSE Leap 15.6 (x86_64)
* libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.109.1
* libpython3_6m1_0-32bit-3.6.15-150300.10.109.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* python3-3.6.15-150300.10.109.1
* python3-debuginfo-3.6.15-150300.10.109.1
* python3-base-3.6.15-150300.10.109.1
* python3-base-debuginfo-3.6.15-150300.10.109.1
* python3-core-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-3.6.15-150300.10.109.1
* python3-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.109.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* python3-3.6.15-150300.10.109.1
* python3-debuginfo-3.6.15-150300.10.109.1
* python3-base-3.6.15-150300.10.109.1
* python3-base-debuginfo-3.6.15-150300.10.109.1
* python3-core-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-3.6.15-150300.10.109.1
* python3-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.109.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* python3-3.6.15-150300.10.109.1
* python3-debuginfo-3.6.15-150300.10.109.1
* python3-base-3.6.15-150300.10.109.1
* python3-base-debuginfo-3.6.15-150300.10.109.1
* python3-core-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-3.6.15-150300.10.109.1
* python3-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.109.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* python3-3.6.15-150300.10.109.1
* python3-debuginfo-3.6.15-150300.10.109.1
* python3-base-3.6.15-150300.10.109.1
* python3-base-debuginfo-3.6.15-150300.10.109.1
* python3-core-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-3.6.15-150300.10.109.1
* python3-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.109.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* python3-3.6.15-150300.10.109.1
* python3-debuginfo-3.6.15-150300.10.109.1
* python3-base-3.6.15-150300.10.109.1
* python3-base-debuginfo-3.6.15-150300.10.109.1
* python3-core-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-3.6.15-150300.10.109.1
* python3-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.109.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* python3-3.6.15-150300.10.109.1
* python3-devel-debuginfo-3.6.15-150300.10.109.1
* python3-debuginfo-3.6.15-150300.10.109.1
* python3-base-3.6.15-150300.10.109.1
* python3-base-debuginfo-3.6.15-150300.10.109.1
* python3-curses-3.6.15-150300.10.109.1
* python3-tk-debuginfo-3.6.15-150300.10.109.1
* python3-curses-debuginfo-3.6.15-150300.10.109.1
* python3-dbm-debuginfo-3.6.15-150300.10.109.1
* python3-devel-3.6.15-150300.10.109.1
* python3-core-debugsource-3.6.15-150300.10.109.1
* python3-tk-3.6.15-150300.10.109.1
* python3-idle-3.6.15-150300.10.109.1
* python3-dbm-3.6.15-150300.10.109.1
* libpython3_6m1_0-3.6.15-150300.10.109.1
* python3-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.109.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* python3-core-debugsource-3.6.15-150300.10.109.1
* python3-tools-3.6.15-150300.10.109.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* python3-3.6.15-150300.10.109.1
* python3-devel-debuginfo-3.6.15-150300.10.109.1
* python3-debuginfo-3.6.15-150300.10.109.1
* python3-base-3.6.15-150300.10.109.1
* python3-base-debuginfo-3.6.15-150300.10.109.1
* python3-curses-3.6.15-150300.10.109.1
* python3-tk-debuginfo-3.6.15-150300.10.109.1
* python3-curses-debuginfo-3.6.15-150300.10.109.1
* python3-dbm-debuginfo-3.6.15-150300.10.109.1
* python3-devel-3.6.15-150300.10.109.1
* python3-core-debugsource-3.6.15-150300.10.109.1
* python3-tk-3.6.15-150300.10.109.1
* python3-idle-3.6.15-150300.10.109.1
* python3-dbm-3.6.15-150300.10.109.1
* libpython3_6m1_0-3.6.15-150300.10.109.1
* python3-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.109.1
* python3-tools-3.6.15-150300.10.109.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* python3-3.6.15-150300.10.109.1
* python3-devel-debuginfo-3.6.15-150300.10.109.1
* python3-debuginfo-3.6.15-150300.10.109.1
* python3-base-3.6.15-150300.10.109.1
* python3-base-debuginfo-3.6.15-150300.10.109.1
* python3-curses-3.6.15-150300.10.109.1
* python3-tk-debuginfo-3.6.15-150300.10.109.1
* python3-curses-debuginfo-3.6.15-150300.10.109.1
* python3-dbm-debuginfo-3.6.15-150300.10.109.1
* python3-devel-3.6.15-150300.10.109.1
* python3-core-debugsource-3.6.15-150300.10.109.1
* python3-tk-3.6.15-150300.10.109.1
* python3-idle-3.6.15-150300.10.109.1
* python3-dbm-3.6.15-150300.10.109.1
* libpython3_6m1_0-3.6.15-150300.10.109.1
* python3-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.109.1
* python3-tools-3.6.15-150300.10.109.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* python3-3.6.15-150300.10.109.1
* python3-devel-debuginfo-3.6.15-150300.10.109.1
* python3-debuginfo-3.6.15-150300.10.109.1
* python3-base-3.6.15-150300.10.109.1
* python3-base-debuginfo-3.6.15-150300.10.109.1
* python3-curses-3.6.15-150300.10.109.1
* python3-tk-debuginfo-3.6.15-150300.10.109.1
* python3-curses-debuginfo-3.6.15-150300.10.109.1
* python3-dbm-debuginfo-3.6.15-150300.10.109.1
* python3-devel-3.6.15-150300.10.109.1
* python3-core-debugsource-3.6.15-150300.10.109.1
* python3-tk-3.6.15-150300.10.109.1
* python3-idle-3.6.15-150300.10.109.1
* python3-dbm-3.6.15-150300.10.109.1
* libpython3_6m1_0-3.6.15-150300.10.109.1
* python3-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.109.1
* python3-tools-3.6.15-150300.10.109.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* python3-3.6.15-150300.10.109.1
* python3-devel-debuginfo-3.6.15-150300.10.109.1
* python3-debuginfo-3.6.15-150300.10.109.1
* python3-base-3.6.15-150300.10.109.1
* python3-base-debuginfo-3.6.15-150300.10.109.1
* python3-curses-3.6.15-150300.10.109.1
* python3-tk-debuginfo-3.6.15-150300.10.109.1
* python3-curses-debuginfo-3.6.15-150300.10.109.1
* python3-dbm-debuginfo-3.6.15-150300.10.109.1
* python3-devel-3.6.15-150300.10.109.1
* python3-core-debugsource-3.6.15-150300.10.109.1
* python3-tk-3.6.15-150300.10.109.1
* python3-idle-3.6.15-150300.10.109.1
* python3-dbm-3.6.15-150300.10.109.1
* libpython3_6m1_0-3.6.15-150300.10.109.1
* python3-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.109.1
* python3-tools-3.6.15-150300.10.109.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* python3-3.6.15-150300.10.109.1
* python3-devel-debuginfo-3.6.15-150300.10.109.1
* python3-debuginfo-3.6.15-150300.10.109.1
* python3-base-3.6.15-150300.10.109.1
* python3-base-debuginfo-3.6.15-150300.10.109.1
* python3-curses-3.6.15-150300.10.109.1
* python3-tk-debuginfo-3.6.15-150300.10.109.1
* python3-curses-debuginfo-3.6.15-150300.10.109.1
* python3-dbm-debuginfo-3.6.15-150300.10.109.1
* python3-devel-3.6.15-150300.10.109.1
* python3-core-debugsource-3.6.15-150300.10.109.1
* python3-tk-3.6.15-150300.10.109.1
* python3-idle-3.6.15-150300.10.109.1
* python3-dbm-3.6.15-150300.10.109.1
* libpython3_6m1_0-3.6.15-150300.10.109.1
* python3-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.109.1
* python3-tools-3.6.15-150300.10.109.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* python3-3.6.15-150300.10.109.1
* python3-devel-debuginfo-3.6.15-150300.10.109.1
* python3-debuginfo-3.6.15-150300.10.109.1
* python3-base-3.6.15-150300.10.109.1
* python3-base-debuginfo-3.6.15-150300.10.109.1
* python3-curses-3.6.15-150300.10.109.1
* python3-tk-debuginfo-3.6.15-150300.10.109.1
* python3-curses-debuginfo-3.6.15-150300.10.109.1
* python3-dbm-debuginfo-3.6.15-150300.10.109.1
* python3-devel-3.6.15-150300.10.109.1
* python3-core-debugsource-3.6.15-150300.10.109.1
* python3-tk-3.6.15-150300.10.109.1
* python3-idle-3.6.15-150300.10.109.1
* python3-dbm-3.6.15-150300.10.109.1
* libpython3_6m1_0-3.6.15-150300.10.109.1
* python3-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.109.1
* python3-tools-3.6.15-150300.10.109.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* python3-3.6.15-150300.10.109.1
* python3-devel-debuginfo-3.6.15-150300.10.109.1
* python3-debuginfo-3.6.15-150300.10.109.1
* python3-base-3.6.15-150300.10.109.1
* python3-base-debuginfo-3.6.15-150300.10.109.1
* python3-curses-3.6.15-150300.10.109.1
* python3-tk-debuginfo-3.6.15-150300.10.109.1
* python3-curses-debuginfo-3.6.15-150300.10.109.1
* python3-dbm-debuginfo-3.6.15-150300.10.109.1
* python3-devel-3.6.15-150300.10.109.1
* python3-core-debugsource-3.6.15-150300.10.109.1
* python3-tk-3.6.15-150300.10.109.1
* python3-idle-3.6.15-150300.10.109.1
* python3-dbm-3.6.15-150300.10.109.1
* libpython3_6m1_0-3.6.15-150300.10.109.1
* python3-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.109.1
* python3-tools-3.6.15-150300.10.109.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* python3-3.6.15-150300.10.109.1
* python3-devel-debuginfo-3.6.15-150300.10.109.1
* python3-debuginfo-3.6.15-150300.10.109.1
* python3-base-3.6.15-150300.10.109.1
* python3-base-debuginfo-3.6.15-150300.10.109.1
* python3-curses-3.6.15-150300.10.109.1
* python3-tk-debuginfo-3.6.15-150300.10.109.1
* python3-curses-debuginfo-3.6.15-150300.10.109.1
* python3-dbm-debuginfo-3.6.15-150300.10.109.1
* python3-devel-3.6.15-150300.10.109.1
* python3-core-debugsource-3.6.15-150300.10.109.1
* python3-tk-3.6.15-150300.10.109.1
* python3-idle-3.6.15-150300.10.109.1
* python3-dbm-3.6.15-150300.10.109.1
* libpython3_6m1_0-3.6.15-150300.10.109.1
* python3-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.109.1
* python3-tools-3.6.15-150300.10.109.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* python3-3.6.15-150300.10.109.1
* python3-devel-debuginfo-3.6.15-150300.10.109.1
* python3-debuginfo-3.6.15-150300.10.109.1
* python3-base-3.6.15-150300.10.109.1
* python3-base-debuginfo-3.6.15-150300.10.109.1
* python3-curses-3.6.15-150300.10.109.1
* python3-tk-debuginfo-3.6.15-150300.10.109.1
* python3-curses-debuginfo-3.6.15-150300.10.109.1
* python3-dbm-debuginfo-3.6.15-150300.10.109.1
* python3-devel-3.6.15-150300.10.109.1
* python3-core-debugsource-3.6.15-150300.10.109.1
* python3-tk-3.6.15-150300.10.109.1
* python3-idle-3.6.15-150300.10.109.1
* python3-dbm-3.6.15-150300.10.109.1
* libpython3_6m1_0-3.6.15-150300.10.109.1
* python3-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.109.1
* python3-tools-3.6.15-150300.10.109.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* python3-3.6.15-150300.10.109.1
* python3-devel-debuginfo-3.6.15-150300.10.109.1
* python3-debuginfo-3.6.15-150300.10.109.1
* python3-base-3.6.15-150300.10.109.1
* python3-base-debuginfo-3.6.15-150300.10.109.1
* python3-curses-3.6.15-150300.10.109.1
* python3-tk-debuginfo-3.6.15-150300.10.109.1
* python3-curses-debuginfo-3.6.15-150300.10.109.1
* python3-dbm-debuginfo-3.6.15-150300.10.109.1
* python3-devel-3.6.15-150300.10.109.1
* python3-core-debugsource-3.6.15-150300.10.109.1
* python3-tk-3.6.15-150300.10.109.1
* python3-idle-3.6.15-150300.10.109.1
* python3-dbm-3.6.15-150300.10.109.1
* libpython3_6m1_0-3.6.15-150300.10.109.1
* python3-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.109.1
* python3-tools-3.6.15-150300.10.109.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* python3-3.6.15-150300.10.109.1
* python3-debuginfo-3.6.15-150300.10.109.1
* python3-base-3.6.15-150300.10.109.1
* python3-base-debuginfo-3.6.15-150300.10.109.1
* python3-core-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-3.6.15-150300.10.109.1
* python3-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.109.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* python3-3.6.15-150300.10.109.1
* python3-debuginfo-3.6.15-150300.10.109.1
* python3-base-3.6.15-150300.10.109.1
* python3-base-debuginfo-3.6.15-150300.10.109.1
* python3-core-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-3.6.15-150300.10.109.1
* python3-debugsource-3.6.15-150300.10.109.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.109.1

## References:

* https://www.suse.com/security/cve/CVE-2026-1299.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257181

SUSE-SU-2026:1091-1: important: Security update for kea

# Security update for kea

Announcement ID: SUSE-SU-2026:1091-1
Release Date: 2026-03-26T17:48:28Z
Rating: important
References:

* bsc#1243240

Cross-References:

* CVE-2025-32801
* CVE-2025-32802
* CVE-2025-32803

CVSS scores:

* CVE-2025-32801 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32801 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-32801 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-32802 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32802 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-32802 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-32803 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-32803 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-32803 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for kea fixes the following issues:

Update to release 2.6.3 (bsc#1243240):

* CVE-2025-32801: Fixed loading a malicious hook library can lead to local
privilege escalation.
* CVE-2025-32802: Fixed insecure handling of file paths allows multiple local
attacks.
* CVE-2025-32803: Fixed insecure file permissions can result in confidential
information leakage.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1091=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1091=1 openSUSE-SLE-15.6-2026-1091=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1091=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libkea-util86-debuginfo-2.6.3-150600.13.6.1
* python3-kea-2.6.3-150600.13.6.1
* libkea-dhcpsrv111-2.6.3-150600.13.6.1
* libkea-exceptions33-debuginfo-2.6.3-150600.13.6.1
* libkea-cfgclient66-debuginfo-2.6.3-150600.13.6.1
* libkea-eval69-2.6.3-150600.13.6.1
* libkea-log61-2.6.3-150600.13.6.1
* kea-debuginfo-2.6.3-150600.13.6.1
* libkea-util86-2.6.3-150600.13.6.1
* kea-hooks-debuginfo-2.6.3-150600.13.6.1
* libkea-asiodns49-debuginfo-2.6.3-150600.13.6.1
* libkea-dns++57-2.6.3-150600.13.6.1
* libkea-cryptolink50-2.6.3-150600.13.6.1
* libkea-process74-debuginfo-2.6.3-150600.13.6.1
* libkea-dhcp_ddns57-debuginfo-2.6.3-150600.13.6.1
* libkea-cryptolink50-debuginfo-2.6.3-150600.13.6.1
* kea-devel-2.6.3-150600.13.6.1
* libkea-stats41-2.6.3-150600.13.6.1
* libkea-util-io0-debuginfo-2.6.3-150600.13.6.1
* libkea-hooks100-debuginfo-2.6.3-150600.13.6.1
* libkea-process74-2.6.3-150600.13.6.1
* libkea-stats41-debuginfo-2.6.3-150600.13.6.1
* libkea-tcp19-debuginfo-2.6.3-150600.13.6.1
* libkea-asiolink72-debuginfo-2.6.3-150600.13.6.1
* libkea-d2srv47-2.6.3-150600.13.6.1
* libkea-dns++57-debuginfo-2.6.3-150600.13.6.1
* libkea-cc68-2.6.3-150600.13.6.1
* libkea-exceptions33-2.6.3-150600.13.6.1
* kea-hooks-2.6.3-150600.13.6.1
* libkea-dhcp++92-2.6.3-150600.13.6.1
* libkea-dhcp_ddns57-2.6.3-150600.13.6.1
* libkea-d2srv47-debuginfo-2.6.3-150600.13.6.1
* libkea-database62-debuginfo-2.6.3-150600.13.6.1
* libkea-log61-debuginfo-2.6.3-150600.13.6.1
* libkea-mysql71-2.6.3-150600.13.6.1
* libkea-cfgclient66-2.6.3-150600.13.6.1
* kea-debugsource-2.6.3-150600.13.6.1
* libkea-mysql71-debuginfo-2.6.3-150600.13.6.1
* libkea-eval69-debuginfo-2.6.3-150600.13.6.1
* libkea-pgsql71-2.6.3-150600.13.6.1
* kea-2.6.3-150600.13.6.1
* libkea-database62-2.6.3-150600.13.6.1
* libkea-pgsql71-debuginfo-2.6.3-150600.13.6.1
* libkea-hooks100-2.6.3-150600.13.6.1
* libkea-http72-debuginfo-2.6.3-150600.13.6.1
* libkea-tcp19-2.6.3-150600.13.6.1
* libkea-http72-2.6.3-150600.13.6.1
* libkea-dhcpsrv111-debuginfo-2.6.3-150600.13.6.1
* libkea-asiodns49-2.6.3-150600.13.6.1
* libkea-cc68-debuginfo-2.6.3-150600.13.6.1
* libkea-util-io0-2.6.3-150600.13.6.1
* libkea-asiolink72-2.6.3-150600.13.6.1
* libkea-dhcp++92-debuginfo-2.6.3-150600.13.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* kea-doc-2.6.3-150600.13.6.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libkea-util86-debuginfo-2.6.3-150600.13.6.1
* python3-kea-2.6.3-150600.13.6.1
* libkea-dhcpsrv111-2.6.3-150600.13.6.1
* libkea-exceptions33-debuginfo-2.6.3-150600.13.6.1
* libkea-cfgclient66-debuginfo-2.6.3-150600.13.6.1
* libkea-eval69-2.6.3-150600.13.6.1
* libkea-log61-2.6.3-150600.13.6.1
* kea-debuginfo-2.6.3-150600.13.6.1
* libkea-util86-2.6.3-150600.13.6.1
* kea-hooks-debuginfo-2.6.3-150600.13.6.1
* libkea-asiodns49-debuginfo-2.6.3-150600.13.6.1
* libkea-dns++57-2.6.3-150600.13.6.1
* libkea-cryptolink50-2.6.3-150600.13.6.1
* libkea-process74-debuginfo-2.6.3-150600.13.6.1
* libkea-dhcp_ddns57-debuginfo-2.6.3-150600.13.6.1
* libkea-cryptolink50-debuginfo-2.6.3-150600.13.6.1
* kea-devel-2.6.3-150600.13.6.1
* libkea-stats41-2.6.3-150600.13.6.1
* libkea-util-io0-debuginfo-2.6.3-150600.13.6.1
* libkea-hooks100-debuginfo-2.6.3-150600.13.6.1
* libkea-process74-2.6.3-150600.13.6.1
* libkea-stats41-debuginfo-2.6.3-150600.13.6.1
* libkea-tcp19-debuginfo-2.6.3-150600.13.6.1
* libkea-asiolink72-debuginfo-2.6.3-150600.13.6.1
* libkea-d2srv47-2.6.3-150600.13.6.1
* libkea-dns++57-debuginfo-2.6.3-150600.13.6.1
* libkea-cc68-2.6.3-150600.13.6.1
* libkea-exceptions33-2.6.3-150600.13.6.1
* kea-hooks-2.6.3-150600.13.6.1
* libkea-dhcp++92-2.6.3-150600.13.6.1
* libkea-dhcp_ddns57-2.6.3-150600.13.6.1
* libkea-d2srv47-debuginfo-2.6.3-150600.13.6.1
* libkea-database62-debuginfo-2.6.3-150600.13.6.1
* libkea-log61-debuginfo-2.6.3-150600.13.6.1
* libkea-mysql71-2.6.3-150600.13.6.1
* libkea-cfgclient66-2.6.3-150600.13.6.1
* kea-debugsource-2.6.3-150600.13.6.1
* libkea-mysql71-debuginfo-2.6.3-150600.13.6.1
* libkea-eval69-debuginfo-2.6.3-150600.13.6.1
* libkea-pgsql71-2.6.3-150600.13.6.1
* kea-2.6.3-150600.13.6.1
* libkea-database62-2.6.3-150600.13.6.1
* libkea-pgsql71-debuginfo-2.6.3-150600.13.6.1
* libkea-hooks100-2.6.3-150600.13.6.1
* libkea-http72-debuginfo-2.6.3-150600.13.6.1
* libkea-tcp19-2.6.3-150600.13.6.1
* libkea-http72-2.6.3-150600.13.6.1
* libkea-dhcpsrv111-debuginfo-2.6.3-150600.13.6.1
* libkea-asiodns49-2.6.3-150600.13.6.1
* libkea-cc68-debuginfo-2.6.3-150600.13.6.1
* libkea-util-io0-2.6.3-150600.13.6.1
* libkea-asiolink72-2.6.3-150600.13.6.1
* libkea-dhcp++92-debuginfo-2.6.3-150600.13.6.1
* openSUSE Leap 15.6 (noarch)
* kea-doc-2.6.3-150600.13.6.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libkea-util86-debuginfo-2.6.3-150600.13.6.1
* python3-kea-2.6.3-150600.13.6.1
* libkea-dhcpsrv111-2.6.3-150600.13.6.1
* libkea-exceptions33-debuginfo-2.6.3-150600.13.6.1
* libkea-cfgclient66-debuginfo-2.6.3-150600.13.6.1
* libkea-eval69-2.6.3-150600.13.6.1
* libkea-log61-2.6.3-150600.13.6.1
* kea-debuginfo-2.6.3-150600.13.6.1
* libkea-util86-2.6.3-150600.13.6.1
* kea-hooks-debuginfo-2.6.3-150600.13.6.1
* libkea-asiodns49-debuginfo-2.6.3-150600.13.6.1
* libkea-dns++57-2.6.3-150600.13.6.1
* libkea-cryptolink50-2.6.3-150600.13.6.1
* libkea-process74-debuginfo-2.6.3-150600.13.6.1
* libkea-dhcp_ddns57-debuginfo-2.6.3-150600.13.6.1
* libkea-cryptolink50-debuginfo-2.6.3-150600.13.6.1
* kea-devel-2.6.3-150600.13.6.1
* libkea-stats41-2.6.3-150600.13.6.1
* libkea-util-io0-debuginfo-2.6.3-150600.13.6.1
* libkea-hooks100-debuginfo-2.6.3-150600.13.6.1
* libkea-process74-2.6.3-150600.13.6.1
* libkea-stats41-debuginfo-2.6.3-150600.13.6.1
* libkea-tcp19-debuginfo-2.6.3-150600.13.6.1
* libkea-asiolink72-debuginfo-2.6.3-150600.13.6.1
* libkea-d2srv47-2.6.3-150600.13.6.1
* libkea-dns++57-debuginfo-2.6.3-150600.13.6.1
* libkea-cc68-2.6.3-150600.13.6.1
* libkea-exceptions33-2.6.3-150600.13.6.1
* kea-hooks-2.6.3-150600.13.6.1
* libkea-dhcp++92-2.6.3-150600.13.6.1
* libkea-dhcp_ddns57-2.6.3-150600.13.6.1
* libkea-d2srv47-debuginfo-2.6.3-150600.13.6.1
* libkea-database62-debuginfo-2.6.3-150600.13.6.1
* libkea-log61-debuginfo-2.6.3-150600.13.6.1
* libkea-mysql71-2.6.3-150600.13.6.1
* libkea-cfgclient66-2.6.3-150600.13.6.1
* kea-debugsource-2.6.3-150600.13.6.1
* libkea-mysql71-debuginfo-2.6.3-150600.13.6.1
* libkea-eval69-debuginfo-2.6.3-150600.13.6.1
* libkea-pgsql71-2.6.3-150600.13.6.1
* kea-2.6.3-150600.13.6.1
* libkea-database62-2.6.3-150600.13.6.1
* libkea-pgsql71-debuginfo-2.6.3-150600.13.6.1
* libkea-hooks100-2.6.3-150600.13.6.1
* libkea-http72-debuginfo-2.6.3-150600.13.6.1
* libkea-tcp19-2.6.3-150600.13.6.1
* libkea-http72-2.6.3-150600.13.6.1
* libkea-dhcpsrv111-debuginfo-2.6.3-150600.13.6.1
* libkea-asiodns49-2.6.3-150600.13.6.1
* libkea-cc68-debuginfo-2.6.3-150600.13.6.1
* libkea-util-io0-2.6.3-150600.13.6.1
* libkea-asiolink72-2.6.3-150600.13.6.1
* libkea-dhcp++92-debuginfo-2.6.3-150600.13.6.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* kea-doc-2.6.3-150600.13.6.1

## References:

* https://www.suse.com/security/cve/CVE-2025-32801.html
* https://www.suse.com/security/cve/CVE-2025-32802.html
* https://www.suse.com/security/cve/CVE-2025-32803.html
* https://bugzilla.suse.com/show_bug.cgi?id=1243240

SUSE-SU-2026:1094-1: important: Security update for python-deepdiff

# Security update for python-deepdiff

Announcement ID: SUSE-SU-2026:1094-1
Release Date: 2026-03-26T17:56:26Z
Rating: important
References:

* bsc#1260064

Cross-References:

* CVE-2026-33155

CVSS scores:

* CVE-2026-33155 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33155 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33155 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.6

An update that solves one vulnerability can now be installed.

## Description:

This update for python-deepdiff fixes the following issues:

* CVE-2026-33155: Fixed denial of service via builtins.bytes, builtins.list,
builtins.range (bsc#1260064).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1094=1 openSUSE-SLE-15.6-2026-1094=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* python311-deepdiff-6.3.0-150600.3.6.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33155.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260064

SUSE-SU-2026:1092-1: important: Security update for xen

# Security update for xen

Announcement ID: SUSE-SU-2026:1092-1
Release Date: 2026-03-26T17:51:51Z
Rating: important
References:

* bsc#1259247

Cross-References:

* CVE-2026-23554

CVSS scores:

* CVE-2026-23554 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23554 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-23554 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for xen fixes the following issues:

* CVE-2026-23554: xen: Use after free of paging structures in EPT
(bsc#1259247, XSA-480)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1092=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-1092=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1092=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1092=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1092=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1092=1

## Package List:

* openSUSE Leap 15.5 (aarch64 x86_64 i586)
* xen-devel-4.17.6_06-150500.3.62.2
* xen-debugsource-4.17.6_06-150500.3.62.2
* xen-libs-debuginfo-4.17.6_06-150500.3.62.2
* xen-tools-domU-debuginfo-4.17.6_06-150500.3.62.2
* xen-libs-4.17.6_06-150500.3.62.2
* xen-tools-domU-4.17.6_06-150500.3.62.2
* openSUSE Leap 15.5 (x86_64)
* xen-libs-32bit-4.17.6_06-150500.3.62.2
* xen-libs-32bit-debuginfo-4.17.6_06-150500.3.62.2
* openSUSE Leap 15.5 (aarch64 x86_64)
* xen-doc-html-4.17.6_06-150500.3.62.2
* xen-tools-debuginfo-4.17.6_06-150500.3.62.2
* xen-4.17.6_06-150500.3.62.2
* xen-tools-4.17.6_06-150500.3.62.2
* openSUSE Leap 15.5 (noarch)
* xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2
* openSUSE Leap 15.5 (aarch64_ilp32)
* xen-libs-64bit-debuginfo-4.17.6_06-150500.3.62.2
* xen-libs-64bit-4.17.6_06-150500.3.62.2
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* xen-debugsource-4.17.6_06-150500.3.62.2
* xen-libs-debuginfo-4.17.6_06-150500.3.62.2
* xen-libs-4.17.6_06-150500.3.62.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64)
* xen-devel-4.17.6_06-150500.3.62.2
* xen-tools-debuginfo-4.17.6_06-150500.3.62.2
* xen-debugsource-4.17.6_06-150500.3.62.2
* xen-libs-debuginfo-4.17.6_06-150500.3.62.2
* xen-tools-domU-debuginfo-4.17.6_06-150500.3.62.2
* xen-libs-4.17.6_06-150500.3.62.2
* xen-tools-domU-4.17.6_06-150500.3.62.2
* xen-4.17.6_06-150500.3.62.2
* xen-tools-4.17.6_06-150500.3.62.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64)
* xen-devel-4.17.6_06-150500.3.62.2
* xen-tools-debuginfo-4.17.6_06-150500.3.62.2
* xen-debugsource-4.17.6_06-150500.3.62.2
* xen-libs-debuginfo-4.17.6_06-150500.3.62.2
* xen-tools-domU-debuginfo-4.17.6_06-150500.3.62.2
* xen-libs-4.17.6_06-150500.3.62.2
* xen-tools-domU-4.17.6_06-150500.3.62.2
* xen-4.17.6_06-150500.3.62.2
* xen-tools-4.17.6_06-150500.3.62.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2
* SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
* xen-devel-4.17.6_06-150500.3.62.2
* xen-tools-debuginfo-4.17.6_06-150500.3.62.2
* xen-debugsource-4.17.6_06-150500.3.62.2
* xen-libs-debuginfo-4.17.6_06-150500.3.62.2
* xen-tools-domU-debuginfo-4.17.6_06-150500.3.62.2
* xen-libs-4.17.6_06-150500.3.62.2
* xen-tools-domU-4.17.6_06-150500.3.62.2
* xen-4.17.6_06-150500.3.62.2
* xen-tools-4.17.6_06-150500.3.62.2
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* xen-devel-4.17.6_06-150500.3.62.2
* xen-tools-debuginfo-4.17.6_06-150500.3.62.2
* xen-debugsource-4.17.6_06-150500.3.62.2
* xen-libs-debuginfo-4.17.6_06-150500.3.62.2
* xen-tools-domU-debuginfo-4.17.6_06-150500.3.62.2
* xen-libs-4.17.6_06-150500.3.62.2
* xen-tools-domU-4.17.6_06-150500.3.62.2
* xen-4.17.6_06-150500.3.62.2
* xen-tools-4.17.6_06-150500.3.62.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2

## References:

* https://www.suse.com/security/cve/CVE-2026-23554.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259247

SUSE-SU-2026:1089-1: important: Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6)

# Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:1089-1
Release Date: 2026-03-26T17:34:59Z
Rating: important
References:

* bsc#1247240
* bsc#1255053
* bsc#1255378
* bsc#1255402
* bsc#1255895
* bsc#1256624
* bsc#1256644
* bsc#1257669

Cross-References:

* CVE-2025-38488
* CVE-2025-40258
* CVE-2025-40284
* CVE-2025-40297
* CVE-2025-68284
* CVE-2025-68285
* CVE-2025-68813
* CVE-2025-71085

CVSS scores:

* CVE-2025-38488 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38488 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38488 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40258 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40258 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40284 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40284 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40297 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40297 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68284 ( SUSE ): 7.0
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68284 ( SUSE ): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-68285 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68285 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68813 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68813 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71085 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71085 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.65 fixes
various security issues

The following security issues were fixed:

* CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using
async crypto (bsc#1247240).
* CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work()
(bsc#1255053).
* CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed
(bsc#1257669).
* CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass
(bsc#1255895).
* CVE-2025-68284: libceph: prevent potential out-of-bounds writes in
handle_auth_session_key() (bsc#1255378).
* CVE-2025-68285: libceph: fix potential use-after-free in
have_mon_and_osd_map() (bsc#1255402).
* CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path
(bsc#1256644).
* CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of
calipso_skbuff_setattr() (bsc#1256624).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1089=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1089=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_14-debugsource-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-7-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_65-default-7-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_14-debugsource-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-7-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38488.html
* https://www.suse.com/security/cve/CVE-2025-40258.html
* https://www.suse.com/security/cve/CVE-2025-40284.html
* https://www.suse.com/security/cve/CVE-2025-40297.html
* https://www.suse.com/security/cve/CVE-2025-68284.html
* https://www.suse.com/security/cve/CVE-2025-68285.html
* https://www.suse.com/security/cve/CVE-2025-68813.html
* https://www.suse.com/security/cve/CVE-2025-71085.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247240
* https://bugzilla.suse.com/show_bug.cgi?id=1255053
* https://bugzilla.suse.com/show_bug.cgi?id=1255378
* https://bugzilla.suse.com/show_bug.cgi?id=1255402
* https://bugzilla.suse.com/show_bug.cgi?id=1255895
* https://bugzilla.suse.com/show_bug.cgi?id=1256624
* https://bugzilla.suse.com/show_bug.cgi?id=1256644
* https://bugzilla.suse.com/show_bug.cgi?id=1257669

openSUSE-SU-2026:0099-1: important: Security update for glusterfs

openSUSE Security Update: Security update for glusterfs
_______________________________

Announcement ID: openSUSE-SU-2026:0099-1
Rating: important
References: #1208517 #1208519 #1210894 #1212476
Cross-References: CVE-2022-48340 CVE-2023-26253
CVSS scores:
CVE-2022-48340 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-26253 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that solves two vulnerabilities and has two fixes
is now available.

Description:

This update for glusterfs fixes the following issues:

- Update to release 11.2
* Next minor release tentative date: Release will be based on requirement
only
* Users are highly encouraged to upgrade to newer releases of GlusterFS.
* Important fixes in this release
- Regression suite tests failures are addressed
- Fixed notify stack-based buffer over-read (boo#1208519,
CVE-2023-26253)

- Update to release 11.1
* Fix upgrade issue by reverting posix change related to storage.reserve
value
* Fix possible data loss during rebalance if there is any linkfile on
the system

- Disable IO_uring for now [boo#1210894]

- Update to release 11 [boo#1208517] [boo#1208519]
* Major performance impovement of ~36% with rmdir operations
* Extension of ZFS support for snapshots
* Qouta implimentation based on namespace
* Major cleanups and readdir/readdirp improvements
* Fixed use-after-free in dht_setxattr_mds_cbk (CVE-2022-48340)

- Update to release 10.2
* Some 165 bugfixes with none particularly sticking out

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-99=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

glusterfs-11.2-bp157.2.3.1
glusterfs-devel-11.2-bp157.2.3.1
libgfapi0-11.2-bp157.2.3.1
libgfchangelog0-11.2-bp157.2.3.1
libgfrpc0-11.2-bp157.2.3.1
libgfxdr0-11.2-bp157.2.3.1
libglusterfs0-11.2-bp157.2.3.1

- openSUSE Backports SLE-15-SP7 (noarch):

python3-gluster-11.2-bp157.2.3.1

References:

https://www.suse.com/security/cve/CVE-2022-48340.html
https://www.suse.com/security/cve/CVE-2023-26253.html
https://bugzilla.suse.com/1208517
https://bugzilla.suse.com/1208519
https://bugzilla.suse.com/1210894
https://bugzilla.suse.com/1212476

openSUSE-SU-2026:0098-1: important: Security update for python-nltk

openSUSE Security Update: Security update for python-nltk
_______________________________

Announcement ID: openSUSE-SU-2026:0098-1
Rating: important
References: #1260066 #1260067 #1260068
Cross-References: CVE-2026-33230 CVE-2026-33231 CVE-2026-33236

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for python-nltk fixes the following issues:

- CVE-2026-33230: reflected cross-site scripting issue in the `lookup_...`
route (boo#1260066)
- CVE-2026-33231: unauthenticated remote shutdown of the local WordNet
Browser HTTP server when it is started in its default mode (boo#1260067)
- CVE-2026-33236: Attackers can control a remote XML index server to
provide malicious values containing path traversal sequences
(boo#1260068)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-98=1

Package List:

- openSUSE Backports SLE-15-SP7 (noarch):

python3-nltk-3.7-bp157.3.9.1

References:

https://www.suse.com/security/cve/CVE-2026-33230.html
https://www.suse.com/security/cve/CVE-2026-33231.html
https://www.suse.com/security/cve/CVE-2026-33236.html
https://bugzilla.suse.com/1260066
https://bugzilla.suse.com/1260067
https://bugzilla.suse.com/1260068

openSUSE-SU-2026:0100-1: important: Security update for v2ray-core

openSUSE Security Update: Security update for v2ray-core
_______________________________

Announcement ID: openSUSE-SU-2026:0100-1
Rating: important
References: #1251404 #1260329
Cross-References: CVE-2025-47911 CVE-2026-33186
CVSS scores:
CVE-2025-47911 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CVE-2026-33186 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for v2ray-core fixes the following issues:

- Update version to 5.47.0
* Add sticky choice option for leastping
* Add support for enrollment links in tlsmirror
* Add Wireguard Outbound (unreleased)
* Add sticky choice option for leastping
* Generalize IP address parsing in TUN stack options
* Fix bugs

- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to
improper validation of the HTTP/2 :path pseudo-header (boo#1260329)

- Update version to 5.44.1
* uTLS: bundled library updated to v1.8.2 for Chrome120 imitation
profile identification
* Update golang toolchain to v1.25.6, which fixed an vulnerable
(tls.Config).Clone function
* Fix bugs

- Update version to 5.42.0
* Add TLSMirror bootstrap enrollment and self enrollment feature
* TLSMirror Inverse Role Request Tripper Enrollment Server Support

- CVE-2025-47911: v2ray-core: golang.org/x/net/html: various algorithms
with quadratic complexity when parsing HTML documents (boo#1251404)
* Update golang.org/x/net to 0.45.0 in vendor

- Update version to 5.38.0
* TLSMirror Connection Enrollment System
* Add TLSMirror Sequence Watermarking
* LSMirror developer preview protocol is now a part of mainline V2Ray
* proxy dns with NOTIMP error
* Add TLSMirror looks like TLS censorship resistant transport protocol
as a developer preview transport
* proxy dns with NOTIMP error
* fix false success from SOCKS server when Dispatch() fails
* HTTP inbound: Directly forward plain HTTP 1xx response header
* add a option to override domain used to query https record
* Fix bugs
* Update vendor

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2026-100=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

v2ray-core-5.47.0-bp156.2.6.1

- openSUSE Backports SLE-15-SP6 (noarch):

golang-github-v2fly-v2ray-core-5.47.0-bp156.2.6.1

References:

https://www.suse.com/security/cve/CVE-2025-47911.html
https://www.suse.com/security/cve/CVE-2026-33186.html
https://bugzilla.suse.com/1251404
https://bugzilla.suse.com/1260329

SUSE-SU-2026:1105-1: important: Security update for containerd

# Security update for containerd

Announcement ID: SUSE-SU-2026:1105-1
Release Date: 2026-03-27T07:03:56Z
Rating: important
References:

Affected Products:

* Basesystem Module 15-SP7
* Containers Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that can now be installed.

## Description:

This update for containerd rebuilds it against the current go 1.25 security
release.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1105=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1105=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1105=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1105=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1105=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1105=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1105=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1105=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1105=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1105=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1105=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1105=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1105=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1105=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1105=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1105=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1105=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1105=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-1105=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1105=1

## Package List:

* Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* containerd-devel-1.7.29-150000.130.1
* containerd-ctr-1.7.29-150000.130.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* containerd-devel-1.7.29-150000.130.1
* containerd-1.7.29-150000.130.1
* containerd-ctr-1.7.29-150000.130.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* containerd-devel-1.7.29-150000.130.1
* containerd-1.7.29-150000.130.1
* containerd-ctr-1.7.29-150000.130.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* containerd-devel-1.7.29-150000.130.1
* containerd-1.7.29-150000.130.1
* containerd-ctr-1.7.29-150000.130.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* containerd-devel-1.7.29-150000.130.1
* containerd-1.7.29-150000.130.1
* containerd-ctr-1.7.29-150000.130.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* containerd-devel-1.7.29-150000.130.1
* containerd-1.7.29-150000.130.1
* containerd-ctr-1.7.29-150000.130.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* containerd-devel-1.7.29-150000.130.1
* containerd-1.7.29-150000.130.1
* containerd-ctr-1.7.29-150000.130.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* containerd-devel-1.7.29-150000.130.1
* containerd-1.7.29-150000.130.1
* containerd-ctr-1.7.29-150000.130.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* containerd-devel-1.7.29-150000.130.1
* containerd-1.7.29-150000.130.1
* containerd-ctr-1.7.29-150000.130.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* containerd-devel-1.7.29-150000.130.1
* containerd-1.7.29-150000.130.1
* containerd-ctr-1.7.29-150000.130.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* containerd-devel-1.7.29-150000.130.1
* containerd-1.7.29-150000.130.1
* containerd-ctr-1.7.29-150000.130.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* containerd-1.7.29-150000.130.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* containerd-1.7.29-150000.130.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* containerd-devel-1.7.29-150000.130.1
* containerd-1.7.29-150000.130.1
* containerd-ctr-1.7.29-150000.130.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* containerd-1.7.29-150000.130.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* containerd-1.7.29-150000.130.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* containerd-1.7.29-150000.130.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* containerd-1.7.29-150000.130.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* containerd-1.7.29-150000.130.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* containerd-1.7.29-150000.130.1

SUSE-SU-2026:1098-1: important: Security update for cosign

# Security update for cosign

Announcement ID: SUSE-SU-2026:1098-1
Release Date: 2026-03-26T21:24:08Z
Rating: important
References:

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that can now be installed.

## Description:

This update for cosign rebuilds it against the current go 1.25 security release.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1098=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1098=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1098=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1098=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1098=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1098=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1098=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1098=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1098=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1098=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1098=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1098=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1098=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* cosign-debuginfo-3.0.5-150400.3.37.1
* cosign-3.0.5-150400.3.37.1
* openSUSE Leap 15.4 (noarch)
* cosign-bash-completion-3.0.5-150400.3.37.1
* cosign-zsh-completion-3.0.5-150400.3.37.1
* cosign-fish-completion-3.0.5-150400.3.37.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* cosign-debuginfo-3.0.5-150400.3.37.1
* cosign-3.0.5-150400.3.37.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* cosign-debuginfo-3.0.5-150400.3.37.1
* cosign-3.0.5-150400.3.37.1
* Basesystem Module 15-SP7 (noarch)
* cosign-bash-completion-3.0.5-150400.3.37.1
* cosign-zsh-completion-3.0.5-150400.3.37.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* cosign-3.0.5-150400.3.37.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* cosign-3.0.5-150400.3.37.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* cosign-3.0.5-150400.3.37.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* cosign-3.0.5-150400.3.37.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* cosign-3.0.5-150400.3.37.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* cosign-3.0.5-150400.3.37.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* cosign-debuginfo-3.0.5-150400.3.37.1
* cosign-3.0.5-150400.3.37.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* cosign-3.0.5-150400.3.37.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* cosign-3.0.5-150400.3.37.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* cosign-debuginfo-3.0.5-150400.3.37.1
* cosign-3.0.5-150400.3.37.1

SUSE-SU-2026:1107-1: important: Security update for python312

# Security update for python312

Announcement ID: SUSE-SU-2026:1107-1
Release Date: 2026-03-27T09:04:10Z
Rating: important
References:

* bsc#1252974
* bsc#1254400
* bsc#1254401
* bsc#1254997
* bsc#1257029
* bsc#1257031
* bsc#1257042
* bsc#1257046
* bsc#1257181
* bsc#1259240

Cross-References:

* CVE-2025-11468
* CVE-2025-12084
* CVE-2025-13836
* CVE-2025-13837
* CVE-2025-15282
* CVE-2025-6075
* CVE-2026-0672
* CVE-2026-0865
* CVE-2026-1299
* CVE-2026-2297

CVSS scores:

* CVE-2025-11468 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-11468 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-11468 ( NVD ): 5.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-12084 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-12084 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-12084 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-12084 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-13836 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13836 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-13836 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13836 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-13837 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13837 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-13837 ( NVD ): 2.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13837 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-15282 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-15282 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-15282 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-6075 ( SUSE ): 1.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-6075 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-6075 ( NVD ): 1.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-6075 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-0672 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-0672 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-0672 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-0865 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-0865 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-0865 ( NVD ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-1299 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
* CVE-2026-1299 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-2297 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-2297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-2297 ( NVD ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves 10 vulnerabilities can now be installed.

## Description:

This update for python312 fixes the following issues:

Update to Python 3.12.13:

* CVE-2025-6075: quadratic complexity in os.path.expandvars() (bsc#1252974).
* CVE-2025-11468: header injection with carefully crafted inputs
(bsc#1257029).
* CVE-2025-12084: quadratic complexity in xml.minidom node ID cache clearing
(bsc#1254997).
* CVE-2025-13836: potential memory denial of service in the http.client module
(bsc#1254400).
* CVE-2025-13837: potential memory denial of service in the plistlib module
(bsc#1254401).
* CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers
(bsc#1257046).
* CVE-2026-0672: control characters in http.cookies.Morsel fields and values
(bsc#1257031).
* CVE-2026-0865: C0 control characters within wsgiref.headers.Headers fields,
values, and parameters (bsc#1257042).
* CVE-2026-1299: header injection when an email is serialized due to improper
newline quoting (bsc#1257181).
* CVE-2026-2297: validation bypass via incorrectly handled hook in FileLoader
(bsc#1259240).

Changelog: \- gh-144125: BytesGenerator will now refuse to serialize (write)
headers that are unsafely folded or delimited; see verify_generated_headers.
(Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650) (bsc#1257181,
CVE-2026-1299). \- gh-143935: Fixed a bug in the folding of comments when
flattening an email message using a modern email policy. Comments consisting of
a very long sequence of non-foldable characters could trigger a forced line wrap
that omitted the required leading space on the continuation line, causing the
remainder of the comment to be interpreted as a new header field. This enabled
header injection with carefully crafted inputs (bsc#1257029 CVE-2025-11468). \-
gh-143925: Reject control characters in data: URL media types (bsc#1257046,
CVE-2025-15282). \- gh-143919: Reject control characters in http.cookies.Morsel
fields and values (bsc#1257031, CVE-2026-0672). \- gh-143916: Reject C0 control
characters within wsgiref.headers.Headers fields, values, and parameters
(bsc#1257042, CVE-2026-0865). \- gh-142145: Remove quadratic behavior in
xml.minidom node ID cache clearing. In order to do this without breaking
existing users, we also add the ownerDocument attribute to xml.dom.minidom
elements and attributes created by directly instantiating the Element or Attr
class. Note that this way of creating nodes is not supported; creator functions
like xml.dom.Document.documentElement() should be used instead (bsc#1254997,
CVE-2025-12084). \- gh-137836: Add support of the "plaintext" element, RAWTEXT
elements "xmp", "iframe", "noembed" and "noframes", and optionally RAWTEXT
element "noscript" in html.parser.HTMLParser. \- gh-136063: email.message:
ensure linear complexity for legacy HTTP parameters parsing. Patch by Bénédikt
Tran. \- gh-136065: Fix quadratic complexity in os.path.expandvars()
(bsc#1252974, CVE-2025-6075). \- gh-119451: Fix a potential memory denial of
service in the http.client module. When connecting to a malicious server, it
could cause an arbitrary amount of memory to be allocated. This could have led
to symptoms including a MemoryError, swapping, out of memory (OOM) killed
processes or containers, or even system crashes (CVE-2025-13836, bsc#1254400).
\- gh-119452: Fix a potential memory denial of service in the http.server
module. When a malicious user is connected to the CGI server on Windows, it
could cause an arbitrary amount of memory to be allocated. This could have led
to symptoms including a MemoryError, swapping, out of memory (OOM) killed
processes or containers, or even system crashes. \- gh-119342: Fix a potential
memory denial of service in the plistlib module. When reading a Plist file
received from untrusted source, it could cause an arbitrary amount of memory to
be allocated. This could have led to symptoms including a MemoryError, swapping,
out of memory (OOM) killed processes or containers, or even system crashes
(bsc#1254401, CVE-2025-13837). \- Library \- gh-144833: Fixed a use-after-free
in ssl when SSL_new() returns NULL in newPySSLSocket(). The error was reported
via a dangling pointer after the object had already been freed. \- gh-144363:
Update bundled libexpat to 2.7.4 \- gh-90949: Add
SetAllocTrackerActivationThreshold() and SetAllocTrackerMaximumAmplification()
to xmlparser objects to prevent use of disproportional amounts of dynamic memory
from within an Expat parser. Patch by Bénédikt Tran.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1107=1 openSUSE-SLE-15.6-2026-1107=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1107=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1107=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* python312-testsuite-3.12.13-150600.3.48.1
* libpython3_12-1_0-3.12.13-150600.3.48.1
* python312-dbm-3.12.13-150600.3.48.1
* python312-doc-devhelp-3.12.13-150600.3.48.1
* python312-curses-debuginfo-3.12.13-150600.3.48.1
* python312-base-3.12.13-150600.3.48.1
* python312-idle-3.12.13-150600.3.48.1
* python312-testsuite-debuginfo-3.12.13-150600.3.48.1
* python312-devel-3.12.13-150600.3.48.1
* python312-tools-3.12.13-150600.3.48.1
* python312-doc-3.12.13-150600.3.48.1
* python312-debugsource-3.12.13-150600.3.48.1
* python312-tk-3.12.13-150600.3.48.1
* python312-debuginfo-3.12.13-150600.3.48.1
* python312-dbm-debuginfo-3.12.13-150600.3.48.1
* python312-tk-debuginfo-3.12.13-150600.3.48.1
* python312-curses-3.12.13-150600.3.48.1
* libpython3_12-1_0-debuginfo-3.12.13-150600.3.48.1
* python312-base-debuginfo-3.12.13-150600.3.48.1
* python312-core-debugsource-3.12.13-150600.3.48.1
* python312-3.12.13-150600.3.48.1
* openSUSE Leap 15.6 (x86_64)
* python312-32bit-3.12.13-150600.3.48.1
* libpython3_12-1_0-32bit-debuginfo-3.12.13-150600.3.48.1
* python312-base-32bit-debuginfo-3.12.13-150600.3.48.1
* python312-32bit-debuginfo-3.12.13-150600.3.48.1
* libpython3_12-1_0-32bit-3.12.13-150600.3.48.1
* python312-base-32bit-3.12.13-150600.3.48.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* python312-base-64bit-debuginfo-3.12.13-150600.3.48.1
* libpython3_12-1_0-64bit-debuginfo-3.12.13-150600.3.48.1
* python312-base-64bit-3.12.13-150600.3.48.1
* libpython3_12-1_0-64bit-3.12.13-150600.3.48.1
* python312-64bit-debuginfo-3.12.13-150600.3.48.1
* python312-64bit-3.12.13-150600.3.48.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* python312-curses-debuginfo-3.12.13-150600.3.48.1
* python312-base-3.12.13-150600.3.48.1
* python312-base-debuginfo-3.12.13-150600.3.48.1
* python312-debugsource-3.12.13-150600.3.48.1
* python312-idle-3.12.13-150600.3.48.1
* python312-tk-3.12.13-150600.3.48.1
* python312-devel-3.12.13-150600.3.48.1
* python312-debuginfo-3.12.13-150600.3.48.1
* python312-dbm-debuginfo-3.12.13-150600.3.48.1
* python312-tk-debuginfo-3.12.13-150600.3.48.1
* python312-tools-3.12.13-150600.3.48.1
* python312-core-debugsource-3.12.13-150600.3.48.1
* libpython3_12-1_0-3.12.13-150600.3.48.1
* python312-curses-3.12.13-150600.3.48.1
* libpython3_12-1_0-debuginfo-3.12.13-150600.3.48.1
* python312-3.12.13-150600.3.48.1
* python312-dbm-3.12.13-150600.3.48.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* python312-curses-debuginfo-3.12.13-150600.3.48.1
* python312-base-3.12.13-150600.3.48.1
* python312-base-debuginfo-3.12.13-150600.3.48.1
* python312-debugsource-3.12.13-150600.3.48.1
* python312-idle-3.12.13-150600.3.48.1
* python312-tk-3.12.13-150600.3.48.1
* python312-devel-3.12.13-150600.3.48.1
* python312-debuginfo-3.12.13-150600.3.48.1
* python312-dbm-debuginfo-3.12.13-150600.3.48.1
* python312-tk-debuginfo-3.12.13-150600.3.48.1
* python312-tools-3.12.13-150600.3.48.1
* python312-core-debugsource-3.12.13-150600.3.48.1
* libpython3_12-1_0-3.12.13-150600.3.48.1
* python312-curses-3.12.13-150600.3.48.1
* libpython3_12-1_0-debuginfo-3.12.13-150600.3.48.1
* python312-3.12.13-150600.3.48.1
* python312-dbm-3.12.13-150600.3.48.1

## References:

* https://www.suse.com/security/cve/CVE-2025-11468.html
* https://www.suse.com/security/cve/CVE-2025-12084.html
* https://www.suse.com/security/cve/CVE-2025-13836.html
* https://www.suse.com/security/cve/CVE-2025-13837.html
* https://www.suse.com/security/cve/CVE-2025-15282.html
* https://www.suse.com/security/cve/CVE-2025-6075.html
* https://www.suse.com/security/cve/CVE-2026-0672.html
* https://www.suse.com/security/cve/CVE-2026-0865.html
* https://www.suse.com/security/cve/CVE-2026-1299.html
* https://www.suse.com/security/cve/CVE-2026-2297.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252974
* https://bugzilla.suse.com/show_bug.cgi?id=1254400
* https://bugzilla.suse.com/show_bug.cgi?id=1254401
* https://bugzilla.suse.com/show_bug.cgi?id=1254997
* https://bugzilla.suse.com/show_bug.cgi?id=1257029
* https://bugzilla.suse.com/show_bug.cgi?id=1257031
* https://bugzilla.suse.com/show_bug.cgi?id=1257042
* https://bugzilla.suse.com/show_bug.cgi?id=1257046
* https://bugzilla.suse.com/show_bug.cgi?id=1257181
* https://bugzilla.suse.com/show_bug.cgi?id=1259240

SUSE-SU-2026:1096-1: important: Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 15 SP7)

# Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise
15 SP7)

Announcement ID: SUSE-SU-2026:1096-1
Release Date: 2026-03-27T04:04:40Z
Rating: important
References:

* bsc#1247240
* bsc#1255053
* bsc#1255378
* bsc#1255402
* bsc#1255895
* bsc#1256624
* bsc#1256644
* bsc#1257669

Cross-References:

* CVE-2025-38488
* CVE-2025-40258
* CVE-2025-40284
* CVE-2025-40297
* CVE-2025-68284
* CVE-2025-68285
* CVE-2025-68813
* CVE-2025-71085

CVSS scores:

* CVE-2025-38488 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38488 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38488 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40258 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40258 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40284 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40284 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40297 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40297 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68284 ( SUSE ): 7.0
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68284 ( SUSE ): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-68285 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68285 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68813 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68813 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71085 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71085 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Live Patching 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.16 fixes
various security issues

The following security issues were fixed:

* CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using
async crypto (bsc#1247240).
* CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work()
(bsc#1255053).
* CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed
(bsc#1257669).
* CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass
(bsc#1255895).
* CVE-2025-68284: libceph: prevent potential out-of-bounds writes in
handle_auth_session_key() (bsc#1255378).
* CVE-2025-68285: libceph: fix potential use-after-free in
have_mon_and_osd_map() (bsc#1255402).
* CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path
(bsc#1256644).
* CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of
calipso_skbuff_setattr() (bsc#1256624).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1096=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1096=1

* SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1103=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_15-debugsource-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-7-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_15-debugsource-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-7-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP7_Update_4-debugsource-7-150700.2.1
* kernel-livepatch-6_4_0-150700_53_16-default-7-150700.2.1
* kernel-livepatch-6_4_0-150700_53_16-default-debuginfo-7-150700.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38488.html
* https://www.suse.com/security/cve/CVE-2025-40258.html
* https://www.suse.com/security/cve/CVE-2025-40284.html
* https://www.suse.com/security/cve/CVE-2025-40297.html
* https://www.suse.com/security/cve/CVE-2025-68284.html
* https://www.suse.com/security/cve/CVE-2025-68285.html
* https://www.suse.com/security/cve/CVE-2025-68813.html
* https://www.suse.com/security/cve/CVE-2025-71085.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247240
* https://bugzilla.suse.com/show_bug.cgi?id=1255053
* https://bugzilla.suse.com/show_bug.cgi?id=1255378
* https://bugzilla.suse.com/show_bug.cgi?id=1255402
* https://bugzilla.suse.com/show_bug.cgi?id=1255895
* https://bugzilla.suse.com/show_bug.cgi?id=1256624
* https://bugzilla.suse.com/show_bug.cgi?id=1256644
* https://bugzilla.suse.com/show_bug.cgi?id=1257669

SUSE-SU-2026:1117-1: important: Security update for python311

# Security update for python311

Announcement ID: SUSE-SU-2026:1117-1
Release Date: 2026-03-27T11:34:37Z
Rating: important
References:

* bsc#1252974
* bsc#1254400
* bsc#1254401
* bsc#1254997
* bsc#1257029
* bsc#1257031
* bsc#1257042
* bsc#1257046
* bsc#1257181
* bsc#1259240

Cross-References:

* CVE-2025-11468
* CVE-2025-12084
* CVE-2025-13836
* CVE-2025-13837
* CVE-2025-15282
* CVE-2025-6075
* CVE-2026-0672
* CVE-2026-0865
* CVE-2026-1299
* CVE-2026-2297

CVSS scores:

* CVE-2025-11468 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-11468 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-11468 ( NVD ): 5.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-12084 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-12084 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-12084 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-12084 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-13836 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13836 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-13836 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13836 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-13837 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13837 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-13837 ( NVD ): 2.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13837 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-15282 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-15282 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-15282 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-6075 ( SUSE ): 1.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-6075 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-6075 ( NVD ): 1.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-6075 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-0672 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-0672 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-0672 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-0865 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-0865 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-0865 ( NVD ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-1299 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
* CVE-2026-1299 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-2297 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-2297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-2297 ( NVD ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.4
* Public Cloud Module 15-SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves 10 vulnerabilities can now be installed.

## Description:

This update for python311 fixes the following issues:

Update to python 3.11.15:

* CVE-2025-6075: quadratic complexity in os.path.expandvars() (bsc#1252974).
* CVE-2025-11468: header injection with carefully crafted inputs
(bsc#1257029).
* CVE-2025-12084: quadratic complexity in xml.minidom node ID cache clearing
(bsc#1254997).
* CVE-2025-13836: potential memory denial of service in the http.client module
(bsc#1254400).
* CVE-2025-13837: potential memory denial of service in the plistlib module
(bsc#1254401).
* CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers
(bsc#1257046).
* CVE-2026-0672: control characters in http.cookies.Morsel fields and values
(bsc#1257031).
* CVE-2026-0865: C0 control characters within wsgiref.headers.Headers fields,
values, and parameters (bsc#1257042).
* CVE-2026-1299: header injection when an email is serialized due to improper
newline quoting (bsc#1257181).
* CVE-2026-2297: validation bypass via incorrectly handled hook in FileLoader
(bsc#1259240).

Changelog:

* gh-144125: BytesGenerator will now refuse to serialize (write) headers that
are unsafely folded or delimited; see verify_generated_headers. (Contributed
by Bas Bloemsaat and Petr Viktorin in gh-121650) (bsc#1257181,
CVE-2026-1299).
* gh-143935: Fixed a bug in the folding of comments when flattening an email
message using a modern email policy. Comments consisting of a very long
sequence of non-foldable characters could trigger a forced line wrap that
omitted the required leading space on the continuation line, causing the
remainder of the comment to be interpreted as a new header field. This
enabled header injection with carefully crafted inputs (bsc#1257029
CVE-2025-11468).
* gh-143925: Reject control characters in data: URL media types (bsc#1257046,
CVE-2025-15282).
* gh-143919: Reject control characters in http.cookies.Morsel fields and
values (bsc#1257031, CVE-2026-0672).
* gh-143916: Reject C0 control characters within wsgiref.headers.Headers
fields, values, and parameters (bsc#1257042, CVE-2026-0865).
* gh-142145: Remove quadratic behavior in xml.minidom node ID cache clearing.
In order to do this without breaking existing users, we also add the
ownerDocument attribute to xml.dom.minidom elements and attributes created
by directly instantiating the Element or Attr class. Note that this way of
creating nodes is not supported; creator functions like
xml.dom.Document.documentElement() should be used instead (bsc#1254997,
CVE-2025-12084).
* gh-137836: Add support of the "plaintext" element, RAWTEXT elements "xmp",
"iframe", "noembed" and "noframes", and optionally RAWTEXT element
"noscript" in html.parser.HTMLParser.
* gh-136063: email.message: ensure linear complexity for legacy HTTP
parameters parsing. Patch by Bénédikt Tran.
* gh-136065: Fix quadratic complexity in os.path.expandvars() (bsc#1252974,
CVE-2025-6075).
* gh-119451: Fix a potential memory denial of service in the http.client
module. When connecting to a malicious server, it could cause an arbitrary
amount of memory to be allocated. This could have led to symptoms including
a MemoryError, swapping, out of memory (OOM) killed processes or containers,
or even system crashes (CVE-2025-13836, bsc#1254400).
* gh-119452: Fix a potential memory denial of service in the http.server
module. When a malicious user is connected to the CGI server on Windows, it
could cause an arbitrary amount of memory to be allocated. This could have
led to symptoms including a MemoryError, swapping, out of memory (OOM)
killed processes or containers, or even system crashes.
* gh-119342: Fix a potential memory denial of service in the plistlib module.
When reading a Plist file received from untrusted source, it could cause an
arbitrary amount of memory to be allocated. This could have led to symptoms
including a MemoryError, swapping, out of memory (OOM) killed processes or
containers, or even system crashes (bsc#1254401, CVE-2025-13837).
* Library
* gh-144833: Fixed a use-after-free in ssl when SSL_new() returns NULL in
newPySSLSocket(). The error was reported via a dangling pointer after the
object had already been freed.
* gh-144363: Update bundled libexpat to 2.7.4
* gh-90949: Add SetAllocTrackerActivationThreshold() and
SetAllocTrackerMaximumAmplification() to xmlparser objects to prevent use of
disproportional amounts of dynamic memory from within an Expat parser. Patch
by Bénédikt Tran.
* Core and Builtins
* gh-120384: Fix an array out of bounds crash in list_ass_subscript, which
could be invoked via some specificly tailored input: including concurrent
modification of a list object, where one thread assigns a slice and another
clears it.
* gh-120298: Fix use-after free in list_richcompare_impl which can be invoked
via some specificly tailored evil input.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1117=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1117=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1117=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1117=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1117=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1117=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1117=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1117=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1117=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1117=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python311-doc-devhelp-3.11.15-150400.9.80.1
* python311-curses-debuginfo-3.11.15-150400.9.80.1
* python311-core-debugsource-3.11.15-150400.9.80.1
* libpython3_11-1_0-3.11.15-150400.9.80.1
* python311-testsuite-debuginfo-3.11.15-150400.9.80.1
* python311-debuginfo-3.11.15-150400.9.80.1
* python311-idle-3.11.15-150400.9.80.1
* python311-doc-3.11.15-150400.9.80.1
* python311-3.11.15-150400.9.80.1
* python311-tk-3.11.15-150400.9.80.1
* python311-tools-3.11.15-150400.9.80.1
* libpython3_11-1_0-debuginfo-3.11.15-150400.9.80.1
* python311-debugsource-3.11.15-150400.9.80.1
* python311-testsuite-3.11.15-150400.9.80.1
* python311-curses-3.11.15-150400.9.80.1
* python311-base-debuginfo-3.11.15-150400.9.80.1
* python311-tk-debuginfo-3.11.15-150400.9.80.1
* python311-base-3.11.15-150400.9.80.1
* python311-devel-3.11.15-150400.9.80.1
* python311-dbm-debuginfo-3.11.15-150400.9.80.1
* python311-dbm-3.11.15-150400.9.80.1
* openSUSE Leap 15.4 (x86_64)
* libpython3_11-1_0-32bit-3.11.15-150400.9.80.1
* python311-base-32bit-debuginfo-3.11.15-150400.9.80.1
* python311-32bit-debuginfo-3.11.15-150400.9.80.1
* libpython3_11-1_0-32bit-debuginfo-3.11.15-150400.9.80.1
* python311-base-32bit-3.11.15-150400.9.80.1
* python311-32bit-3.11.15-150400.9.80.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* python311-base-64bit-debuginfo-3.11.15-150400.9.80.1
* libpython3_11-1_0-64bit-3.11.15-150400.9.80.1
* libpython3_11-1_0-64bit-debuginfo-3.11.15-150400.9.80.1
* python311-base-64bit-3.11.15-150400.9.80.1
* python311-64bit-debuginfo-3.11.15-150400.9.80.1
* python311-64bit-3.11.15-150400.9.80.1
* Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* python311-3.11.15-150400.9.80.1
* libpython3_11-1_0-3.11.15-150400.9.80.1
* python311-base-3.11.15-150400.9.80.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* python311-core-debugsource-3.11.15-150400.9.80.1
* python311-doc-devhelp-3.11.15-150400.9.80.1
* python311-curses-debuginfo-3.11.15-150400.9.80.1
* python311-3.11.15-150400.9.80.1
* libpython3_11-1_0-3.11.15-150400.9.80.1
* python311-tk-3.11.15-150400.9.80.1
* python311-devel-3.11.15-150400.9.80.1
* python311-debuginfo-3.11.15-150400.9.80.1
* python311-dbm-3.11.15-150400.9.80.1
* python311-tk-debuginfo-3.11.15-150400.9.80.1
* python311-tools-3.11.15-150400.9.80.1
* python311-idle-3.11.15-150400.9.80.1
* libpython3_11-1_0-debuginfo-3.11.15-150400.9.80.1
* python311-base-3.11.15-150400.9.80.1
* python311-debugsource-3.11.15-150400.9.80.1
* python311-curses-3.11.15-150400.9.80.1
* python311-dbm-debuginfo-3.11.15-150400.9.80.1
* python311-base-debuginfo-3.11.15-150400.9.80.1
* python311-doc-3.11.15-150400.9.80.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* python311-core-debugsource-3.11.15-150400.9.80.1
* python311-doc-devhelp-3.11.15-150400.9.80.1
* python311-curses-debuginfo-3.11.15-150400.9.80.1
* python311-3.11.15-150400.9.80.1
* libpython3_11-1_0-3.11.15-150400.9.80.1
* python311-tk-3.11.15-150400.9.80.1
* python311-devel-3.11.15-150400.9.80.1
* python311-debuginfo-3.11.15-150400.9.80.1
* python311-dbm-3.11.15-150400.9.80.1
* python311-tk-debuginfo-3.11.15-150400.9.80.1
* python311-tools-3.11.15-150400.9.80.1
* python311-idle-3.11.15-150400.9.80.1
* libpython3_11-1_0-debuginfo-3.11.15-150400.9.80.1
* python311-base-3.11.15-150400.9.80.1
* python311-debugsource-3.11.15-150400.9.80.1
* python311-curses-3.11.15-150400.9.80.1
* python311-dbm-debuginfo-3.11.15-150400.9.80.1
* python311-base-debuginfo-3.11.15-150400.9.80.1
* python311-doc-3.11.15-150400.9.80.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* python311-core-debugsource-3.11.15-150400.9.80.1
* python311-doc-devhelp-3.11.15-150400.9.80.1
* python311-curses-debuginfo-3.11.15-150400.9.80.1
* python311-3.11.15-150400.9.80.1
* libpython3_11-1_0-3.11.15-150400.9.80.1
* python311-tk-3.11.15-150400.9.80.1
* python311-devel-3.11.15-150400.9.80.1
* python311-debuginfo-3.11.15-150400.9.80.1
* python311-dbm-3.11.15-150400.9.80.1
* python311-tk-debuginfo-3.11.15-150400.9.80.1
* python311-tools-3.11.15-150400.9.80.1
* python311-idle-3.11.15-150400.9.80.1
* libpython3_11-1_0-debuginfo-3.11.15-150400.9.80.1
* python311-base-3.11.15-150400.9.80.1
* python311-debugsource-3.11.15-150400.9.80.1
* python311-curses-3.11.15-150400.9.80.1
* python311-dbm-debuginfo-3.11.15-150400.9.80.1
* python311-base-debuginfo-3.11.15-150400.9.80.1
* python311-doc-3.11.15-150400.9.80.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* python311-core-debugsource-3.11.15-150400.9.80.1
* python311-doc-devhelp-3.11.15-150400.9.80.1
* python311-curses-debuginfo-3.11.15-150400.9.80.1
* python311-3.11.15-150400.9.80.1
* libpython3_11-1_0-3.11.15-150400.9.80.1
* python311-tk-3.11.15-150400.9.80.1
* python311-devel-3.11.15-150400.9.80.1
* python311-debuginfo-3.11.15-150400.9.80.1
* python311-dbm-3.11.15-150400.9.80.1
* python311-tk-debuginfo-3.11.15-150400.9.80.1
* python311-tools-3.11.15-150400.9.80.1
* python311-idle-3.11.15-150400.9.80.1
* libpython3_11-1_0-debuginfo-3.11.15-150400.9.80.1
* python311-base-3.11.15-150400.9.80.1
* python311-debugsource-3.11.15-150400.9.80.1
* python311-curses-3.11.15-150400.9.80.1
* python311-dbm-debuginfo-3.11.15-150400.9.80.1
* python311-base-debuginfo-3.11.15-150400.9.80.1
* python311-doc-3.11.15-150400.9.80.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* python311-core-debugsource-3.11.15-150400.9.80.1
* python311-doc-devhelp-3.11.15-150400.9.80.1
* python311-curses-debuginfo-3.11.15-150400.9.80.1
* python311-3.11.15-150400.9.80.1
* libpython3_11-1_0-3.11.15-150400.9.80.1
* python311-tk-3.11.15-150400.9.80.1
* python311-devel-3.11.15-150400.9.80.1
* python311-debuginfo-3.11.15-150400.9.80.1
* python311-dbm-3.11.15-150400.9.80.1
* python311-tk-debuginfo-3.11.15-150400.9.80.1
* python311-tools-3.11.15-150400.9.80.1
* python311-idle-3.11.15-150400.9.80.1
* libpython3_11-1_0-debuginfo-3.11.15-150400.9.80.1
* python311-base-3.11.15-150400.9.80.1
* python311-debugsource-3.11.15-150400.9.80.1
* python311-curses-3.11.15-150400.9.80.1
* python311-dbm-debuginfo-3.11.15-150400.9.80.1
* python311-base-debuginfo-3.11.15-150400.9.80.1
* python311-doc-3.11.15-150400.9.80.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* python311-core-debugsource-3.11.15-150400.9.80.1
* python311-doc-devhelp-3.11.15-150400.9.80.1
* python311-curses-debuginfo-3.11.15-150400.9.80.1
* python311-3.11.15-150400.9.80.1
* libpython3_11-1_0-3.11.15-150400.9.80.1
* python311-tk-3.11.15-150400.9.80.1
* python311-devel-3.11.15-150400.9.80.1
* python311-debuginfo-3.11.15-150400.9.80.1
* python311-dbm-3.11.15-150400.9.80.1
* python311-tk-debuginfo-3.11.15-150400.9.80.1
* python311-tools-3.11.15-150400.9.80.1
* python311-idle-3.11.15-150400.9.80.1
* libpython3_11-1_0-debuginfo-3.11.15-150400.9.80.1
* python311-base-3.11.15-150400.9.80.1
* python311-debugsource-3.11.15-150400.9.80.1
* python311-curses-3.11.15-150400.9.80.1
* python311-dbm-debuginfo-3.11.15-150400.9.80.1
* python311-base-debuginfo-3.11.15-150400.9.80.1
* python311-doc-3.11.15-150400.9.80.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* python311-core-debugsource-3.11.15-150400.9.80.1
* python311-doc-devhelp-3.11.15-150400.9.80.1
* python311-curses-debuginfo-3.11.15-150400.9.80.1
* python311-3.11.15-150400.9.80.1
* libpython3_11-1_0-3.11.15-150400.9.80.1
* python311-tk-3.11.15-150400.9.80.1
* python311-devel-3.11.15-150400.9.80.1
* python311-debuginfo-3.11.15-150400.9.80.1
* python311-dbm-3.11.15-150400.9.80.1
* python311-tk-debuginfo-3.11.15-150400.9.80.1
* python311-tools-3.11.15-150400.9.80.1
* python311-idle-3.11.15-150400.9.80.1
* libpython3_11-1_0-debuginfo-3.11.15-150400.9.80.1
* python311-base-3.11.15-150400.9.80.1
* python311-debugsource-3.11.15-150400.9.80.1
* python311-curses-3.11.15-150400.9.80.1
* python311-dbm-debuginfo-3.11.15-150400.9.80.1
* python311-base-debuginfo-3.11.15-150400.9.80.1
* python311-doc-3.11.15-150400.9.80.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* python311-core-debugsource-3.11.15-150400.9.80.1
* python311-doc-devhelp-3.11.15-150400.9.80.1
* python311-curses-debuginfo-3.11.15-150400.9.80.1
* python311-3.11.15-150400.9.80.1
* libpython3_11-1_0-3.11.15-150400.9.80.1
* python311-tk-3.11.15-150400.9.80.1
* python311-devel-3.11.15-150400.9.80.1
* python311-debuginfo-3.11.15-150400.9.80.1
* python311-dbm-3.11.15-150400.9.80.1
* python311-tk-debuginfo-3.11.15-150400.9.80.1
* python311-tools-3.11.15-150400.9.80.1
* python311-idle-3.11.15-150400.9.80.1
* libpython3_11-1_0-debuginfo-3.11.15-150400.9.80.1
* python311-base-3.11.15-150400.9.80.1
* python311-debugsource-3.11.15-150400.9.80.1
* python311-curses-3.11.15-150400.9.80.1
* python311-dbm-debuginfo-3.11.15-150400.9.80.1
* python311-base-debuginfo-3.11.15-150400.9.80.1
* python311-doc-3.11.15-150400.9.80.1

## References:

* https://www.suse.com/security/cve/CVE-2025-11468.html
* https://www.suse.com/security/cve/CVE-2025-12084.html
* https://www.suse.com/security/cve/CVE-2025-13836.html
* https://www.suse.com/security/cve/CVE-2025-13837.html
* https://www.suse.com/security/cve/CVE-2025-15282.html
* https://www.suse.com/security/cve/CVE-2025-6075.html
* https://www.suse.com/security/cve/CVE-2026-0672.html
* https://www.suse.com/security/cve/CVE-2026-0865.html
* https://www.suse.com/security/cve/CVE-2026-1299.html
* https://www.suse.com/security/cve/CVE-2026-2297.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252974
* https://bugzilla.suse.com/show_bug.cgi?id=1254400
* https://bugzilla.suse.com/show_bug.cgi?id=1254401
* https://bugzilla.suse.com/show_bug.cgi?id=1254997
* https://bugzilla.suse.com/show_bug.cgi?id=1257029
* https://bugzilla.suse.com/show_bug.cgi?id=1257031
* https://bugzilla.suse.com/show_bug.cgi?id=1257042
* https://bugzilla.suse.com/show_bug.cgi?id=1257046
* https://bugzilla.suse.com/show_bug.cgi?id=1257181
* https://bugzilla.suse.com/show_bug.cgi?id=1259240

SUSE-SU-2026:1099-1: important: Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP7)

# Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise
15 SP7)

Announcement ID: SUSE-SU-2026:1099-1
Release Date: 2026-03-27T10:04:02Z
Rating: important
References:

* bsc#1255053
* bsc#1255378
* bsc#1255402
* bsc#1255895
* bsc#1256624
* bsc#1256644
* bsc#1257669

Cross-References:

* CVE-2025-40258
* CVE-2025-40284
* CVE-2025-40297
* CVE-2025-68284
* CVE-2025-68285
* CVE-2025-68813
* CVE-2025-71085

CVSS scores:

* CVE-2025-40258 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40258 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40284 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40284 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40297 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40297 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68284 ( SUSE ): 7.0
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68284 ( SUSE ): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-68285 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68285 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68813 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68813 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71085 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71085 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Live Patching 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.22 fixes
various security issues

The following security issues were fixed:

* CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work()
(bsc#1255053).
* CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed
(bsc#1257669).
* CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass
(bsc#1255895).
* CVE-2025-68284: libceph: prevent potential out-of-bounds writes in
handle_auth_session_key() (bsc#1255378).
* CVE-2025-68285: libceph: fix potential use-after-free in
have_mon_and_osd_map() (bsc#1255402).
* CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path
(bsc#1256644).
* CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of
calipso_skbuff_setattr() (bsc#1256624).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1097=1 SUSE-2026-1099=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1097=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2026-1099=1

* SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1104=1 SUSE-SLE-
Module-Live-Patching-15-SP7-2026-1114=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_73-default-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_16-debugsource-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-2-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_17-debugsource-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_73-default-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_16-debugsource-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-2-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_17-debugsource-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_78-default-2-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150700_53_19-default-4-150700.2.1
* kernel-livepatch-6_4_0-150700_53_19-default-debuginfo-4-150700.2.1
* kernel-livepatch-SLE15-SP7_Update_5-debugsource-4-150700.2.1
* kernel-livepatch-SLE15-SP7_Update_6-debugsource-2-150700.2.1
* kernel-livepatch-6_4_0-150700_53_22-default-2-150700.2.1
* kernel-livepatch-6_4_0-150700_53_22-default-debuginfo-2-150700.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-40258.html
* https://www.suse.com/security/cve/CVE-2025-40284.html
* https://www.suse.com/security/cve/CVE-2025-40297.html
* https://www.suse.com/security/cve/CVE-2025-68284.html
* https://www.suse.com/security/cve/CVE-2025-68285.html
* https://www.suse.com/security/cve/CVE-2025-68813.html
* https://www.suse.com/security/cve/CVE-2025-71085.html
* https://bugzilla.suse.com/show_bug.cgi?id=1255053
* https://bugzilla.suse.com/show_bug.cgi?id=1255378
* https://bugzilla.suse.com/show_bug.cgi?id=1255402
* https://bugzilla.suse.com/show_bug.cgi?id=1255895
* https://bugzilla.suse.com/show_bug.cgi?id=1256624
* https://bugzilla.suse.com/show_bug.cgi?id=1256644
* https://bugzilla.suse.com/show_bug.cgi?id=1257669

SUSE-SU-2026:1100-1: important: Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6)

# Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:1100-1
Release Date: 2026-03-26T23:08:13Z
Rating: important
References:

* bsc#1255053
* bsc#1255378
* bsc#1255402
* bsc#1255895
* bsc#1256624
* bsc#1256644

Cross-References:

* CVE-2025-40258
* CVE-2025-40297
* CVE-2025-68284
* CVE-2025-68285
* CVE-2025-68813
* CVE-2025-71085

CVSS scores:

* CVE-2025-40258 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40258 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40297 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40297 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68284 ( SUSE ): 7.0
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68284 ( SUSE ): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-68285 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68285 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68813 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68813 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71085 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71085 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.81 fixes
various security issues

The following security issues were fixed:

* CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work()
(bsc#1255053).
* CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass
(bsc#1255895).
* CVE-2025-68284: libceph: prevent potential out-of-bounds writes in
handle_auth_session_key() (bsc#1255378).
* CVE-2025-68285: libceph: fix potential use-after-free in
have_mon_and_osd_map() (bsc#1255402).
* CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path
(bsc#1256644).
* CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of
calipso_skbuff_setattr() (bsc#1256624).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1100=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1100=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-2-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_18-debugsource-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-2-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_18-debugsource-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_81-default-2-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-40258.html
* https://www.suse.com/security/cve/CVE-2025-40297.html
* https://www.suse.com/security/cve/CVE-2025-68284.html
* https://www.suse.com/security/cve/CVE-2025-68285.html
* https://www.suse.com/security/cve/CVE-2025-68813.html
* https://www.suse.com/security/cve/CVE-2025-71085.html
* https://bugzilla.suse.com/show_bug.cgi?id=1255053
* https://bugzilla.suse.com/show_bug.cgi?id=1255378
* https://bugzilla.suse.com/show_bug.cgi?id=1255402
* https://bugzilla.suse.com/show_bug.cgi?id=1255895
* https://bugzilla.suse.com/show_bug.cgi?id=1256624
* https://bugzilla.suse.com/show_bug.cgi?id=1256644

SUSE-SU-2026:1102-1: important: Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7)

# Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise
15 SP7)

Announcement ID: SUSE-SU-2026:1102-1
Release Date: 2026-03-27T08:05:21Z
Rating: important
References:

* bsc#1255378
* bsc#1255402
* bsc#1256624
* bsc#1256644

Cross-References:

* CVE-2025-68284
* CVE-2025-68285
* CVE-2025-68813
* CVE-2025-71085

CVSS scores:

* CVE-2025-68284 ( SUSE ): 7.0
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68284 ( SUSE ): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-68285 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68285 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68813 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68813 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71085 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71085 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Live Patching 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.28 fixes
various security issues

The following security issues were fixed:

* CVE-2025-68284: libceph: prevent potential out-of-bounds writes in
handle_auth_session_key() (bsc#1255378).
* CVE-2025-68285: libceph: fix potential use-after-free in
have_mon_and_osd_map() (bsc#1255402).
* CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path
(bsc#1256644).
* CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of
calipso_skbuff_setattr() (bsc#1256624).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1102=1

* SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1106=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1102=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_19-debugsource-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-2-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150700_53_28-default-debuginfo-2-150700.2.1
* kernel-livepatch-SLE15-SP7_Update_8-debugsource-2-150700.2.1
* kernel-livepatch-6_4_0-150700_53_28-default-2-150700.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_19-debugsource-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_84-default-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-2-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-68284.html
* https://www.suse.com/security/cve/CVE-2025-68285.html
* https://www.suse.com/security/cve/CVE-2025-68813.html
* https://www.suse.com/security/cve/CVE-2025-71085.html
* https://bugzilla.suse.com/show_bug.cgi?id=1255378
* https://bugzilla.suse.com/show_bug.cgi?id=1255402
* https://bugzilla.suse.com/show_bug.cgi?id=1256624
* https://bugzilla.suse.com/show_bug.cgi?id=1256644

SUSE-SU-2026:1126-1: important: Security update for MozillaFirefox

# Security update for MozillaFirefox

Announcement ID: SUSE-SU-2026:1126-1
Release Date: 2026-03-27T14:42:48Z
Rating: important
References:

* bsc#1260083

Cross-References:

* CVE-2025-59375
* CVE-2026-4684
* CVE-2026-4685
* CVE-2026-4686
* CVE-2026-4687
* CVE-2026-4688
* CVE-2026-4689
* CVE-2026-4690
* CVE-2026-4691
* CVE-2026-4692
* CVE-2026-4693
* CVE-2026-4694
* CVE-2026-4695
* CVE-2026-4696
* CVE-2026-4697
* CVE-2026-4698
* CVE-2026-4699
* CVE-2026-4700
* CVE-2026-4701
* CVE-2026-4702
* CVE-2026-4704
* CVE-2026-4705
* CVE-2026-4706
* CVE-2026-4707
* CVE-2026-4708
* CVE-2026-4709
* CVE-2026-4710
* CVE-2026-4711
* CVE-2026-4712
* CVE-2026-4713
* CVE-2026-4714
* CVE-2026-4715
* CVE-2026-4716
* CVE-2026-4717
* CVE-2026-4718
* CVE-2026-4719
* CVE-2026-4720
* CVE-2026-4721

CVSS scores:

* CVE-2025-59375 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-59375 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-59375 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4684 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4684 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4685 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4685 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4685 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4686 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4686 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4686 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4687 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4687 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
* CVE-2026-4687 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4688 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4688 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4688 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-4689 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4689 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-4689 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-4690 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4690 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
* CVE-2026-4690 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4691 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4691 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4691 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4692 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4692 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-4692 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4693 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4693 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4693 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4694 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4694 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4694 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4695 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4695 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4695 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4696 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4696 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4696 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4697 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4697 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4697 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4698 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4698 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4698 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4699 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4699 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4699 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4700 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-4700 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4700 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4701 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4701 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4701 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4702 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4702 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4702 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4704 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-4704 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4704 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4705 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4705 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4705 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4706 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4706 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4706 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4707 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4707 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4707 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4708 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4708 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4708 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4709 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4709 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4709 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4710 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4710 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4710 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4711 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4711 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4711 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4712 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-4712 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-4712 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-4713 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4713 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4713 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4714 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4714 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4714 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4715 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4715 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-4715 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-4716 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4716 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-4716 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-4717 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4717 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4717 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4718 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4718 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2026-4718 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2026-4719 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4719 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4719 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4720 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4720 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4721 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4721 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Desktop Applications Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves 38 vulnerabilities can now be installed.

## Description:

This update for MozillaFirefox fixes the following issues:

Update to Firefox 140.9.0 ESR (MFSA 2026-22, bsc#1260083):

* CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender
component
* CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D
component
* CVE-2026-4686: Incorrect boundary conditions in the Graphics: Canvas2D
component
* CVE-2026-4687: Sandbox escape due to incorrect boundary conditions in the
Telemetry component
* CVE-2026-4688: Sandbox escape due to use-after-free in the Disability Access
APIs component
* CVE-2026-4689: Sandbox escape due to incorrect boundary conditions, integer
overflow in the XPCOM component
* CVE-2026-4690: Sandbox escape due to incorrect boundary conditions, integer
overflow in the XPCOM component
* CVE-2026-4691: Use-after-free in the CSS Parsing and Computation component
* CVE-2026-4692: Sandbox escape in the Responsive Design Mode component
* CVE-2026-4693: Incorrect boundary conditions in the Audio/Video: Playback
component
* CVE-2026-4694: Incorrect boundary conditions, integer overflow in the
Graphics component
* CVE-2026-4695: Incorrect boundary conditions in the Audio/Video: Web Codecs
component
* CVE-2026-4696: Use-after-free in the Layout: Text and Fonts component
* CVE-2026-4697: Incorrect boundary conditions in the Audio/Video: Web Codecs
component
* CVE-2026-4698: JIT miscompilation in the JavaScript Engine: JIT component
* CVE-2026-4699: Incorrect boundary conditions in the Layout: Text and Fonts
component
* CVE-2026-4700: Mitigation bypass in the Networking: HTTP component
* CVE-2026-4701: Use-after-free in the JavaScript Engine component
* CVE-2026-4702: JIT miscompilation in the JavaScript Engine component
* CVE-2026-4704: Denial-of-service in the WebRTC: Signaling component
* CVE-2026-4705: Undefined behavior in the WebRTC: Signaling component
* CVE-2026-4706: Incorrect boundary conditions in the Graphics: Canvas2D
component
* CVE-2026-4707: Incorrect boundary conditions in the Graphics: Canvas2D
component
* CVE-2026-4708: Incorrect boundary conditions in the Graphics component
* CVE-2026-4709: Incorrect boundary conditions in the Audio/Video: GMP
component
* CVE-2026-4710: Incorrect boundary conditions in the Audio/Video component
* CVE-2026-4711: Use-after-free in the Widget: Cocoa component
* CVE-2026-4712: Information disclosure in the Widget: Cocoa component
* CVE-2026-4713: Incorrect boundary conditions in the Graphics component
* CVE-2026-4714: Incorrect boundary conditions in the Audio/Video component
* CVE-2026-4715: Uninitialized memory in the Graphics: Canvas2D component
* CVE-2026-4716: Incorrect boundary conditions, uninitialized memory in the
JavaScript Engine component
* CVE-2026-4717: Privilege escalation in the Netmonitor component
* CVE-2025-59375: Denial-of-service in the XML component
* CVE-2026-4718: Undefined behavior in the WebRTC: Signaling component
* CVE-2026-4719: Incorrect boundary conditions in the Graphics: Text component
* CVE-2026-4720: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird
ESR 140.9, Firefox 149 and Thunderbird 149
* CVE-2026-4721: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR
140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1126=1

* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1126=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1126=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1126=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1126=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1126=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1126=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1126=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1126=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1126=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1126=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1126=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-debuginfo-140.9.0-150200.152.225.1
* MozillaFirefox-translations-other-140.9.0-150200.152.225.1
* MozillaFirefox-branding-upstream-140.9.0-150200.152.225.1
* MozillaFirefox-140.9.0-150200.152.225.1
* MozillaFirefox-translations-common-140.9.0-150200.152.225.1
* MozillaFirefox-debugsource-140.9.0-150200.152.225.1
* openSUSE Leap 15.6 (noarch)
* MozillaFirefox-devel-140.9.0-150200.152.225.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-debuginfo-140.9.0-150200.152.225.1
* MozillaFirefox-translations-other-140.9.0-150200.152.225.1
* MozillaFirefox-140.9.0-150200.152.225.1
* MozillaFirefox-translations-common-140.9.0-150200.152.225.1
* MozillaFirefox-debugsource-140.9.0-150200.152.225.1
* Desktop Applications Module 15-SP7 (noarch)
* MozillaFirefox-devel-140.9.0-150200.152.225.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* MozillaFirefox-debuginfo-140.9.0-150200.152.225.1
* MozillaFirefox-translations-other-140.9.0-150200.152.225.1
* MozillaFirefox-140.9.0-150200.152.225.1
* MozillaFirefox-translations-common-140.9.0-150200.152.225.1
* MozillaFirefox-debugsource-140.9.0-150200.152.225.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* MozillaFirefox-devel-140.9.0-150200.152.225.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* MozillaFirefox-debuginfo-140.9.0-150200.152.225.1
* MozillaFirefox-translations-other-140.9.0-150200.152.225.1
* MozillaFirefox-140.9.0-150200.152.225.1
* MozillaFirefox-translations-common-140.9.0-150200.152.225.1
* MozillaFirefox-debugsource-140.9.0-150200.152.225.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* MozillaFirefox-devel-140.9.0-150200.152.225.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* MozillaFirefox-debuginfo-140.9.0-150200.152.225.1
* MozillaFirefox-translations-other-140.9.0-150200.152.225.1
* MozillaFirefox-140.9.0-150200.152.225.1
* MozillaFirefox-translations-common-140.9.0-150200.152.225.1
* MozillaFirefox-debugsource-140.9.0-150200.152.225.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* MozillaFirefox-devel-140.9.0-150200.152.225.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* MozillaFirefox-debuginfo-140.9.0-150200.152.225.1
* MozillaFirefox-translations-other-140.9.0-150200.152.225.1
* MozillaFirefox-140.9.0-150200.152.225.1
* MozillaFirefox-translations-common-140.9.0-150200.152.225.1
* MozillaFirefox-debugsource-140.9.0-150200.152.225.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* MozillaFirefox-devel-140.9.0-150200.152.225.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-debuginfo-140.9.0-150200.152.225.1
* MozillaFirefox-translations-other-140.9.0-150200.152.225.1
* MozillaFirefox-140.9.0-150200.152.225.1
* MozillaFirefox-translations-common-140.9.0-150200.152.225.1
* MozillaFirefox-debugsource-140.9.0-150200.152.225.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* MozillaFirefox-devel-140.9.0-150200.152.225.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-debuginfo-140.9.0-150200.152.225.1
* MozillaFirefox-translations-other-140.9.0-150200.152.225.1
* MozillaFirefox-140.9.0-150200.152.225.1
* MozillaFirefox-translations-common-140.9.0-150200.152.225.1
* MozillaFirefox-debugsource-140.9.0-150200.152.225.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* MozillaFirefox-devel-140.9.0-150200.152.225.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-debuginfo-140.9.0-150200.152.225.1
* MozillaFirefox-translations-other-140.9.0-150200.152.225.1
* MozillaFirefox-140.9.0-150200.152.225.1
* MozillaFirefox-translations-common-140.9.0-150200.152.225.1
* MozillaFirefox-debugsource-140.9.0-150200.152.225.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* MozillaFirefox-devel-140.9.0-150200.152.225.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* MozillaFirefox-debuginfo-140.9.0-150200.152.225.1
* MozillaFirefox-translations-other-140.9.0-150200.152.225.1
* MozillaFirefox-140.9.0-150200.152.225.1
* MozillaFirefox-translations-common-140.9.0-150200.152.225.1
* MozillaFirefox-debugsource-140.9.0-150200.152.225.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* MozillaFirefox-devel-140.9.0-150200.152.225.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* MozillaFirefox-debuginfo-140.9.0-150200.152.225.1
* MozillaFirefox-translations-other-140.9.0-150200.152.225.1
* MozillaFirefox-140.9.0-150200.152.225.1
* MozillaFirefox-translations-common-140.9.0-150200.152.225.1
* MozillaFirefox-debugsource-140.9.0-150200.152.225.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* MozillaFirefox-devel-140.9.0-150200.152.225.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* MozillaFirefox-debuginfo-140.9.0-150200.152.225.1
* MozillaFirefox-translations-other-140.9.0-150200.152.225.1
* MozillaFirefox-140.9.0-150200.152.225.1
* MozillaFirefox-translations-common-140.9.0-150200.152.225.1
* MozillaFirefox-debugsource-140.9.0-150200.152.225.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* MozillaFirefox-devel-140.9.0-150200.152.225.1

## References:

* https://www.suse.com/security/cve/CVE-2025-59375.html
* https://www.suse.com/security/cve/CVE-2026-4684.html
* https://www.suse.com/security/cve/CVE-2026-4685.html
* https://www.suse.com/security/cve/CVE-2026-4686.html
* https://www.suse.com/security/cve/CVE-2026-4687.html
* https://www.suse.com/security/cve/CVE-2026-4688.html
* https://www.suse.com/security/cve/CVE-2026-4689.html
* https://www.suse.com/security/cve/CVE-2026-4690.html
* https://www.suse.com/security/cve/CVE-2026-4691.html
* https://www.suse.com/security/cve/CVE-2026-4692.html
* https://www.suse.com/security/cve/CVE-2026-4693.html
* https://www.suse.com/security/cve/CVE-2026-4694.html
* https://www.suse.com/security/cve/CVE-2026-4695.html
* https://www.suse.com/security/cve/CVE-2026-4696.html
* https://www.suse.com/security/cve/CVE-2026-4697.html
* https://www.suse.com/security/cve/CVE-2026-4698.html
* https://www.suse.com/security/cve/CVE-2026-4699.html
* https://www.suse.com/security/cve/CVE-2026-4700.html
* https://www.suse.com/security/cve/CVE-2026-4701.html
* https://www.suse.com/security/cve/CVE-2026-4702.html
* https://www.suse.com/security/cve/CVE-2026-4704.html
* https://www.suse.com/security/cve/CVE-2026-4705.html
* https://www.suse.com/security/cve/CVE-2026-4706.html
* https://www.suse.com/security/cve/CVE-2026-4707.html
* https://www.suse.com/security/cve/CVE-2026-4708.html
* https://www.suse.com/security/cve/CVE-2026-4709.html
* https://www.suse.com/security/cve/CVE-2026-4710.html
* https://www.suse.com/security/cve/CVE-2026-4711.html
* https://www.suse.com/security/cve/CVE-2026-4712.html
* https://www.suse.com/security/cve/CVE-2026-4713.html
* https://www.suse.com/security/cve/CVE-2026-4714.html
* https://www.suse.com/security/cve/CVE-2026-4715.html
* https://www.suse.com/security/cve/CVE-2026-4716.html
* https://www.suse.com/security/cve/CVE-2026-4717.html
* https://www.suse.com/security/cve/CVE-2026-4718.html
* https://www.suse.com/security/cve/CVE-2026-4719.html
* https://www.suse.com/security/cve/CVE-2026-4720.html
* https://www.suse.com/security/cve/CVE-2026-4721.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260083

SUSE-SU-2026:1122-1: moderate: Security update for redis

# Security update for redis

Announcement ID: SUSE-SU-2026:1122-1
Release Date: 2026-03-27T14:21:13Z
Rating: moderate
References:

* bsc#1258706

Affected Products:

* openSUSE Leap 15.4

An update that has one security fix can now be installed.

## Description:

This update for redis fixes the following issue:

* a user can manipulate data read by a connection by injecting sequences into
a Redis error reply (bsc#1258706).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1122=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* redis-debuginfo-6.2.6-150400.3.43.1
* redis-debugsource-6.2.6-150400.3.43.1
* redis-6.2.6-150400.3.43.1

## References:

* https://bugzilla.suse.com/show_bug.cgi?id=1258706

SUSE-SU-2026:1125-1: important: Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 15 SP7)

# Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise
15 SP7)

Announcement ID: SUSE-SU-2026:1125-1
Release Date: 2026-03-27T14:36:32Z
Rating: important
References:

* bsc#1247240
* bsc#1255053
* bsc#1255378
* bsc#1255402
* bsc#1255895
* bsc#1256624
* bsc#1256644
* bsc#1257629
* bsc#1257669

Cross-References:

* CVE-2025-38159
* CVE-2025-38488
* CVE-2025-40258
* CVE-2025-40284
* CVE-2025-40297
* CVE-2025-68284
* CVE-2025-68285
* CVE-2025-68813
* CVE-2025-71085

CVSS scores:

* CVE-2025-38159 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38159 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-38488 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38488 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38488 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40258 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40258 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40284 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40284 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40297 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40297 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68284 ( SUSE ): 7.0
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68284 ( SUSE ): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-68285 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68285 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68813 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68813 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71085 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71085 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Live Patching 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves nine vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.51 fixes various
security issues

The following security issues were fixed:

* CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out
of bounds (bsc#1257629).
* CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using
async crypto (bsc#1247240).
* CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work()
(bsc#1255053).
* CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed
(bsc#1257669).
* CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass
(bsc#1255895).
* CVE-2025-68284: libceph: prevent potential out-of-bounds writes in
handle_auth_session_key() (bsc#1255378).
* CVE-2025-68285: libceph: fix potential use-after-free in
have_mon_and_osd_map() (bsc#1255402).
* CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path
(bsc#1256644).
* CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of
calipso_skbuff_setattr() (bsc#1256624).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1125=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1125=1

* SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1121=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-13-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-13-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150700_51-default-12-150700.3.33.1
* kernel-livepatch-6_4_0-150700_51-default-debuginfo-12-150700.3.33.1
* kernel-livepatch-SLE15-SP7_Update_0-debugsource-12-150700.3.33.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38159.html
* https://www.suse.com/security/cve/CVE-2025-38488.html
* https://www.suse.com/security/cve/CVE-2025-40258.html
* https://www.suse.com/security/cve/CVE-2025-40284.html
* https://www.suse.com/security/cve/CVE-2025-40297.html
* https://www.suse.com/security/cve/CVE-2025-68284.html
* https://www.suse.com/security/cve/CVE-2025-68285.html
* https://www.suse.com/security/cve/CVE-2025-68813.html
* https://www.suse.com/security/cve/CVE-2025-71085.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247240
* https://bugzilla.suse.com/show_bug.cgi?id=1255053
* https://bugzilla.suse.com/show_bug.cgi?id=1255378
* https://bugzilla.suse.com/show_bug.cgi?id=1255402
* https://bugzilla.suse.com/show_bug.cgi?id=1255895
* https://bugzilla.suse.com/show_bug.cgi?id=1256624
* https://bugzilla.suse.com/show_bug.cgi?id=1256644
* https://bugzilla.suse.com/show_bug.cgi?id=1257629
* https://bugzilla.suse.com/show_bug.cgi?id=1257669

SUSE-SU-2026:1129-1: important: Security update for freerdp

# Security update for freerdp

Announcement ID: SUSE-SU-2026:1129-1
Release Date: 2026-03-27T15:05:10Z
Rating: important
References:

* bsc#1258979
* bsc#1258982
* bsc#1258985
* bsc#1259653
* bsc#1259679
* bsc#1259686

Cross-References:

* CVE-2026-26271
* CVE-2026-26955
* CVE-2026-26965
* CVE-2026-31806
* CVE-2026-31883
* CVE-2026-31885

CVSS scores:

* CVE-2026-26271 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-26271 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-26955 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-26955 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-26955 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-26965 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-26965 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-26965 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-31806 ( SUSE ): 7.5
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31806 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-31806 ( NVD ): 9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-31806 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31883 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-31883 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-31883 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31883 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-31885 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-31885 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
* CVE-2026-31885 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-31885 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves six vulnerabilities can now be installed.

## Description:

This update for freerdp fixes the following issues:

* CVE-2026-26271: Buffer Overread in FreeRDP Icon Processing (bsc#1258979).
* CVE-2026-26955: Out-of-bounds Write in freerdp (bsc#1258982).
* CVE-2026-26965: Out-of-bounds Write in freerdp (bsc#1258985).
* CVE-2026-31806: improper validation of server messages can lead to a heap
buffer overflow and arbitrary code execution (bsc#1259653).
* CVE-2026-31883: crafted RDPSND audio format and wave data can cause a heap
buffer overflow write (bsc#1259679).
* CVE-2026-31885: unchecked predictor can lead to an out-of-bounds read
(bsc#1259686).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1129=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1129=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* freerdp-debuginfo-2.4.0-150400.3.47.1
* freerdp-proxy-debuginfo-2.4.0-150400.3.47.1
* freerdp-server-2.4.0-150400.3.47.1
* libuwac0-0-2.4.0-150400.3.47.1
* freerdp-wayland-2.4.0-150400.3.47.1
* libfreerdp2-2.4.0-150400.3.47.1
* libuwac0-0-debuginfo-2.4.0-150400.3.47.1
* freerdp-2.4.0-150400.3.47.1
* freerdp-server-debuginfo-2.4.0-150400.3.47.1
* freerdp-debugsource-2.4.0-150400.3.47.1
* libfreerdp2-debuginfo-2.4.0-150400.3.47.1
* libwinpr2-2.4.0-150400.3.47.1
* freerdp-wayland-debuginfo-2.4.0-150400.3.47.1
* winpr2-devel-2.4.0-150400.3.47.1
* uwac0-0-devel-2.4.0-150400.3.47.1
* libwinpr2-debuginfo-2.4.0-150400.3.47.1
* freerdp-proxy-2.4.0-150400.3.47.1
* freerdp-devel-2.4.0-150400.3.47.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x)
* freerdp-debuginfo-2.4.0-150400.3.47.1
* libfreerdp2-2.4.0-150400.3.47.1
* freerdp-debugsource-2.4.0-150400.3.47.1
* libwinpr2-2.4.0-150400.3.47.1
* libfreerdp2-debuginfo-2.4.0-150400.3.47.1
* libwinpr2-debuginfo-2.4.0-150400.3.47.1

## References:

* https://www.suse.com/security/cve/CVE-2026-26271.html
* https://www.suse.com/security/cve/CVE-2026-26955.html
* https://www.suse.com/security/cve/CVE-2026-26965.html
* https://www.suse.com/security/cve/CVE-2026-31806.html
* https://www.suse.com/security/cve/CVE-2026-31883.html
* https://www.suse.com/security/cve/CVE-2026-31885.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258979
* https://bugzilla.suse.com/show_bug.cgi?id=1258982
* https://bugzilla.suse.com/show_bug.cgi?id=1258985
* https://bugzilla.suse.com/show_bug.cgi?id=1259653
* https://bugzilla.suse.com/show_bug.cgi?id=1259679
* https://bugzilla.suse.com/show_bug.cgi?id=1259686

openSUSE-SU-2026:0104-1: important: Security update for glusterfs

openSUSE Security Update: Security update for glusterfs
_______________________________

Announcement ID: openSUSE-SU-2026:0104-1
Rating: important
References: #1208517 #1208519 #1210894 #1212476
Cross-References: CVE-2022-48340 CVE-2023-26253
CVSS scores:
CVE-2022-48340 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-26253 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that solves two vulnerabilities and has two fixes
is now available.

Description:

This update for glusterfs fixes the following issues:

- Update to release 11.2
* Next minor release tentative date: Release will be based on requirement
only
* Users are highly encouraged to upgrade to newer releases of GlusterFS.
* Important fixes in this release
- Regression suite tests failures are addressed
- Fixed notify stack-based buffer over-read (boo#1208519,
CVE-2023-26253)

- Update to release 11.1
* Fix upgrade issue by reverting posix change related to storage.reserve
value
* Fix possible data loss during rebalance if there is any linkfile on
the system

- Disable IO_uring for now [boo#1210894]

- Update to release 11 [boo#1208517] [boo#1208519]
* Major performance impovement of ~36% with rmdir operations
* Extension of ZFS support for snapshots
* Qouta implimentation based on namespace
* Major cleanups and readdir/readdirp improvements
* Fixed use-after-free in dht_setxattr_mds_cbk (CVE-2022-48340)

- Update to release 10.2
* Some 165 bugfixes with none particularly sticking out

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2026-104=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

glusterfs-11.2-bp156.4.3.1
glusterfs-devel-11.2-bp156.4.3.1
libgfapi0-11.2-bp156.4.3.1
libgfchangelog0-11.2-bp156.4.3.1
libgfrpc0-11.2-bp156.4.3.1
libgfxdr0-11.2-bp156.4.3.1
libglusterfs0-11.2-bp156.4.3.1

- openSUSE Backports SLE-15-SP6 (noarch):

python3-gluster-11.2-bp156.4.3.1

References:

https://www.suse.com/security/cve/CVE-2022-48340.html
https://www.suse.com/security/cve/CVE-2023-26253.html
https://bugzilla.suse.com/1208517
https://bugzilla.suse.com/1208519
https://bugzilla.suse.com/1210894
https://bugzilla.suse.com/1212476

openSUSE-SU-2026:0102-1: important: Security update for python-pydicom

openSUSE Security Update: Security update for python-pydicom
_______________________________

Announcement ID: openSUSE-SU-2026:0102-1
Rating: important
References: #1259973
Cross-References: CVE-2026-32711
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for python-pydicom fixes the following issues:

- CVE-2026-32711: path traversal in FileSet/DICOMDIR ReferencedFileID can
allow file access outside the File-set root (boo#1259973)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-102=1

Package List:

- openSUSE Backports SLE-15-SP7 (noarch):

python3-pydicom-2.3.1-bp157.2.3.1
python311-pydicom-2.3.1-bp157.2.3.1

References:

https://www.suse.com/security/cve/CVE-2026-32711.html
https://bugzilla.suse.com/1259973

openSUSE-SU-2026:0103-1: important: Security update for v2ray-core

openSUSE Security Update: Security update for v2ray-core
_______________________________

Announcement ID: openSUSE-SU-2026:0103-1
Rating: important
References: #1251404 #1260329
Cross-References: CVE-2025-47911 CVE-2026-33186
CVSS scores:
CVE-2025-47911 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CVE-2026-33186 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for v2ray-core fixes the following issues:

- Update version to 5.47.0
* Add sticky choice option for leastping
* Add support for enrollment links in tlsmirror
* Add Wireguard Outbound (unreleased)
* Add sticky choice option for leastping
* Generalize IP address parsing in TUN stack options
* Fix bugs

- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to
improper validation of the HTTP/2 :path pseudo-header (boo#1260329)

- Update version to 5.44.1
* uTLS: bundled library updated to v1.8.2 for Chrome120 imitation
profile identification
* Update golang toolchain to v1.25.6, which fixed an vulnerable
(tls.Config).Clone function
* Fix bugs

- Update version to 5.42.0
* Add TLSMirror bootstrap enrollment and self enrollment feature
* TLSMirror Inverse Role Request Tripper Enrollment Server Support

- CVE-2025-47911: v2ray-core: golang.org/x/net/html: various algorithms
with quadratic complexity when parsing HTML documents (boo#1251404)
* Update golang.org/x/net to 0.45.0 in vendor

- Update version to 5.38.0
* TLSMirror Connection Enrollment System
* Add TLSMirror Sequence Watermarking
* LSMirror developer preview protocol is now a part of mainline V2Ray
* proxy dns with NOTIMP error
* Add TLSMirror looks like TLS censorship resistant transport protocol
as a developer preview transport
* proxy dns with NOTIMP error
* fix false success from SOCKS server when Dispatch() fails
* HTTP inbound: Directly forward plain HTTP 1xx response header
* add a option to override domain used to query https record
* Fix bugs
* Update vendor

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-103=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

v2ray-core-5.47.0-bp157.2.6.1

- openSUSE Backports SLE-15-SP7 (noarch):

golang-github-v2fly-v2ray-core-5.47.0-bp157.2.6.1

References:

https://www.suse.com/security/cve/CVE-2025-47911.html
https://www.suse.com/security/cve/CVE-2026-33186.html
https://bugzilla.suse.com/1251404
https://bugzilla.suse.com/1260329

Opencryptoki, Nginx, Kernel, and more updates for Rocky Linux

Linux Kernel (IBM) update for Ubuntu 18.04 LTS

Python, Kea, Xen, and more updates for SUSE

SUSE-SU-2026:1090-1: important: Security update for python3

SUSE-SU-2026:1091-1: important: Security update for kea

SUSE-SU-2026:1094-1: important: Security update for python-deepdiff

SUSE-SU-2026:1092-1: important: Security update for xen

SUSE-SU-2026:1089-1: important: Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6)

openSUSE-SU-2026:0099-1: important: Security update for glusterfs

openSUSE-SU-2026:0098-1: important: Security update for python-nltk

openSUSE-SU-2026:0100-1: important: Security update for v2ray-core

SUSE-SU-2026:1105-1: important: Security update for containerd

SUSE-SU-2026:1098-1: important: Security update for cosign

SUSE-SU-2026:1107-1: important: Security update for python312

SUSE-SU-2026:1096-1: important: Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 15 SP7)

SUSE-SU-2026:1117-1: important: Security update for python311

SUSE-SU-2026:1099-1: important: Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP7)

SUSE-SU-2026:1100-1: important: Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6)

SUSE-SU-2026:1102-1: important: Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7)

SUSE-SU-2026:1126-1: important: Security update for MozillaFirefox

SUSE-SU-2026:1122-1: moderate: Security update for redis

SUSE-SU-2026:1125-1: important: Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 15 SP7)

SUSE-SU-2026:1129-1: important: Security update for freerdp

openSUSE-SU-2026:0104-1: important: Security update for glusterfs

openSUSE-SU-2026:0102-1: important: Security update for python-pydicom

openSUSE-SU-2026:0103-1: important: Security update for v2ray-core

Windows

Linux

macOS

Community