Python, Rust, Coresync, and more updates for SUSE

SUSE 5621 Published by

ew security advisories have been released for the SUSE Linux ecosystem covering both standard distributions and openSUSE platforms. These patches address vulnerabilities in critical software components like Python, Rust, and various Terraform providers with some rated as important while others are moderate or low priority. Specific tools like azure-storage-azcopy require immediate attention from administrators alongside library updates for python-jwcrypto.

SUSE-SU-2026:1376-1: important: Security update for python310
SUSE-SU-2026:1416-1: low: Security update for python-pyOpenSSL
SUSE-SU-2026:1415-1: moderate: Security update for rust1.93
SUSE-SU-2026:1411-1: important: Security update for terraform-provider-local, terraform-provider-random, terraform-provider-tls
openSUSE-SU-2026:0130-1: important: Security update for python-jwcrypto
SUSE-SU-2026:1394-1: important: Security update for corosync
SUSE-SU-2026:1388-1: moderate: Security update for libtpms
SUSE-SU-2026:1389-1: important: Security update for python-PyJWT
SUSE-SU-2026:1396-1: important: Security update for plexus-utils
SUSE-SU-2026:1395-1: important: Security update for azure-storage-azcopy
openSUSE-SU-2026:0129-1: important: Security update for python-jwcrypto
openSUSE-SU-2026:10554-1: moderate: python314-3.14.4-1.1 on GA media
openSUSE-SU-2026:10550-1: moderate: apache-pdfbox-2.0.36-1.1 on GA media
openSUSE-SU-2026:10555-1: moderate: libsdb2_4_2-6.1.4-1.1 on GA media




SUSE-SU-2026:1376-1: important: Security update for python310


# Security update for python310

Announcement ID: SUSE-SU-2026:1376-1
Release Date: 2026-04-15T19:07:00Z
Rating: important
References:

* bsc#1259611
* bsc#1259734
* bsc#1259735
* bsc#1259989
* bsc#1260026

Cross-References:

* CVE-2025-13462
* CVE-2026-3479
* CVE-2026-3644
* CVE-2026-4224
* CVE-2026-4519

CVSS scores:

* CVE-2025-13462 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-13462 ( NVD ): 2.0
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-3479 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-3479 ( NVD ): 0.0
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-3644 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-3644 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-4224 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4224 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-4519 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N
* CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N
* CVE-2026-4519 ( NVD ): 7.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves five vulnerabilities can now be installed.

## Description:

This update for python310 fixes the following issues:

* CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type
AREGTYPE are combined can lead to misinterpretation of tar archives
(bsc#1259611).
* CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()`
can lead to path traversal (bsc#1259989).
* CVE-2026-3644: incomplete control character validation in http.cookies can
lead to input validation bypass (bsc#1259734).
* CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to
C stack overflow (bsc#1259735).
* CVE-2026-4519: failure to sanitize leading dashes in URLs in the
`webbrowser.open()` API can lead to web browser command line option
injection (bsc#1260026).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1376=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1376=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1376=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1376=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1376=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1376=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python310-tk-debuginfo-3.10.20-150400.4.107.1
* libpython3_10-1_0-debuginfo-3.10.20-150400.4.107.1
* python310-testsuite-3.10.20-150400.4.107.1
* python310-doc-3.10.20-150400.4.107.1
* python310-base-3.10.20-150400.4.107.1
* python310-doc-devhelp-3.10.20-150400.4.107.1
* python310-dbm-debuginfo-3.10.20-150400.4.107.1
* python310-core-debugsource-3.10.20-150400.4.107.1
* python310-debuginfo-3.10.20-150400.4.107.1
* python310-curses-3.10.20-150400.4.107.1
* python310-tools-3.10.20-150400.4.107.1
* python310-idle-3.10.20-150400.4.107.1
* libpython3_10-1_0-3.10.20-150400.4.107.1
* python310-testsuite-debuginfo-3.10.20-150400.4.107.1
* python310-debugsource-3.10.20-150400.4.107.1
* python310-curses-debuginfo-3.10.20-150400.4.107.1
* python310-dbm-3.10.20-150400.4.107.1
* python310-base-debuginfo-3.10.20-150400.4.107.1
* python310-3.10.20-150400.4.107.1
* python310-tk-3.10.20-150400.4.107.1
* python310-devel-3.10.20-150400.4.107.1
* openSUSE Leap 15.4 (x86_64)
* python310-base-32bit-3.10.20-150400.4.107.1
* libpython3_10-1_0-32bit-3.10.20-150400.4.107.1
* python310-base-32bit-debuginfo-3.10.20-150400.4.107.1
* python310-32bit-3.10.20-150400.4.107.1
* libpython3_10-1_0-32bit-debuginfo-3.10.20-150400.4.107.1
* python310-32bit-debuginfo-3.10.20-150400.4.107.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* python310-64bit-debuginfo-3.10.20-150400.4.107.1
* python310-base-64bit-debuginfo-3.10.20-150400.4.107.1
* libpython3_10-1_0-64bit-debuginfo-3.10.20-150400.4.107.1
* python310-base-64bit-3.10.20-150400.4.107.1
* libpython3_10-1_0-64bit-3.10.20-150400.4.107.1
* python310-64bit-3.10.20-150400.4.107.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python310-tk-debuginfo-3.10.20-150400.4.107.1
* libpython3_10-1_0-debuginfo-3.10.20-150400.4.107.1
* python310-testsuite-3.10.20-150400.4.107.1
* python310-doc-3.10.20-150400.4.107.1
* python310-base-3.10.20-150400.4.107.1
* python310-doc-devhelp-3.10.20-150400.4.107.1
* python310-dbm-debuginfo-3.10.20-150400.4.107.1
* python310-core-debugsource-3.10.20-150400.4.107.1
* python310-debuginfo-3.10.20-150400.4.107.1
* python310-curses-3.10.20-150400.4.107.1
* python310-tools-3.10.20-150400.4.107.1
* python310-idle-3.10.20-150400.4.107.1
* libpython3_10-1_0-3.10.20-150400.4.107.1
* python310-testsuite-debuginfo-3.10.20-150400.4.107.1
* python310-debugsource-3.10.20-150400.4.107.1
* python310-base-debuginfo-3.10.20-150400.4.107.1
* python310-curses-debuginfo-3.10.20-150400.4.107.1
* python310-dbm-3.10.20-150400.4.107.1
* python310-3.10.20-150400.4.107.1
* python310-tk-3.10.20-150400.4.107.1
* python310-devel-3.10.20-150400.4.107.1
* openSUSE Leap 15.6 (x86_64)
* python310-base-32bit-3.10.20-150400.4.107.1
* libpython3_10-1_0-32bit-3.10.20-150400.4.107.1
* python310-base-32bit-debuginfo-3.10.20-150400.4.107.1
* python310-32bit-3.10.20-150400.4.107.1
* libpython3_10-1_0-32bit-debuginfo-3.10.20-150400.4.107.1
* python310-32bit-debuginfo-3.10.20-150400.4.107.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* python310-base-3.10.20-150400.4.107.1
* python310-dbm-debuginfo-3.10.20-150400.4.107.1
* python310-debugsource-3.10.20-150400.4.107.1
* python310-base-debuginfo-3.10.20-150400.4.107.1
* python310-core-debugsource-3.10.20-150400.4.107.1
* python310-curses-debuginfo-3.10.20-150400.4.107.1
* python310-dbm-3.10.20-150400.4.107.1
* python310-debuginfo-3.10.20-150400.4.107.1
* libpython3_10-1_0-3.10.20-150400.4.107.1
* python310-3.10.20-150400.4.107.1
* libpython3_10-1_0-debuginfo-3.10.20-150400.4.107.1
* python310-idle-3.10.20-150400.4.107.1
* python310-tk-debuginfo-3.10.20-150400.4.107.1
* python310-tools-3.10.20-150400.4.107.1
* python310-tk-3.10.20-150400.4.107.1
* python310-curses-3.10.20-150400.4.107.1
* python310-devel-3.10.20-150400.4.107.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* python310-base-3.10.20-150400.4.107.1
* python310-dbm-debuginfo-3.10.20-150400.4.107.1
* python310-debugsource-3.10.20-150400.4.107.1
* python310-base-debuginfo-3.10.20-150400.4.107.1
* python310-core-debugsource-3.10.20-150400.4.107.1
* python310-curses-debuginfo-3.10.20-150400.4.107.1
* python310-dbm-3.10.20-150400.4.107.1
* python310-debuginfo-3.10.20-150400.4.107.1
* libpython3_10-1_0-3.10.20-150400.4.107.1
* python310-3.10.20-150400.4.107.1
* libpython3_10-1_0-debuginfo-3.10.20-150400.4.107.1
* python310-idle-3.10.20-150400.4.107.1
* python310-tk-debuginfo-3.10.20-150400.4.107.1
* python310-tools-3.10.20-150400.4.107.1
* python310-tk-3.10.20-150400.4.107.1
* python310-curses-3.10.20-150400.4.107.1
* python310-devel-3.10.20-150400.4.107.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* python310-base-3.10.20-150400.4.107.1
* python310-dbm-debuginfo-3.10.20-150400.4.107.1
* python310-debugsource-3.10.20-150400.4.107.1
* python310-base-debuginfo-3.10.20-150400.4.107.1
* python310-core-debugsource-3.10.20-150400.4.107.1
* python310-curses-debuginfo-3.10.20-150400.4.107.1
* python310-dbm-3.10.20-150400.4.107.1
* python310-debuginfo-3.10.20-150400.4.107.1
* libpython3_10-1_0-3.10.20-150400.4.107.1
* python310-3.10.20-150400.4.107.1
* libpython3_10-1_0-debuginfo-3.10.20-150400.4.107.1
* python310-idle-3.10.20-150400.4.107.1
* python310-tk-debuginfo-3.10.20-150400.4.107.1
* python310-tools-3.10.20-150400.4.107.1
* python310-tk-3.10.20-150400.4.107.1
* python310-curses-3.10.20-150400.4.107.1
* python310-devel-3.10.20-150400.4.107.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* python310-base-3.10.20-150400.4.107.1
* python310-dbm-debuginfo-3.10.20-150400.4.107.1
* python310-debugsource-3.10.20-150400.4.107.1
* python310-base-debuginfo-3.10.20-150400.4.107.1
* python310-core-debugsource-3.10.20-150400.4.107.1
* python310-curses-debuginfo-3.10.20-150400.4.107.1
* python310-dbm-3.10.20-150400.4.107.1
* python310-debuginfo-3.10.20-150400.4.107.1
* libpython3_10-1_0-3.10.20-150400.4.107.1
* python310-3.10.20-150400.4.107.1
* libpython3_10-1_0-debuginfo-3.10.20-150400.4.107.1
* python310-idle-3.10.20-150400.4.107.1
* python310-tk-debuginfo-3.10.20-150400.4.107.1
* python310-tools-3.10.20-150400.4.107.1
* python310-tk-3.10.20-150400.4.107.1
* python310-curses-3.10.20-150400.4.107.1
* python310-devel-3.10.20-150400.4.107.1

## References:

* https://www.suse.com/security/cve/CVE-2025-13462.html
* https://www.suse.com/security/cve/CVE-2026-3479.html
* https://www.suse.com/security/cve/CVE-2026-3644.html
* https://www.suse.com/security/cve/CVE-2026-4224.html
* https://www.suse.com/security/cve/CVE-2026-4519.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259611
* https://bugzilla.suse.com/show_bug.cgi?id=1259734
* https://bugzilla.suse.com/show_bug.cgi?id=1259735
* https://bugzilla.suse.com/show_bug.cgi?id=1259989
* https://bugzilla.suse.com/show_bug.cgi?id=1260026



SUSE-SU-2026:1416-1: low: Security update for python-pyOpenSSL


# Security update for python-pyOpenSSL

Announcement ID: SUSE-SU-2026:1416-1
Release Date: 2026-04-16T15:36:01Z
Rating: low
References:

* bsc#1259804

Cross-References:

* CVE-2026-27448

CVSS scores:

* CVE-2026-27448 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-27448 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-27448 ( NVD ): 1.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-27448 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2

An update that solves one vulnerability can now be installed.

## Description:

This update for python-pyOpenSSL fixes the following issue:

* CVE-2026-27448: unhandled exception can result in connection not being
cancelled (bsc#1259804).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1416=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1416=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-1416=1

## Package List:

* SUSE Linux Enterprise Micro 5.2 (noarch)
* python3-pyOpenSSL-19.0.0-150300.3.3.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (noarch)
* python3-pyOpenSSL-19.0.0-150300.3.3.1
* openSUSE Leap 15.3 (noarch)
* python3-pyOpenSSL-19.0.0-150300.3.3.1
* python2-pyOpenSSL-19.0.0-150300.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-27448.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259804



SUSE-SU-2026:1415-1: moderate: Security update for rust1.93


# Security update for rust1.93

Announcement ID: SUSE-SU-2026:1415-1
Release Date: 2026-04-16T15:05:20Z
Rating: moderate
References:

* bsc#1253321
* bsc#1259623

Cross-References:

* CVE-2026-31812

CVSS scores:

* CVE-2026-31812 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-31812 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-31812 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* Development Tools Module 15-SP7
* openSUSE Leap 15.3
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for rust1.93 fixes the following issues:

Security issue:

* CVE-2026-31812: denial of service via crafted QUIC initial packet
(bsc#1259623).

Non security issue:

* Resolve missing gcc requirement that may affect some crate buildin
(bsc#1253321).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-1415=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1415=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1415=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* cargo1.93-1.93.0-150300.7.6.1
* rust1.93-debuginfo-1.93.0-150300.7.6.1
* cargo1.93-debuginfo-1.93.0-150300.7.6.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586 nosrc)
* rust1.93-1.93.0-150300.7.6.1
* openSUSE Leap 15.3 (noarch)
* rust1.93-src-1.93.0-150300.7.6.1
* openSUSE Leap 15.3 (nosrc)
* rust1.93-test-1.93.0-150300.7.6.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* cargo1.93-1.93.0-150300.7.6.1
* rust1.93-debuginfo-1.93.0-150300.7.6.1
* cargo1.93-debuginfo-1.93.0-150300.7.6.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc)
* rust1.93-1.93.0-150300.7.6.1
* openSUSE Leap 15.6 (noarch)
* rust1.93-src-1.93.0-150300.7.6.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* cargo1.93-1.93.0-150300.7.6.1
* rust1.93-debuginfo-1.93.0-150300.7.6.1
* cargo1.93-debuginfo-1.93.0-150300.7.6.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64 nosrc)
* rust1.93-1.93.0-150300.7.6.1
* Development Tools Module 15-SP7 (noarch)
* rust1.93-src-1.93.0-150300.7.6.1

## References:

* https://www.suse.com/security/cve/CVE-2026-31812.html
* https://bugzilla.suse.com/show_bug.cgi?id=1253321
* https://bugzilla.suse.com/show_bug.cgi?id=1259623



SUSE-SU-2026:1411-1: important: Security update for terraform-provider-local, terraform-provider-random, terraform-provider-tls


# Security update for terraform-provider-local, terraform-provider-random,
terraform-provider-tls

Announcement ID: SUSE-SU-2026:1411-1
Release Date: 2026-04-16T12:57:18Z
Rating: important
References:

* bsc#1258097
* bsc#1260218

Cross-References:

* CVE-2026-25934
* CVE-2026-33186

CVSS scores:

* CVE-2026-25934 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-25934 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2026-25934 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2026-25934 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2026-33186 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* openSUSE Leap 15.6
* Public Cloud Module 15-SP4
* Public Cloud Module 15-SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves two vulnerabilities can now be installed.

## Description:

This update for terraform-provider-local, terraform-provider-random, terraform-
provider-tls fixes the following issue:

* CVE-2026-25934: github.com/go-git/go-git/v5: improper verification of data
integrity values for `.pack` and `.idx` files can lead to the consumption of
corrupted files (bsc#1258097).
* CVE-2026-33186: google.golang.org/grpc: improper validation of the HTTP/2
`:path` pseudo-header can lead to authorization bypass (bsc#1260218).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1411=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1411=1

* Public Cloud Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2026-1411=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* terraform-provider-local-2.0.0-150200.6.8.1
* terraform-provider-null-3.0.0-150200.6.12.1
* terraform-provider-random-3.0.0-150200.6.6.2
* terraform-provider-tls-3.0.0-150200.5.6.2
* Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* terraform-provider-local-2.0.0-150200.6.8.1
* terraform-provider-null-3.0.0-150200.6.12.1
* terraform-provider-random-3.0.0-150200.6.6.2
* terraform-provider-tls-3.0.0-150200.5.6.2
* Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* terraform-provider-local-2.0.0-150200.6.8.1
* terraform-provider-null-3.0.0-150200.6.12.1
* terraform-provider-random-3.0.0-150200.6.6.2
* terraform-provider-tls-3.0.0-150200.5.6.2

## References:

* https://www.suse.com/security/cve/CVE-2026-25934.html
* https://www.suse.com/security/cve/CVE-2026-33186.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258097
* https://bugzilla.suse.com/show_bug.cgi?id=1260218



openSUSE-SU-2026:0130-1: important: Security update for python-jwcrypto


openSUSE Security Update: Security update for python-jwcrypto
_______________________________

Announcement ID: openSUSE-SU-2026:0130-1
Rating: important
References: #1209496 #1219837 #1221230 #1261802
Cross-References: CVE-2022-3102 CVE-2023-6681 CVE-2024-28102
CVE-2026-39373
CVSS scores:
CVE-2022-3102 (SUSE): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
CVE-2023-6681 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2024-28102 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
CVE-2026-39373 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for python-jwcrypto fixes the following issues:

- CVE-2022-3102: jwcrypto token substitution can lead to authentication
bypass (boo#1209496)
- CVE-2023-6681: denial of service Via specifically crafted JWE
(boo#1219837)
- CVE-2024-28102: malicious JWE token can cause denial of service
(boo#1221230)
- CVE-2026-39373: Memory exhaustion via crafted compressed JWE tokens
(boo#1261802)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2026-130=1

Package List:

- openSUSE Backports SLE-15-SP6 (noarch):

python3-jwcrypto-0.7-bp156.4.3.1

References:

https://www.suse.com/security/cve/CVE-2022-3102.html
https://www.suse.com/security/cve/CVE-2023-6681.html
https://www.suse.com/security/cve/CVE-2024-28102.html
https://www.suse.com/security/cve/CVE-2026-39373.html
https://bugzilla.suse.com/1209496
https://bugzilla.suse.com/1219837
https://bugzilla.suse.com/1221230
https://bugzilla.suse.com/1261802



SUSE-SU-2026:1394-1: important: Security update for corosync


# Security update for corosync

Announcement ID: SUSE-SU-2026:1394-1
Release Date: 2026-04-16T10:22:10Z
Rating: important
References:

* bsc#1261299
* bsc#1261300

Cross-References:

* CVE-2026-35091
* CVE-2026-35092

CVSS scores:

* CVE-2026-35091 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-35091 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-35091 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-35092 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-35092 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-35092 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Availability Extension 15 SP5
* SUSE Linux Enterprise High Availability Extension 15 SP6
* SUSE Linux Enterprise High Availability Extension 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves two vulnerabilities can now be installed.

## Description:

This update for corosync fixes the following issues:

* CVE-2026-35091: Denial of Service and information disclosure via crafted UDP
packet (bsc#1261299).
* CVE-2026-35092: Denial of Service via integer overflow in join message
validation (bsc#1261300).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-1394=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1394=1

* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2026-1394=1

* SUSE Linux Enterprise High Availability Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2026-1394=1

* SUSE Linux Enterprise High Availability Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-1394=1

* SUSE Linux Enterprise High Availability Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-HA-15-SP7-2026-1394=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* corosync-qnetd-debuginfo-2.4.6-150300.12.16.1
* libsam4-debuginfo-2.4.6-150300.12.16.1
* libsam4-2.4.6-150300.12.16.1
* libtotem_pg5-2.4.6-150300.12.16.1
* libcpg4-2.4.6-150300.12.16.1
* libvotequorum8-2.4.6-150300.12.16.1
* libcfg6-debuginfo-2.4.6-150300.12.16.1
* corosync-2.4.6-150300.12.16.1
* corosync-debugsource-2.4.6-150300.12.16.1
* corosync-qdevice-2.4.6-150300.12.16.1
* corosync-debuginfo-2.4.6-150300.12.16.1
* libcmap4-debuginfo-2.4.6-150300.12.16.1
* corosync-testagents-2.4.6-150300.12.16.1
* libtotem_pg5-debuginfo-2.4.6-150300.12.16.1
* corosync-qdevice-debuginfo-2.4.6-150300.12.16.1
* libcorosync-devel-2.4.6-150300.12.16.1
* corosync-qnetd-2.4.6-150300.12.16.1
* libcpg4-debuginfo-2.4.6-150300.12.16.1
* libcmap4-2.4.6-150300.12.16.1
* corosync-testagents-debuginfo-2.4.6-150300.12.16.1
* libquorum5-2.4.6-150300.12.16.1
* libvotequorum8-debuginfo-2.4.6-150300.12.16.1
* libcfg6-2.4.6-150300.12.16.1
* libcorosync_common4-debuginfo-2.4.6-150300.12.16.1
* libcorosync_common4-2.4.6-150300.12.16.1
* libquorum5-debuginfo-2.4.6-150300.12.16.1
* openSUSE Leap 15.3 (x86_64)
* libquorum5-32bit-debuginfo-2.4.6-150300.12.16.1
* libsam4-32bit-debuginfo-2.4.6-150300.12.16.1
* libsam4-32bit-2.4.6-150300.12.16.1
* libtotem_pg5-32bit-2.4.6-150300.12.16.1
* libcorosync_common4-32bit-debuginfo-2.4.6-150300.12.16.1
* libcorosync_common4-32bit-2.4.6-150300.12.16.1
* libcfg6-32bit-2.4.6-150300.12.16.1
* libcpg4-32bit-debuginfo-2.4.6-150300.12.16.1
* libquorum5-32bit-2.4.6-150300.12.16.1
* libcmap4-32bit-2.4.6-150300.12.16.1
* libcmap4-32bit-debuginfo-2.4.6-150300.12.16.1
* libtotem_pg5-32bit-debuginfo-2.4.6-150300.12.16.1
* libvotequorum8-32bit-2.4.6-150300.12.16.1
* libvotequorum8-32bit-debuginfo-2.4.6-150300.12.16.1
* libcfg6-32bit-debuginfo-2.4.6-150300.12.16.1
* libcpg4-32bit-2.4.6-150300.12.16.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* libcorosync_common4-64bit-2.4.6-150300.12.16.1
* libcpg4-64bit-2.4.6-150300.12.16.1
* libtotem_pg5-64bit-2.4.6-150300.12.16.1
* libtotem_pg5-64bit-debuginfo-2.4.6-150300.12.16.1
* libquorum5-64bit-debuginfo-2.4.6-150300.12.16.1
* libcfg6-64bit-debuginfo-2.4.6-150300.12.16.1
* libvotequorum8-64bit-debuginfo-2.4.6-150300.12.16.1
* libsam4-64bit-2.4.6-150300.12.16.1
* libcorosync_common4-64bit-debuginfo-2.4.6-150300.12.16.1
* libcpg4-64bit-debuginfo-2.4.6-150300.12.16.1
* libsam4-64bit-debuginfo-2.4.6-150300.12.16.1
* libvotequorum8-64bit-2.4.6-150300.12.16.1
* libquorum5-64bit-2.4.6-150300.12.16.1
* libcmap4-64bit-2.4.6-150300.12.16.1
* libcmap4-64bit-debuginfo-2.4.6-150300.12.16.1
* libcfg6-64bit-2.4.6-150300.12.16.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* corosync-qnetd-debuginfo-2.4.6-150300.12.16.1
* libsam4-debuginfo-2.4.6-150300.12.16.1
* libsam4-2.4.6-150300.12.16.1
* libtotem_pg5-2.4.6-150300.12.16.1
* libcpg4-2.4.6-150300.12.16.1
* libvotequorum8-2.4.6-150300.12.16.1
* libcfg6-debuginfo-2.4.6-150300.12.16.1
* corosync-2.4.6-150300.12.16.1
* corosync-debugsource-2.4.6-150300.12.16.1
* corosync-qdevice-2.4.6-150300.12.16.1
* corosync-debuginfo-2.4.6-150300.12.16.1
* libcmap4-debuginfo-2.4.6-150300.12.16.1
* corosync-testagents-2.4.6-150300.12.16.1
* libtotem_pg5-debuginfo-2.4.6-150300.12.16.1
* corosync-qdevice-debuginfo-2.4.6-150300.12.16.1
* libcorosync-devel-2.4.6-150300.12.16.1
* corosync-qnetd-2.4.6-150300.12.16.1
* libcpg4-debuginfo-2.4.6-150300.12.16.1
* libcmap4-2.4.6-150300.12.16.1
* corosync-testagents-debuginfo-2.4.6-150300.12.16.1
* libquorum5-2.4.6-150300.12.16.1
* libvotequorum8-debuginfo-2.4.6-150300.12.16.1
* libcfg6-2.4.6-150300.12.16.1
* libcorosync_common4-debuginfo-2.4.6-150300.12.16.1
* libcorosync_common4-2.4.6-150300.12.16.1
* libquorum5-debuginfo-2.4.6-150300.12.16.1
* openSUSE Leap 15.6 (x86_64)
* libquorum5-32bit-debuginfo-2.4.6-150300.12.16.1
* libsam4-32bit-debuginfo-2.4.6-150300.12.16.1
* libsam4-32bit-2.4.6-150300.12.16.1
* libtotem_pg5-32bit-2.4.6-150300.12.16.1
* libcorosync_common4-32bit-debuginfo-2.4.6-150300.12.16.1
* libcorosync_common4-32bit-2.4.6-150300.12.16.1
* libcfg6-32bit-2.4.6-150300.12.16.1
* libcpg4-32bit-debuginfo-2.4.6-150300.12.16.1
* libquorum5-32bit-2.4.6-150300.12.16.1
* libcmap4-32bit-2.4.6-150300.12.16.1
* libcmap4-32bit-debuginfo-2.4.6-150300.12.16.1
* libtotem_pg5-32bit-debuginfo-2.4.6-150300.12.16.1
* libvotequorum8-32bit-2.4.6-150300.12.16.1
* libvotequorum8-32bit-debuginfo-2.4.6-150300.12.16.1
* libcfg6-32bit-debuginfo-2.4.6-150300.12.16.1
* libcpg4-32bit-2.4.6-150300.12.16.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* corosync-qnetd-debuginfo-2.4.6-150300.12.16.1
* libsam4-debuginfo-2.4.6-150300.12.16.1
* libsam4-2.4.6-150300.12.16.1
* libtotem_pg5-2.4.6-150300.12.16.1
* libcpg4-2.4.6-150300.12.16.1
* libvotequorum8-2.4.6-150300.12.16.1
* libcfg6-debuginfo-2.4.6-150300.12.16.1
* corosync-2.4.6-150300.12.16.1
* corosync-debugsource-2.4.6-150300.12.16.1
* corosync-qdevice-2.4.6-150300.12.16.1
* corosync-debuginfo-2.4.6-150300.12.16.1
* libcmap4-debuginfo-2.4.6-150300.12.16.1
* corosync-testagents-2.4.6-150300.12.16.1
* libtotem_pg5-debuginfo-2.4.6-150300.12.16.1
* corosync-qdevice-debuginfo-2.4.6-150300.12.16.1
* libcorosync-devel-2.4.6-150300.12.16.1
* corosync-qnetd-2.4.6-150300.12.16.1
* libcpg4-debuginfo-2.4.6-150300.12.16.1
* libcmap4-2.4.6-150300.12.16.1
* corosync-testagents-debuginfo-2.4.6-150300.12.16.1
* libquorum5-2.4.6-150300.12.16.1
* libvotequorum8-debuginfo-2.4.6-150300.12.16.1
* libcfg6-2.4.6-150300.12.16.1
* libcorosync_common4-debuginfo-2.4.6-150300.12.16.1
* libcorosync_common4-2.4.6-150300.12.16.1
* libquorum5-debuginfo-2.4.6-150300.12.16.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le
s390x x86_64)
* corosync-qnetd-debuginfo-2.4.6-150300.12.16.1
* libsam4-debuginfo-2.4.6-150300.12.16.1
* libsam4-2.4.6-150300.12.16.1
* libtotem_pg5-2.4.6-150300.12.16.1
* libcpg4-2.4.6-150300.12.16.1
* libvotequorum8-2.4.6-150300.12.16.1
* libcfg6-debuginfo-2.4.6-150300.12.16.1
* corosync-2.4.6-150300.12.16.1
* corosync-debugsource-2.4.6-150300.12.16.1
* corosync-qdevice-2.4.6-150300.12.16.1
* corosync-debuginfo-2.4.6-150300.12.16.1
* libcmap4-debuginfo-2.4.6-150300.12.16.1
* corosync-testagents-2.4.6-150300.12.16.1
* libtotem_pg5-debuginfo-2.4.6-150300.12.16.1
* corosync-qdevice-debuginfo-2.4.6-150300.12.16.1
* libcorosync-devel-2.4.6-150300.12.16.1
* corosync-qnetd-2.4.6-150300.12.16.1
* libcpg4-debuginfo-2.4.6-150300.12.16.1
* libcmap4-2.4.6-150300.12.16.1
* corosync-testagents-debuginfo-2.4.6-150300.12.16.1
* libquorum5-2.4.6-150300.12.16.1
* libvotequorum8-debuginfo-2.4.6-150300.12.16.1
* libcfg6-2.4.6-150300.12.16.1
* libcorosync_common4-debuginfo-2.4.6-150300.12.16.1
* libcorosync_common4-2.4.6-150300.12.16.1
* libquorum5-debuginfo-2.4.6-150300.12.16.1
* SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le
s390x x86_64)
* corosync-qnetd-debuginfo-2.4.6-150300.12.16.1
* libsam4-debuginfo-2.4.6-150300.12.16.1
* libsam4-2.4.6-150300.12.16.1
* libtotem_pg5-2.4.6-150300.12.16.1
* libcpg4-2.4.6-150300.12.16.1
* libvotequorum8-2.4.6-150300.12.16.1
* libcfg6-debuginfo-2.4.6-150300.12.16.1
* corosync-2.4.6-150300.12.16.1
* corosync-debugsource-2.4.6-150300.12.16.1
* corosync-qdevice-2.4.6-150300.12.16.1
* corosync-debuginfo-2.4.6-150300.12.16.1
* libcmap4-debuginfo-2.4.6-150300.12.16.1
* corosync-testagents-2.4.6-150300.12.16.1
* libtotem_pg5-debuginfo-2.4.6-150300.12.16.1
* corosync-qdevice-debuginfo-2.4.6-150300.12.16.1
* libcorosync-devel-2.4.6-150300.12.16.1
* corosync-qnetd-2.4.6-150300.12.16.1
* libcpg4-debuginfo-2.4.6-150300.12.16.1
* libcmap4-2.4.6-150300.12.16.1
* corosync-testagents-debuginfo-2.4.6-150300.12.16.1
* libquorum5-2.4.6-150300.12.16.1
* libvotequorum8-debuginfo-2.4.6-150300.12.16.1
* libcfg6-2.4.6-150300.12.16.1
* libcorosync_common4-debuginfo-2.4.6-150300.12.16.1
* libcorosync_common4-2.4.6-150300.12.16.1
* libquorum5-debuginfo-2.4.6-150300.12.16.1
* SUSE Linux Enterprise High Availability Extension 15 SP7 (aarch64 ppc64le
s390x x86_64)
* corosync-qnetd-debuginfo-2.4.6-150300.12.16.1
* libsam4-debuginfo-2.4.6-150300.12.16.1
* libsam4-2.4.6-150300.12.16.1
* libtotem_pg5-2.4.6-150300.12.16.1
* libcpg4-2.4.6-150300.12.16.1
* libvotequorum8-2.4.6-150300.12.16.1
* libcfg6-debuginfo-2.4.6-150300.12.16.1
* corosync-2.4.6-150300.12.16.1
* corosync-debugsource-2.4.6-150300.12.16.1
* corosync-qdevice-2.4.6-150300.12.16.1
* corosync-debuginfo-2.4.6-150300.12.16.1
* libcmap4-debuginfo-2.4.6-150300.12.16.1
* corosync-testagents-2.4.6-150300.12.16.1
* libtotem_pg5-debuginfo-2.4.6-150300.12.16.1
* corosync-qdevice-debuginfo-2.4.6-150300.12.16.1
* libcorosync-devel-2.4.6-150300.12.16.1
* corosync-qnetd-2.4.6-150300.12.16.1
* libcpg4-debuginfo-2.4.6-150300.12.16.1
* libcmap4-2.4.6-150300.12.16.1
* corosync-testagents-debuginfo-2.4.6-150300.12.16.1
* libquorum5-2.4.6-150300.12.16.1
* libvotequorum8-debuginfo-2.4.6-150300.12.16.1
* libcfg6-2.4.6-150300.12.16.1
* libcorosync_common4-debuginfo-2.4.6-150300.12.16.1
* libcorosync_common4-2.4.6-150300.12.16.1
* libquorum5-debuginfo-2.4.6-150300.12.16.1

## References:

* https://www.suse.com/security/cve/CVE-2026-35091.html
* https://www.suse.com/security/cve/CVE-2026-35092.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261299
* https://bugzilla.suse.com/show_bug.cgi?id=1261300



SUSE-SU-2026:1388-1: moderate: Security update for libtpms


# Security update for libtpms

Announcement ID: SUSE-SU-2026:1388-1
Release Date: 2026-04-16T09:18:28Z
Rating: moderate
References:

* bsc#1244528

Cross-References:

* CVE-2025-49133

CVSS scores:

* CVE-2025-49133 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
* CVE-2025-49133 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
* CVE-2025-49133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* Server Applications Module 15-SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for libtpms fixes the following issues:

* CVE-2025-49133: Fixed potential out of bounds (OOB) read vulnerability
(bsc#1244528)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1388=1 SUSE-2026-1388=1

* Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1388=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libtpms-debugsource-0.9.6-150600.3.3.1
* libtpms-devel-0.9.6-150600.3.3.1
* libtpms0-debuginfo-0.9.6-150600.3.3.1
* libtpms0-0.9.6-150600.3.3.1
* Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libtpms-debugsource-0.9.6-150600.3.3.1
* libtpms-devel-0.9.6-150600.3.3.1
* libtpms0-debuginfo-0.9.6-150600.3.3.1
* libtpms0-0.9.6-150600.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2025-49133.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244528



SUSE-SU-2026:1389-1: important: Security update for python-PyJWT


# Security update for python-PyJWT

Announcement ID: SUSE-SU-2026:1389-1
Release Date: 2026-04-16T09:20:00Z
Rating: important
References:

* bsc#1259616

Cross-References:

* CVE-2026-32597

CVSS scores:

* CVE-2026-32597 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-32597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-32597 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6
* Public Cloud Module 15-SP4
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for python-PyJWT fixes the following issues:

* CVE-2026-32597: Fixed unknown `crit` header extensions accepts
(bsc#1259616).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1389=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1389=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1389=1

* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1389=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1389=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1389=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1389=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1389=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1389=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1389=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1389=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1389=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1389=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1389=1

## Package List:

* openSUSE Leap 15.4 (noarch)
* python311-PyJWT-2.8.0-150400.8.10.1
* openSUSE Leap 15.6 (noarch)
* python311-PyJWT-2.8.0-150400.8.10.1
* Public Cloud Module 15-SP4 (noarch)
* python311-PyJWT-2.8.0-150400.8.10.1
* Python 3 Module 15-SP7 (noarch)
* python311-PyJWT-2.8.0-150400.8.10.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* python311-PyJWT-2.8.0-150400.8.10.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* python311-PyJWT-2.8.0-150400.8.10.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* python311-PyJWT-2.8.0-150400.8.10.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* python311-PyJWT-2.8.0-150400.8.10.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* python311-PyJWT-2.8.0-150400.8.10.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* python311-PyJWT-2.8.0-150400.8.10.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* python311-PyJWT-2.8.0-150400.8.10.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* python311-PyJWT-2.8.0-150400.8.10.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* python311-PyJWT-2.8.0-150400.8.10.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* python311-PyJWT-2.8.0-150400.8.10.1

## References:

* https://www.suse.com/security/cve/CVE-2026-32597.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259616



SUSE-SU-2026:1396-1: important: Security update for plexus-utils


# Security update for plexus-utils

Announcement ID: SUSE-SU-2026:1396-1
Release Date: 2026-04-16T10:35:20Z
Rating: important
References:

* bsc#1260588

Cross-References:

* CVE-2025-67030

CVSS scores:

* CVE-2025-67030 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-67030 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-67030 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-67030 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for plexus-utils fixes the following issue:

Security fixes:

* CVE-2025-67030: directory traversal via the `extractFile` method of
`org.codehaus.plexus.util.Expand` (bsc#1260588).

Update to version 4.0.2:

* Bug Fixes
* Specify /D for cmd.exe to bypass the Command Processor Autorun folder
* Dependency updates
* Bump org.codehaus.plexus:plexus from 17 to 18
* Bump org.codehaus.plexus:plexus-xml from 3.0.0 to 3.0.1

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1396=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1396=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1396=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1396=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1396=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1396=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1396=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1396=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1396=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1396=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1396=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1396=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* plexus-utils-4.0.2-150200.3.14.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* plexus-utils-4.0.2-150200.3.14.1
* openSUSE Leap 15.6 (noarch)
* plexus-utils-4.0.2-150200.3.14.1
* plexus-utils-javadoc-4.0.2-150200.3.14.1
* Development Tools Module 15-SP7 (noarch)
* plexus-utils-4.0.2-150200.3.14.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* plexus-utils-4.0.2-150200.3.14.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* plexus-utils-4.0.2-150200.3.14.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* plexus-utils-4.0.2-150200.3.14.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* plexus-utils-4.0.2-150200.3.14.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* plexus-utils-4.0.2-150200.3.14.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* plexus-utils-4.0.2-150200.3.14.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* plexus-utils-4.0.2-150200.3.14.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* plexus-utils-4.0.2-150200.3.14.1

## References:

* https://www.suse.com/security/cve/CVE-2025-67030.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260588



SUSE-SU-2026:1395-1: important: Security update for azure-storage-azcopy


# Security update for azure-storage-azcopy

Announcement ID: SUSE-SU-2026:1395-1
Release Date: 2026-04-16T10:27:27Z
Rating: important
References:

* bsc#1260307

Cross-References:

* CVE-2026-33186

CVSS scores:

* CVE-2026-33186 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* openSUSE Leap 15.4
* Public Cloud Module 15-SP4
* Public Cloud Module 15-SP5
* Public Cloud Module 15-SP6
* Public Cloud Module 15-SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for azure-storage-azcopy fixes the following issues:

* CVE-2026-33186: Authorization bypass in grpc-go due to improper validation
of the HTTP/2 `:path` pseudo-header (bsc#1260307).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1395=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1395=1

* Public Cloud Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2026-1395=1

* Public Cloud Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2026-1395=1

* Public Cloud Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2026-1395=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
* azure-storage-azcopy-10.29.1-150400.9.6.1
* Public Cloud Module 15-SP4 (aarch64 ppc64le x86_64)
* azure-storage-azcopy-10.29.1-150400.9.6.1
* Public Cloud Module 15-SP5 (aarch64 ppc64le x86_64)
* azure-storage-azcopy-10.29.1-150400.9.6.1
* Public Cloud Module 15-SP6 (aarch64 ppc64le x86_64)
* azure-storage-azcopy-10.29.1-150400.9.6.1
* Public Cloud Module 15-SP7 (aarch64 ppc64le x86_64)
* azure-storage-azcopy-10.29.1-150400.9.6.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33186.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260307



openSUSE-SU-2026:0129-1: important: Security update for python-jwcrypto


openSUSE Security Update: Security update for python-jwcrypto
_______________________________

Announcement ID: openSUSE-SU-2026:0129-1
Rating: important
References: #1209496 #1219837 #1221230 #1261802
Cross-References: CVE-2022-3102 CVE-2023-6681 CVE-2024-28102
CVE-2026-39373
CVSS scores:
CVE-2022-3102 (SUSE): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
CVE-2023-6681 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2024-28102 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
CVE-2026-39373 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for python-jwcrypto fixes the following issues:

- CVE-2022-3102: jwcrypto token substitution can lead to authentication
bypass (boo#1209496)
- CVE-2023-6681: denial of service Via specifically crafted JWE
(boo#1219837)
- CVE-2024-28102: malicious JWE token can cause denial of service
(boo#1221230)
- CVE-2026-39373: Memory exhaustion via crafted compressed JWE tokens
(boo#1261802)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-129=1

Package List:

- openSUSE Backports SLE-15-SP7 (noarch):

python3-jwcrypto-0.7-bp157.2.3.1

References:

https://www.suse.com/security/cve/CVE-2022-3102.html
https://www.suse.com/security/cve/CVE-2023-6681.html
https://www.suse.com/security/cve/CVE-2024-28102.html
https://www.suse.com/security/cve/CVE-2026-39373.html
https://bugzilla.suse.com/1209496
https://bugzilla.suse.com/1219837
https://bugzilla.suse.com/1221230
https://bugzilla.suse.com/1261802



openSUSE-SU-2026:10554-1: moderate: python314-3.14.4-1.1 on GA media


# python314-3.14.4-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10554-1
Rating: moderate

Cross-References:

* CVE-2026-3479

CVSS scores:

* CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-3479 ( SUSE ): 2 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python314-3.14.4-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python314 3.14.4-1.1
* python314-32bit 3.14.4-1.1
* python314-curses 3.14.4-1.1
* python314-dbm 3.14.4-1.1
* python314-idle 3.14.4-1.1
* python314-tk 3.14.4-1.1
* python314-x86-64-v3 3.14.4-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-3479.html



openSUSE-SU-2026:10550-1: moderate: apache-pdfbox-2.0.36-1.1 on GA media


# apache-pdfbox-2.0.36-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10550-1
Rating: moderate

Cross-References:

* CVE-2026-3392
* CVE-2026-33929

CVSS scores:

* CVE-2026-33929 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the apache-pdfbox-2.0.36-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* apache-pdfbox 2.0.36-1.1
* apache-pdfbox-javadoc 2.0.36-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-3392.html
* https://www.suse.com/security/cve/CVE-2026-33929.html



openSUSE-SU-2026:10555-1: moderate: libsdb2_4_2-6.1.4-1.1 on GA media


# libsdb2_4_2-6.1.4-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10555-1
Rating: moderate

Cross-References:

* CVE-2026-40499

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libsdb2_4_2-6.1.4-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libsdb2_4_2 6.1.4-1.1
* radare2 6.1.4-1.1
* radare2-devel 6.1.4-1.1
* radare2-zsh-completion 6.1.4-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-40499.html


LibXML2 update for Slackware

Kernel, .NET, Rack, ESAPI, oFono updates for Ubuntu

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...