Python-Jupyterlab, Tor, Trivy, and more updates for SUSE Linux

SUSE 5646 Published by

SUSE recently pushed out a series of security patches that tackle numerous flaws across its enterprise and community Linux distributions. These updates hit major applications including the Linux kernel, Tor, Python modules, and Mesa graphics drivers while resolving dangerous problems like memory corruption, path traversal exploits, and denial of service attacks. System administrators should deploy the fixes quickly through zypper or YaST on any affected SUSE Linux Enterprise or openSUSE Leap installation. Delaying this rollout leaves networks exposed to the remote vulnerabilities that attackers could easily exploit.

openSUSE-SU-2026:0165-1: important: Security update for python-jupyterlab
openSUSE-SU-2026:0164-1: critical: Security update for tor
openSUSE-SU-2026:20720-1: moderate: Security update for trivy
openSUSE-SU-2026:20717-1: important: Security update for raylib
SUSE-SU-2026:1819-1: important: Security update for python-Mako
SUSE-SU-2026:1821-1: moderate: Security update for NetworkManager
SUSE-SU-2026:1827-1: important: Security update for dnsmasq
SUSE-SU-2026:1818-1: important: Security update for python39
SUSE-SU-2026:1816-1: moderate: Security update for krb5
SUSE-SU-2026:1835-1: moderate: Security update for Mesa
SUSE-SU-2026:1839-1: moderate: Security update for Mesa
SUSE-SU-2026:1840-1: important: Security update for the Linux Kernel
openSUSE-SU-2026:10748-1: moderate: jupyter-jupyterlab-4.5.7-1.1 on GA media
openSUSE-SU-2026:10752-1: moderate: OpenImageIO-3.1.13.1-2.1 on GA media
openSUSE-SU-2026:10751-1: moderate: libvinylapi3-9.0.0-1.1 on GA media
SUSE-SU-2026:1840-2: important: Security update for the Linux Kernel
SUSE-SU-2026:1842-1: important: Security update for python-Pillow




openSUSE-SU-2026:0165-1: important: Security update for python-jupyterlab


openSUSE Security Update: Security update for python-jupyterlab
_______________________________

Announcement ID: openSUSE-SU-2026:0165-1
Rating: important
References: #1264348
Cross-References: CVE-2026-40171
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for python-jupyterlab fixes the following issues:

- CVE-2026-40171: Fixed a one-click authentication token theft via command
linker attributes chained with help command (boo#1264348)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-165=1

Package List:

- openSUSE Backports SLE-15-SP7 (noarch):

jupyter-jupyterlab-2.2.10-bp157.3.3.1
python3-jupyterlab-2.2.10-bp157.3.3.1

References:

https://www.suse.com/security/cve/CVE-2026-40171.html
https://bugzilla.suse.com/1264348



openSUSE-SU-2026:0164-1: critical: Security update for tor


openSUSE Security Update: Security update for tor
_______________________________

Announcement ID: openSUSE-SU-2026:0164-1
Rating: critical
References: #1264341 #1264342 #1264343 #1264344 #1264345
#1264346
Cross-References: CVE-2026-44597 CVE-2026-44599 CVE-2026-44600
CVE-2026-44601 CVE-2026-44602 CVE-2026-44603

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes 6 vulnerabilities is now available.

Description:

This update for tor fixes the following issues:

- Update to 0.4.9.8
* Fix out-of-bounds read (boo#1264341, CVE-2026-44597, TROVE-2026-011)
* Do not attempt or accept BEGIN_DIR via conflux legs (boo#1264342,
CVE-2026-44599,TROVE-2026-008)
* Adjust conflux out-of-order queue accounting when clearing a queue
(boo#1264343, CVE-2026-44600, TROVE-2026-010)
* Fix a client-side crash caused by double-close of a circuit while
under circuit queue memory pressure (boo#1264344, CVE-2026-44601,
TROVE-2026-009)
* Fix null pointer dereference when receiving a CERT cell out of
order (boo#1264345, CVE-2026-44602, TROVE-2026-006)
* Fix off-by-one out-of-bounds read if a malformed BEGIN cell is
received (boo#1264346, CVE-2026-44603, TROVE-2026-007)

- upate to 0.4.9.5:
* first stable release in the 0.4.9 series
* introduces a new circuit-level encryption design for better client
security
* introduce a more scalable way for large relay operators to annotate
which relays they run so clients can avoid using too many of them in a
single circuit

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-164=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64):

tor-0.4.9.8-bp157.2.9.1

References:

https://www.suse.com/security/cve/CVE-2026-44597.html
https://www.suse.com/security/cve/CVE-2026-44599.html
https://www.suse.com/security/cve/CVE-2026-44600.html
https://www.suse.com/security/cve/CVE-2026-44601.html
https://www.suse.com/security/cve/CVE-2026-44602.html
https://www.suse.com/security/cve/CVE-2026-44603.html
https://bugzilla.suse.com/1264341
https://bugzilla.suse.com/1264342
https://bugzilla.suse.com/1264343
https://bugzilla.suse.com/1264344
https://bugzilla.suse.com/1264345
https://bugzilla.suse.com/1264346



openSUSE-SU-2026:20720-1: moderate: Security update for trivy


openSUSE security update: security update for trivy
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20720-1
Rating: moderate
References:

* bsc#1264873

Cross-References:

* CVE-2026-41506

CVSS scores:

* CVE-2026-41506 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-41506 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for trivy fixes the following issues:

Changes in trivy:

- update go-git to 5.18.0 (bsc#1264873, CVE-2026-41506)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-245=1

Package List:

- openSUSE Leap 16.0:

trivy-0.70.0-bp160.2.1

References:

* https://www.suse.com/security/cve/CVE-2026-41506.html



openSUSE-SU-2026:20717-1: important: Security update for raylib


openSUSE security update: security update for raylib
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20717-1
Rating: important
References:

* bsc#1256900
* bsc#1256901

Cross-References:

* CVE-2025-15533
* CVE-2025-15534

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for raylib fixes the following issues:

Changes in raylib:

- security update:
* CVE-2025-15533: Fix heap-based buffer overflow via GenImageFontAtlas function manipulation (bsc#1256900)
* CVE-2025-15534: Fix integer overflow vulnerability in LoadFontData (bsc#1256901)

- Update to 5.5:
* NEW raylib pre-configured Windows package: The new raylib portable and
self-contained Windows package for raylib 5.5, intended for nobel devs that
start in programming world, comes with one big addition: support for C code
building for Web platform with one-single-mouse-click! For the last 10
years, the pre-configured raylib Windows package allowed to edit simple C
projects on Notepad++ and easely compile Windows executables with an
automatic script; this new release adds the possibility to compile the same
C projects for Web platform with a simple mouse click. This new addition
greatly simplifies C to WebAssembly project building for new users. The
raylib Windows Installer package can be downloaded for free from raylib on
itch.io.
* NEW raylib project creator tool: A brand new tool developed to help raylib
users to setup new projects in a professional way. raylib project creator
generates a complete project structure with multiple build systems
ready-to-use and GitHub CI/CD actions pre-configured. It only requires
providing some C files and basic project parameters! The tools is free and
open-source, and it can be used online!.
* NEW Platform backend supported: RGFW: Thanks to the rcore platform-split
implemented in raylib 5.0, adding new platforms backends has been greatly
simplified, new backends can be added using provided template,
self-contained in a single C module, completely portable. A new platform
backend has been added: RGFW. RGFW is a new single-file header-only
portable library (RGFW.h) intended for platform-functionality management
(windowing and inputs); in this case for desktop platforms (Windows, Linux,
macOS) but also for Web platform. It adds a new alternative to the already
existing GLFW and SDL platform backends.
* NEW Platform backend version supported: SDL3: Previous raylib 5.0 added
support for SDL2 library, and raylib 5.5 not only improves SDL2
functionality, with several issues reviewed, but also adds support for the
recently released big SDL update in years: SDL3. Now users can select at
compile time the desired SDL version to use, increasing the number of
potential platforms supported in the future!
* NEW Retro-console platforms supported: Dreamcast, N64, PSP, PSVita, PS4:
Thanks to the platform-split on raylib 5.0, supporting new platform
backends is easier than ever! Along the raylib rlgl module support for the
OpenGL 1.1 graphics API, it opened the door to multiple homebrew
retro-consoles backend implementations! It's amazing to see raylib running
on +20 year old consoles like Dreamcast, PSP or PSVita, considering the
hardware constraints of those platforms and proves raylib outstanding
versability! Those additional platforms can be found in separate
repositories and have been created by the amazing programmer Antonio Jose
Ramos Marquez (@psxdev).
* NEW GPU Skinning support: After lots of requests for this feature, it has
been finally added to raylib thanks to the contributor Daniel Holden
(@orangeduck), probably the developer that has further pushed models
animations with raylib, developing two amazing tools to visualize and test
animations: GenoView and BVHView. Adding GPU skinning was a tricky feature,
considering it had to be available for all raylib supported platforms,
including limited ones like Raspberry Pi with OpenGL ES 2.0, where some
advance OpenGL features are not available (UBO, SSBO, Transform Feedback)
but a multi-platform solution was found to make it possible. A new example,
models_gpu_skinning has been added to illustrate this new functionality. As
an extra, previous existing CPU animation system has been greatly improved,
multiplying performance by a factor (simplifiying required maths).
* NEW raymath C++ operators: After several requested for this feature, C++
math operators for Vector2, Vector3, Vector4, Quaternion and Matrix has
been added to raymath as an extension to current implementation. Despite
being only available for C++ because C does not support it, these operators
simplify C++ code when doing math operations.
* Normals support on batching system
* Clipboard images reading support
* CRC32/MD5/SHA1 hash computation
* Gamepad vibration support
* Improved font loading (no GPU required) with BDF fonts support
* Time-based camera movement
* Improved GLTF animations loading

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-242=1

Package List:

- openSUSE Leap 16.0:

libraylib550-5.5-bp160.1.1
raylib-devel-5.5-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-15533.html
* https://www.suse.com/security/cve/CVE-2025-15534.html



SUSE-SU-2026:1819-1: important: Security update for python-Mako


# Security update for python-Mako

Announcement ID: SUSE-SU-2026:1819-1
Release Date: 2026-05-12T07:59:09Z
Rating: important
References:

* bsc#1262716

Cross-References:

* CVE-2026-41205

CVSS scores:

* CVE-2026-41205 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41205 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-41205 ( NVD ): 7.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41205 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.6
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for python-Mako fixes the following issue:

* CVE-2026-41205: Prior to 1.3.11, TemplateLookup.get_template() is vulnerable
to path traversal (bsc#1262716).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1819=1

* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1819=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1819=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1819=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* python311-Mako-1.3.0-150600.3.3.1
* Python 3 Module 15-SP7 (noarch)
* python311-Mako-1.3.0-150600.3.3.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* python311-Mako-1.3.0-150600.3.3.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* python311-Mako-1.3.0-150600.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-41205.html
* https://bugzilla.suse.com/show_bug.cgi?id=1262716



SUSE-SU-2026:1821-1: moderate: Security update for NetworkManager


# Security update for NetworkManager

Announcement ID: SUSE-SU-2026:1821-1
Release Date: 2026-05-12T08:00:19Z
Rating: moderate
References:

* bsc#1257359

Cross-References:

* CVE-2025-9615

CVSS scores:

* CVE-2025-9615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-9615 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected Products:

* openSUSE Leap 15.4

An update that solves one vulnerability can now be installed.

## Description:

This update for NetworkManager fixes the following issue:

* CVE-2025-9615: Fixed non-admin user using others' certificates
(bsc#1257359).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1821=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libnm0-debuginfo-1.32.12-150400.3.3.1
* NetworkManager-1.32.12-150400.3.3.1
* typelib-1_0-NM-1_0-1.32.12-150400.3.3.1
* libnm0-1.32.12-150400.3.3.1
* NetworkManager-debugsource-1.32.12-150400.3.3.1
* NetworkManager-debuginfo-1.32.12-150400.3.3.1
* NetworkManager-devel-1.32.12-150400.3.3.1
* openSUSE Leap 15.4 (noarch)
* NetworkManager-branding-upstream-1.32.12-150400.3.3.1
* NetworkManager-lang-1.32.12-150400.3.3.1
* openSUSE Leap 15.4 (x86_64)
* NetworkManager-devel-32bit-1.32.12-150400.3.3.1
* libnm0-32bit-1.32.12-150400.3.3.1
* libnm0-32bit-debuginfo-1.32.12-150400.3.3.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libnm0-64bit-1.32.12-150400.3.3.1
* libnm0-64bit-debuginfo-1.32.12-150400.3.3.1
* NetworkManager-devel-64bit-1.32.12-150400.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2025-9615.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257359



SUSE-SU-2026:1827-1: important: Security update for dnsmasq


# Security update for dnsmasq

Announcement ID: SUSE-SU-2026:1827-1
Release Date: 2026-05-12T09:06:53Z
Rating: important
References:

* bsc#1258251

Cross-References:

* CVE-2026-2291

CVSS scores:

* CVE-2026-2291 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-2291 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for dnsmasq fixes the following issue:

* CVE-2026-2291: VU#471747: dnsmasq can be abused to record false cached data
enabling DoS or attacker redirect (bsc#1258251).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1827=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1827=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1827=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1827=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1827=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1827=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1827=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1827=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1827=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1827=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-1827=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1827=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1827=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1827=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1827=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1827=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1827=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1827=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* dnsmasq-utils-debuginfo-2.90-150400.16.9.1
* dnsmasq-utils-2.90-150400.16.9.1
* dnsmasq-2.90-150400.16.9.1
* dnsmasq-debuginfo-2.90-150400.16.9.1
* dnsmasq-debugsource-2.90-150400.16.9.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* dnsmasq-utils-debuginfo-2.90-150400.16.9.1
* dnsmasq-utils-2.90-150400.16.9.1
* dnsmasq-2.90-150400.16.9.1
* dnsmasq-debuginfo-2.90-150400.16.9.1
* dnsmasq-debugsource-2.90-150400.16.9.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* dnsmasq-debuginfo-2.90-150400.16.9.1
* dnsmasq-2.90-150400.16.9.1
* dnsmasq-debugsource-2.90-150400.16.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* dnsmasq-debuginfo-2.90-150400.16.9.1
* dnsmasq-2.90-150400.16.9.1
* dnsmasq-debugsource-2.90-150400.16.9.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* dnsmasq-debuginfo-2.90-150400.16.9.1
* dnsmasq-2.90-150400.16.9.1
* dnsmasq-debugsource-2.90-150400.16.9.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* dnsmasq-debuginfo-2.90-150400.16.9.1
* dnsmasq-2.90-150400.16.9.1
* dnsmasq-debugsource-2.90-150400.16.9.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* dnsmasq-debuginfo-2.90-150400.16.9.1
* dnsmasq-2.90-150400.16.9.1
* dnsmasq-debugsource-2.90-150400.16.9.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* dnsmasq-debuginfo-2.90-150400.16.9.1
* dnsmasq-2.90-150400.16.9.1
* dnsmasq-debugsource-2.90-150400.16.9.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* dnsmasq-debuginfo-2.90-150400.16.9.1
* dnsmasq-2.90-150400.16.9.1
* dnsmasq-debugsource-2.90-150400.16.9.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* dnsmasq-debuginfo-2.90-150400.16.9.1
* dnsmasq-2.90-150400.16.9.1
* dnsmasq-debugsource-2.90-150400.16.9.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* dnsmasq-debuginfo-2.90-150400.16.9.1
* dnsmasq-2.90-150400.16.9.1
* dnsmasq-debugsource-2.90-150400.16.9.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* dnsmasq-debuginfo-2.90-150400.16.9.1
* dnsmasq-2.90-150400.16.9.1
* dnsmasq-debugsource-2.90-150400.16.9.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* dnsmasq-debuginfo-2.90-150400.16.9.1
* dnsmasq-2.90-150400.16.9.1
* dnsmasq-debugsource-2.90-150400.16.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* dnsmasq-debuginfo-2.90-150400.16.9.1
* dnsmasq-2.90-150400.16.9.1
* dnsmasq-debugsource-2.90-150400.16.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* dnsmasq-debuginfo-2.90-150400.16.9.1
* dnsmasq-2.90-150400.16.9.1
* dnsmasq-debugsource-2.90-150400.16.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* dnsmasq-debuginfo-2.90-150400.16.9.1
* dnsmasq-2.90-150400.16.9.1
* dnsmasq-debugsource-2.90-150400.16.9.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* dnsmasq-debuginfo-2.90-150400.16.9.1
* dnsmasq-2.90-150400.16.9.1
* dnsmasq-debugsource-2.90-150400.16.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* dnsmasq-debuginfo-2.90-150400.16.9.1
* dnsmasq-2.90-150400.16.9.1
* dnsmasq-debugsource-2.90-150400.16.9.1

## References:

* https://www.suse.com/security/cve/CVE-2026-2291.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258251



SUSE-SU-2026:1818-1: important: Security update for python39


# Security update for python39

Announcement ID: SUSE-SU-2026:1818-1
Release Date: 2026-05-12T07:58:54Z
Rating: important
References:

* bsc#1258364
* bsc#1259989
* bsc#1261969
* bsc#1261970
* bsc#1262098
* bsc#1262319
* bsc#1262654

Cross-References:

* CVE-2026-1502
* CVE-2026-3446
* CVE-2026-3479
* CVE-2026-4786
* CVE-2026-6019
* CVE-2026-6100

CVSS scores:

* CVE-2026-1502 ( SUSE ): 5.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-1502 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-1502 ( NVD ): 5.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-3446 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-3446 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-3479 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-3479 ( NVD ): 0.0
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-4786 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-4786 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
* CVE-2026-4786 ( NVD ): 7.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-6019 ( SUSE ): 2.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-6019 ( SUSE ): 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-6019 ( NVD ): 2.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-6100 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-6100 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-6100 ( NVD ): 9.1
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves six vulnerabilities and has one security fix can now be
installed.

## Description:

This update for python39 fixes the following issues:

Security issues fixed:

* CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF
(bsc#1261969).
* CVE-2026-3446: base64 decoding stops at first padded quad by default and
ignores other information that could be processed (bsc#1261970).
* CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()`
can lead to path traversal (bsc#1259989).
* CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety
check and allow for command injection (bsc#1262319).
* CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in
cookie values embedded in JS (bsc#1262654).
* CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`,
`bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is under memory
pressure(bsc#1262098).

Other updates and bugfixes:

* Rewrite structure of Python interpreter packages. `python3*` symbols should
be now provided by real python3 packages and its subpackages instead of the
virtual provides (bsc#1258364).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1818=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-1818=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1818=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* python39-dbm-3.9.25-150300.4.106.1
* python39-base-3.9.25-150300.4.106.1
* python39-3.9.25-150300.4.106.1
* libpython3_9-1_0-3.9.25-150300.4.106.1
* python39-curses-3.9.25-150300.4.106.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* python39-dbm-3.9.25-150300.4.106.1
* python39-testsuite-3.9.25-150300.4.106.1
* python39-base-3.9.25-150300.4.106.1
* python39-tools-3.9.25-150300.4.106.1
* python39-curses-debuginfo-3.9.25-150300.4.106.1
* python39-core-debugsource-3.9.25-150300.4.106.1
* python39-debuginfo-3.9.25-150300.4.106.1
* python39-testsuite-debuginfo-3.9.25-150300.4.106.1
* python39-tk-debuginfo-3.9.25-150300.4.106.1
* python39-doc-3.9.25-150300.4.106.1
* python39-debugsource-3.9.25-150300.4.106.1
* python39-doc-devhelp-3.9.25-150300.4.106.1
* python39-idle-3.9.25-150300.4.106.1
* python39-dbm-debuginfo-3.9.25-150300.4.106.1
* python39-base-debuginfo-3.9.25-150300.4.106.1
* python39-3.9.25-150300.4.106.1
* python39-devel-3.9.25-150300.4.106.1
* libpython3_9-1_0-debuginfo-3.9.25-150300.4.106.1
* python39-curses-3.9.25-150300.4.106.1
* libpython3_9-1_0-3.9.25-150300.4.106.1
* python39-tk-3.9.25-150300.4.106.1
* openSUSE Leap 15.3 (x86_64)
* libpython3_9-1_0-32bit-3.9.25-150300.4.106.1
* python39-32bit-debuginfo-3.9.25-150300.4.106.1
* python39-32bit-3.9.25-150300.4.106.1
* python39-base-32bit-3.9.25-150300.4.106.1
* libpython3_9-1_0-32bit-debuginfo-3.9.25-150300.4.106.1
* python39-base-32bit-debuginfo-3.9.25-150300.4.106.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* python39-64bit-3.9.25-150300.4.106.1
* libpython3_9-1_0-64bit-debuginfo-3.9.25-150300.4.106.1
* libpython3_9-1_0-64bit-3.9.25-150300.4.106.1
* python39-base-64bit-debuginfo-3.9.25-150300.4.106.1
* python39-base-64bit-3.9.25-150300.4.106.1
* python39-64bit-debuginfo-3.9.25-150300.4.106.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* python39-dbm-3.9.25-150300.4.106.1
* python39-base-3.9.25-150300.4.106.1
* python39-3.9.25-150300.4.106.1
* python39-curses-3.9.25-150300.4.106.1
* libpython3_9-1_0-3.9.25-150300.4.106.1

## References:

* https://www.suse.com/security/cve/CVE-2026-1502.html
* https://www.suse.com/security/cve/CVE-2026-3446.html
* https://www.suse.com/security/cve/CVE-2026-3479.html
* https://www.suse.com/security/cve/CVE-2026-4786.html
* https://www.suse.com/security/cve/CVE-2026-6019.html
* https://www.suse.com/security/cve/CVE-2026-6100.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258364
* https://bugzilla.suse.com/show_bug.cgi?id=1259989
* https://bugzilla.suse.com/show_bug.cgi?id=1261969
* https://bugzilla.suse.com/show_bug.cgi?id=1261970
* https://bugzilla.suse.com/show_bug.cgi?id=1262098
* https://bugzilla.suse.com/show_bug.cgi?id=1262319
* https://bugzilla.suse.com/show_bug.cgi?id=1262654



SUSE-SU-2026:1816-1: moderate: Security update for krb5


# Security update for krb5

Announcement ID: SUSE-SU-2026:1816-1
Release Date: 2026-05-12T07:56:38Z
Rating: moderate
References:

* bsc#1263366
* bsc#1263367

Cross-References:

* CVE-2026-40355
* CVE-2026-40356

CVSS scores:

* CVE-2026-40355 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40355 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40356 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40356 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise Micro 5.5

An update that solves two vulnerabilities can now be installed.

## Description:

This update for krb5 fixes the following issues

* CVE-2026-40355: Denial of Service via NULL pointer dereference in NegoEx
mechanism (bsc#1263366).
* CVE-2026-40356: Denial of Service via integer underflow and out-of-bounds
read (bsc#1263367).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1816=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-1816=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* krb5-plugin-preauth-otp-1.20.1-150500.3.20.1
* krb5-plugin-preauth-spake-1.20.1-150500.3.20.1
* krb5-mini-devel-1.20.1-150500.3.20.1
* krb5-plugin-preauth-spake-debuginfo-1.20.1-150500.3.20.1
* krb5-plugin-preauth-otp-debuginfo-1.20.1-150500.3.20.1
* krb5-plugin-preauth-pkinit-debuginfo-1.20.1-150500.3.20.1
* krb5-client-debuginfo-1.20.1-150500.3.20.1
* krb5-mini-debuginfo-1.20.1-150500.3.20.1
* krb5-devel-1.20.1-150500.3.20.1
* krb5-mini-debugsource-1.20.1-150500.3.20.1
* krb5-debugsource-1.20.1-150500.3.20.1
* krb5-server-debuginfo-1.20.1-150500.3.20.1
* krb5-client-1.20.1-150500.3.20.1
* krb5-mini-1.20.1-150500.3.20.1
* krb5-plugin-kdb-ldap-debuginfo-1.20.1-150500.3.20.1
* krb5-1.20.1-150500.3.20.1
* krb5-plugin-kdb-ldap-1.20.1-150500.3.20.1
* krb5-server-1.20.1-150500.3.20.1
* krb5-plugin-preauth-pkinit-1.20.1-150500.3.20.1
* krb5-debuginfo-1.20.1-150500.3.20.1
* openSUSE Leap 15.5 (x86_64)
* krb5-32bit-1.20.1-150500.3.20.1
* krb5-devel-32bit-1.20.1-150500.3.20.1
* krb5-32bit-debuginfo-1.20.1-150500.3.20.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* krb5-64bit-debuginfo-1.20.1-150500.3.20.1
* krb5-devel-64bit-1.20.1-150500.3.20.1
* krb5-64bit-1.20.1-150500.3.20.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* krb5-client-1.20.1-150500.3.20.1
* krb5-1.20.1-150500.3.20.1
* krb5-debugsource-1.20.1-150500.3.20.1
* krb5-debuginfo-1.20.1-150500.3.20.1

## References:

* https://www.suse.com/security/cve/CVE-2026-40355.html
* https://www.suse.com/security/cve/CVE-2026-40356.html
* https://bugzilla.suse.com/show_bug.cgi?id=1263366
* https://bugzilla.suse.com/show_bug.cgi?id=1263367



SUSE-SU-2026:1835-1: moderate: Security update for Mesa


# Security update for Mesa

Announcement ID: SUSE-SU-2026:1835-1
Release Date: 2026-05-12T16:18:06Z
Rating: moderate
References:

* bsc#1261998

Cross-References:

* CVE-2026-40393

CVSS scores:

* CVE-2026-40393 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2026-40393 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-40393 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for Mesa fixes the following issue:

* CVE-2026-40393: out-of-bounds memory access can occur in WebGPU because the
amount of to-be-allocated data depends on an untrusted party (bsc#1261998).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1835=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-1835=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1835=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* Mesa-drivers-debugsource-22.3.5-150500.77.8.1
* libOSMesa-devel-22.3.5-150500.77.8.1
* Mesa-debugsource-22.3.5-150500.77.8.1
* Mesa-dri-debuginfo-22.3.5-150500.77.8.1
* Mesa-libEGL1-22.3.5-150500.77.8.1
* Mesa-libEGL-devel-22.3.5-150500.77.8.1
* libOSMesa8-debuginfo-22.3.5-150500.77.8.1
* libOSMesa8-22.3.5-150500.77.8.1
* libgbm1-22.3.5-150500.77.8.1
* Mesa-dri-22.3.5-150500.77.8.1
* libgbm-devel-22.3.5-150500.77.8.1
* Mesa-libGL-devel-22.3.5-150500.77.8.1
* Mesa-devel-22.3.5-150500.77.8.1
* Mesa-dri-devel-22.3.5-150500.77.8.1
* libgbm1-debuginfo-22.3.5-150500.77.8.1
* Mesa-libGLESv3-devel-22.3.5-150500.77.8.1
* Mesa-KHR-devel-22.3.5-150500.77.8.1
* Mesa-libGLESv1_CM-devel-22.3.5-150500.77.8.1
* Mesa-libGL1-22.3.5-150500.77.8.1
* Mesa-libglapi-devel-22.3.5-150500.77.8.1
* Mesa-libglapi0-22.3.5-150500.77.8.1
* Mesa-libGLESv2-devel-22.3.5-150500.77.8.1
* Mesa-libglapi0-debuginfo-22.3.5-150500.77.8.1
* Mesa-libEGL1-debuginfo-22.3.5-150500.77.8.1
* Mesa-libGL1-debuginfo-22.3.5-150500.77.8.1
* Mesa-22.3.5-150500.77.8.1
* openSUSE Leap 15.5 (aarch64 ppc64le x86_64 i586)
* libxatracker-devel-1.0.0-150500.77.8.1
* Mesa-gallium-22.3.5-150500.77.8.1
* Mesa-libOpenCL-22.3.5-150500.77.8.1
* libxatracker2-1.0.0-150500.77.8.1
* libvdpau_nouveau-22.3.5-150500.77.8.1
* libvdpau_nouveau-debuginfo-22.3.5-150500.77.8.1
* libvdpau_virtio_gpu-debuginfo-22.3.5-150500.77.8.1
* libvdpau_radeonsi-22.3.5-150500.77.8.1
* Mesa-gallium-debuginfo-22.3.5-150500.77.8.1
* libvdpau_r600-debuginfo-22.3.5-150500.77.8.1
* Mesa-libOpenCL-debuginfo-22.3.5-150500.77.8.1
* libvdpau_virtio_gpu-22.3.5-150500.77.8.1
* Mesa-dri-nouveau-debuginfo-22.3.5-150500.77.8.1
* libvdpau_r300-debuginfo-22.3.5-150500.77.8.1
* libxatracker2-debuginfo-1.0.0-150500.77.8.1
* libvdpau_r600-22.3.5-150500.77.8.1
* libvdpau_radeonsi-debuginfo-22.3.5-150500.77.8.1
* Mesa-dri-nouveau-22.3.5-150500.77.8.1
* Mesa-libva-22.3.5-150500.77.8.1
* libvdpau_r300-22.3.5-150500.77.8.1
* Mesa-libva-debuginfo-22.3.5-150500.77.8.1
* openSUSE Leap 15.5 (aarch64 x86_64 i586)
* Mesa-libd3d-22.3.5-150500.77.8.1
* Mesa-libd3d-devel-22.3.5-150500.77.8.1
* libvulkan_radeon-debuginfo-22.3.5-150500.77.8.1
* Mesa-vulkan-device-select-22.3.5-150500.77.8.1
* Mesa-vulkan-overlay-debuginfo-22.3.5-150500.77.8.1
* Mesa-vulkan-device-select-debuginfo-22.3.5-150500.77.8.1
* libvulkan_radeon-22.3.5-150500.77.8.1
* Mesa-vulkan-overlay-22.3.5-150500.77.8.1
* libvulkan_lvp-22.3.5-150500.77.8.1
* libvulkan_lvp-debuginfo-22.3.5-150500.77.8.1
* Mesa-libd3d-debuginfo-22.3.5-150500.77.8.1
* openSUSE Leap 15.5 (x86_64)
* Mesa-libglapi-devel-32bit-22.3.5-150500.77.8.1
* Mesa-vulkan-device-select-32bit-22.3.5-150500.77.8.1
* Mesa-libEGL1-32bit-22.3.5-150500.77.8.1
* Mesa-gallium-32bit-22.3.5-150500.77.8.1
* libvulkan_intel-32bit-22.3.5-150500.77.8.1
* libvdpau_virtio_gpu-32bit-debuginfo-22.3.5-150500.77.8.1
* libvulkan_radeon-32bit-debuginfo-22.3.5-150500.77.8.1
* libOSMesa8-32bit-22.3.5-150500.77.8.1
* Mesa-libd3d-32bit-debuginfo-22.3.5-150500.77.8.1
* Mesa-dri-32bit-22.3.5-150500.77.8.1
* Mesa-gallium-32bit-debuginfo-22.3.5-150500.77.8.1
* Mesa-libGL-devel-32bit-22.3.5-150500.77.8.1
* libvdpau_virtio_gpu-32bit-22.3.5-150500.77.8.1
* libgbm1-32bit-debuginfo-22.3.5-150500.77.8.1
* Mesa-libd3d-32bit-22.3.5-150500.77.8.1
* Mesa-libglapi0-32bit-debuginfo-22.3.5-150500.77.8.1
* libvdpau_r300-32bit-22.3.5-150500.77.8.1
* libgbm1-32bit-22.3.5-150500.77.8.1
* Mesa-libd3d-devel-32bit-22.3.5-150500.77.8.1
* libvdpau_radeonsi-32bit-debuginfo-22.3.5-150500.77.8.1
* libvdpau_nouveau-32bit-debuginfo-22.3.5-150500.77.8.1
* libvulkan_radeon-32bit-22.3.5-150500.77.8.1
* Mesa-libGL1-32bit-22.3.5-150500.77.8.1
* Mesa-dri-nouveau-32bit-debuginfo-22.3.5-150500.77.8.1
* Mesa-dri-nouveau-32bit-22.3.5-150500.77.8.1
* libOSMesa-devel-32bit-22.3.5-150500.77.8.1
* Mesa-32bit-22.3.5-150500.77.8.1
* Mesa-dri-32bit-debuginfo-22.3.5-150500.77.8.1
* libvdpau_radeonsi-32bit-22.3.5-150500.77.8.1
* libvdpau_r300-32bit-debuginfo-22.3.5-150500.77.8.1
* Mesa-libEGL1-32bit-debuginfo-22.3.5-150500.77.8.1
* Mesa-libGLESv2-devel-32bit-22.3.5-150500.77.8.1
* libgbm-devel-32bit-22.3.5-150500.77.8.1
* libvulkan_intel-32bit-debuginfo-22.3.5-150500.77.8.1
* Mesa-libGL1-32bit-debuginfo-22.3.5-150500.77.8.1
* Mesa-vulkan-overlay-32bit-22.3.5-150500.77.8.1
* Mesa-libGLESv1_CM-devel-32bit-22.3.5-150500.77.8.1
* Mesa-libglapi0-32bit-22.3.5-150500.77.8.1
* libvdpau_r600-32bit-22.3.5-150500.77.8.1
* libvdpau_nouveau-32bit-22.3.5-150500.77.8.1
* Mesa-libEGL-devel-32bit-22.3.5-150500.77.8.1
* libvdpau_r600-32bit-debuginfo-22.3.5-150500.77.8.1
* Mesa-vulkan-device-select-32bit-debuginfo-22.3.5-150500.77.8.1
* Mesa-vulkan-overlay-32bit-debuginfo-22.3.5-150500.77.8.1
* libOSMesa8-32bit-debuginfo-22.3.5-150500.77.8.1
* openSUSE Leap 15.5 (x86_64 i586)
* libvulkan_intel-debuginfo-22.3.5-150500.77.8.1
* libvulkan_intel-22.3.5-150500.77.8.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* Mesa-libglapi0-64bit-debuginfo-22.3.5-150500.77.8.1
* Mesa-dri-vc4-64bit-debuginfo-22.3.5-150500.77.8.1
* libgbm-devel-64bit-22.3.5-150500.77.8.1
* Mesa-libd3d-64bit-22.3.5-150500.77.8.1
* libgbm1-64bit-22.3.5-150500.77.8.1
* Mesa-vulkan-overlay-64bit-22.3.5-150500.77.8.1
* libvdpau_nouveau-64bit-debuginfo-22.3.5-150500.77.8.1
* libvdpau_r600-64bit-debuginfo-22.3.5-150500.77.8.1
* Mesa-dri-nouveau-64bit-debuginfo-22.3.5-150500.77.8.1
* libvdpau_radeonsi-64bit-debuginfo-22.3.5-150500.77.8.1
* Mesa-vulkan-device-select-64bit-debuginfo-22.3.5-150500.77.8.1
* libvdpau_radeonsi-64bit-22.3.5-150500.77.8.1
* Mesa-dri-64bit-22.3.5-150500.77.8.1
* Mesa-libd3d-devel-64bit-22.3.5-150500.77.8.1
* Mesa-libEGL-devel-64bit-22.3.5-150500.77.8.1
* libvulkan_radeon-64bit-debuginfo-22.3.5-150500.77.8.1
* Mesa-vulkan-overlay-64bit-debuginfo-22.3.5-150500.77.8.1
* libvdpau_nouveau-64bit-22.3.5-150500.77.8.1
* Mesa-libGL1-64bit-22.3.5-150500.77.8.1
* Mesa-libGLESv2-devel-64bit-22.3.5-150500.77.8.1
* libOSMesa8-64bit-22.3.5-150500.77.8.1
* Mesa-64bit-22.3.5-150500.77.8.1
* Mesa-dri-64bit-debuginfo-22.3.5-150500.77.8.1
* libvdpau_r300-64bit-debuginfo-22.3.5-150500.77.8.1
* Mesa-libd3d-64bit-debuginfo-22.3.5-150500.77.8.1
* Mesa-gallium-64bit-debuginfo-22.3.5-150500.77.8.1
* libvdpau_r600-64bit-22.3.5-150500.77.8.1
* Mesa-libglapi-devel-64bit-22.3.5-150500.77.8.1
* Mesa-gallium-64bit-22.3.5-150500.77.8.1
* libOSMesa8-64bit-debuginfo-22.3.5-150500.77.8.1
* Mesa-libglapi0-64bit-22.3.5-150500.77.8.1
* Mesa-dri-vc4-64bit-22.3.5-150500.77.8.1
* Mesa-libEGL1-64bit-debuginfo-22.3.5-150500.77.8.1
* libvulkan_radeon-64bit-22.3.5-150500.77.8.1
* libgbm1-64bit-debuginfo-22.3.5-150500.77.8.1
* Mesa-libGL1-64bit-debuginfo-22.3.5-150500.77.8.1
* Mesa-libGLESv1_CM-devel-64bit-22.3.5-150500.77.8.1
* Mesa-dri-nouveau-64bit-22.3.5-150500.77.8.1
* libvdpau_virtio_gpu-64bit-debuginfo-22.3.5-150500.77.8.1
* Mesa-libEGL1-64bit-22.3.5-150500.77.8.1
* libOSMesa-devel-64bit-22.3.5-150500.77.8.1
* Mesa-libGL-devel-64bit-22.3.5-150500.77.8.1
* libvdpau_r300-64bit-22.3.5-150500.77.8.1
* Mesa-vulkan-device-select-64bit-22.3.5-150500.77.8.1
* libvdpau_virtio_gpu-64bit-22.3.5-150500.77.8.1
* openSUSE Leap 15.5 (aarch64)
* libvulkan_freedreno-debuginfo-22.3.5-150500.77.8.1
* Mesa-dri-vc4-22.3.5-150500.77.8.1
* libvulkan_broadcom-debuginfo-22.3.5-150500.77.8.1
* libvulkan_freedreno-22.3.5-150500.77.8.1
* libvulkan_broadcom-22.3.5-150500.77.8.1
* Mesa-dri-vc4-debuginfo-22.3.5-150500.77.8.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* Mesa-drivers-debugsource-22.3.5-150500.77.8.1
* Mesa-libglapi0-22.3.5-150500.77.8.1
* libgbm1-debuginfo-22.3.5-150500.77.8.1
* Mesa-libglapi0-debuginfo-22.3.5-150500.77.8.1
* Mesa-debugsource-22.3.5-150500.77.8.1
* Mesa-dri-debuginfo-22.3.5-150500.77.8.1
* libgbm1-22.3.5-150500.77.8.1
* Mesa-dri-22.3.5-150500.77.8.1
* Mesa-libEGL1-22.3.5-150500.77.8.1
* Mesa-libGL1-22.3.5-150500.77.8.1
* Mesa-libEGL1-debuginfo-22.3.5-150500.77.8.1
* Mesa-libGL1-debuginfo-22.3.5-150500.77.8.1
* Mesa-22.3.5-150500.77.8.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le x86_64)
* Mesa-gallium-debuginfo-22.3.5-150500.77.8.1
* Mesa-gallium-22.3.5-150500.77.8.1
* Basesystem Module 15-SP7 (aarch64 ppc64le x86_64)
* Mesa-drivers-debugsource-22.3.5-150500.77.8.1
* libvdpau_r300-debuginfo-22.3.5-150500.77.8.1
* libvdpau_r300-22.3.5-150500.77.8.1

## References:

* https://www.suse.com/security/cve/CVE-2026-40393.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261998



SUSE-SU-2026:1839-1: moderate: Security update for Mesa


# Security update for Mesa

Announcement ID: SUSE-SU-2026:1839-1
Release Date: 2026-05-13T09:13:57Z
Rating: moderate
References:

* bsc#1261998

Cross-References:

* CVE-2026-40393

CVSS scores:

* CVE-2026-40393 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2026-40393 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-40393 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Linux Enterprise Workstation Extension 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for Mesa fixes the following issue:

* CVE-2026-40393: out-of-bounds memory access can occur in WebGPU because the
amount of to-be-allocated data depends on an untrusted party (bsc#1261998).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1839=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1839=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1839=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1839=1

* SUSE Linux Enterprise Workstation Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1839=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1839=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1839=1

## Package List:

* openSUSE Leap 15.4 (aarch64 x86_64 i586)
* libvulkan_radeon-21.2.4-150400.68.18.1
* Mesa-libd3d-21.2.4-150400.68.18.1
* Mesa-vulkan-device-select-21.2.4-150400.68.18.1
* Mesa-vulkan-overlay-21.2.4-150400.68.18.1
* libvulkan_radeon-debuginfo-21.2.4-150400.68.18.1
* libvulkan_lvp-21.2.4-150400.68.18.1
* libvulkan_lvp-debuginfo-21.2.4-150400.68.18.1
* Mesa-libd3d-devel-21.2.4-150400.68.18.1
* Mesa-libd3d-debuginfo-21.2.4-150400.68.18.1
* Mesa-vulkan-device-select-debuginfo-21.2.4-150400.68.18.1
* Mesa-vulkan-overlay-debuginfo-21.2.4-150400.68.18.1
* Mesa-libVulkan-devel-21.2.4-150400.68.18.1
* openSUSE Leap 15.4 (aarch64 ppc64le x86_64 i586)
* libvdpau_nouveau-debuginfo-21.2.4-150400.68.18.1
* libvdpau_r300-debuginfo-21.2.4-150400.68.18.1
* Mesa-libva-debuginfo-21.2.4-150400.68.18.1
* libXvMC_nouveau-21.2.4-150400.68.18.1
* Mesa-libOpenCL-21.2.4-150400.68.18.1
* libvdpau_radeonsi-21.2.4-150400.68.18.1
* Mesa-libva-21.2.4-150400.68.18.1
* libXvMC_r600-21.2.4-150400.68.18.1
* Mesa-libOpenCL-debuginfo-21.2.4-150400.68.18.1
* Mesa-dri-nouveau-21.2.4-150400.68.18.1
* libxatracker2-1.0.0-150400.68.18.1
* libvdpau_radeonsi-debuginfo-21.2.4-150400.68.18.1
* libXvMC_nouveau-debuginfo-21.2.4-150400.68.18.1
* libxatracker2-debuginfo-1.0.0-150400.68.18.1
* libvdpau_r300-21.2.4-150400.68.18.1
* libvdpau_r600-debuginfo-21.2.4-150400.68.18.1
* Mesa-dri-nouveau-debuginfo-21.2.4-150400.68.18.1
* libvdpau_nouveau-21.2.4-150400.68.18.1
* libXvMC_r600-debuginfo-21.2.4-150400.68.18.1
* Mesa-gallium-debuginfo-21.2.4-150400.68.18.1
* Mesa-gallium-21.2.4-150400.68.18.1
* libvdpau_r600-21.2.4-150400.68.18.1
* libxatracker-devel-1.0.0-150400.68.18.1
* openSUSE Leap 15.4 (x86_64)
* Mesa-vulkan-overlay-32bit-21.2.4-150400.68.18.1
* libOSMesa-devel-32bit-21.2.4-150400.68.18.1
* libvdpau_r600-32bit-21.2.4-150400.68.18.1
* Mesa-gallium-32bit-21.2.4-150400.68.18.1
* Mesa-libGLESv2-devel-32bit-21.2.4-150400.68.18.1
* Mesa-libGL1-32bit-debuginfo-21.2.4-150400.68.18.1
* libvulkan_intel-32bit-21.2.4-150400.68.18.1
* libXvMC_r600-32bit-debuginfo-21.2.4-150400.68.18.1
* Mesa-libd3d-32bit-21.2.4-150400.68.18.1
* libvdpau_r300-32bit-21.2.4-150400.68.18.1
* Mesa-dri-32bit-debuginfo-21.2.4-150400.68.18.1
* libvulkan_radeon-32bit-21.2.4-150400.68.18.1
* Mesa-gallium-32bit-debuginfo-21.2.4-150400.68.18.1
* libvdpau_r600-32bit-debuginfo-21.2.4-150400.68.18.1
* libXvMC_nouveau-32bit-debuginfo-21.2.4-150400.68.18.1
* libvdpau_r300-32bit-debuginfo-21.2.4-150400.68.18.1
* Mesa-vulkan-device-select-32bit-debuginfo-21.2.4-150400.68.18.1
* libgbm1-32bit-21.2.4-150400.68.18.1
* Mesa-libd3d-devel-32bit-21.2.4-150400.68.18.1
* libvdpau_nouveau-32bit-21.2.4-150400.68.18.1
* Mesa-libEGL1-32bit-debuginfo-21.2.4-150400.68.18.1
* Mesa-libglapi0-32bit-21.2.4-150400.68.18.1
* libOSMesa8-32bit-debuginfo-21.2.4-150400.68.18.1
* Mesa-libglapi0-32bit-debuginfo-21.2.4-150400.68.18.1
* Mesa-libGL1-32bit-21.2.4-150400.68.18.1
* libXvMC_nouveau-32bit-21.2.4-150400.68.18.1
* libvdpau_radeonsi-32bit-21.2.4-150400.68.18.1
* libOSMesa8-32bit-21.2.4-150400.68.18.1
* libXvMC_r600-32bit-21.2.4-150400.68.18.1
* Mesa-vulkan-device-select-32bit-21.2.4-150400.68.18.1
* libvulkan_intel-32bit-debuginfo-21.2.4-150400.68.18.1
* Mesa-libglapi-devel-32bit-21.2.4-150400.68.18.1
* Mesa-dri-32bit-21.2.4-150400.68.18.1
* Mesa-vulkan-overlay-32bit-debuginfo-21.2.4-150400.68.18.1
* Mesa-libGLESv1_CM-devel-32bit-21.2.4-150400.68.18.1
* libgbm1-32bit-debuginfo-21.2.4-150400.68.18.1
* libgbm-devel-32bit-21.2.4-150400.68.18.1
* Mesa-libEGL1-32bit-21.2.4-150400.68.18.1
* Mesa-32bit-21.2.4-150400.68.18.1
* libvdpau_radeonsi-32bit-debuginfo-21.2.4-150400.68.18.1
* Mesa-libEGL-devel-32bit-21.2.4-150400.68.18.1
* Mesa-libd3d-32bit-debuginfo-21.2.4-150400.68.18.1
* Mesa-libGL-devel-32bit-21.2.4-150400.68.18.1
* Mesa-dri-nouveau-32bit-debuginfo-21.2.4-150400.68.18.1
* libvulkan_radeon-32bit-debuginfo-21.2.4-150400.68.18.1
* Mesa-dri-nouveau-32bit-21.2.4-150400.68.18.1
* libvdpau_nouveau-32bit-debuginfo-21.2.4-150400.68.18.1
* openSUSE Leap 15.4 (x86_64 i586)
* libvulkan_intel-debuginfo-21.2.4-150400.68.18.1
* libvulkan_intel-21.2.4-150400.68.18.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* Mesa-libGLESv1_CM-devel-21.2.4-150400.68.18.1
* Mesa-libGL-devel-21.2.4-150400.68.18.1
* Mesa-libglapi0-debuginfo-21.2.4-150400.68.18.1
* libOSMesa8-21.2.4-150400.68.18.1
* Mesa-dri-21.2.4-150400.68.18.1
* Mesa-debugsource-21.2.4-150400.68.18.1
* Mesa-dri-debuginfo-21.2.4-150400.68.18.1
* Mesa-21.2.4-150400.68.18.1
* Mesa-libGLESv2-devel-21.2.4-150400.68.18.1
* Mesa-devel-21.2.4-150400.68.18.1
* libOSMesa-devel-21.2.4-150400.68.18.1
* Mesa-libEGL1-debuginfo-21.2.4-150400.68.18.1
* Mesa-libglapi0-21.2.4-150400.68.18.1
* Mesa-libglapi-devel-21.2.4-150400.68.18.1
* Mesa-libEGL1-21.2.4-150400.68.18.1
* Mesa-dri-devel-21.2.4-150400.68.18.1
* libOSMesa8-debuginfo-21.2.4-150400.68.18.1
* Mesa-libGL1-debuginfo-21.2.4-150400.68.18.1
* libgbm1-debuginfo-21.2.4-150400.68.18.1
* Mesa-libGLESv3-devel-21.2.4-150400.68.18.1
* Mesa-libEGL-devel-21.2.4-150400.68.18.1
* libgbm-devel-21.2.4-150400.68.18.1
* Mesa-libGL1-21.2.4-150400.68.18.1
* libgbm1-21.2.4-150400.68.18.1
* Mesa-drivers-debugsource-21.2.4-150400.68.18.1
* Mesa-KHR-devel-21.2.4-150400.68.18.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* Mesa-libd3d-64bit-debuginfo-21.2.4-150400.68.18.1
* Mesa-dri-vc4-64bit-21.2.4-150400.68.18.1
* Mesa-vulkan-device-select-64bit-21.2.4-150400.68.18.1
* Mesa-vulkan-device-select-64bit-debuginfo-21.2.4-150400.68.18.1
* Mesa-libGL1-64bit-21.2.4-150400.68.18.1
* Mesa-libglapi-devel-64bit-21.2.4-150400.68.18.1
* libOSMesa8-64bit-21.2.4-150400.68.18.1
* libvdpau_nouveau-64bit-debuginfo-21.2.4-150400.68.18.1
* Mesa-gallium-64bit-debuginfo-21.2.4-150400.68.18.1
* libXvMC_r600-64bit-21.2.4-150400.68.18.1
* Mesa-dri-nouveau-64bit-debuginfo-21.2.4-150400.68.18.1
* Mesa-dri-vc4-64bit-debuginfo-21.2.4-150400.68.18.1
* libgbm1-64bit-debuginfo-21.2.4-150400.68.18.1
* Mesa-libEGL1-64bit-21.2.4-150400.68.18.1
* Mesa-dri-nouveau-64bit-21.2.4-150400.68.18.1
* libvdpau_r600-64bit-debuginfo-21.2.4-150400.68.18.1
* Mesa-libGL-devel-64bit-21.2.4-150400.68.18.1
* libvdpau_r300-64bit-debuginfo-21.2.4-150400.68.18.1
* Mesa-libGL1-64bit-debuginfo-21.2.4-150400.68.18.1
* Mesa-libd3d-devel-64bit-21.2.4-150400.68.18.1
* libvdpau_nouveau-64bit-21.2.4-150400.68.18.1
* Mesa-libGLESv2-devel-64bit-21.2.4-150400.68.18.1
* libvdpau_r600-64bit-21.2.4-150400.68.18.1
* libvdpau_radeonsi-64bit-21.2.4-150400.68.18.1
* Mesa-gallium-64bit-21.2.4-150400.68.18.1
* Mesa-64bit-21.2.4-150400.68.18.1
* Mesa-libEGL-devel-64bit-21.2.4-150400.68.18.1
* Mesa-libGLESv1_CM-devel-64bit-21.2.4-150400.68.18.1
* Mesa-libglapi0-64bit-21.2.4-150400.68.18.1
* libgbm-devel-64bit-21.2.4-150400.68.18.1
* libXvMC_r600-64bit-debuginfo-21.2.4-150400.68.18.1
* Mesa-dri-64bit-debuginfo-21.2.4-150400.68.18.1
* libOSMesa-devel-64bit-21.2.4-150400.68.18.1
* Mesa-vulkan-overlay-64bit-21.2.4-150400.68.18.1
* Mesa-dri-64bit-21.2.4-150400.68.18.1
* Mesa-libglapi0-64bit-debuginfo-21.2.4-150400.68.18.1
* libvdpau_r300-64bit-21.2.4-150400.68.18.1
* libvdpau_radeonsi-64bit-debuginfo-21.2.4-150400.68.18.1
* libvulkan_radeon-64bit-debuginfo-21.2.4-150400.68.18.1
* libOSMesa8-64bit-debuginfo-21.2.4-150400.68.18.1
* libXvMC_nouveau-64bit-debuginfo-21.2.4-150400.68.18.1
* Mesa-vulkan-overlay-64bit-debuginfo-21.2.4-150400.68.18.1
* libvulkan_radeon-64bit-21.2.4-150400.68.18.1
* libgbm1-64bit-21.2.4-150400.68.18.1
* libXvMC_nouveau-64bit-21.2.4-150400.68.18.1
* Mesa-libd3d-64bit-21.2.4-150400.68.18.1
* Mesa-libEGL1-64bit-debuginfo-21.2.4-150400.68.18.1
* openSUSE Leap 15.4 (aarch64)
* Mesa-dri-vc4-21.2.4-150400.68.18.1
* Mesa-dri-vc4-debuginfo-21.2.4-150400.68.18.1
* libvulkan_freedreno-21.2.4-150400.68.18.1
* libvulkan_broadcom-21.2.4-150400.68.18.1
* libvulkan_broadcom-debuginfo-21.2.4-150400.68.18.1
* libvulkan_freedreno-debuginfo-21.2.4-150400.68.18.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libgbm1-21.2.4-150400.68.18.1
* libgbm1-debuginfo-21.2.4-150400.68.18.1
* Mesa-debugsource-21.2.4-150400.68.18.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libgbm1-21.2.4-150400.68.18.1
* libgbm1-debuginfo-21.2.4-150400.68.18.1
* Mesa-debugsource-21.2.4-150400.68.18.1
* Basesystem Module 15-SP7 (x86_64)
* Mesa-libVulkan-devel-21.2.4-150400.68.18.1
* Mesa-drivers-debugsource-21.2.4-150400.68.18.1
* SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64)
* libXvMC_nouveau-debuginfo-21.2.4-150400.68.18.1
* libXvMC_nouveau-21.2.4-150400.68.18.1
* Mesa-drivers-debugsource-21.2.4-150400.68.18.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libgbm1-21.2.4-150400.68.18.1
* libgbm1-debuginfo-21.2.4-150400.68.18.1
* Mesa-debugsource-21.2.4-150400.68.18.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libgbm1-21.2.4-150400.68.18.1
* libgbm1-debuginfo-21.2.4-150400.68.18.1
* Mesa-debugsource-21.2.4-150400.68.18.1

## References:

* https://www.suse.com/security/cve/CVE-2026-40393.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261998



SUSE-SU-2026:1840-1: important: Security update for the Linux Kernel


# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2026:1840-1
Release Date: 2026-05-13T10:05:24Z
Rating: important
References:

* bsc#1264449
* bsc#1264450

Cross-References:

* CVE-2026-43284
* CVE-2026-43500

CVSS scores:

* CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43284 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43500 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise High Availability Extension 15 SP6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix the following issue:

* CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags
(bsc#1264449).
* CVE-2026-43500: rxrpc: Also unshare DATA/RESPONSE packets when paged frags
are present (bsc#1264450).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1840=1

* SUSE Linux Enterprise High Availability Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-1840=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1840=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1840=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1840=1

## Package List:

* openSUSE Leap 15.6 (noarch nosrc)
* kernel-docs-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (noarch)
* kernel-macros-6.4.0-150600.23.103.1
* kernel-source-vanilla-6.4.0-150600.23.103.1
* kernel-source-6.4.0-150600.23.103.1
* kernel-docs-html-6.4.0-150600.23.103.1
* kernel-devel-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (nosrc ppc64le x86_64)
* kernel-debug-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (ppc64le x86_64)
* kernel-debug-debugsource-6.4.0-150600.23.103.1
* kernel-debug-devel-6.4.0-150600.23.103.1
* kernel-debug-devel-debuginfo-6.4.0-150600.23.103.1
* kernel-debug-debuginfo-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (x86_64)
* kernel-kvmsmall-vdso-debuginfo-6.4.0-150600.23.103.1
* kernel-debug-vdso-debuginfo-6.4.0-150600.23.103.1
* kernel-default-vdso-6.4.0-150600.23.103.1
* kernel-debug-vdso-6.4.0-150600.23.103.1
* kernel-default-vdso-debuginfo-6.4.0-150600.23.103.1
* kernel-kvmsmall-vdso-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (aarch64)
* dtb-hisilicon-6.4.0-150600.23.103.1
* dtb-arm-6.4.0-150600.23.103.1
* dtb-mediatek-6.4.0-150600.23.103.1
* reiserfs-kmp-64kb-6.4.0-150600.23.103.1
* gfs2-kmp-64kb-debuginfo-6.4.0-150600.23.103.1
* dtb-amazon-6.4.0-150600.23.103.1
* kernel-64kb-devel-6.4.0-150600.23.103.1
* dtb-altera-6.4.0-150600.23.103.1
* dlm-kmp-64kb-debuginfo-6.4.0-150600.23.103.1
* dtb-broadcom-6.4.0-150600.23.103.1
* dtb-nvidia-6.4.0-150600.23.103.1
* dtb-renesas-6.4.0-150600.23.103.1
* dtb-apm-6.4.0-150600.23.103.1
* dtb-rockchip-6.4.0-150600.23.103.1
* kernel-64kb-extra-6.4.0-150600.23.103.1
* ocfs2-kmp-64kb-debuginfo-6.4.0-150600.23.103.1
* dlm-kmp-64kb-6.4.0-150600.23.103.1
* cluster-md-kmp-64kb-debuginfo-6.4.0-150600.23.103.1
* kernel-64kb-debuginfo-6.4.0-150600.23.103.1
* gfs2-kmp-64kb-6.4.0-150600.23.103.1
* dtb-amd-6.4.0-150600.23.103.1
* dtb-cavium-6.4.0-150600.23.103.1
* dtb-allwinner-6.4.0-150600.23.103.1
* reiserfs-kmp-64kb-debuginfo-6.4.0-150600.23.103.1
* dtb-socionext-6.4.0-150600.23.103.1
* dtb-apple-6.4.0-150600.23.103.1
* dtb-marvell-6.4.0-150600.23.103.1
* kernel-64kb-optional-debuginfo-6.4.0-150600.23.103.1
* kernel-64kb-extra-debuginfo-6.4.0-150600.23.103.1
* dtb-exynos-6.4.0-150600.23.103.1
* dtb-qcom-6.4.0-150600.23.103.1
* dtb-xilinx-6.4.0-150600.23.103.1
* kernel-64kb-optional-6.4.0-150600.23.103.1
* kernel-64kb-debugsource-6.4.0-150600.23.103.1
* dtb-freescale-6.4.0-150600.23.103.1
* kselftests-kmp-64kb-6.4.0-150600.23.103.1
* kselftests-kmp-64kb-debuginfo-6.4.0-150600.23.103.1
* dtb-amlogic-6.4.0-150600.23.103.1
* dtb-lg-6.4.0-150600.23.103.1
* ocfs2-kmp-64kb-6.4.0-150600.23.103.1
* dtb-sprd-6.4.0-150600.23.103.1
* cluster-md-kmp-64kb-6.4.0-150600.23.103.1
* kernel-64kb-devel-debuginfo-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (aarch64 nosrc)
* kernel-64kb-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (aarch64 ppc64le x86_64)
* kernel-kvmsmall-devel-6.4.0-150600.23.103.1
* kernel-default-base-rebuild-6.4.0-150600.23.103.1.150600.12.48.1
* kernel-default-base-6.4.0-150600.23.103.1.150600.12.48.1
* kernel-kvmsmall-debugsource-6.4.0-150600.23.103.1
* kernel-kvmsmall-debuginfo-6.4.0-150600.23.103.1
* kernel-kvmsmall-devel-debuginfo-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* cluster-md-kmp-default-debuginfo-6.4.0-150600.23.103.1
* gfs2-kmp-default-debuginfo-6.4.0-150600.23.103.1
* reiserfs-kmp-default-6.4.0-150600.23.103.1
* kernel-default-extra-6.4.0-150600.23.103.1
* kselftests-kmp-default-debuginfo-6.4.0-150600.23.103.1
* reiserfs-kmp-default-debuginfo-6.4.0-150600.23.103.1
* kernel-default-extra-debuginfo-6.4.0-150600.23.103.1
* ocfs2-kmp-default-debuginfo-6.4.0-150600.23.103.1
* kernel-default-optional-debuginfo-6.4.0-150600.23.103.1
* ocfs2-kmp-default-6.4.0-150600.23.103.1
* kernel-syms-6.4.0-150600.23.103.1
* kernel-obs-build-debugsource-6.4.0-150600.23.103.1
* kernel-default-optional-6.4.0-150600.23.103.1
* kernel-default-livepatch-6.4.0-150600.23.103.1
* kselftests-kmp-default-6.4.0-150600.23.103.1
* kernel-obs-qa-6.4.0-150600.23.103.1
* kernel-default-debugsource-6.4.0-150600.23.103.1
* kernel-obs-build-6.4.0-150600.23.103.1
* gfs2-kmp-default-6.4.0-150600.23.103.1
* kernel-default-devel-6.4.0-150600.23.103.1
* dlm-kmp-default-debuginfo-6.4.0-150600.23.103.1
* kernel-default-devel-debuginfo-6.4.0-150600.23.103.1
* cluster-md-kmp-default-6.4.0-150600.23.103.1
* dlm-kmp-default-6.4.0-150600.23.103.1
* kernel-default-debuginfo-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-default-livepatch-devel-6.4.0-150600.23.103.1
* kernel-livepatch-6_4_0-150600_23_103-default-1-150600.13.3.1
* kernel-livepatch-6_4_0-150600_23_103-default-debuginfo-1-150600.13.3.1
* kernel-livepatch-SLE15-SP6_Update_24-debugsource-1-150600.13.3.1
* openSUSE Leap 15.6 (nosrc s390x)
* kernel-zfcpdump-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (s390x)
* kernel-zfcpdump-debugsource-6.4.0-150600.23.103.1
* kernel-zfcpdump-debuginfo-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (nosrc)
* dtb-aarch64-6.4.0-150600.23.103.1
* SUSE Linux Enterprise High Availability Extension 15 SP6 (nosrc)
* kernel-default-6.4.0-150600.23.103.1
* SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le
s390x x86_64)
* kernel-default-debuginfo-6.4.0-150600.23.103.1
* kernel-default-debugsource-6.4.0-150600.23.103.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch nosrc)
* kernel-docs-6.4.0-150600.23.103.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* kernel-macros-6.4.0-150600.23.103.1
* kernel-source-6.4.0-150600.23.103.1
* kernel-devel-6.4.0-150600.23.103.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* cluster-md-kmp-default-debuginfo-6.4.0-150600.23.103.1
* gfs2-kmp-default-debuginfo-6.4.0-150600.23.103.1
* kernel-default-devel-6.4.0-150600.23.103.1
* kernel-default-devel-debuginfo-6.4.0-150600.23.103.1
* reiserfs-kmp-default-6.4.0-150600.23.103.1
* kernel-syms-6.4.0-150600.23.103.1
* kernel-default-debugsource-6.4.0-150600.23.103.1
* kernel-obs-build-6.4.0-150600.23.103.1
* kernel-obs-build-debugsource-6.4.0-150600.23.103.1
* dlm-kmp-default-6.4.0-150600.23.103.1
* gfs2-kmp-default-6.4.0-150600.23.103.1
* cluster-md-kmp-default-6.4.0-150600.23.103.1
* reiserfs-kmp-default-debuginfo-6.4.0-150600.23.103.1
* kernel-default-debuginfo-6.4.0-150600.23.103.1
* dlm-kmp-default-debuginfo-6.4.0-150600.23.103.1
* ocfs2-kmp-default-debuginfo-6.4.0-150600.23.103.1
* ocfs2-kmp-default-6.4.0-150600.23.103.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64
nosrc)
* kernel-default-6.4.0-150600.23.103.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le x86_64)
* kernel-default-base-6.4.0-150600.23.103.1.150600.12.48.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 nosrc)
* kernel-64kb-6.4.0-150600.23.103.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64)
* kernel-64kb-debugsource-6.4.0-150600.23.103.1
* kernel-64kb-devel-6.4.0-150600.23.103.1
* kernel-64kb-devel-debuginfo-6.4.0-150600.23.103.1
* kernel-64kb-debuginfo-6.4.0-150600.23.103.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (nosrc s390x)
* kernel-zfcpdump-6.4.0-150600.23.103.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (s390x)
* kernel-zfcpdump-debugsource-6.4.0-150600.23.103.1
* kernel-zfcpdump-debuginfo-6.4.0-150600.23.103.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* cluster-md-kmp-default-debuginfo-6.4.0-150600.23.103.1
* reiserfs-kmp-default-debuginfo-6.4.0-150600.23.103.1
* gfs2-kmp-default-debuginfo-6.4.0-150600.23.103.1
* kernel-default-devel-6.4.0-150600.23.103.1
* kernel-default-devel-debuginfo-6.4.0-150600.23.103.1
* reiserfs-kmp-default-6.4.0-150600.23.103.1
* kernel-syms-6.4.0-150600.23.103.1
* kernel-default-debugsource-6.4.0-150600.23.103.1
* kernel-obs-build-6.4.0-150600.23.103.1
* kernel-obs-build-debugsource-6.4.0-150600.23.103.1
* kernel-default-base-6.4.0-150600.23.103.1.150600.12.48.1
* gfs2-kmp-default-6.4.0-150600.23.103.1
* cluster-md-kmp-default-6.4.0-150600.23.103.1
* dlm-kmp-default-6.4.0-150600.23.103.1
* kernel-default-debuginfo-6.4.0-150600.23.103.1
* dlm-kmp-default-debuginfo-6.4.0-150600.23.103.1
* ocfs2-kmp-default-debuginfo-6.4.0-150600.23.103.1
* ocfs2-kmp-default-6.4.0-150600.23.103.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (nosrc ppc64le
x86_64)
* kernel-default-6.4.0-150600.23.103.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* kernel-macros-6.4.0-150600.23.103.1
* kernel-source-6.4.0-150600.23.103.1
* kernel-devel-6.4.0-150600.23.103.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch nosrc)
* kernel-docs-6.4.0-150600.23.103.1
* SUSE Linux Enterprise Live Patching 15-SP6 (nosrc)
* kernel-default-6.4.0-150600.23.103.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-default-livepatch-6.4.0-150600.23.103.1
* kernel-livepatch-SLE15-SP6_Update_24-debugsource-1-150600.13.3.1
* kernel-default-debugsource-6.4.0-150600.23.103.1
* kernel-default-livepatch-devel-6.4.0-150600.23.103.1
* kernel-livepatch-6_4_0-150600_23_103-default-1-150600.13.3.1
* kernel-default-debuginfo-6.4.0-150600.23.103.1
* kernel-livepatch-6_4_0-150600_23_103-default-debuginfo-1-150600.13.3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-43284.html
* https://www.suse.com/security/cve/CVE-2026-43500.html
* https://bugzilla.suse.com/show_bug.cgi?id=1264449
* https://bugzilla.suse.com/show_bug.cgi?id=1264450



openSUSE-SU-2026:10748-1: moderate: jupyter-jupyterlab-4.5.7-1.1 on GA media


# jupyter-jupyterlab-4.5.7-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10748-1
Rating: moderate

Cross-References:

* CVE-2026-40171
* CVE-2026-42266
* CVE-2026-42557

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the jupyter-jupyterlab-4.5.7-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* jupyter-jupyterlab 4.5.7-1.1
* python311-jupyterlab 4.5.7-1.1
* python313-jupyterlab 4.5.7-1.1
* python314-jupyterlab 4.5.7-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-40171.html
* https://www.suse.com/security/cve/CVE-2026-42266.html
* https://www.suse.com/security/cve/CVE-2026-42557.html



openSUSE-SU-2026:10752-1: moderate: OpenImageIO-3.1.13.1-2.1 on GA media


# OpenImageIO-3.1.13.1-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10752-1
Rating: moderate

Cross-References:

* CVE-2026-7582

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the OpenImageIO-3.1.13.1-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* OpenImageIO 3.1.13.1-2.1
* OpenImageIO-devel 3.1.13.1-2.1
* libOpenImageIO3_1 3.1.13.1-2.1
* libOpenImageIO_Util3_1 3.1.13.1-2.1
* python3-OpenImageIO 3.1.13.1-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-7582.html



openSUSE-SU-2026:10751-1: moderate: libvinylapi3-9.0.0-1.1 on GA media


# libvinylapi3-9.0.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10751-1
Rating: moderate

Cross-References:

* CVE-2013-4484
* CVE-2019-15892
* CVE-2022-23959
* CVE-2022-38150
* CVE-2022-45059
* CVE-2022-45060
* CVE-2023-44487
* CVE-2025-30346

CVSS scores:

* CVE-2022-23959 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 8 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the libvinylapi3-9.0.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libvinylapi3 9.0.0-1.1
* vinyl-cache 9.0.0-1.1
* vinyl-cache-devel 9.0.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2013-4484.html
* https://www.suse.com/security/cve/CVE-2019-15892.html
* https://www.suse.com/security/cve/CVE-2022-23959.html
* https://www.suse.com/security/cve/CVE-2022-38150.html
* https://www.suse.com/security/cve/CVE-2022-45059.html
* https://www.suse.com/security/cve/CVE-2022-45060.html
* https://www.suse.com/security/cve/CVE-2023-44487.html
* https://www.suse.com/security/cve/CVE-2025-30346.html



SUSE-SU-2026:1840-2: important: Security update for the Linux Kernel


# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2026:1840-2
Release Date: 2026-05-13T15:10:11Z
Rating: important
References:

* bsc#1264449
* bsc#1264450

Cross-References:

* CVE-2026-43284
* CVE-2026-43500

CVSS scores:

* CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43284 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43500 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6

An update that solves two vulnerabilities can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix the following issue:

* CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags
(bsc#1264449).
* CVE-2026-43500: rxrpc: Also unshare DATA/RESPONSE packets when paged frags
are present (bsc#1264450).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1840=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* kernel-default-livepatch-6.4.0-150600.23.103.1
* kernel-default-debugsource-6.4.0-150600.23.103.1
* gfs2-kmp-default-debuginfo-6.4.0-150600.23.103.1
* gfs2-kmp-default-6.4.0-150600.23.103.1
* cluster-md-kmp-default-6.4.0-150600.23.103.1
* kernel-obs-qa-6.4.0-150600.23.103.1
* reiserfs-kmp-default-6.4.0-150600.23.103.1
* dlm-kmp-default-debuginfo-6.4.0-150600.23.103.1
* ocfs2-kmp-default-debuginfo-6.4.0-150600.23.103.1
* ocfs2-kmp-default-6.4.0-150600.23.103.1
* kernel-obs-build-6.4.0-150600.23.103.1
* kernel-default-optional-6.4.0-150600.23.103.1
* kselftests-kmp-default-6.4.0-150600.23.103.1
* cluster-md-kmp-default-debuginfo-6.4.0-150600.23.103.1
* kernel-default-debuginfo-6.4.0-150600.23.103.1
* kernel-default-extra-debuginfo-6.4.0-150600.23.103.1
* kernel-default-devel-6.4.0-150600.23.103.1
* reiserfs-kmp-default-debuginfo-6.4.0-150600.23.103.1
* dlm-kmp-default-6.4.0-150600.23.103.1
* kselftests-kmp-default-debuginfo-6.4.0-150600.23.103.1
* kernel-default-optional-debuginfo-6.4.0-150600.23.103.1
* kernel-default-extra-6.4.0-150600.23.103.1
* kernel-default-devel-debuginfo-6.4.0-150600.23.103.1
* kernel-syms-6.4.0-150600.23.103.1
* kernel-obs-build-debugsource-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-default-livepatch-devel-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (nosrc s390x)
* kernel-zfcpdump-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (aarch64)
* dtb-exynos-6.4.0-150600.23.103.1
* dtb-renesas-6.4.0-150600.23.103.1
* cluster-md-kmp-64kb-6.4.0-150600.23.103.1
* kselftests-kmp-64kb-debuginfo-6.4.0-150600.23.103.1
* reiserfs-kmp-64kb-debuginfo-6.4.0-150600.23.103.1
* dtb-allwinner-6.4.0-150600.23.103.1
* dtb-arm-6.4.0-150600.23.103.1
* dtb-broadcom-6.4.0-150600.23.103.1
* dtb-amd-6.4.0-150600.23.103.1
* reiserfs-kmp-64kb-6.4.0-150600.23.103.1
* kernel-64kb-debuginfo-6.4.0-150600.23.103.1
* kernel-64kb-devel-debuginfo-6.4.0-150600.23.103.1
* ocfs2-kmp-64kb-debuginfo-6.4.0-150600.23.103.1
* dtb-mediatek-6.4.0-150600.23.103.1
* dtb-amlogic-6.4.0-150600.23.103.1
* cluster-md-kmp-64kb-debuginfo-6.4.0-150600.23.103.1
* kernel-64kb-optional-6.4.0-150600.23.103.1
* kselftests-kmp-64kb-6.4.0-150600.23.103.1
* kernel-64kb-extra-6.4.0-150600.23.103.1
* dtb-lg-6.4.0-150600.23.103.1
* dtb-qcom-6.4.0-150600.23.103.1
* dtb-rockchip-6.4.0-150600.23.103.1
* kernel-64kb-extra-debuginfo-6.4.0-150600.23.103.1
* gfs2-kmp-64kb-debuginfo-6.4.0-150600.23.103.1
* ocfs2-kmp-64kb-6.4.0-150600.23.103.1
* dtb-apm-6.4.0-150600.23.103.1
* dtb-freescale-6.4.0-150600.23.103.1
* dtb-cavium-6.4.0-150600.23.103.1
* kernel-64kb-debugsource-6.4.0-150600.23.103.1
* kernel-64kb-devel-6.4.0-150600.23.103.1
* dtb-altera-6.4.0-150600.23.103.1
* dtb-hisilicon-6.4.0-150600.23.103.1
* dtb-xilinx-6.4.0-150600.23.103.1
* kernel-64kb-optional-debuginfo-6.4.0-150600.23.103.1
* dtb-sprd-6.4.0-150600.23.103.1
* dlm-kmp-64kb-6.4.0-150600.23.103.1
* dtb-marvell-6.4.0-150600.23.103.1
* dtb-amazon-6.4.0-150600.23.103.1
* gfs2-kmp-64kb-6.4.0-150600.23.103.1
* dlm-kmp-64kb-debuginfo-6.4.0-150600.23.103.1
* dtb-apple-6.4.0-150600.23.103.1
* dtb-nvidia-6.4.0-150600.23.103.1
* dtb-socionext-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (aarch64 nosrc)
* kernel-64kb-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (s390x)
* kernel-zfcpdump-debuginfo-6.4.0-150600.23.103.1
* kernel-zfcpdump-debugsource-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (nosrc ppc64le x86_64)
* kernel-debug-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (ppc64le x86_64)
* kernel-debug-devel-6.4.0-150600.23.103.1
* kernel-debug-debugsource-6.4.0-150600.23.103.1
* kernel-debug-debuginfo-6.4.0-150600.23.103.1
* kernel-debug-devel-debuginfo-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (aarch64 ppc64le x86_64)
* kernel-kvmsmall-debugsource-6.4.0-150600.23.103.1
* kernel-kvmsmall-devel-6.4.0-150600.23.103.1
* kernel-kvmsmall-debuginfo-6.4.0-150600.23.103.1
* kernel-kvmsmall-devel-debuginfo-6.4.0-150600.23.103.1
* kernel-default-base-6.4.0-150600.23.103.1.150600.12.48.1
* kernel-default-base-rebuild-6.4.0-150600.23.103.1.150600.12.48.1
* openSUSE Leap 15.6 (x86_64)
* kernel-default-vdso-debuginfo-6.4.0-150600.23.103.1
* kernel-debug-vdso-6.4.0-150600.23.103.1
* kernel-kvmsmall-vdso-6.4.0-150600.23.103.1
* kernel-debug-vdso-debuginfo-6.4.0-150600.23.103.1
* kernel-kvmsmall-vdso-debuginfo-6.4.0-150600.23.103.1
* kernel-default-vdso-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (noarch)
* kernel-devel-6.4.0-150600.23.103.1
* kernel-source-vanilla-6.4.0-150600.23.103.1
* kernel-docs-html-6.4.0-150600.23.103.1
* kernel-source-6.4.0-150600.23.103.1
* kernel-macros-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (noarch nosrc)
* kernel-docs-6.4.0-150600.23.103.1
* openSUSE Leap 15.6 (nosrc)
* dtb-aarch64-6.4.0-150600.23.103.1

## References:

* https://www.suse.com/security/cve/CVE-2026-43284.html
* https://www.suse.com/security/cve/CVE-2026-43500.html
* https://bugzilla.suse.com/show_bug.cgi?id=1264449
* https://bugzilla.suse.com/show_bug.cgi?id=1264450



SUSE-SU-2026:1842-1: important: Security update for python-Pillow


# Security update for python-Pillow

Announcement ID: SUSE-SU-2026:1842-1
Release Date: 2026-05-13T15:23:59Z
Rating: important
References:

* bsc#1265154

Cross-References:

* CVE-2026-42310

CVSS scores:

* CVE-2026-42310 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42310 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-42310 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for python-Pillow fixes the following issue

* CVE-2026-42310: infinite loop and resource exhaustion when processing
specially crafted PDFs (bsc#1265154).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-1842=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1842=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* python3-Pillow-tk-7.2.0-150300.3.21.1
* python-Pillow-debuginfo-7.2.0-150300.3.21.1
* python3-Pillow-7.2.0-150300.3.21.1
* python-Pillow-debugsource-7.2.0-150300.3.21.1
* python3-Pillow-debuginfo-7.2.0-150300.3.21.1
* python3-Pillow-tk-debuginfo-7.2.0-150300.3.21.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* python3-Pillow-7.2.0-150300.3.21.1
* python-Pillow-debuginfo-7.2.0-150300.3.21.1
* python-Pillow-debugsource-7.2.0-150300.3.21.1
* python3-Pillow-debuginfo-7.2.0-150300.3.21.1

## References:

* https://www.suse.com/security/cve/CVE-2026-42310.html
* https://bugzilla.suse.com/show_bug.cgi?id=1265154


FreeRDP, LibTIFF, Glib2, and more updates for Rocky Linux

Dnsmasq update for Ubuntu

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...