Python-Maturin, Traefik, Helm, and more updates for SUSE Linux

SUSE 5586 Published by

Several security updates have been released for SUSE Linux, addressing various vulnerabilities in different packages. The most critical of these updates include a security patch for python-maturin and an important fix for the freerdp package. Other moderate-level updates are available for perl-Compress-Raw-Zlib, Python 3.11's PyPDF2 and helm packages, among others. Additionally, there is also a security update released for gnutls.

SUSE-SU-2026:0860-1: important: Security update for python-maturin
openSUSE-SU-2026:20339-1: important: Security update for freerdp
openSUSE-SU-2026:10320-1: moderate: perl-Compress-Raw-Zlib-2.222-1.1 on GA media
openSUSE-SU-2026:10321-1: moderate: python311-PyPDF2-2.11.1-6.1 on GA media
openSUSE-SU-2026:10323-1: moderate: traefik-3.6.10-1.1 on GA media
openSUSE-SU-2026:10318-1: moderate: helm-4.1.1-3.1 on GA media
openSUSE-SU-2026:10319-1: moderate: helm3-3.20.0-2.1 on GA media
openSUSE-SU-2026:10317-1: moderate: grype-0.109.1-1.1 on GA media
openSUSE-SU-2026:10315-1: moderate: GraphicsMagick-1.3.46-2.1 on GA media
openSUSE-SU-2026:10322-1: moderate: python311-lxml_html_clean-0.4.4-1.1 on GA media
openSUSE-SU-2026:10316-1: moderate: ghostty-1.3.0-1.1 on GA media
SUSE-SU-2026:0862-1: moderate: Security update for gnutls
openSUSE-SU-2026:0080-1: important: Security update for coredns
openSUSE-SU-2026:0079-1: important: Security update for coredns




SUSE-SU-2026:0860-1: important: Security update for python-maturin


# Security update for python-maturin

Announcement ID: SUSE-SU-2026:0860-1
Release Date: 2026-03-10T16:46:57Z
Rating: important
References:

* bsc#1257918

Cross-References:

* CVE-2026-25727

CVSS scores:

* CVE-2026-25727 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25727 ( NVD ): 6.8
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6

An update that solves one vulnerability can now be installed.

## Description:

This update for python-maturin fixes the following issue:

* CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date
parser can lead to stack exhaustion (bsc#1257918).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-860=1 openSUSE-SLE-15.6-2026-860=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* python311-maturin-1.4.0-150600.3.12.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25727.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257918



openSUSE-SU-2026:20339-1: important: Security update for freerdp


openSUSE security update: security update for freerdp
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20339-1
Rating: important
References:

* bsc#1214869
* bsc#1214870
* bsc#1214871
* bsc#1219049
* bsc#1223293
* bsc#1223294
* bsc#1223295
* bsc#1223296
* bsc#1223297
* bsc#1223298
* bsc#1223346
* bsc#1223347
* bsc#1223348
* bsc#1223353
* bsc#1243109
* bsc#1256717
* bsc#1256718
* bsc#1256719
* bsc#1256720
* bsc#1256721
* bsc#1256722
* bsc#1256723
* bsc#1256724
* bsc#1256725
* bsc#1256940
* bsc#1256941
* bsc#1256942
* bsc#1256943
* bsc#1256944
* bsc#1256945
* bsc#1256946
* bsc#1256947

Cross-References:

* CVE-2023-40574
* CVE-2023-40575
* CVE-2023-40576
* CVE-2024-22211
* CVE-2024-32039
* CVE-2024-32040
* CVE-2024-32041
* CVE-2024-32458
* CVE-2024-32459
* CVE-2024-32460
* CVE-2024-32658
* CVE-2024-32659
* CVE-2024-32660
* CVE-2024-32661
* CVE-2025-4478
* CVE-2026-22851
* CVE-2026-22852
* CVE-2026-22853
* CVE-2026-22854
* CVE-2026-22855
* CVE-2026-22856
* CVE-2026-22857
* CVE-2026-22858
* CVE-2026-22859
* CVE-2026-23530
* CVE-2026-23531
* CVE-2026-23532
* CVE-2026-23533
* CVE-2026-23534
* CVE-2026-23732
* CVE-2026-23883
* CVE-2026-23884
* CVE-2026-23948
* CVE-2026-24491
* CVE-2026-24675
* CVE-2026-24676
* CVE-2026-24677
* CVE-2026-24678
* CVE-2026-24679
* CVE-2026-24680
* CVE-2026-24681
* CVE-2026-24682
* CVE-2026-24683
* CVE-2026-24684

CVSS scores:

* CVE-2023-40574 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-40575 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-40576 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-22211 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2024-32039 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-32040 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-32041 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-32458 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-32459 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-32460 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-32658 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-32659 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2024-32660 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-32661 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-4478 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
* CVE-2025-4478 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22851 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22851 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22852 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-22852 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22853 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-22853 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22854 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-22854 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22855 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H
* CVE-2026-22855 ( SUSE ): 6.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22856 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-22856 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22857 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-22857 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22858 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H
* CVE-2026-22858 ( SUSE ): 6.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22859 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H
* CVE-2026-22859 ( SUSE ): 6.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23530 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-23530 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23531 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-23531 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23532 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-23532 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23533 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-23533 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23534 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-23534 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23732 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-23732 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-23883 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-23883 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23884 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-23884 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23948 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-23948 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-24491 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-24491 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-24675 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-24675 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-24676 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-24676 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-24677 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-24677 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-24678 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-24678 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-24679 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-24679 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-24680 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-24680 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-24681 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-24681 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-24682 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-24682 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-24683 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-24683 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-24684 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-24684 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 44 vulnerabilities and has 32 bug fixes can now be installed.

Description:

This update for freerdp fixes the following issues:

Update to version 3.22.0 (jsc#PED-15526):

+ Major bugfix release:

* Complete overhaul of SDL client
* Introduction of new WINPR_ATTR_NODISCARD macro wrapping compiler or C language version specific [[nodiscard]] attributes
* Addition of WINPR_ATTR_NODISCARD to (some) public API functions so usage errors are producing warnings now
* Add some more stringify functions for logging
* We've received CVE reports, check
https://github.com/FreeRDP/FreeRDP/security/advisories for more details!
@Keryer reported an issue affecting client and proxy:
* CVE-2026-23948
@ehdgks0627 did some more fuzzying and found quite a number of client side bugs.
* CVE-2026-24682
* CVE-2026-24683
* CVE-2026-24676
* CVE-2026-24677
* CVE-2026-24678
* CVE-2026-24684
* CVE-2026-24679
* CVE-2026-24681
* CVE-2026-24675
* CVE-2026-24491
* CVE-2026-24680

- Changes from version 3.21.0

* [core,info] fix missing NULL check (#12157)
* [gateway,tsg] fix TSG_PACKET_RESPONSE parsing (#12161)
* Allow querying auth identity with kerberos when running as a server (#12162)
* Sspi krb heimdal (#12163)
* Tsg fix idleTimeout parsing (#12167)
* [channels,smartcard] revert 649f7de (#12166)
* [crypto] deprecate er and der modules (#12170)
* [channels,rdpei] lock full update, not only parts (#12175)
* [winpr,platform] add WINPR_ATTR_NODISCARD macro (#12178)
* Wlog cleanup (#12179)
* new stringify functions & touch API defines (#12180)
* Add support for querying SECPKG_ATTR_PACKAGE_INFO to NTLM and Kerberos (#12171)
* [channels,video] measure times in ns (#12184)
* [utils] Nodiscard (#12187)
* Error handling fixes (#12186)
* [channels,drdynvc] check pointer before reset (#12189)
* Winpr api def (#12190)
* [winpr,platform] drop C23 [[nodiscard]] (#12192)
* [gdi] add additional checks for a valid rdpGdi (#12194)
* Sdl3 high dpiv2 (#12173)
* peer: Disconnect if Logon() returned FALSE (#12196)
* [channels,rdpecam] fix PROPERTY_DESCRIPTION parsing (#12197)
* [channel,rdpsnd] only clean up thread before free (#12199)
* [channels,rdpei] add RDPINPUT_CONTACT_FLAG_UP (#12195)

- Update to version 3.21.0:

+ Bugfix release with a few new API functions addressing shortcomings with
regard to input data validation.
Thanks to @ehdgks0627 we have fixed the following additional (medium)
client side vulnerabilities:

* CVE-2026-23530
* CVE-2026-23531
* CVE-2026-23532
* CVE-2026-23533
* CVE-2026-23534
* CVE-2026-23732
* CVE-2026-23883
* CVE-2026-23884

- Changes from version 3.20.2

* [client,sdl] fix monitor resolution (#12142)
* [codec,progressive] fix progressive_rfx_upgrade_block (#12143)
* Krb cache fix (#12145)
* Rdpdr improved checks (#12141)
* Codec advanced length checks (#12146)
* Glyph fix length checks (#12151)
* Wlog printf format string checks (#12150)
* [warnings,format] fix format string warnings (#12152)
* Double free fixes (#12153)
* [clang-tidy] clean up code warnings (#12154)

- Update to version 3.20.2:

+ Patch release fixing a regression with gateway connections
introduced with 3.20.1
## What's Changed
* Warnings and missing enumeration types (#12137)

- Changes from version 3.20.1:

+ New years cleanup release. Fixes some issues reported and does
a cleaning sweep to bring down warnings.
Thanks to @ehdgks0627 doing some code review/testing we've
uncovered the following (medium) vulnerabilities:

* CVE-2026-22851
* CVE-2026-22852
* CVE-2026-22853
* CVE-2026-22854
* CVE-2026-22855
* CVE-2026-22856
* CVE-2026-22857
* CVE-2026-22858
* CVE-2026-22859

+ These affect FreeRDP based clients only, with the exception of
CVE-2026-22858 also affecting FreeRDP proxy. FreeRDP based
servers are not affected.

- Update to version 3.20.0:

* Mingw fixes (#12070)
* [crypto,certificate_data] add some hostname sanitation
* [client,common]: Fix loading of rdpsnd channel
* [client,sdl] set touch and pen hints

- Changes from version 3.19.1:

* [core,transport] improve SSL error logging
* [utils,helpers] fix freerdp_settings_get_legacy_config_path
* From stdin and sdl-creds improve
* [crypto,certificate] sanitize hostnames
* [channels,drdynvc] propagate error in dynamic channel
* [CMake] make Mbed-TLS and LibreSSL experimental
* Json fix
* rdpecam: send sample only if it's available
* [channels,rdpecam] allow MJPEG frame skip and direct passthrough
* [winpr,utils] explicit NULL checks in jansson WINPR_JSON_ParseWithLength

- Changes from version 3.19.0:

* [client,common] fix retry counter
* [cmake] fix aarch64 neon detection
* Fix response body existence check when using RDP Gateway
* fix line clipping issue
* Clip coord fix
* [core,input] Add debug log to keyboard state sync
* Update command line usage for gateway option
* [codec,ffmpeg] 8.0 dropped AV_PROFILE_AAC_MAIN
* [channels,audin] fix pulse memory leak
* [channels,drive] Small performance improvements in drive channel
* [winpr,utils] fix command line error logging
* [common,test] Adjust AVC and H264 expectations
* drdynvc: implement compressed packet
* [channels,rdpecam] improve log messages
* Fix remote credential guard channel loading
* Fix inverted ifdef
* [core,nego] disable all enabled modes except the one requested
* rdpear: handle basic NTLM commands and fix server-side
* [smartcardlogon] Fix off-by-one error in `smartcard_hw_enumerateCerts`
* rdpecam: fix camera sample grabbing

- Update to version 3.18.0:

+ Fix a regression reading passwords from stdin
+ Fix a timer regression (??s instead of ms)
+ Improved multitouch support
+ Fix a bug with PLANAR codec (used with /bpp:32 or sometimes with /gfx)
+ Better error handling for ARM transport (Entra)
+ Fix audio encoder lag (microphone/AAC) with FFMPEG
+ Support for janssen JSON library

- Update to version 3.17.2:

+ Minor improvements and bugfix release.
+ Most notably resource usage (file handles) has been greatly reduced and
static build pkg-config have been fixed.
For users of xfreerdp RAILS/RemoteApp mode the switch to DesktopSession
mode has been fixed (working UAC screen)

- Changes from version 3.17.1

+ Minor improvements and bugfix release.
* most notably a memory leak was addressed
* fixed header files missing C++ guards
* xfreerdp as well as the SDL clients now support a system wide configuration file
* Heimdal kerberos support was improved
* builds with [MS-RDPEAR] now properly abort at configure if Heimdal is used
(this configuration was never supported, so ensure nobody compiles it that way)

- Enable openh264 support, we can build against the noopenh264 stub

- Update to 3.17.0:

* [client,sdl2] fix build with webview (#11685)
* [core,nla] use wcslen for password length (#11687)
* Clear channel error prior to call channel init event proc (#11688)
* Warn args (#11689)
* [client,common] fix -mouse-motion (#11690)
* [core,proxy] fix IPv4 and IPv6 length (#11692)
* Regression fix2 (#11696)
* Log fixes (#11693)
* [common,settings] fix int casts (#11699)
* [core,connection] fix log level of several messages (#11697)
* [client,sdl] print current video driver (#11701)
* [crypto,tls] print big warning for /cert:ignore (#11704)
* [client,desktop] fix StartupWMClass setting (#11708)
* [cmake] unify version creation (#11711)
* [common,settings] force reallocation on caps copy (#11715)
* [manpages] Add example of keyboard remapping (#11718)
* Some fixes in Negotiate and NLA (#11722)
* [client,x11] fix clipboard issues (#11724)
* kerberos: do various tries for TGT retrieval in u2u (#11723)
* Cmdline escape strings (#11735)
* [winpr,utils] do not log command line arguments (#11736)
* [api,doc] Add stylesheed for doxygen (#11738)
* [core,proxy] fix BIO read methods (#11739)
* [client,common] fix sso_mib_get_access_token return value in error case (#11741)
* [crypto,tls] do not use context->settings->instance (#11749)
* winpr: re-introduce the credentials module (#11734)
* [winpr,timezone] ensure thread-safe initialization (#11754)
* core/redirection: Ensure stream has enough space for the certificate (#11762)
* [client,common] do not log success (#11766)
* Clean up bugs exposed on systems with high core counts (#11761)
* [cmake] add installWithRPATH (#11747)
* [clang-tidy] fix various warnings (#11769)
* Wlog improve type checks (#11774)
* [client,common] fix tenantid command line parsing (#11779)
* Proxy module static and shared linking support (#11768)
* LoadLibrary Null fix (#11786)
* [client,common] add freerdp_client_populate_settings_from_rdp_file_un??? (#11780)
* Fullchain support (#11787)
* [client,x11] ignore floatbar events (#11771)
* [winpr,credentials] prefer utf-8 over utf-16-LE #11790
* [proxy,modules] ignore bitmap-filter skip remaining #11789

- Update to 3.16.0:
* Lots of improvements for the SDL3 client
* Various X11 client improvements
* Add a timer implementation
* Various AAD/Azure/Entra improvements
* YUV420 primitives fixes
- Update to 3.15.0:
* [client,sdl] fix crash on suppress output
* [channels,remdesk] fix possible memory leak
* [client,x11] map exit code success
* Hidef rail checks and deprecation fixe
* Standard rdp security network issues
* [core,rdp] fix check for SEC_FLAGSHI_VALID
* [core,caps] fix rdp_apply_order_capability_set
* [core,proxy] align no_proxy to curl
* [core,gateway] fix string reading for TSG
* [client,sdl] refactor display update

- Update to version 3.14.0:

+ Bugfix and cleanup release. Due to some new API functions the
minor version has been increased.

- Changes from version 3.13.0:

+ Friends of old hardware rejoice, serial port redirection got an
update (not kidding you)
+ Android builds have been updated to be usable again
+ Mingw builds now periodically do a shared and static build
+ Fixed some bugs and regressions along the way and improved test
coverage as well

- Changes from version 3.12.0:

+ Multimonitor backward compatibility fixes
+ Smartcard compatibility
+ Improve the [MS-RDPECAM] support
+ Improve smartcard redirection support
+ Refactor SSE optimizations: Split headers, unify load/store,
require SSE3 for all optimized functions
+ Refactors the CMake build to better support configuration based
builders
+ Fix a few regressions from last release (USB redirection and
graphical glitches)

- Changes from version 3.11.0:

+ A new release with bugfixes and code cleanups as well as a few
nifty little features

- CVE-2024-22211: In affected versions an integer overflow in
`freerdp_bitmap_planar_context_reset` leads to heap-buffer
overflow. (bsc#1219049)

- CVE-2024-32658: Fixedout-of-bounds read in Interleaved RLE Bitmap Codec in FreeRDP based clients (bsc#1223353)

- Multiple CVE fixes
+ CVE-2024-32659: Fixed out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`(bsc#1223346)
+ CVE-2024-32660: Fixed client crash via invalid huge allocation size (bsc#1223347)
+ CVE-2024-32661: Fixed client NULL pointer dereference (bsc#1223348)

- Multiple CVE fixes:
* bsc#1223293, CVE-2024-32039
* bsc#1223294, CVE-2024-32040
* bsc#1223295, CVE-2024-32041
* bsc#1223296, CVE-2024-32458
* bsc#1223297, CVE-2024-32459
* bsc#1223298, CVE-2024-32460

* Fix CVE-2023-40574 - bsc#1214869: Out-Of-Bounds Write in general_YUV444ToRGB_8u_P3AC4R_BGRX
* Fix CVE-2023-40575 - bsc#1214870: Out-Of-Bounds Read in general_YUV444ToRGB_8u_P3AC4R_BGRX
* Fix CVE-2023-40576 - bsc#1214871: Out-Of-Bounds Read in RleDecompress

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-368=1

Package List:

- openSUSE Leap 16.0:

freerdp-3.22.0-160000.1.1
freerdp-devel-3.22.0-160000.1.1
freerdp-proxy-3.22.0-160000.1.1
freerdp-proxy-plugins-3.22.0-160000.1.1
freerdp-sdl-3.22.0-160000.1.1
freerdp-server-3.22.0-160000.1.1
freerdp-wayland-3.22.0-160000.1.1
libfreerdp-server-proxy3-3-3.22.0-160000.1.1
libfreerdp3-3-3.22.0-160000.1.1
librdtk0-0-3.22.0-160000.1.1
libuwac0-0-3.22.0-160000.1.1
libwinpr3-3-3.22.0-160000.1.1
rdtk0-devel-3.22.0-160000.1.1
uwac0-devel-3.22.0-160000.1.1
winpr-devel-3.22.0-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2023-40574.html
* https://www.suse.com/security/cve/CVE-2023-40575.html
* https://www.suse.com/security/cve/CVE-2023-40576.html
* https://www.suse.com/security/cve/CVE-2024-22211.html
* https://www.suse.com/security/cve/CVE-2024-32039.html
* https://www.suse.com/security/cve/CVE-2024-32040.html
* https://www.suse.com/security/cve/CVE-2024-32041.html
* https://www.suse.com/security/cve/CVE-2024-32458.html
* https://www.suse.com/security/cve/CVE-2024-32459.html
* https://www.suse.com/security/cve/CVE-2024-32460.html
* https://www.suse.com/security/cve/CVE-2024-32658.html
* https://www.suse.com/security/cve/CVE-2024-32659.html
* https://www.suse.com/security/cve/CVE-2024-32660.html
* https://www.suse.com/security/cve/CVE-2024-32661.html
* https://www.suse.com/security/cve/CVE-2025-4478.html
* https://www.suse.com/security/cve/CVE-2026-22851.html
* https://www.suse.com/security/cve/CVE-2026-22852.html
* https://www.suse.com/security/cve/CVE-2026-22853.html
* https://www.suse.com/security/cve/CVE-2026-22854.html
* https://www.suse.com/security/cve/CVE-2026-22855.html
* https://www.suse.com/security/cve/CVE-2026-22856.html
* https://www.suse.com/security/cve/CVE-2026-22857.html
* https://www.suse.com/security/cve/CVE-2026-22858.html
* https://www.suse.com/security/cve/CVE-2026-22859.html
* https://www.suse.com/security/cve/CVE-2026-23530.html
* https://www.suse.com/security/cve/CVE-2026-23531.html
* https://www.suse.com/security/cve/CVE-2026-23532.html
* https://www.suse.com/security/cve/CVE-2026-23533.html
* https://www.suse.com/security/cve/CVE-2026-23534.html
* https://www.suse.com/security/cve/CVE-2026-23732.html
* https://www.suse.com/security/cve/CVE-2026-23883.html
* https://www.suse.com/security/cve/CVE-2026-23884.html
* https://www.suse.com/security/cve/CVE-2026-23948.html
* https://www.suse.com/security/cve/CVE-2026-24491.html
* https://www.suse.com/security/cve/CVE-2026-24675.html
* https://www.suse.com/security/cve/CVE-2026-24676.html
* https://www.suse.com/security/cve/CVE-2026-24677.html
* https://www.suse.com/security/cve/CVE-2026-24678.html
* https://www.suse.com/security/cve/CVE-2026-24679.html
* https://www.suse.com/security/cve/CVE-2026-24680.html
* https://www.suse.com/security/cve/CVE-2026-24681.html
* https://www.suse.com/security/cve/CVE-2026-24682.html
* https://www.suse.com/security/cve/CVE-2026-24683.html
* https://www.suse.com/security/cve/CVE-2026-24684.html



openSUSE-SU-2026:10320-1: moderate: perl-Compress-Raw-Zlib-2.222-1.1 on GA media


# perl-Compress-Raw-Zlib-2.222-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10320-1
Rating: moderate

Cross-References:

* CVE-2026-3381

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the perl-Compress-Raw-Zlib-2.222-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* perl-Compress-Raw-Zlib 2.222-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-3381.html



openSUSE-SU-2026:10321-1: moderate: python311-PyPDF2-2.11.1-6.1 on GA media


# python311-PyPDF2-2.11.1-6.1 on GA media

Announcement ID: openSUSE-SU-2026:10321-1
Rating: moderate

Cross-References:

* CVE-2026-28804

CVSS scores:

* CVE-2026-28804 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-28804 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-PyPDF2-2.11.1-6.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-PyPDF2 2.11.1-6.1
* python313-PyPDF2 2.11.1-6.1

## References:

* https://www.suse.com/security/cve/CVE-2026-28804.html



openSUSE-SU-2026:10323-1: moderate: traefik-3.6.10-1.1 on GA media


# traefik-3.6.10-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10323-1
Rating: moderate

Cross-References:

* CVE-2026-26998
* CVE-2026-26999
* CVE-2026-29054

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the traefik-3.6.10-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* traefik 3.6.10-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-26998.html
* https://www.suse.com/security/cve/CVE-2026-26999.html
* https://www.suse.com/security/cve/CVE-2026-29054.html



openSUSE-SU-2026:10318-1: moderate: helm-4.1.1-3.1 on GA media


# helm-4.1.1-3.1 on GA media

Announcement ID: openSUSE-SU-2026:10318-1
Rating: moderate

Cross-References:

* CVE-2025-55199

CVSS scores:

* CVE-2025-55199 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-55199 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the helm-4.1.1-3.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* helm 4.1.1-3.1
* helm-bash-completion 4.1.1-3.1
* helm-fish-completion 4.1.1-3.1
* helm-zsh-completion 4.1.1-3.1

## References:

* https://www.suse.com/security/cve/CVE-2025-55199.html



openSUSE-SU-2026:10319-1: moderate: helm3-3.20.0-2.1 on GA media


# helm3-3.20.0-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10319-1
Rating: moderate

Cross-References:

* CVE-2025-55199

CVSS scores:

* CVE-2025-55199 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-55199 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the helm3-3.20.0-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* helm3 3.20.0-2.1
* helm3-bash-completion 3.20.0-2.1
* helm3-fish-completion 3.20.0-2.1
* helm3-zsh-completion 3.20.0-2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-55199.html



openSUSE-SU-2026:10317-1: moderate: grype-0.109.1-1.1 on GA media


# grype-0.109.1-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10317-1
Rating: moderate

Cross-References:

* CVE-2025-12183

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the grype-0.109.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* grype 0.109.1-1.1
* grype-bash-completion 0.109.1-1.1
* grype-fish-completion 0.109.1-1.1
* grype-zsh-completion 0.109.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-12183.html



openSUSE-SU-2026:10315-1: moderate: GraphicsMagick-1.3.46-2.1 on GA media


# GraphicsMagick-1.3.46-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10315-1
Rating: moderate

Cross-References:

* CVE-2026-25799

CVSS scores:

* CVE-2026-25799 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-25799 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the GraphicsMagick-1.3.46-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* GraphicsMagick 1.3.46-2.1
* GraphicsMagick-devel 1.3.46-2.1
* libGraphicsMagick++-Q16-12 1.3.46-2.1
* libGraphicsMagick++-devel 1.3.46-2.1
* libGraphicsMagick-Q16-3 1.3.46-2.1
* libGraphicsMagick3-config 1.3.46-2.1
* libGraphicsMagickWand-Q16-2 1.3.46-2.1
* perl-GraphicsMagick 1.3.46-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25799.html



openSUSE-SU-2026:10322-1: moderate: python311-lxml_html_clean-0.4.4-1.1 on GA media


# python311-lxml_html_clean-0.4.4-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10322-1
Rating: moderate

Cross-References:

* CVE-2026-28348
* CVE-2026-28350

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the python311-lxml_html_clean-0.4.4-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-lxml_html_clean 0.4.4-1.1
* python313-lxml_html_clean 0.4.4-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-28348.html
* https://www.suse.com/security/cve/CVE-2026-28350.html



openSUSE-SU-2026:10316-1: moderate: ghostty-1.3.0-1.1 on GA media


# ghostty-1.3.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10316-1
Rating: moderate

Cross-References:

* CVE-2026-26982

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ghostty-1.3.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ghostty 1.3.0-1.1
* ghostty-bash-completion 1.3.0-1.1
* ghostty-devel 1.3.0-1.1
* ghostty-doc 1.3.0-1.1
* ghostty-fish-completion 1.3.0-1.1
* ghostty-lang 1.3.0-1.1
* ghostty-neovim 1.3.0-1.1
* ghostty-nushell-completion 1.3.0-1.1
* ghostty-vim 1.3.0-1.1
* ghostty-zsh-completion 1.3.0-1.1
* libghostty-vt0 1.3.0-1.1
* nautilus-extension-ghostty 1.3.0-1.1
* terminfo-ghostty 1.3.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-26982.html



SUSE-SU-2026:0862-1: moderate: Security update for gnutls


# Security update for gnutls

Announcement ID: SUSE-SU-2026:0862-1
Release Date: 2026-03-11T10:00:10Z
Rating: moderate
References:

* bsc#1257960

Cross-References:

* CVE-2025-14831

CVSS scores:

* CVE-2025-14831 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-14831 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-14831 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves one vulnerability can now be installed.

## Description:

This update for gnutls fixes the following issues:

* CVE-2025-14831: excessive resource consumption when verifying specially
crafted malicious certificates containing a large number of name constraints
and subject alternative names (SANs) (bsc#1257960).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-862=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-862=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-862=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-862=1

## Package List:

* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* gnutls-debugsource-3.7.3-150400.4.56.1
* gnutls-debuginfo-3.7.3-150400.4.56.1
* libgnutls30-hmac-3.7.3-150400.4.56.1
* gnutls-3.7.3-150400.4.56.1
* libgnutls30-3.7.3-150400.4.56.1
* libgnutls30-debuginfo-3.7.3-150400.4.56.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* gnutls-debugsource-3.7.3-150400.4.56.1
* gnutls-debuginfo-3.7.3-150400.4.56.1
* libgnutls30-hmac-3.7.3-150400.4.56.1
* gnutls-3.7.3-150400.4.56.1
* libgnutls30-3.7.3-150400.4.56.1
* libgnutls30-debuginfo-3.7.3-150400.4.56.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* gnutls-debugsource-3.7.3-150400.4.56.1
* gnutls-debuginfo-3.7.3-150400.4.56.1
* libgnutls30-hmac-3.7.3-150400.4.56.1
* gnutls-3.7.3-150400.4.56.1
* libgnutls30-3.7.3-150400.4.56.1
* libgnutls30-debuginfo-3.7.3-150400.4.56.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libgnutlsxx28-3.7.3-150400.4.56.1
* libgnutlsxx-devel-3.7.3-150400.4.56.1
* libgnutls-devel-3.7.3-150400.4.56.1
* gnutls-debugsource-3.7.3-150400.4.56.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.56.1
* gnutls-debuginfo-3.7.3-150400.4.56.1
* libgnutls30-hmac-3.7.3-150400.4.56.1
* gnutls-3.7.3-150400.4.56.1
* gnutls-guile-3.7.3-150400.4.56.1
* libgnutls30-3.7.3-150400.4.56.1
* gnutls-guile-debuginfo-3.7.3-150400.4.56.1
* libgnutls30-debuginfo-3.7.3-150400.4.56.1
* openSUSE Leap 15.4 (x86_64)
* libgnutls-devel-32bit-3.7.3-150400.4.56.1
* libgnutls30-32bit-3.7.3-150400.4.56.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.56.1
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.56.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libgnutls30-64bit-debuginfo-3.7.3-150400.4.56.1
* libgnutls30-hmac-64bit-3.7.3-150400.4.56.1
* libgnutls-devel-64bit-3.7.3-150400.4.56.1
* libgnutls30-64bit-3.7.3-150400.4.56.1

## References:

* https://www.suse.com/security/cve/CVE-2025-14831.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257960



openSUSE-SU-2026:0080-1: important: Security update for coredns


openSUSE Security Update: Security update for coredns
_______________________________

Announcement ID: openSUSE-SU-2026:0080-1
Rating: important
References: #1255345 #1259319 #1259320
Cross-References: CVE-2025-68156 CVE-2026-26017 CVE-2026-26018

CVSS scores:
CVE-2025-68156 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for coredns fixes the following issues:

Update to version 1.14.2:

- CVE-2026-26017: Fixed DNS access control bypass due to default execution
order of plugins and TOCTOU flaw (bsc#1259320).
- CVE-2026-26018: Fixed denial of service in the loop detection plugin due
to predictable PRNG combined with fatal error handler (bsc#1259319).
- CVE-2025-68156: Fixed uncontrolled recursion in expression evaluation
can cause a denial of service (bsc#1255345).

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-80=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le x86_64):

coredns-1.14.2-bp157.2.13.1

- openSUSE Backports SLE-15-SP7 (noarch):

coredns-extras-1.14.2-bp157.2.13.1

References:

https://www.suse.com/security/cve/CVE-2025-68156.html
https://www.suse.com/security/cve/CVE-2026-26017.html
https://www.suse.com/security/cve/CVE-2026-26018.html
https://bugzilla.suse.com/1255345
https://bugzilla.suse.com/1259319
https://bugzilla.suse.com/1259320



openSUSE-SU-2026:0079-1: important: Security update for coredns


openSUSE Security Update: Security update for coredns
_______________________________

Announcement ID: openSUSE-SU-2026:0079-1
Rating: important
References: #1255345 #1259319 #1259320
Cross-References: CVE-2025-61726 CVE-2025-61728 CVE-2025-61731
CVE-2025-68119 CVE-2025-68121 CVE-2025-68156
CVE-2026-26017 CVE-2026-26018
CVSS scores:
CVE-2025-61726 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVE-2025-61728 (SUSE): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVE-2025-61731 (SUSE): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVE-2025-68119 (SUSE): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVE-2025-68121 (SUSE): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CVE-2025-68156 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes 8 vulnerabilities is now available.

Description:

This update for coredns fixes the following issues:

Update to version 1.14.2:

- CVE-2026-26017: Fixed DNS access control bypass due to default execution
order of plugins and TOCTOU flaw (bsc#1259320).
- CVE-2026-26018: Fixed denial of service in the loop detection plugin due
to predictable PRNG combined with fatal error handler (bsc#1259319).

Update to version 1.14.1:

- This release primarily addresses security vulnerabilities affecting Go
versions prior to Go 1.25.6 and Go 1.24.12 (CVE-2025-61728,
CVE-2025-61726, CVE-2025-68121, CVE-2025-61731, CVE-2025-68119).

- CVE-2025-68156: Fixed uncontrolled recursion in expression evaluation
can cause a denial of service (bsc#1255345).

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2026-79=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le x86_64):

coredns-1.14.2-bp156.4.16.1

- openSUSE Backports SLE-15-SP6 (noarch):

coredns-extras-1.14.2-bp156.4.16.1

References:

https://www.suse.com/security/cve/CVE-2025-61726.html
https://www.suse.com/security/cve/CVE-2025-61728.html
https://www.suse.com/security/cve/CVE-2025-61731.html
https://www.suse.com/security/cve/CVE-2025-68119.html
https://www.suse.com/security/cve/CVE-2025-68121.html
https://www.suse.com/security/cve/CVE-2025-68156.html
https://www.suse.com/security/cve/CVE-2026-26017.html
https://www.suse.com/security/cve/CVE-2026-26018.html
https://bugzilla.suse.com/1255345
https://bugzilla.suse.com/1259319
https://bugzilla.suse.com/1259320


GIT-LFS, OpenTelemetry, GnuTLS, and more updates for Rocky Linux

GeoPandas and CURL updates for Ubuntu Linux

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...