Python-urllib, Samba, Go updates for SUSE

SUSE 5659 Published by

SUSE rolled out a series of critical and important security patches to address several high-risk vulnerabilities across its Linux offerings. The samba updates stand out as particularly urgent since they resolve unauthenticated remote code execution flaws alongside network crashes that could easily disrupt directory services. Developers working with Python or Go will also get essential corrections for a urllib3 header forwarding bug and over a dozen separate security gaps in the OpenSSL linked builds.

SUSE-SU-2026:2067-1: important: Security update for python-urllib3_1
SUSE-SU-2026:2071-1: critical: Security update for samba
SUSE-SU-2026:2072-1: critical: Security update for samba
SUSE-SU-2026:2074-1: critical: Security update for samba
SUSE-SU-2026:2078-1: important: Security update for go1.26-openssl
SUSE-SU-2026:2079-1: important: Security update for go1.25-openssl




SUSE-SU-2026:2067-1: important: Security update for python-urllib3_1


# Security update for python-urllib3_1

Announcement ID: SUSE-SU-2026:2067-1
Release Date: 2026-05-26T07:29:10Z
Rating: important
References:

* bsc#1265267

Cross-References:

* CVE-2026-44431

CVSS scores:

* CVE-2026-44431 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-44431 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-44431 ( NVD ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-44431 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:

* openSUSE Leap 15.6
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for python-urllib3_1 fixes the following issue

* CVE-2026-44431: sensitive information disclosure due to sensitive headers
being forwarded across origins in proxied low-level redirects (bsc#1265267).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2067=1

* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-2067=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2067=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2067=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* python311-urllib3_1-1.26.18-150600.3.9.1
* Python 3 Module 15-SP7 (noarch)
* python311-urllib3_1-1.26.18-150600.3.9.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* python311-urllib3_1-1.26.18-150600.3.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* python311-urllib3_1-1.26.18-150600.3.9.1

## References:

* https://www.suse.com/security/cve/CVE-2026-44431.html
* https://bugzilla.suse.com/show_bug.cgi?id=1265267



SUSE-SU-2026:2071-1: critical: Security update for samba


# Security update for samba

Announcement ID: SUSE-SU-2026:2071-1
Release Date: 2026-05-26T12:34:36Z
Rating: critical
References:

* bsc#1252963
* bsc#1261158
* bsc#1261160
* bsc#1261161
* bsc#1261163

Cross-References:

* CVE-2026-2340
* CVE-2026-3238
* CVE-2026-4408
* CVE-2026-4480

CVSS scores:

* CVE-2026-2340 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-2340 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-3238 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4408 ( SUSE ): 9.4
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-4408 ( SUSE ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-4480 ( SUSE ): 10.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-4480 ( SUSE ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-4480 ( NVD ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3

An update that solves four vulnerabilities and has one security fix can now be
installed.

## Description:

This update for samba fixes the following issues

* CVE-2026-2340: vfs_worm does not block directory modification (bsc#1261158).
* CVE-2026-3238: unauthenticated udp packet crashes AD DC nbt server
(bsc#1261160).
* CVE-2026-4408: Remote Code Execution in SAMR (bsc#1261163).
* CVE-2026-4480: Unauthenticated Remote Code Execution (bsc#1261161).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-2071=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-2071=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-2071=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2026-2071=1

## Package List:

* openSUSE Leap 15.3 (x86_64)
* samba-client-libs-32bit-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-libs-python3-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-client-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* libsamba-policy0-python3-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-ad-dc-libs-32bit-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* libsamba-policy0-python3-32bit-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-libs-python3-32bit-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-winbind-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-winbind-libs-32bit-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-libs-32bit-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-devel-32bit-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-client-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-client-32bit-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* libsamba-policy-devel-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-client-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-tool-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-winbind-libs-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-winbind-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-python3-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* ctdb-pcp-pmda-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-devel-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-libs-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* ctdb-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-libs-python3-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-client-libs-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-ad-dc-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-ldb-ldap-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-winbind-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-client-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-test-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-ad-dc-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-ad-dc-libs-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-dsdb-modules-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-dsdb-modules-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-gpupdate-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-winbind-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-debugsource-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* libsamba-policy0-python3-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-libs-python3-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* ctdb-pcp-pmda-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-ad-dc-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* ctdb-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-client-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-python3-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-ldb-ldap-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* libsamba-policy-python3-devel-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* libsamba-policy0-python3-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-test-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* openSUSE Leap 15.3 (aarch64 x86_64)
* samba-ceph-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-ceph-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* openSUSE Leap 15.3 (noarch)
* samba-doc-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* samba-client-64bit-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-libs-python3-64bit-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-devel-64bit-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-ad-dc-libs-64bit-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-libs-64bit-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-winbind-libs-64bit-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-libs-python3-64bit-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* libsamba-policy0-python3-64bit-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-libs-64bit-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-client-libs-64bit-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-winbind-libs-64bit-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-client-64bit-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-client-libs-64bit-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-ad-dc-libs-64bit-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* libsamba-policy0-python3-64bit-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* samba-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-client-libs-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-client-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-debugsource-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* samba-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-client-libs-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-client-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-debugsource-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* ctdb-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-client-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-libs-python3-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-ceph-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* ctdb-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-client-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-winbind-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-libs-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-ceph-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-debugsource-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-winbind-4.15.13+git.780.d2f53cbcded-150300.3.103.1
* samba-libs-python3-debuginfo-4.15.13+git.780.d2f53cbcded-150300.3.103.1

## References:

* https://www.suse.com/security/cve/CVE-2026-2340.html
* https://www.suse.com/security/cve/CVE-2026-3238.html
* https://www.suse.com/security/cve/CVE-2026-4408.html
* https://www.suse.com/security/cve/CVE-2026-4480.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252963
* https://bugzilla.suse.com/show_bug.cgi?id=1261158
* https://bugzilla.suse.com/show_bug.cgi?id=1261160
* https://bugzilla.suse.com/show_bug.cgi?id=1261161
* https://bugzilla.suse.com/show_bug.cgi?id=1261163



SUSE-SU-2026:2072-1: critical: Security update for samba


# Security update for samba

Announcement ID: SUSE-SU-2026:2072-1
Release Date: 2026-05-26T12:35:18Z
Rating: critical
References:

* bsc#1261158
* bsc#1261159
* bsc#1261160
* bsc#1261161
* bsc#1261163

Cross-References:

* CVE-2026-2340
* CVE-2026-3012
* CVE-2026-3238
* CVE-2026-4408
* CVE-2026-4480

CVSS scores:

* CVE-2026-2340 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-2340 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-3012 ( SUSE ): 7.6
CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-3012 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-3238 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4408 ( SUSE ): 9.4
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-4408 ( SUSE ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-4480 ( SUSE ): 10.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-4480 ( SUSE ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-4480 ( NVD ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Availability Extension 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves five vulnerabilities can now be installed.

## Description:

This update for samba fixes the following issues

* CVE-2026-2340: vfs_worm does not block directory modification (bsc#1261158).
* CVE-2026-3012: group policy certificate enrollment uses http: // without
validation (bsc#1261159).
* CVE-2026-3238: unauthenticated udp packet crashes AD DC nbt server
(bsc#1261160).
* CVE-2026-4408: Remote Code Execution in SAMR (bsc#1261163).
* CVE-2026-4480: Unauthenticated Remote Code Execution (bsc#1261161).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2072=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-2072=1

* SUSE Linux Enterprise High Availability Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2026-2072=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2072=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2072=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2072=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2072=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* samba-winbind-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-gpupdate-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-test-4.17.12+git.553.4b71189e782-150500.3.39.1
* ctdb-pcp-pmda-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-4.17.12+git.553.4b71189e782-150500.3.39.1
* ctdb-pcp-pmda-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy0-python3-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-debugsource-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-python3-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-libs-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy-python3-devel-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-python3-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-test-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-python3-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy-devel-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-libs-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-python3-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-devel-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* ctdb-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy0-python3-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-ldb-ldap-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* ctdb-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-dcerpc-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-tool-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-dcerpc-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-ldb-ldap-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* openSUSE Leap 15.5 (aarch64 x86_64)
* samba-ceph-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-ceph-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* openSUSE Leap 15.5 (x86_64)
* samba-libs-32bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy0-python3-32bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-python3-32bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-32bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-devel-32bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-32bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-python3-32bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-libs-32bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-32bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-32bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy0-python3-32bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-32bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-libs-32bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* libsamba-policy0-python3-64bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-python3-64bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-64bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-64bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-libs-64bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-libs-64bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-64bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy0-python3-64bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-64bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-devel-64bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-64bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-python3-64bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-64bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* openSUSE Leap 15.5 (noarch)
* samba-doc-4.17.12+git.553.4b71189e782-150500.3.39.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* samba-debugsource-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-4.17.12+git.553.4b71189e782-150500.3.39.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le
s390x x86_64)
* ctdb-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-debugsource-4.17.12+git.553.4b71189e782-150500.3.39.1
* ctdb-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* samba-winbind-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-gpupdate-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy0-python3-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-debugsource-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-python3-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-libs-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy-python3-devel-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-python3-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-python3-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy-devel-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-libs-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-python3-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-devel-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy0-python3-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-ldb-ldap-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-ceph-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-dcerpc-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-tool-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-ceph-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-dcerpc-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-ldb-ldap-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64)
* samba-libs-32bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-32bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-32bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-libs-32bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-32bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-libs-32bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* samba-winbind-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-gpupdate-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy0-python3-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-debugsource-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-python3-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-libs-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy-python3-devel-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-python3-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-python3-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy-devel-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-libs-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-python3-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-devel-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy0-python3-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-ldb-ldap-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-ceph-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-dcerpc-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-tool-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-ceph-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-dcerpc-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-ldb-ldap-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64)
* samba-libs-32bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-32bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-32bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-libs-32bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-32bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-libs-32bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* samba-winbind-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-gpupdate-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy0-python3-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-debugsource-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-python3-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-libs-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy-python3-devel-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-python3-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-python3-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy-devel-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-libs-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-python3-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-devel-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy0-python3-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-ldb-ldap-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-dcerpc-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-tool-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-dcerpc-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-ldb-ldap-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 x86_64)
* samba-ceph-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-ceph-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
* samba-libs-32bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-32bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-32bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-libs-32bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-32bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-libs-32bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* samba-winbind-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-gpupdate-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy0-python3-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-debugsource-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-python3-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-libs-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy-python3-devel-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-python3-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-python3-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy-devel-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-libs-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-python3-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-devel-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* libsamba-policy0-python3-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-ldb-ldap-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-dcerpc-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-tool-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-dcerpc-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-ldb-ldap-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* samba-libs-32bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-32bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-libs-32bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-libs-32bit-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-ceph-debuginfo-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-client-libs-32bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-winbind-libs-32bit-4.17.12+git.553.4b71189e782-150500.3.39.1
* samba-ceph-4.17.12+git.553.4b71189e782-150500.3.39.1

## References:

* https://www.suse.com/security/cve/CVE-2026-2340.html
* https://www.suse.com/security/cve/CVE-2026-3012.html
* https://www.suse.com/security/cve/CVE-2026-3238.html
* https://www.suse.com/security/cve/CVE-2026-4408.html
* https://www.suse.com/security/cve/CVE-2026-4480.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261158
* https://bugzilla.suse.com/show_bug.cgi?id=1261159
* https://bugzilla.suse.com/show_bug.cgi?id=1261160
* https://bugzilla.suse.com/show_bug.cgi?id=1261161
* https://bugzilla.suse.com/show_bug.cgi?id=1261163



SUSE-SU-2026:2074-1: critical: Security update for samba


# Security update for samba

Announcement ID: SUSE-SU-2026:2074-1
Release Date: 2026-05-26T12:36:10Z
Rating: critical
References:

* bsc#1261158
* bsc#1261159
* bsc#1261160
* bsc#1261161
* bsc#1261163

Cross-References:

* CVE-2026-2340
* CVE-2026-3012
* CVE-2026-3238
* CVE-2026-4408
* CVE-2026-4480

CVSS scores:

* CVE-2026-2340 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-2340 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-3012 ( SUSE ): 7.6
CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-3012 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-3238 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4408 ( SUSE ): 9.4
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-4408 ( SUSE ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-4480 ( SUSE ): 10.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-4480 ( SUSE ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-4480 ( NVD ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise High Availability Extension 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves five vulnerabilities can now be installed.

## Description:

This update for samba fixes the following issues

* CVE-2026-2340: vfs_worm does not block directory modification (bsc#1261158).
* CVE-2026-3012: group policy certificate enrollment uses http: // without
validation (bsc#1261159).
* CVE-2026-3238: unauthenticated udp packet crashes AD DC nbt server
(bsc#1261160).
* CVE-2026-4408: Remote Code Execution in SAMR (bsc#1261163).
* CVE-2026-4480: Unauthenticated Remote Code Execution (bsc#1261161).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2074=1 openSUSE-SLE-15.6-2026-2074=1

* SUSE Linux Enterprise High Availability Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-2074=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2074=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2074=1

## Package List:

* openSUSE Leap 15.6 (x86_64)
* samba-libs-python3-32bit-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-winbind-libs-32bit-4.19.8+git.473.51d12fd320c-150600.3.26.1
* libsamba-policy0-python3-32bit-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-devel-32bit-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-libs-32bit-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-libs-32bit-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-32bit-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-32bit-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-libs-32bit-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-winbind-libs-32bit-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-libs-python3-32bit-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* libsamba-policy0-python3-32bit-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-libs-32bit-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* ctdb-pcp-pmda-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* ctdb-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-libs-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-devel-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-dcerpc-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* ctdb-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-winbind-libs-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-ldb-ldap-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-libs-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-python3-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* libsamba-policy-devel-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-winbind-libs-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-test-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-libs-4.19.8+git.473.51d12fd320c-150600.3.26.1
* libsamba-policy-python3-devel-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-dcerpc-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-tool-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-libs-python3-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-ldb-ldap-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-gpupdate-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* libsamba-policy0-python3-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-test-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-debugsource-4.19.8+git.473.51d12fd320c-150600.3.26.1
* libsamba-policy0-python3-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-winbind-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-python3-4.19.8+git.473.51d12fd320c-150600.3.26.1
* ctdb-pcp-pmda-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-winbind-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-libs-python3-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-libs-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* openSUSE Leap 15.6 (noarch)
* samba-doc-4.19.8+git.473.51d12fd320c-150600.3.26.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* samba-client-64bit-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-winbind-libs-64bit-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-libs-64bit-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-winbind-libs-64bit-4.19.8+git.473.51d12fd320c-150600.3.26.1
* libsamba-policy0-python3-64bit-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-libs-python3-64bit-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-libs-64bit-4.19.8+git.473.51d12fd320c-150600.3.26.1
* libsamba-policy0-python3-64bit-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-libs-python3-64bit-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-libs-64bit-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-64bit-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-devel-64bit-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-libs-64bit-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* openSUSE Leap 15.6 (aarch64 x86_64)
* samba-ceph-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-ceph-4.19.8+git.473.51d12fd320c-150600.3.26.1
* SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le
s390x x86_64)
* ctdb-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* ctdb-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-debugsource-4.19.8+git.473.51d12fd320c-150600.3.26.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* samba-libs-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-devel-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-dcerpc-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-winbind-libs-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-ldb-ldap-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-libs-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-python3-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* libsamba-policy-devel-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-winbind-libs-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-libs-4.19.8+git.473.51d12fd320c-150600.3.26.1
* libsamba-policy-python3-devel-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-dcerpc-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-tool-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-libs-python3-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-ldb-ldap-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-gpupdate-4.19.8+git.473.51d12fd320c-150600.3.26.1
* libsamba-policy0-python3-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-debugsource-4.19.8+git.473.51d12fd320c-150600.3.26.1
* libsamba-policy0-python3-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-winbind-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-python3-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-winbind-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-libs-python3-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-libs-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 x86_64)
* samba-ceph-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-ceph-4.19.8+git.473.51d12fd320c-150600.3.26.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64)
* samba-winbind-libs-32bit-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-libs-32bit-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-libs-32bit-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-libs-32bit-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-winbind-libs-32bit-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-libs-32bit-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* samba-libs-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-devel-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-dcerpc-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-winbind-libs-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-ldb-ldap-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-libs-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-python3-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* libsamba-policy-devel-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-winbind-libs-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-libs-4.19.8+git.473.51d12fd320c-150600.3.26.1
* libsamba-policy-python3-devel-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-dcerpc-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-tool-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-libs-python3-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-ldb-ldap-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-gpupdate-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* libsamba-policy0-python3-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-debugsource-4.19.8+git.473.51d12fd320c-150600.3.26.1
* libsamba-policy0-python3-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-winbind-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-python3-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-winbind-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-libs-python3-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-libs-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64)
* samba-ceph-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-winbind-libs-32bit-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-ceph-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-libs-32bit-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-libs-32bit-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-libs-32bit-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-winbind-libs-32bit-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1
* samba-client-libs-32bit-debuginfo-4.19.8+git.473.51d12fd320c-150600.3.26.1

## References:

* https://www.suse.com/security/cve/CVE-2026-2340.html
* https://www.suse.com/security/cve/CVE-2026-3012.html
* https://www.suse.com/security/cve/CVE-2026-3238.html
* https://www.suse.com/security/cve/CVE-2026-4408.html
* https://www.suse.com/security/cve/CVE-2026-4480.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261158
* https://bugzilla.suse.com/show_bug.cgi?id=1261159
* https://bugzilla.suse.com/show_bug.cgi?id=1261160
* https://bugzilla.suse.com/show_bug.cgi?id=1261161
* https://bugzilla.suse.com/show_bug.cgi?id=1261163



SUSE-SU-2026:2078-1: important: Security update for go1.26-openssl


# Security update for go1.26-openssl

Announcement ID: SUSE-SU-2026:2078-1
Release Date: 2026-05-26T14:54:12Z
Rating: important
References:

* bsc#1170826
* bsc#1255111
* bsc#1264499
* bsc#1264500
* bsc#1264501
* bsc#1264502
* bsc#1264503
* bsc#1264504
* bsc#1264505
* bsc#1264506
* bsc#1264507
* bsc#1264508
* bsc#1264509
* jsc#SLE-18320

Cross-References:

* CVE-2026-33811
* CVE-2026-33814
* CVE-2026-39817
* CVE-2026-39819
* CVE-2026-39820
* CVE-2026-39823
* CVE-2026-39825
* CVE-2026-39826
* CVE-2026-39836
* CVE-2026-42499
* CVE-2026-42501

CVSS scores:

* CVE-2026-33811 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33811 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33811 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39817 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
* CVE-2026-39817 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
* CVE-2026-39817 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
* CVE-2026-39819 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
* CVE-2026-39819 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
* CVE-2026-39819 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
* CVE-2026-39820 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39820 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39820 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39823 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-39823 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-39825 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-39825 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-39826 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-39826 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-39836 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39836 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39836 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42499 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42499 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42501 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-42501 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves 11 vulnerabilities, contains one feature and has two
security fixes can now be installed.

## Description:

This update for go1.26-openssl fixes the following issues

Security issues:

* CVE-2026-33811: net: crash when handling long CNAME response (bsc#1264508).
* CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad
SETTINGS_MAX_FRAME_SIZE (bsc#1264506).
* CVE-2026-39817: cmd/go: "go tool pack" does not sanitize output paths
(bsc#1264505).
* CVE-2026-39819: cmd/go: "go bug" follows symlinks in predictable temporary
filenames (bsc#1264504).
* CVE-2026-39820: net/mail: quadratic string concatentation in consumeComment
(bsc#1264503).
* CVE-2026-39823: html/template: bypass of meta content URL escaping causes
XSS (bsc#1264509).
* CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with more
than urlmaxqueryparams parameters (bsc#1264500).
* CVE-2026-39826: html/template: escaper bypass leads to XSS (bsc#1264507).
* CVE-2026-39836: net: panic in Dial and LookupPort when handling NUL byte on
Windows (bsc#1264501).
* CVE-2026-42499: net/mail: quadratic string concatenation in consumePhrase
(bsc#1264502).
* CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum database
(bsc#1264499).

Non security issues:

* go1.26 release tracking (bsc#1255111).
* Go packages miss binutils-gold dependency (bsc#1170826).
* supply a go built with openssl linkage (jsc#SLE-18320).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2078=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-2078=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2078=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2078=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* go1.26-openssl-1.26.3-150600.13.6.1
* go1.26-openssl-doc-1.26.3-150600.13.6.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.26-openssl-race-1.26.3-150600.13.6.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* go1.26-openssl-race-1.26.3-150600.13.6.1
* go1.26-openssl-1.26.3-150600.13.6.1
* go1.26-openssl-doc-1.26.3-150600.13.6.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* go1.26-openssl-race-1.26.3-150600.13.6.1
* go1.26-openssl-1.26.3-150600.13.6.1
* go1.26-openssl-doc-1.26.3-150600.13.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* go1.26-openssl-race-1.26.3-150600.13.6.1
* go1.26-openssl-1.26.3-150600.13.6.1
* go1.26-openssl-doc-1.26.3-150600.13.6.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33811.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-39817.html
* https://www.suse.com/security/cve/CVE-2026-39819.html
* https://www.suse.com/security/cve/CVE-2026-39820.html
* https://www.suse.com/security/cve/CVE-2026-39823.html
* https://www.suse.com/security/cve/CVE-2026-39825.html
* https://www.suse.com/security/cve/CVE-2026-39826.html
* https://www.suse.com/security/cve/CVE-2026-39836.html
* https://www.suse.com/security/cve/CVE-2026-42499.html
* https://www.suse.com/security/cve/CVE-2026-42501.html
* https://bugzilla.suse.com/show_bug.cgi?id=1170826
* https://bugzilla.suse.com/show_bug.cgi?id=1255111
* https://bugzilla.suse.com/show_bug.cgi?id=1264499
* https://bugzilla.suse.com/show_bug.cgi?id=1264500
* https://bugzilla.suse.com/show_bug.cgi?id=1264501
* https://bugzilla.suse.com/show_bug.cgi?id=1264502
* https://bugzilla.suse.com/show_bug.cgi?id=1264503
* https://bugzilla.suse.com/show_bug.cgi?id=1264504
* https://bugzilla.suse.com/show_bug.cgi?id=1264505
* https://bugzilla.suse.com/show_bug.cgi?id=1264506
* https://bugzilla.suse.com/show_bug.cgi?id=1264507
* https://bugzilla.suse.com/show_bug.cgi?id=1264508
* https://bugzilla.suse.com/show_bug.cgi?id=1264509
* https://jira.suse.com/browse/SLE-18320



SUSE-SU-2026:2079-1: important: Security update for go1.25-openssl


# Security update for go1.25-openssl

Announcement ID: SUSE-SU-2026:2079-1
Release Date: 2026-05-26T14:54:35Z
Rating: important
References:

* bsc#1170826
* bsc#1244485
* bsc#1264499
* bsc#1264500
* bsc#1264501
* bsc#1264502
* bsc#1264503
* bsc#1264504
* bsc#1264505
* bsc#1264506
* bsc#1264507
* bsc#1264508
* bsc#1264509
* jsc#SLE-18320

Cross-References:

* CVE-2026-33811
* CVE-2026-33814
* CVE-2026-39817
* CVE-2026-39819
* CVE-2026-39820
* CVE-2026-39823
* CVE-2026-39825
* CVE-2026-39826
* CVE-2026-39836
* CVE-2026-42499
* CVE-2026-42501

CVSS scores:

* CVE-2026-33811 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33811 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33811 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39817 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
* CVE-2026-39817 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
* CVE-2026-39817 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
* CVE-2026-39819 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
* CVE-2026-39819 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
* CVE-2026-39819 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
* CVE-2026-39820 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39820 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39820 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39823 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-39823 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-39825 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-39825 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-39826 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-39826 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-39836 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39836 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39836 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42499 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42499 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42501 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-42501 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves 11 vulnerabilities, contains one feature and has two
security fixes can now be installed.

## Description:

This update for go1.25-openssl fixes the following issues

Security issues:

* CVE-2026-33811: net: crash when handling long CNAME response (bsc#1264508).
* CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad
SETTINGS_MAX_FRAME_SIZE (bsc#1264506).
* CVE-2026-39817: cmd/go: "go tool pack" does not sanitize output paths
(bsc#1264505).
* CVE-2026-39819: cmd/go: "go bug" follows symlinks in predictable temporary
filenames (bsc#1264504).
* CVE-2026-39820: net/mail: quadratic string concatentation in consumeComment
(bsc#1264503).
* CVE-2026-39823: html/template: bypass of meta content URL escaping causes
XSS (bsc#1264509).
* CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with more
than urlmaxqueryparams parameters (bsc#1264500).
* CVE-2026-39826: html/template: escaper bypass leads to XSS (bsc#1264507).
* CVE-2026-39836: net: panic in Dial and LookupPort when handling NUL byte on
Windows (bsc#1264501).
* CVE-2026-42499: net/mail: quadratic string concatenation in consumePhrase
(bsc#1264502).
* CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum database
(bsc#1264499).

Non security issues:

* go1.25 release tracking (bsc#1244485).
* Go packages miss binutils-gold dependency (bsc#1170826).
* supply a go built with openssl linkage (jsc#SLE-18320).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2079=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-2079=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2079=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2079=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* go1.25-openssl-doc-1.25.10-150600.13.18.1
* go1.25-openssl-debuginfo-1.25.10-150600.13.18.1
* go1.25-openssl-1.25.10-150600.13.18.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.25-openssl-race-1.25.10-150600.13.18.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* go1.25-openssl-doc-1.25.10-150600.13.18.1
* go1.25-openssl-race-1.25.10-150600.13.18.1
* go1.25-openssl-debuginfo-1.25.10-150600.13.18.1
* go1.25-openssl-1.25.10-150600.13.18.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* go1.25-openssl-doc-1.25.10-150600.13.18.1
* go1.25-openssl-race-1.25.10-150600.13.18.1
* go1.25-openssl-debuginfo-1.25.10-150600.13.18.1
* go1.25-openssl-1.25.10-150600.13.18.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* go1.25-openssl-doc-1.25.10-150600.13.18.1
* go1.25-openssl-race-1.25.10-150600.13.18.1
* go1.25-openssl-debuginfo-1.25.10-150600.13.18.1
* go1.25-openssl-1.25.10-150600.13.18.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33811.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-39817.html
* https://www.suse.com/security/cve/CVE-2026-39819.html
* https://www.suse.com/security/cve/CVE-2026-39820.html
* https://www.suse.com/security/cve/CVE-2026-39823.html
* https://www.suse.com/security/cve/CVE-2026-39825.html
* https://www.suse.com/security/cve/CVE-2026-39826.html
* https://www.suse.com/security/cve/CVE-2026-39836.html
* https://www.suse.com/security/cve/CVE-2026-42499.html
* https://www.suse.com/security/cve/CVE-2026-42501.html
* https://bugzilla.suse.com/show_bug.cgi?id=1170826
* https://bugzilla.suse.com/show_bug.cgi?id=1244485
* https://bugzilla.suse.com/show_bug.cgi?id=1264499
* https://bugzilla.suse.com/show_bug.cgi?id=1264500
* https://bugzilla.suse.com/show_bug.cgi?id=1264501
* https://bugzilla.suse.com/show_bug.cgi?id=1264502
* https://bugzilla.suse.com/show_bug.cgi?id=1264503
* https://bugzilla.suse.com/show_bug.cgi?id=1264504
* https://bugzilla.suse.com/show_bug.cgi?id=1264505
* https://bugzilla.suse.com/show_bug.cgi?id=1264506
* https://bugzilla.suse.com/show_bug.cgi?id=1264507
* https://bugzilla.suse.com/show_bug.cgi?id=1264508
* https://bugzilla.suse.com/show_bug.cgi?id=1264509
* https://jira.suse.com/browse/SLE-18320


Thunderbird update for Slackware

Dnsmasq, Samba, Kernel, and more updates for Ubuntu

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...