Thunderbird, ImageMagick, Expat, and more updates for SUSE

SUSE 5607 Published by

Security patches for SUSE Linux have recently become available for installation. Administrators will notice that Mozilla Thunderbird carries an important rating while most other packages are considered moderate in severity. Several critical tools including ImageMagick, the Xen hypervisor, and various Python modules feature in this batch of advisories.

SUSE-SU-2026:1163-1: important: Security update for MozillaThunderbird
openSUSE-SU-2026:10458-1: moderate: MozillaFirefox-149.0-1.1 on GA media
openSUSE-SU-2026:10465-1: moderate: ImageMagick-7.1.2.18-2.1 on GA media
openSUSE-SU-2026:10462-1: moderate: heroic-games-launcher-2.20.1-4.1 on GA media
openSUSE-SU-2026:10466-1: moderate: expat-2.7.5-1.1 on GA media
openSUSE-SU-2026:10461-1: moderate: python311-nltk-3.9.4-1.1 on GA media
openSUSE-SU-2026:10463-1: moderate: netty-4.1.132-1.1 on GA media
openSUSE-SU-2026:10457-1: moderate: xen-4.21.1_02-1.1 on GA media
openSUSE-SU-2026:10459-1: moderate: freerdp2-2.11.7-6.1 on GA media




SUSE-SU-2026:1163-1: important: Security update for MozillaThunderbird


# Security update for MozillaThunderbird

Announcement ID: SUSE-SU-2026:1163-1
Release Date: 2026-04-01T08:49:15Z
Rating: important
References:

* bsc#1260083

Cross-References:

* CVE-2025-59375
* CVE-2026-3889
* CVE-2026-4371
* CVE-2026-4684
* CVE-2026-4685
* CVE-2026-4686
* CVE-2026-4687
* CVE-2026-4688
* CVE-2026-4689
* CVE-2026-4690
* CVE-2026-4691
* CVE-2026-4692
* CVE-2026-4693
* CVE-2026-4694
* CVE-2026-4695
* CVE-2026-4696
* CVE-2026-4697
* CVE-2026-4698
* CVE-2026-4699
* CVE-2026-4700
* CVE-2026-4701
* CVE-2026-4702
* CVE-2026-4704
* CVE-2026-4705
* CVE-2026-4706
* CVE-2026-4707
* CVE-2026-4708
* CVE-2026-4709
* CVE-2026-4710
* CVE-2026-4711
* CVE-2026-4712
* CVE-2026-4713
* CVE-2026-4714
* CVE-2026-4715
* CVE-2026-4716
* CVE-2026-4717
* CVE-2026-4718
* CVE-2026-4719
* CVE-2026-4720
* CVE-2026-4721

CVSS scores:

* CVE-2025-59375 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-59375 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-59375 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-3889 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-3889 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2026-4371 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-4371 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-4684 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4684 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4685 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4685 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4685 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4686 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4686 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4686 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4687 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4687 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
* CVE-2026-4687 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4688 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4688 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-4688 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4689 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4689 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-4689 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-4690 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4690 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
* CVE-2026-4690 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4691 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4691 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4691 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4692 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4692 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-4692 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4693 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4693 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4693 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4694 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4694 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4694 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4695 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4695 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4695 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4696 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4696 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4696 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4697 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4697 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4697 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4698 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4698 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4698 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4699 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4699 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4699 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4700 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-4700 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4700 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4701 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4701 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4701 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4702 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4702 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4702 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4704 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-4704 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4704 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4705 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4705 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4705 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4706 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4706 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4706 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4707 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4707 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4707 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4708 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4708 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4708 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4709 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4709 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4709 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4710 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4710 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4710 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4711 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4711 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4711 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4712 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-4712 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-4712 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-4713 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4713 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4713 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4714 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4714 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4714 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4715 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4715 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-4715 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-4716 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4716 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-4716 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-4717 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4717 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4717 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4718 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4718 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2026-4718 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2026-4719 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4719 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4719 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4720 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4720 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-4721 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4721 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Linux Enterprise Workstation Extension 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves 40 vulnerabilities can now be installed.

## Description:

This update for MozillaThunderbird fixes the following issues:

Update to Mozilla Thunderbird 140.9 (MFSA 2026-24, bsc#1260083):

* CVE-2026-3889: Spoofing issue in Thunderbird
* CVE-2026-4371: Out of bounds read in IMAP parsing
* CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender
component
* CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D
component
* CVE-2026-4686: Incorrect boundary conditions in the Graphics: Canvas2D
component
* CVE-2026-4687: Sandbox escape due to incorrect boundary conditions in the
Telemetry component
* CVE-2026-4688: Sandbox escape due to use-after-free in the Disability Access
APIs component
* CVE-2026-4689: Sandbox escape due to incorrect boundary conditions, integer
overflow in the XPCOM component
* CVE-2026-4690: Sandbox escape due to incorrect boundary conditions, integer
overflow in the XPCOM component
* CVE-2026-4691: Use-after-free in the CSS Parsing and Computation component
* CVE-2026-4692: Sandbox escape in the Responsive Design Mode component
* CVE-2026-4693: Incorrect boundary conditions in the Audio/Video: Playback
component
* CVE-2026-4694: Incorrect boundary conditions, integer overflow in the
Graphics component
* CVE-2026-4695: Incorrect boundary conditions in the Audio/Video: Web Codecs
component
* CVE-2026-4696: Use-after-free in the Layout: Text and Fonts component
* CVE-2026-4697: Incorrect boundary conditions in the Audio/Video: Web Codecs
component
* CVE-2026-4698: JIT miscompilation in the JavaScript Engine: JIT component
* CVE-2026-4699: Incorrect boundary conditions in the Layout: Text and Fonts
component
* CVE-2026-4700: Mitigation bypass in the Networking: HTTP component
* CVE-2026-4701: Use-after-free in the JavaScript Engine component
* CVE-2026-4702: JIT miscompilation in the JavaScript Engine component
* CVE-2026-4704: Denial-of-service in the WebRTC: Signaling component
* CVE-2026-4705: Undefined behavior in the WebRTC: Signaling component
* CVE-2026-4706: Incorrect boundary conditions in the Graphics: Canvas2D
component
* CVE-2026-4707: Incorrect boundary conditions in the Graphics: Canvas2D
component
* CVE-2026-4708: Incorrect boundary conditions in the Graphics component
* CVE-2026-4709: Incorrect boundary conditions in the Audio/Video: GMP
component
* CVE-2026-4710: Incorrect boundary conditions in the Audio/Video component
* CVE-2026-4711: Use-after-free in the Widget: Cocoa component
* CVE-2026-4712: Information disclosure in the Widget: Cocoa component
* CVE-2026-4713: Incorrect boundary conditions in the Graphics component
* CVE-2026-4714: Incorrect boundary conditions in the Audio/Video component
* CVE-2026-4715: Uninitialized memory in the Graphics: Canvas2D component
* CVE-2026-4716: Incorrect boundary conditions, uninitialized memory in the
JavaScript Engine component
* CVE-2026-4717: Privilege escalation in the Netmonitor component
* CVE-2025-59375: Denial-of-service in the XML component
* CVE-2026-4718: Undefined behavior in the WebRTC: Signaling component
* CVE-2026-4719: Incorrect boundary conditions in the Graphics: Text component
* CVE-2026-4720: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird
ESR 140.9, Firefox 149 and Thunderbird 149
* CVE-2026-4721: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR
140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1163=1

* SUSE Linux Enterprise Workstation Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1163=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1163=1

## Package List:

* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x)
* MozillaThunderbird-debuginfo-140.9.0-150200.8.263.1
* MozillaThunderbird-translations-common-140.9.0-150200.8.263.1
* MozillaThunderbird-140.9.0-150200.8.263.1
* MozillaThunderbird-translations-other-140.9.0-150200.8.263.1
* MozillaThunderbird-debugsource-140.9.0-150200.8.263.1
* SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64)
* MozillaThunderbird-debuginfo-140.9.0-150200.8.263.1
* MozillaThunderbird-translations-common-140.9.0-150200.8.263.1
* MozillaThunderbird-140.9.0-150200.8.263.1
* MozillaThunderbird-translations-other-140.9.0-150200.8.263.1
* MozillaThunderbird-debugsource-140.9.0-150200.8.263.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* MozillaThunderbird-debuginfo-140.9.0-150200.8.263.1
* MozillaThunderbird-translations-common-140.9.0-150200.8.263.1
* MozillaThunderbird-140.9.0-150200.8.263.1
* MozillaThunderbird-translations-other-140.9.0-150200.8.263.1
* MozillaThunderbird-debugsource-140.9.0-150200.8.263.1

## References:

* https://www.suse.com/security/cve/CVE-2025-59375.html
* https://www.suse.com/security/cve/CVE-2026-3889.html
* https://www.suse.com/security/cve/CVE-2026-4371.html
* https://www.suse.com/security/cve/CVE-2026-4684.html
* https://www.suse.com/security/cve/CVE-2026-4685.html
* https://www.suse.com/security/cve/CVE-2026-4686.html
* https://www.suse.com/security/cve/CVE-2026-4687.html
* https://www.suse.com/security/cve/CVE-2026-4688.html
* https://www.suse.com/security/cve/CVE-2026-4689.html
* https://www.suse.com/security/cve/CVE-2026-4690.html
* https://www.suse.com/security/cve/CVE-2026-4691.html
* https://www.suse.com/security/cve/CVE-2026-4692.html
* https://www.suse.com/security/cve/CVE-2026-4693.html
* https://www.suse.com/security/cve/CVE-2026-4694.html
* https://www.suse.com/security/cve/CVE-2026-4695.html
* https://www.suse.com/security/cve/CVE-2026-4696.html
* https://www.suse.com/security/cve/CVE-2026-4697.html
* https://www.suse.com/security/cve/CVE-2026-4698.html
* https://www.suse.com/security/cve/CVE-2026-4699.html
* https://www.suse.com/security/cve/CVE-2026-4700.html
* https://www.suse.com/security/cve/CVE-2026-4701.html
* https://www.suse.com/security/cve/CVE-2026-4702.html
* https://www.suse.com/security/cve/CVE-2026-4704.html
* https://www.suse.com/security/cve/CVE-2026-4705.html
* https://www.suse.com/security/cve/CVE-2026-4706.html
* https://www.suse.com/security/cve/CVE-2026-4707.html
* https://www.suse.com/security/cve/CVE-2026-4708.html
* https://www.suse.com/security/cve/CVE-2026-4709.html
* https://www.suse.com/security/cve/CVE-2026-4710.html
* https://www.suse.com/security/cve/CVE-2026-4711.html
* https://www.suse.com/security/cve/CVE-2026-4712.html
* https://www.suse.com/security/cve/CVE-2026-4713.html
* https://www.suse.com/security/cve/CVE-2026-4714.html
* https://www.suse.com/security/cve/CVE-2026-4715.html
* https://www.suse.com/security/cve/CVE-2026-4716.html
* https://www.suse.com/security/cve/CVE-2026-4717.html
* https://www.suse.com/security/cve/CVE-2026-4718.html
* https://www.suse.com/security/cve/CVE-2026-4719.html
* https://www.suse.com/security/cve/CVE-2026-4720.html
* https://www.suse.com/security/cve/CVE-2026-4721.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260083



openSUSE-SU-2026:10458-1: moderate: MozillaFirefox-149.0-1.1 on GA media


# MozillaFirefox-149.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10458-1
Rating: moderate

Cross-References:

* CVE-2025-59375
* CVE-2026-4684
* CVE-2026-4685
* CVE-2026-4686
* CVE-2026-4687
* CVE-2026-4688
* CVE-2026-4689
* CVE-2026-4690
* CVE-2026-4691
* CVE-2026-4692
* CVE-2026-4693
* CVE-2026-4694
* CVE-2026-4695
* CVE-2026-4696
* CVE-2026-4697
* CVE-2026-4698
* CVE-2026-4699
* CVE-2026-4700
* CVE-2026-4701
* CVE-2026-4702
* CVE-2026-4704
* CVE-2026-4705
* CVE-2026-4706
* CVE-2026-4707
* CVE-2026-4708
* CVE-2026-4709
* CVE-2026-4710
* CVE-2026-4711
* CVE-2026-4712
* CVE-2026-4713
* CVE-2026-4714
* CVE-2026-4715
* CVE-2026-4716
* CVE-2026-4717
* CVE-2026-4718
* CVE-2026-4719
* CVE-2026-4720
* CVE-2026-4721
* CVE-2026-4722
* CVE-2026-4723
* CVE-2026-4724
* CVE-2026-4725
* CVE-2026-4726
* CVE-2026-4727
* CVE-2026-4728
* CVE-2026-4729

CVSS scores:

* CVE-2025-59375 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-59375 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-4684 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4685 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4686 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4687 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4688 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4689 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4690 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4691 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4692 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-4693 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4694 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4695 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4696 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4697 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4698 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4699 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4700 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-4701 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4702 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4704 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-4705 ( SUSE ): 5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4706 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4707 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4708 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4709 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4710 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4711 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4712 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-4713 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4714 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4715 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4716 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4717 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4718 ( SUSE ): 5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4719 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4720 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4721 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4722 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4723 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4724 ( SUSE ): 5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-4725 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
* CVE-2026-4726 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-4727 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-4728 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-4729 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 46 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the MozillaFirefox-149.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* MozillaFirefox 149.0-1.1
* MozillaFirefox-branding-upstream 149.0-1.1
* MozillaFirefox-devel 149.0-1.1
* MozillaFirefox-translations-common 149.0-1.1
* MozillaFirefox-translations-other 149.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-59375.html
* https://www.suse.com/security/cve/CVE-2026-4684.html
* https://www.suse.com/security/cve/CVE-2026-4685.html
* https://www.suse.com/security/cve/CVE-2026-4686.html
* https://www.suse.com/security/cve/CVE-2026-4687.html
* https://www.suse.com/security/cve/CVE-2026-4688.html
* https://www.suse.com/security/cve/CVE-2026-4689.html
* https://www.suse.com/security/cve/CVE-2026-4690.html
* https://www.suse.com/security/cve/CVE-2026-4691.html
* https://www.suse.com/security/cve/CVE-2026-4692.html
* https://www.suse.com/security/cve/CVE-2026-4693.html
* https://www.suse.com/security/cve/CVE-2026-4694.html
* https://www.suse.com/security/cve/CVE-2026-4695.html
* https://www.suse.com/security/cve/CVE-2026-4696.html
* https://www.suse.com/security/cve/CVE-2026-4697.html
* https://www.suse.com/security/cve/CVE-2026-4698.html
* https://www.suse.com/security/cve/CVE-2026-4699.html
* https://www.suse.com/security/cve/CVE-2026-4700.html
* https://www.suse.com/security/cve/CVE-2026-4701.html
* https://www.suse.com/security/cve/CVE-2026-4702.html
* https://www.suse.com/security/cve/CVE-2026-4704.html
* https://www.suse.com/security/cve/CVE-2026-4705.html
* https://www.suse.com/security/cve/CVE-2026-4706.html
* https://www.suse.com/security/cve/CVE-2026-4707.html
* https://www.suse.com/security/cve/CVE-2026-4708.html
* https://www.suse.com/security/cve/CVE-2026-4709.html
* https://www.suse.com/security/cve/CVE-2026-4710.html
* https://www.suse.com/security/cve/CVE-2026-4711.html
* https://www.suse.com/security/cve/CVE-2026-4712.html
* https://www.suse.com/security/cve/CVE-2026-4713.html
* https://www.suse.com/security/cve/CVE-2026-4714.html
* https://www.suse.com/security/cve/CVE-2026-4715.html
* https://www.suse.com/security/cve/CVE-2026-4716.html
* https://www.suse.com/security/cve/CVE-2026-4717.html
* https://www.suse.com/security/cve/CVE-2026-4718.html
* https://www.suse.com/security/cve/CVE-2026-4719.html
* https://www.suse.com/security/cve/CVE-2026-4720.html
* https://www.suse.com/security/cve/CVE-2026-4721.html
* https://www.suse.com/security/cve/CVE-2026-4722.html
* https://www.suse.com/security/cve/CVE-2026-4723.html
* https://www.suse.com/security/cve/CVE-2026-4724.html
* https://www.suse.com/security/cve/CVE-2026-4725.html
* https://www.suse.com/security/cve/CVE-2026-4726.html
* https://www.suse.com/security/cve/CVE-2026-4727.html
* https://www.suse.com/security/cve/CVE-2026-4728.html
* https://www.suse.com/security/cve/CVE-2026-4729.html



openSUSE-SU-2026:10465-1: moderate: ImageMagick-7.1.2.18-2.1 on GA media


# ImageMagick-7.1.2.18-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10465-1
Rating: moderate

Cross-References:

* CVE-2026-33535
* CVE-2026-33536

CVSS scores:

* CVE-2026-33535 ( SUSE ): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-33536 ( SUSE ): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-33536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the ImageMagick-7.1.2.18-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ImageMagick 7.1.2.18-2.1
* ImageMagick-config-7-SUSE 7.1.2.18-2.1
* ImageMagick-devel 7.1.2.18-2.1
* ImageMagick-devel-32bit 7.1.2.18-2.1
* ImageMagick-doc 7.1.2.18-2.1
* ImageMagick-extra 7.1.2.18-2.1
* libMagick++-7_Q16HDRI5 7.1.2.18-2.1
* libMagick++-7_Q16HDRI5-32bit 7.1.2.18-2.1
* libMagick++-devel 7.1.2.18-2.1
* libMagick++-devel-32bit 7.1.2.18-2.1
* libMagickCore-7_Q16HDRI10 7.1.2.18-2.1
* libMagickCore-7_Q16HDRI10-32bit 7.1.2.18-2.1
* libMagickWand-7_Q16HDRI10 7.1.2.18-2.1
* libMagickWand-7_Q16HDRI10-32bit 7.1.2.18-2.1
* perl-PerlMagick 7.1.2.18-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33535.html
* https://www.suse.com/security/cve/CVE-2026-33536.html



openSUSE-SU-2026:10462-1: moderate: heroic-games-launcher-2.20.1-4.1 on GA media


# heroic-games-launcher-2.20.1-4.1 on GA media

Announcement ID: openSUSE-SU-2026:10462-1
Rating: moderate

Cross-References:

* CVE-2026-33036

CVSS scores:

* CVE-2026-33036 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33036 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the heroic-games-launcher-2.20.1-4.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* heroic-games-launcher 2.20.1-4.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33036.html



openSUSE-SU-2026:10466-1: moderate: expat-2.7.5-1.1 on GA media


# expat-2.7.5-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10466-1
Rating: moderate

Cross-References:

* CVE-2026-32776
* CVE-2026-32777
* CVE-2026-32778

CVSS scores:

* CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the expat-2.7.5-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* expat 2.7.5-1.1
* libexpat-devel 2.7.5-1.1
* libexpat-devel-32bit 2.7.5-1.1
* libexpat1 2.7.5-1.1
* libexpat1-32bit 2.7.5-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-32776.html
* https://www.suse.com/security/cve/CVE-2026-32777.html
* https://www.suse.com/security/cve/CVE-2026-32778.html



openSUSE-SU-2026:10461-1: moderate: python311-nltk-3.9.4-1.1 on GA media


# python311-nltk-3.9.4-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10461-1
Rating: moderate

Cross-References:

* CVE-2026-33230

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-nltk-3.9.4-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-nltk 3.9.4-1.1
* python313-nltk 3.9.4-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33230.html



openSUSE-SU-2026:10463-1: moderate: netty-4.1.132-1.1 on GA media


# netty-4.1.132-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10463-1
Rating: moderate

Cross-References:

* CVE-2026-33870
* CVE-2026-33871

CVSS scores:

* CVE-2026-33870 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-33870 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-33871 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33871 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the netty-4.1.132-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* netty 4.1.132-1.1
* netty-bom 4.1.132-1.1
* netty-javadoc 4.1.132-1.1
* netty-parent 4.1.132-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33870.html
* https://www.suse.com/security/cve/CVE-2026-33871.html



openSUSE-SU-2026:10457-1: moderate: xen-4.21.1_02-1.1 on GA media


# xen-4.21.1_02-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10457-1
Rating: moderate

Cross-References:

* CVE-2026-23554
* CVE-2026-23555

CVSS scores:

* CVE-2026-23554 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-23554 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23555 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
* CVE-2026-23555 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the xen-4.21.1_02-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* xen 4.21.1_02-1.1
* xen-devel 4.21.1_02-1.1
* xen-doc-html 4.21.1_02-1.1
* xen-libs 4.21.1_02-1.1
* xen-tools 4.21.1_02-1.1
* xen-tools-domU 4.21.1_02-1.1
* xen-tools-xendomains-wait-disk 4.21.1_02-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-23554.html
* https://www.suse.com/security/cve/CVE-2026-23555.html



openSUSE-SU-2026:10459-1: moderate: freerdp2-2.11.7-6.1 on GA media


# freerdp2-2.11.7-6.1 on GA media

Announcement ID: openSUSE-SU-2026:10459-1
Rating: moderate

Cross-References:

* CVE-2026-22855
* CVE-2026-22857
* CVE-2026-23533
* CVE-2026-23732
* CVE-2026-23883
* CVE-2026-23884
* CVE-2026-26271
* CVE-2026-26955
* CVE-2026-26965
* CVE-2026-31806
* CVE-2026-31883
* CVE-2026-31885

CVSS scores:

* CVE-2026-22855 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H
* CVE-2026-22855 ( SUSE ): 6.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22857 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-22857 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23533 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-23533 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23732 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-23732 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-23883 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-23883 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23884 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-23884 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-26955 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-26955 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-26965 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-26965 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31806 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-31806 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31883 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-31883 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-31885 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
* CVE-2026-31885 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 12 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the freerdp2-2.11.7-6.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* freerdp2 2.11.7-6.1
* freerdp2-devel 2.11.7-6.1
* freerdp2-proxy 2.11.7-6.1
* freerdp2-server 2.11.7-6.1
* libfreerdp2-2 2.11.7-6.1
* libwinpr2-2 2.11.7-6.1
* winpr2-devel 2.11.7-6.1

## References:

* https://www.suse.com/security/cve/CVE-2026-22855.html
* https://www.suse.com/security/cve/CVE-2026-22857.html
* https://www.suse.com/security/cve/CVE-2026-23533.html
* https://www.suse.com/security/cve/CVE-2026-23732.html
* https://www.suse.com/security/cve/CVE-2026-23883.html
* https://www.suse.com/security/cve/CVE-2026-23884.html
* https://www.suse.com/security/cve/CVE-2026-26271.html
* https://www.suse.com/security/cve/CVE-2026-26955.html
* https://www.suse.com/security/cve/CVE-2026-26965.html
* https://www.suse.com/security/cve/CVE-2026-31806.html
* https://www.suse.com/security/cve/CVE-2026-31883.html
* https://www.suse.com/security/cve/CVE-2026-31885.html


MySQL security update for Rocky Linux 8

Ruby, Go, Tar-RS, Cargo-C, Kernel updates for Ubuntu

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...