TigerVNC, Openvswitch, Sudo, and more updates for SUSE

SUSE 5619 Published by

SUSE released several important security updates for Linux Enterprise and openSUSE systems to fix known vulnerabilities across multiple products. Critical patches address permission flaws in tigervnc that allow unauthorized access while sudo receives necessary corrections for privilege escalation risks. Users should prioritize these installations alongside moderate patches for libssh and ignition flaws affecting server security. The release cycle concludes with stability improvements for openvswitch memory handling plus updated scanning logic within the clamav antivirus package.

SUSE-SU-2026:1302-1: important: Security update for tigervnc
SUSE-SU-2026:1303-1: important: Security update for tigervnc
SUSE-SU-2026:1306-1: moderate: Security update for openvswitch
SUSE-SU-2026:1309-1: important: Security update for sudo
SUSE-SU-2026:1308-1: important: Security update for sudo
SUSE-SU-2026:1310-1: moderate: Security update for libssh
SUSE-SU-2026:1312-1: important: Security update for bind
SUSE-SU-2026:1314-1: important: Security update for ignition
openSUSE-SU-2026:10539-1: moderate: oci-cli-3.76.2-1.1 on GA media
openSUSE-SU-2026:10538-1: moderate: helm-4.1.4-2.1 on GA media
SUSE-SU-2026:1325-1: moderate: Security update for clamav



SUSE-SU-2026:1302-1: important: Security update for tigervnc


# Security update for tigervnc

Announcement ID: SUSE-SU-2026:1302-1
Release Date: 2026-04-13T16:02:17Z
Rating: important
References:

* bsc#1260871

Cross-References:

* CVE-2026-34352

CVSS scores:

* CVE-2026-34352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
* CVE-2026-34352 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-34352 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for tigervnc fixes the following issues:

* CVE-2026-34352: Fixed permissions to prevent other users from observing the
screen, or modifying what is sent to the client. (bsc#1260871)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1302=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1302=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1302=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1302=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1302=1

## Package List:

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* tigervnc-debugsource-1.12.0-150500.4.3.1
* tigervnc-1.12.0-150500.4.3.1
* libXvnc-devel-1.12.0-150500.4.3.1
* xorg-x11-Xvnc-module-1.12.0-150500.4.3.1
* libXvnc1-debuginfo-1.12.0-150500.4.3.1
* libXvnc1-1.12.0-150500.4.3.1
* xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1
* xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1
* tigervnc-debuginfo-1.12.0-150500.4.3.1
* xorg-x11-Xvnc-1.12.0-150500.4.3.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* tigervnc-debugsource-1.12.0-150500.4.3.1
* tigervnc-1.12.0-150500.4.3.1
* libXvnc-devel-1.12.0-150500.4.3.1
* libXvnc1-debuginfo-1.12.0-150500.4.3.1
* libXvnc1-1.12.0-150500.4.3.1
* xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1
* tigervnc-debuginfo-1.12.0-150500.4.3.1
* xorg-x11-Xvnc-1.12.0-150500.4.3.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le x86_64)
* xorg-x11-Xvnc-module-1.12.0-150500.4.3.1
* xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* tigervnc-debugsource-1.12.0-150500.4.3.1
* tigervnc-1.12.0-150500.4.3.1
* libXvnc-devel-1.12.0-150500.4.3.1
* xorg-x11-Xvnc-module-1.12.0-150500.4.3.1
* libXvnc1-debuginfo-1.12.0-150500.4.3.1
* libXvnc1-1.12.0-150500.4.3.1
* xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1
* xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1
* tigervnc-debuginfo-1.12.0-150500.4.3.1
* xorg-x11-Xvnc-1.12.0-150500.4.3.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* tigervnc-debugsource-1.12.0-150500.4.3.1
* tigervnc-1.12.0-150500.4.3.1
* libXvnc-devel-1.12.0-150500.4.3.1
* libXvnc1-debuginfo-1.12.0-150500.4.3.1
* libXvnc1-1.12.0-150500.4.3.1
* xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1
* tigervnc-debuginfo-1.12.0-150500.4.3.1
* xorg-x11-Xvnc-1.12.0-150500.4.3.1
* openSUSE Leap 15.5 (noarch)
* xorg-x11-Xvnc-java-1.12.0-150500.4.3.1
* tigervnc-x11vnc-1.12.0-150500.4.3.1
* xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1
* openSUSE Leap 15.5 (aarch64 ppc64le x86_64 i586)
* xorg-x11-Xvnc-module-1.12.0-150500.4.3.1
* xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* tigervnc-debugsource-1.12.0-150500.4.3.1
* tigervnc-1.12.0-150500.4.3.1
* libXvnc-devel-1.12.0-150500.4.3.1
* xorg-x11-Xvnc-module-1.12.0-150500.4.3.1
* libXvnc1-debuginfo-1.12.0-150500.4.3.1
* libXvnc1-1.12.0-150500.4.3.1
* xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1
* xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1
* tigervnc-debuginfo-1.12.0-150500.4.3.1
* xorg-x11-Xvnc-1.12.0-150500.4.3.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-34352.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260871



SUSE-SU-2026:1303-1: important: Security update for tigervnc


# Security update for tigervnc

Announcement ID: SUSE-SU-2026:1303-1
Release Date: 2026-04-13T16:03:04Z
Rating: important
References:

* bsc#1260871

Cross-References:

* CVE-2026-34352

CVSS scores:

* CVE-2026-34352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
* CVE-2026-34352 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-34352 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves one vulnerability can now be installed.

## Description:

This update for tigervnc fixes the following issues:

* CVE-2026-34352: Fixed permissions to prevent other users from observing the
screen, or modifying what is sent to the client. (bsc#1260871)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1303=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1303=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1303=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1303=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1303=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* tigervnc-debugsource-1.10.1-150400.7.15.1
* xorg-x11-Xvnc-1.10.1-150400.7.15.1
* tigervnc-debuginfo-1.10.1-150400.7.15.1
* tigervnc-1.10.1-150400.7.15.1
* libXvnc-devel-1.10.1-150400.7.15.1
* libXvnc1-debuginfo-1.10.1-150400.7.15.1
* xorg-x11-Xvnc-debuginfo-1.10.1-150400.7.15.1
* libXvnc1-1.10.1-150400.7.15.1
* openSUSE Leap 15.4 (noarch)
* tigervnc-x11vnc-1.10.1-150400.7.15.1
* xorg-x11-Xvnc-java-1.10.1-150400.7.15.1
* xorg-x11-Xvnc-novnc-1.10.1-150400.7.15.1
* openSUSE Leap 15.4 (aarch64 ppc64le x86_64 i586)
* xorg-x11-Xvnc-module-1.10.1-150400.7.15.1
* xorg-x11-Xvnc-module-debuginfo-1.10.1-150400.7.15.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* tigervnc-debugsource-1.10.1-150400.7.15.1
* xorg-x11-Xvnc-1.10.1-150400.7.15.1
* tigervnc-debuginfo-1.10.1-150400.7.15.1
* tigervnc-1.10.1-150400.7.15.1
* xorg-x11-Xvnc-module-1.10.1-150400.7.15.1
* libXvnc-devel-1.10.1-150400.7.15.1
* xorg-x11-Xvnc-module-debuginfo-1.10.1-150400.7.15.1
* libXvnc1-debuginfo-1.10.1-150400.7.15.1
* xorg-x11-Xvnc-debuginfo-1.10.1-150400.7.15.1
* libXvnc1-1.10.1-150400.7.15.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* xorg-x11-Xvnc-novnc-1.10.1-150400.7.15.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* tigervnc-debugsource-1.10.1-150400.7.15.1
* xorg-x11-Xvnc-1.10.1-150400.7.15.1
* tigervnc-debuginfo-1.10.1-150400.7.15.1
* tigervnc-1.10.1-150400.7.15.1
* xorg-x11-Xvnc-module-1.10.1-150400.7.15.1
* libXvnc-devel-1.10.1-150400.7.15.1
* xorg-x11-Xvnc-module-debuginfo-1.10.1-150400.7.15.1
* libXvnc1-debuginfo-1.10.1-150400.7.15.1
* xorg-x11-Xvnc-debuginfo-1.10.1-150400.7.15.1
* libXvnc1-1.10.1-150400.7.15.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* xorg-x11-Xvnc-novnc-1.10.1-150400.7.15.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* tigervnc-debugsource-1.10.1-150400.7.15.1
* xorg-x11-Xvnc-1.10.1-150400.7.15.1
* tigervnc-debuginfo-1.10.1-150400.7.15.1
* tigervnc-1.10.1-150400.7.15.1
* libXvnc-devel-1.10.1-150400.7.15.1
* libXvnc1-debuginfo-1.10.1-150400.7.15.1
* xorg-x11-Xvnc-debuginfo-1.10.1-150400.7.15.1
* libXvnc1-1.10.1-150400.7.15.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le x86_64)
* xorg-x11-Xvnc-module-1.10.1-150400.7.15.1
* xorg-x11-Xvnc-module-debuginfo-1.10.1-150400.7.15.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* xorg-x11-Xvnc-novnc-1.10.1-150400.7.15.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* tigervnc-debugsource-1.10.1-150400.7.15.1
* xorg-x11-Xvnc-1.10.1-150400.7.15.1
* tigervnc-debuginfo-1.10.1-150400.7.15.1
* tigervnc-1.10.1-150400.7.15.1
* xorg-x11-Xvnc-module-1.10.1-150400.7.15.1
* libXvnc-devel-1.10.1-150400.7.15.1
* xorg-x11-Xvnc-module-debuginfo-1.10.1-150400.7.15.1
* libXvnc1-debuginfo-1.10.1-150400.7.15.1
* xorg-x11-Xvnc-debuginfo-1.10.1-150400.7.15.1
* libXvnc1-1.10.1-150400.7.15.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* xorg-x11-Xvnc-novnc-1.10.1-150400.7.15.1

## References:

* https://www.suse.com/security/cve/CVE-2026-34352.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260871



SUSE-SU-2026:1306-1: moderate: Security update for openvswitch


# Security update for openvswitch

Announcement ID: SUSE-SU-2026:1306-1
Release Date: 2026-04-13T20:02:56Z
Rating: moderate
References:

* bsc#1261273

Cross-References:

* CVE-2026-34956

CVSS scores:

* CVE-2026-34956 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34956 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6

An update that solves one vulnerability can now be installed.

## Description:

This update for openvswitch fixes the following issues:

* CVE-2026-34956: invalid memory access via crafted FTP payloads in userspace
conntrack flows specifying the FTP alg handler (bsc#1261273).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1306=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* ovn-debuginfo-23.03.3-150600.33.12.1
* ovn-vtep-debuginfo-23.03.3-150600.33.12.1
* libovn-23_03-0-debuginfo-23.03.3-150600.33.12.1
* openvswitch-test-debuginfo-3.1.7-150600.33.12.1
* openvswitch-devel-3.1.7-150600.33.12.1
* openvswitch-debugsource-3.1.7-150600.33.12.1
* openvswitch-vtep-debuginfo-3.1.7-150600.33.12.1
* openvswitch-vtep-3.1.7-150600.33.12.1
* libopenvswitch-3_1-0-3.1.7-150600.33.12.1
* libovn-23_03-0-23.03.3-150600.33.12.1
* ovn-devel-23.03.3-150600.33.12.1
* python3-ovs-3.1.7-150600.33.12.1
* ovn-central-debuginfo-23.03.3-150600.33.12.1
* ovn-23.03.3-150600.33.12.1
* openvswitch-ipsec-3.1.7-150600.33.12.1
* openvswitch-test-3.1.7-150600.33.12.1
* ovn-central-23.03.3-150600.33.12.1
* openvswitch-pki-3.1.7-150600.33.12.1
* openvswitch-3.1.7-150600.33.12.1
* ovn-host-debuginfo-23.03.3-150600.33.12.1
* libopenvswitch-3_1-0-debuginfo-3.1.7-150600.33.12.1
* openvswitch-debuginfo-3.1.7-150600.33.12.1
* ovn-host-23.03.3-150600.33.12.1
* ovn-vtep-23.03.3-150600.33.12.1
* ovn-docker-23.03.3-150600.33.12.1
* openSUSE Leap 15.6 (noarch)
* openvswitch-doc-3.1.7-150600.33.12.1
* ovn-doc-23.03.3-150600.33.12.1

## References:

* https://www.suse.com/security/cve/CVE-2026-34956.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261273



SUSE-SU-2026:1309-1: important: Security update for sudo


# Security update for sudo

Announcement ID: SUSE-SU-2026:1309-1
Release Date: 2026-04-14T10:39:43Z
Rating: important
References:

* bsc#1261420

Cross-References:

* CVE-2026-35535

CVSS scores:

* CVE-2026-35535 ( SUSE ): 7.5
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-35535 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-35535 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves one vulnerability can now be installed.

## Description:

This update for sudo fixes the following issue:

* CVE-2026-35535: Fixed potential privilege escalation when running the mailer
(bsc#1261420).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1309=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1309=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1309=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1309=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1309=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1309=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1309=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1309=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1309=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* sudo-debuginfo-1.9.9-150400.4.42.1
* sudo-plugin-python-debuginfo-1.9.9-150400.4.42.1
* sudo-debugsource-1.9.9-150400.4.42.1
* sudo-devel-1.9.9-150400.4.42.1
* sudo-1.9.9-150400.4.42.1
* sudo-plugin-python-1.9.9-150400.4.42.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* sudo-debuginfo-1.9.9-150400.4.42.1
* sudo-plugin-python-debuginfo-1.9.9-150400.4.42.1
* sudo-debugsource-1.9.9-150400.4.42.1
* sudo-devel-1.9.9-150400.4.42.1
* sudo-test-1.9.9-150400.4.42.1
* sudo-1.9.9-150400.4.42.1
* sudo-plugin-python-1.9.9-150400.4.42.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* sudo-1.9.9-150400.4.42.1
* sudo-debuginfo-1.9.9-150400.4.42.1
* sudo-debugsource-1.9.9-150400.4.42.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* sudo-1.9.9-150400.4.42.1
* sudo-debuginfo-1.9.9-150400.4.42.1
* sudo-debugsource-1.9.9-150400.4.42.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* sudo-1.9.9-150400.4.42.1
* sudo-debuginfo-1.9.9-150400.4.42.1
* sudo-debugsource-1.9.9-150400.4.42.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* sudo-1.9.9-150400.4.42.1
* sudo-debuginfo-1.9.9-150400.4.42.1
* sudo-debugsource-1.9.9-150400.4.42.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* sudo-debuginfo-1.9.9-150400.4.42.1
* sudo-plugin-python-debuginfo-1.9.9-150400.4.42.1
* sudo-debugsource-1.9.9-150400.4.42.1
* sudo-devel-1.9.9-150400.4.42.1
* sudo-1.9.9-150400.4.42.1
* sudo-plugin-python-1.9.9-150400.4.42.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* sudo-debuginfo-1.9.9-150400.4.42.1
* sudo-plugin-python-debuginfo-1.9.9-150400.4.42.1
* sudo-debugsource-1.9.9-150400.4.42.1
* sudo-devel-1.9.9-150400.4.42.1
* sudo-1.9.9-150400.4.42.1
* sudo-plugin-python-1.9.9-150400.4.42.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* sudo-debuginfo-1.9.9-150400.4.42.1
* sudo-plugin-python-debuginfo-1.9.9-150400.4.42.1
* sudo-debugsource-1.9.9-150400.4.42.1
* sudo-devel-1.9.9-150400.4.42.1
* sudo-1.9.9-150400.4.42.1
* sudo-plugin-python-1.9.9-150400.4.42.1

## References:

* https://www.suse.com/security/cve/CVE-2026-35535.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261420



SUSE-SU-2026:1308-1: important: Security update for sudo


# Security update for sudo

Announcement ID: SUSE-SU-2026:1308-1
Release Date: 2026-04-14T10:38:02Z
Rating: important
References:

* bsc#1261420

Cross-References:

* CVE-2026-35535

CVSS scores:

* CVE-2026-35535 ( SUSE ): 7.5
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-35535 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-35535 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for sudo fixes the following issue:

* CVE-2026-35535: Fixed potential privilege escalation when running the mailer
(bsc#1261420).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1308=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-1308=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1308=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1308=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1308=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1308=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* sudo-plugin-python-debuginfo-1.9.12p1-150500.7.16.1
* sudo-test-1.9.12p1-150500.7.16.1
* sudo-debugsource-1.9.12p1-150500.7.16.1
* sudo-devel-1.9.12p1-150500.7.16.1
* sudo-debuginfo-1.9.12p1-150500.7.16.1
* sudo-1.9.12p1-150500.7.16.1
* sudo-plugin-python-1.9.12p1-150500.7.16.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* sudo-1.9.12p1-150500.7.16.1
* sudo-debuginfo-1.9.12p1-150500.7.16.1
* sudo-debugsource-1.9.12p1-150500.7.16.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* sudo-plugin-python-debuginfo-1.9.12p1-150500.7.16.1
* sudo-debugsource-1.9.12p1-150500.7.16.1
* sudo-devel-1.9.12p1-150500.7.16.1
* sudo-debuginfo-1.9.12p1-150500.7.16.1
* sudo-1.9.12p1-150500.7.16.1
* sudo-plugin-python-1.9.12p1-150500.7.16.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* sudo-plugin-python-debuginfo-1.9.12p1-150500.7.16.1
* sudo-debugsource-1.9.12p1-150500.7.16.1
* sudo-devel-1.9.12p1-150500.7.16.1
* sudo-debuginfo-1.9.12p1-150500.7.16.1
* sudo-1.9.12p1-150500.7.16.1
* sudo-plugin-python-1.9.12p1-150500.7.16.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* sudo-plugin-python-debuginfo-1.9.12p1-150500.7.16.1
* sudo-debugsource-1.9.12p1-150500.7.16.1
* sudo-devel-1.9.12p1-150500.7.16.1
* sudo-debuginfo-1.9.12p1-150500.7.16.1
* sudo-1.9.12p1-150500.7.16.1
* sudo-plugin-python-1.9.12p1-150500.7.16.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* sudo-plugin-python-debuginfo-1.9.12p1-150500.7.16.1
* sudo-debugsource-1.9.12p1-150500.7.16.1
* sudo-devel-1.9.12p1-150500.7.16.1
* sudo-debuginfo-1.9.12p1-150500.7.16.1
* sudo-1.9.12p1-150500.7.16.1
* sudo-plugin-python-1.9.12p1-150500.7.16.1

## References:

* https://www.suse.com/security/cve/CVE-2026-35535.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261420



SUSE-SU-2026:1310-1: moderate: Security update for libssh


# Security update for libssh

Announcement ID: SUSE-SU-2026:1310-1
Release Date: 2026-04-14T10:42:17Z
Rating: moderate
References:

* bsc#1259377

Cross-References:

* CVE-2026-3731

CVSS scores:

* CVE-2026-3731 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-3731 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-3731 ( NVD ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-3731 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-3731 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for libssh fixes the following issues:

* CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension
name handler (bsc#1259377).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1310=1 openSUSE-SLE-15.6-2026-1310=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1310=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libssh4-0.9.8-150600.11.12.1
* libssh-debugsource-0.9.8-150600.11.12.1
* libssh-devel-0.9.8-150600.11.12.1
* libssh4-debuginfo-0.9.8-150600.11.12.1
* libssh-config-0.9.8-150600.11.12.1
* openSUSE Leap 15.6 (x86_64)
* libssh4-32bit-debuginfo-0.9.8-150600.11.12.1
* libssh4-32bit-0.9.8-150600.11.12.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libssh4-64bit-0.9.8-150600.11.12.1
* libssh4-64bit-debuginfo-0.9.8-150600.11.12.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libssh4-0.9.8-150600.11.12.1
* libssh-debugsource-0.9.8-150600.11.12.1
* libssh-devel-0.9.8-150600.11.12.1
* libssh4-debuginfo-0.9.8-150600.11.12.1
* libssh-config-0.9.8-150600.11.12.1
* Basesystem Module 15-SP7 (x86_64)
* libssh4-32bit-debuginfo-0.9.8-150600.11.12.1
* libssh4-32bit-0.9.8-150600.11.12.1

## References:

* https://www.suse.com/security/cve/CVE-2026-3731.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259377



SUSE-SU-2026:1312-1: important: Security update for bind


# Security update for bind

Announcement ID: SUSE-SU-2026:1312-1
Release Date: 2026-04-14T10:46:38Z
Rating: important
References:

* bsc#1260805

Cross-References:

* CVE-2026-1519

CVSS scores:

* CVE-2026-1519 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-1519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-1519 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for bind fixes the following issues:

* CVE-2026-1519: high CPU load during insecure delegation validation due to
excessive NSEC3 iterations (bsc#1260805).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1312=1 openSUSE-SLE-15.6-2026-1312=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1312=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1312=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* bind-debugsource-9.18.33-150600.3.21.1
* bind-utils-9.18.33-150600.3.21.1
* bind-utils-debuginfo-9.18.33-150600.3.21.1
* bind-9.18.33-150600.3.21.1
* bind-debuginfo-9.18.33-150600.3.21.1
* openSUSE Leap 15.6 (noarch)
* bind-doc-9.18.33-150600.3.21.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* bind-debugsource-9.18.33-150600.3.21.1
* bind-utils-9.18.33-150600.3.21.1
* bind-utils-debuginfo-9.18.33-150600.3.21.1
* bind-9.18.33-150600.3.21.1
* bind-debuginfo-9.18.33-150600.3.21.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* bind-doc-9.18.33-150600.3.21.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* bind-debugsource-9.18.33-150600.3.21.1
* bind-utils-9.18.33-150600.3.21.1
* bind-utils-debuginfo-9.18.33-150600.3.21.1
* bind-9.18.33-150600.3.21.1
* bind-debuginfo-9.18.33-150600.3.21.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* bind-doc-9.18.33-150600.3.21.1

## References:

* https://www.suse.com/security/cve/CVE-2026-1519.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260805



SUSE-SU-2026:1314-1: important: Security update for ignition


# Security update for ignition

Announcement ID: SUSE-SU-2026:1314-1
Release Date: 2026-04-14T11:07:17Z
Rating: important
References:

* bsc#1260251

Cross-References:

* CVE-2026-33186

CVSS scores:

* CVE-2026-33186 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* HPC Module 15-SP7
* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for ignition fixes the following issue:

* CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper
validation of the HTTP/2 `:path` pseudo-header (bsc#1260251).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1314=1

* HPC Module 15-SP7
zypper in -t patch SUSE-SLE-Module-HPC-15-SP7-2026-1314=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1314=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1314=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* ignition-dracut-grub2-2.14.0-150400.9.15.1
* ignition-2.14.0-150400.9.15.1
* ignition-debuginfo-2.14.0-150400.9.15.1
* HPC Module 15-SP7 (aarch64 x86_64)
* ignition-dracut-grub2-2.14.0-150400.9.15.1
* ignition-2.14.0-150400.9.15.1
* ignition-debuginfo-2.14.0-150400.9.15.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 x86_64)
* ignition-dracut-grub2-2.14.0-150400.9.15.1
* ignition-2.14.0-150400.9.15.1
* ignition-debuginfo-2.14.0-150400.9.15.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* ignition-dracut-grub2-2.14.0-150400.9.15.1
* ignition-2.14.0-150400.9.15.1
* ignition-debuginfo-2.14.0-150400.9.15.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33186.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260251



openSUSE-SU-2026:10539-1: moderate: oci-cli-3.76.2-1.1 on GA media


# oci-cli-3.76.2-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10539-1
Rating: moderate

Cross-References:

* CVE-2024-37891
* CVE-2024-47081
* CVE-2025-47273
* CVE-2025-50181
* CVE-2025-66418
* CVE-2026-21441
* CVE-2026-26007

CVSS scores:

* CVE-2024-37891 ( SUSE ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-47081 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-47081 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-47273 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-47273 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-50181 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-50181 ( SUSE ): 6 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-66418 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-66418 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-21441 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-21441 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-26007 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-26007 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 7 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the oci-cli-3.76.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* oci-cli 3.76.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-37891.html
* https://www.suse.com/security/cve/CVE-2024-47081.html
* https://www.suse.com/security/cve/CVE-2025-47273.html
* https://www.suse.com/security/cve/CVE-2025-50181.html
* https://www.suse.com/security/cve/CVE-2025-66418.html
* https://www.suse.com/security/cve/CVE-2026-21441.html
* https://www.suse.com/security/cve/CVE-2026-26007.html



openSUSE-SU-2026:10538-1: moderate: helm-4.1.4-2.1 on GA media


# helm-4.1.4-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10538-1
Rating: moderate

Cross-References:

* CVE-2026-35205
* CVE-2026-35206

CVSS scores:

* CVE-2026-35205 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-35205 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-35206 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
* CVE-2026-35206 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the helm-4.1.4-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* helm 4.1.4-2.1
* helm-bash-completion 4.1.4-2.1
* helm-fish-completion 4.1.4-2.1
* helm-zsh-completion 4.1.4-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-35205.html
* https://www.suse.com/security/cve/CVE-2026-35206.html



SUSE-SU-2026:1325-1: moderate: Security update for clamav


# Security update for clamav

Announcement ID: SUSE-SU-2026:1325-1
Release Date: 2026-04-14T13:15:54Z
Rating: moderate
References:

* bsc#1221954
* bsc#1258072
* bsc#1259207
* jsc#PED-14819

Cross-References:

* CVE-2026-20031

CVSS scores:

* CVE-2026-20031 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-20031 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-20031 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability, contains one feature and has two
security fixes can now be installed.

## Description:

This update for clamav fixes the following issues:

Update to clamav 1.5.2:

Security issue:

* CVE-2026-20031: improper error handling in the HTML CSS module when
splitting UTF-8 strings can lead to denial of service conditions via a
crafted HTML file (bsc#1259207).

Non security issue:

* Support transactional updates (jsc#PED-14819).

Changelog:

* Fixed a possible infinite loop when scanning some JPEG files by upgrading
affected ClamAV dependency, a Rust image library.
* The CVD verification process will now ignore certificate files in the CVD
certs directory when the user lacks read permissions.
* Freshclam: Fix CLD verification bug with PrivateMirror option.
* Upgraded the Rust bytes dependency to a newer version to resolve
RUSTSEC-2026-0007 advisory.
* Fixed a possible crash caused by invalid pointer alignment on some
platforms.
* Minimal required Rust version is now 1.87.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1325=1 openSUSE-SLE-15.6-2026-1325=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1325=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1325=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1325=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* libclamav12-1.5.2-150600.18.25.1
* clamav-debuginfo-1.5.2-150600.18.25.1
* clamav-1.5.2-150600.18.25.1
* clamav-milter-debuginfo-1.5.2-150600.18.25.1
* libclamav12-debuginfo-1.5.2-150600.18.25.1
* clamav-devel-1.5.2-150600.18.25.1
* libclammspack0-debuginfo-1.5.2-150600.18.25.1
* libclammspack0-1.5.2-150600.18.25.1
* clamav-debugsource-1.5.2-150600.18.25.1
* clamav-milter-1.5.2-150600.18.25.1
* libfreshclam4-1.5.2-150600.18.25.1
* libfreshclam4-debuginfo-1.5.2-150600.18.25.1
* openSUSE Leap 15.6 (noarch)
* clamav-docs-html-1.5.2-150600.18.25.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libclamav12-1.5.2-150600.18.25.1
* clamav-debuginfo-1.5.2-150600.18.25.1
* clamav-1.5.2-150600.18.25.1
* clamav-milter-debuginfo-1.5.2-150600.18.25.1
* libclamav12-debuginfo-1.5.2-150600.18.25.1
* clamav-devel-1.5.2-150600.18.25.1
* libclammspack0-debuginfo-1.5.2-150600.18.25.1
* libclammspack0-1.5.2-150600.18.25.1
* clamav-debugsource-1.5.2-150600.18.25.1
* clamav-milter-1.5.2-150600.18.25.1
* libfreshclam4-1.5.2-150600.18.25.1
* libfreshclam4-debuginfo-1.5.2-150600.18.25.1
* Basesystem Module 15-SP7 (noarch)
* clamav-docs-html-1.5.2-150600.18.25.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libclamav12-1.5.2-150600.18.25.1
* clamav-debuginfo-1.5.2-150600.18.25.1
* clamav-1.5.2-150600.18.25.1
* clamav-milter-debuginfo-1.5.2-150600.18.25.1
* libclamav12-debuginfo-1.5.2-150600.18.25.1
* clamav-devel-1.5.2-150600.18.25.1
* libclammspack0-debuginfo-1.5.2-150600.18.25.1
* libclammspack0-1.5.2-150600.18.25.1
* clamav-debugsource-1.5.2-150600.18.25.1
* clamav-milter-1.5.2-150600.18.25.1
* libfreshclam4-1.5.2-150600.18.25.1
* libfreshclam4-debuginfo-1.5.2-150600.18.25.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* clamav-docs-html-1.5.2-150600.18.25.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libclamav12-1.5.2-150600.18.25.1
* clamav-debuginfo-1.5.2-150600.18.25.1
* clamav-1.5.2-150600.18.25.1
* clamav-milter-debuginfo-1.5.2-150600.18.25.1
* libclamav12-debuginfo-1.5.2-150600.18.25.1
* clamav-devel-1.5.2-150600.18.25.1
* libclammspack0-debuginfo-1.5.2-150600.18.25.1
* libclammspack0-1.5.2-150600.18.25.1
* clamav-debugsource-1.5.2-150600.18.25.1
* clamav-milter-1.5.2-150600.18.25.1
* libfreshclam4-1.5.2-150600.18.25.1
* libfreshclam4-debuginfo-1.5.2-150600.18.25.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* clamav-docs-html-1.5.2-150600.18.25.1

## References:

* https://www.suse.com/security/cve/CVE-2026-20031.html
* https://bugzilla.suse.com/show_bug.cgi?id=1221954
* https://bugzilla.suse.com/show_bug.cgi?id=1258072
* https://bugzilla.suse.com/show_bug.cgi?id=1259207
* https://jira.suse.com/browse/PED-14819


Xorg-Server and Libexif updates for Slackware

Redis, XML::Parser, Polkit, Tar-RS, Rust updates for Ubuntu

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...