Tor, Valkey, Java, and more updates for SUSE

SUSE 5643 Published 2026-05-11 07:31 by Philipp Esselbach

News

SUSE recently pushed out a batch of security patches for Tumbleweed and Leap 16.0 that tackle multiple flaws across several key applications. You will find fixes for popular software like Tor, various Java OpenJ9 releases, Go, Django, glibc, FRR, Firefox ESR, Valkey, and more scattered throughout these announcements. Some of the vulnerabilities carry moderate ratings while others are marked critical, meaning administrators should prioritize the higher risk patches first. Installing these updates is straightforward since you can rely on familiar tools like zypper or YaST to handle the patching process smoothly.

openSUSE-SU-2026:20709-1: critical: Security update for tor
openSUSE-SU-2026:10719-1: moderate: valkey-9.0.4-1.1 on GA media
openSUSE-SU-2026:10727-1: moderate: java-21-openj9-21.0.11.0-1.1 on GA media
openSUSE-SU-2026:10726-1: moderate: java-1_8_0-openj9-1.8.0.492-1.1 on GA media
openSUSE-SU-2026:10724-1: moderate: java-11-openj9-11.0.31.0-1.1 on GA media
openSUSE-SU-2026:10723-1: moderate: go1.25-1.25.10-1.1 on GA media
openSUSE-SU-2026:10718-1: moderate: python311-Django-5.2.14-1.1 on GA media
openSUSE-SU-2026:10722-1: moderate: glibc-2.43-2.1 on GA media
openSUSE-SU-2026:10721-1: moderate: frr-10.6.1-1.1 on GA media
openSUSE-SU-2026:10725-1: moderate: java-17-openj9-17.0.19.0-1.1 on GA media
openSUSE-SU-2026:10720-1: moderate: firefox-esr-140.10.2-1.1 on GA media

openSUSE-SU-2026:20709-1: critical: Security update for tor

openSUSE security update: security update for tor
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20709-1
Rating: critical
References:

* bsc#1264341
* bsc#1264342
* bsc#1264343
* bsc#1264344
* bsc#1264345
* bsc#1264346

Cross-References:

* CVE-2026-44597
* CVE-2026-44599
* CVE-2026-44600
* CVE-2026-44601
* CVE-2026-44602
* CVE-2026-44603

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 6 vulnerabilities and has 6 bug fixes can now be installed.

Description:

This update for tor fixes the following issues:

Changes in tor:

- Update to 0.4.9.8
* Fix out-of-bounds read (boo#1264341, CVE-2026-44597, TROVE-2026-011)
* Do not attempt or accept BEGIN_DIR via conflux legs
(boo#1264342, CVE-2026-44599,TROVE-2026-008)
* Adjust conflux out-of-order queue accounting when clearing a queue
(boo#1264343, CVE-2026-44600, TROVE-2026-010)
* Fix a client-side crash caused by double-close of a circuit while
under circuit queue memory pressure
(boo#1264344, CVE-2026-44601, TROVE-2026-009)
* Fix null pointer dereference when receiving a CERT cell out of
order (boo#1264345, CVE-2026-44602, TROVE-2026-006)
* Fix off-by-one out-of-bounds read if a malformed BEGIN cell is
received (boo#1264346, CVE-2026-44603, TROVE-2026-007)

- upate to 0.4.9.5:
* first stable release in the 0.4.9 series
* introduces a new circuit-level encryption design for better
client security
* introduce a more scalable way for large relay operators to
annotate which relays they run so clients can avoid using too
many of them in a single circuit

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-236=1

Package List:

- openSUSE Leap 16.0:

tor-0.4.9.8-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-44597.html
* https://www.suse.com/security/cve/CVE-2026-44599.html
* https://www.suse.com/security/cve/CVE-2026-44600.html
* https://www.suse.com/security/cve/CVE-2026-44601.html
* https://www.suse.com/security/cve/CVE-2026-44602.html
* https://www.suse.com/security/cve/CVE-2026-44603.html

openSUSE-SU-2026:10719-1: moderate: valkey-9.0.4-1.1 on GA media

# valkey-9.0.4-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10719-1
Rating: moderate

Cross-References:

* CVE-2026-23479
* CVE-2026-23631
* CVE-2026-25243

CVSS scores:

* CVE-2026-23479 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23479 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-23631 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23631 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-25243 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-25243 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the valkey-9.0.4-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* valkey 9.0.4-1.1
* valkey-compat-redis 9.0.4-1.1
* valkey-devel 9.0.4-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-23479.html
* https://www.suse.com/security/cve/CVE-2026-23631.html
* https://www.suse.com/security/cve/CVE-2026-25243.html

openSUSE-SU-2026:10727-1: moderate: java-21-openj9-21.0.11.0-1.1 on GA media

# java-21-openj9-21.0.11.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10727-1
Rating: moderate

Cross-References:

* CVE-2026-22007
* CVE-2026-22016
* CVE-2026-22021
* CVE-2026-34268

CVSS scores:

* CVE-2026-22007 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-22007 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-22016 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-22016 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-22021 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-22021 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-34268 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-34268 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the java-21-openj9-21.0.11.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* java-21-openj9 21.0.11.0-1.1
* java-21-openj9-demo 21.0.11.0-1.1
* java-21-openj9-devel 21.0.11.0-1.1
* java-21-openj9-headless 21.0.11.0-1.1
* java-21-openj9-javadoc 21.0.11.0-1.1
* java-21-openj9-jmods 21.0.11.0-1.1
* java-21-openj9-src 21.0.11.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-22007.html
* https://www.suse.com/security/cve/CVE-2026-22016.html
* https://www.suse.com/security/cve/CVE-2026-22021.html
* https://www.suse.com/security/cve/CVE-2026-34268.html

openSUSE-SU-2026:10726-1: moderate: java-1_8_0-openj9-1.8.0.492-1.1 on GA media

# java-1_8_0-openj9-1.8.0.492-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10726-1
Rating: moderate

Cross-References:

* CVE-2026-22007
* CVE-2026-22016
* CVE-2026-22021
* CVE-2026-34268

CVSS scores:

* CVE-2026-22007 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-22007 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-22016 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-22016 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-22021 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-22021 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-34268 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-34268 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the java-1_8_0-openj9-1.8.0.492-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* java-1_8_0-openj9 1.8.0.492-1.1
* java-1_8_0-openj9-accessibility 1.8.0.492-1.1
* java-1_8_0-openj9-demo 1.8.0.492-1.1
* java-1_8_0-openj9-devel 1.8.0.492-1.1
* java-1_8_0-openj9-headless 1.8.0.492-1.1
* java-1_8_0-openj9-javadoc 1.8.0.492-1.1
* java-1_8_0-openj9-src 1.8.0.492-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-22007.html
* https://www.suse.com/security/cve/CVE-2026-22016.html
* https://www.suse.com/security/cve/CVE-2026-22021.html
* https://www.suse.com/security/cve/CVE-2026-34268.html

openSUSE-SU-2026:10724-1: moderate: java-11-openj9-11.0.31.0-1.1 on GA media

# java-11-openj9-11.0.31.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10724-1
Rating: moderate

Cross-References:

* CVE-2026-22007
* CVE-2026-22016
* CVE-2026-22021
* CVE-2026-34268

CVSS scores:

* CVE-2026-22007 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-22007 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-22016 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-22016 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-22021 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-22021 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-34268 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-34268 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the java-11-openj9-11.0.31.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* java-11-openj9 11.0.31.0-1.1
* java-11-openj9-demo 11.0.31.0-1.1
* java-11-openj9-devel 11.0.31.0-1.1
* java-11-openj9-headless 11.0.31.0-1.1
* java-11-openj9-javadoc 11.0.31.0-1.1
* java-11-openj9-jmods 11.0.31.0-1.1
* java-11-openj9-src 11.0.31.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-22007.html
* https://www.suse.com/security/cve/CVE-2026-22016.html
* https://www.suse.com/security/cve/CVE-2026-22021.html
* https://www.suse.com/security/cve/CVE-2026-34268.html

openSUSE-SU-2026:10723-1: moderate: go1.25-1.25.10-1.1 on GA media

# go1.25-1.25.10-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10723-1
Rating: moderate

Cross-References:

* CVE-2026-33811
* CVE-2026-33814
* CVE-2026-39817
* CVE-2026-39819
* CVE-2026-39820
* CVE-2026-39823
* CVE-2026-39825
* CVE-2026-39826
* CVE-2026-39836
* CVE-2026-42499
* CVE-2026-42501

Affected Products:

* openSUSE Tumbleweed

An update that solves 11 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the go1.25-1.25.10-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* go1.25 1.25.10-1.1
* go1.25-doc 1.25.10-1.1
* go1.25-libstd 1.25.10-1.1
* go1.25-race 1.25.10-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33811.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-39817.html
* https://www.suse.com/security/cve/CVE-2026-39819.html
* https://www.suse.com/security/cve/CVE-2026-39820.html
* https://www.suse.com/security/cve/CVE-2026-39823.html
* https://www.suse.com/security/cve/CVE-2026-39825.html
* https://www.suse.com/security/cve/CVE-2026-39826.html
* https://www.suse.com/security/cve/CVE-2026-39836.html
* https://www.suse.com/security/cve/CVE-2026-42499.html
* https://www.suse.com/security/cve/CVE-2026-42501.html

openSUSE-SU-2026:10718-1: moderate: python311-Django-5.2.14-1.1 on GA media

# python311-Django-5.2.14-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10718-1
Rating: moderate

Cross-References:

* CVE-2026-35192
* CVE-2026-5766
* CVE-2026-6907

CVSS scores:

* CVE-2026-35192 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-35192 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-5766 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-5766 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-6907 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-6907 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the python311-Django-5.2.14-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-Django 5.2.14-1.1
* python313-Django 5.2.14-1.1
* python314-Django 5.2.14-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-35192.html
* https://www.suse.com/security/cve/CVE-2026-5766.html
* https://www.suse.com/security/cve/CVE-2026-6907.html

openSUSE-SU-2026:10722-1: moderate: glibc-2.43-2.1 on GA media

# glibc-2.43-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10722-1
Rating: moderate

Cross-References:

* CVE-2026-4046

CVSS scores:

* CVE-2026-4046 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4046 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the glibc-2.43-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* glibc 2.43-2.1
* glibc-devel 2.43-2.1
* glibc-devel-static 2.43-2.1
* glibc-extra 2.43-2.1
* glibc-gconv-modules-extra 2.43-2.1
* glibc-html 2.43-2.1
* glibc-i18ndata 2.43-2.1
* glibc-info 2.43-2.1
* glibc-lang 2.43-2.1
* glibc-locale 2.43-2.1
* glibc-locale-base 2.43-2.1
* glibc-profile 2.43-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-4046.html

openSUSE-SU-2026:10721-1: moderate: frr-10.6.1-1.1 on GA media

# frr-10.6.1-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10721-1
Rating: moderate

Cross-References:

* CVE-2026-28532
* CVE-2026-37457
* CVE-2026-37458
* CVE-2026-37459

CVSS scores:

* CVE-2026-28532 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-28532 ( SUSE ): 6 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-37457 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-37458 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-37458 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-37459 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-37459 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the frr-10.6.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* frr 10.6.1-1.1
* frr-devel 10.6.1-1.1
* libfrr0 10.6.1-1.1
* libfrr_pb0 10.6.1-1.1
* libfrrcares0 10.6.1-1.1
* libfrrfpm_pb0 10.6.1-1.1
* libfrrospfapiclient0 10.6.1-1.1
* libfrrsnmp0 10.6.1-1.1
* libfrrzmq0 10.6.1-1.1
* libmgmt_be_nb0 10.6.1-1.1
* libmlag_pb0 10.6.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-28532.html
* https://www.suse.com/security/cve/CVE-2026-37457.html
* https://www.suse.com/security/cve/CVE-2026-37458.html
* https://www.suse.com/security/cve/CVE-2026-37459.html

openSUSE-SU-2026:10725-1: moderate: java-17-openj9-17.0.19.0-1.1 on GA media

# java-17-openj9-17.0.19.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10725-1
Rating: moderate

Cross-References:

* CVE-2026-22007
* CVE-2026-22016
* CVE-2026-22021
* CVE-2026-34268

CVSS scores:

* CVE-2026-22007 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-22007 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-22016 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-22016 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-22021 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-22021 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-34268 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-34268 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the java-17-openj9-17.0.19.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* java-17-openj9 17.0.19.0-1.1
* java-17-openj9-demo 17.0.19.0-1.1
* java-17-openj9-devel 17.0.19.0-1.1
* java-17-openj9-headless 17.0.19.0-1.1
* java-17-openj9-javadoc 17.0.19.0-1.1
* java-17-openj9-jmods 17.0.19.0-1.1
* java-17-openj9-src 17.0.19.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-22007.html
* https://www.suse.com/security/cve/CVE-2026-22016.html
* https://www.suse.com/security/cve/CVE-2026-22021.html
* https://www.suse.com/security/cve/CVE-2026-34268.html

openSUSE-SU-2026:10720-1: moderate: firefox-esr-140.10.2-1.1 on GA media

# firefox-esr-140.10.2-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10720-1
Rating: moderate

Cross-References:

* CVE-2026-8090
* CVE-2026-8091
* CVE-2026-8092
* CVE-2026-8094

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the firefox-esr-140.10.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* firefox-esr 140.10.2-1.1
* firefox-esr-branding-upstream 140.10.2-1.1
* firefox-esr-translations-common 140.10.2-1.1
* firefox-esr-translations-other 140.10.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-8090.html
* https://www.suse.com/security/cve/CVE-2026-8091.html
* https://www.suse.com/security/cve/CVE-2026-8092.html
* https://www.suse.com/security/cve/CVE-2026-8094.html

LibRaw, Thunderbird, OpenSSH, and more updates for RHEL

AM 10.1.1 released

Tor, Valkey, Java, and more updates for SUSE

openSUSE-SU-2026:20709-1: critical: Security update for tor

openSUSE-SU-2026:10719-1: moderate: valkey-9.0.4-1.1 on GA media

openSUSE-SU-2026:10727-1: moderate: java-21-openj9-21.0.11.0-1.1 on GA media

openSUSE-SU-2026:10726-1: moderate: java-1_8_0-openj9-1.8.0.492-1.1 on GA media

openSUSE-SU-2026:10724-1: moderate: java-11-openj9-11.0.31.0-1.1 on GA media

openSUSE-SU-2026:10723-1: moderate: go1.25-1.25.10-1.1 on GA media

openSUSE-SU-2026:10718-1: moderate: python311-Django-5.2.14-1.1 on GA media

openSUSE-SU-2026:10722-1: moderate: glibc-2.43-2.1 on GA media

openSUSE-SU-2026:10721-1: moderate: frr-10.6.1-1.1 on GA media

openSUSE-SU-2026:10725-1: moderate: java-17-openj9-17.0.19.0-1.1 on GA media

openSUSE-SU-2026:10720-1: moderate: firefox-esr-140.10.2-1.1 on GA media

Windows

Linux

macOS

Community