Util-Linux, Matio, Libpng16, and more updates for SUSE

SUSE 5529 Published by

Several security updates have been released for SUSE Linux, including fixes for util-linux and matio. Additionally, important security updates are available for libpng16, libmicrohttpd, python-tornado6, Mozilla Firefox, and other packages. Moderate security updates have also been released for avahi, libtasn1-6-32bit, python311-authlib, k6, teleport, libpcap-devel, kubelogin, istioctl, ffmpeg-7, and ffmpeg-4.

SUSE-SU-2026:0116-1: moderate: Security update for util-linux
SUSE-SU-2026:0117-1: moderate: Security update for util-linux
openSUSE-SU-2026:20022-1: important: Security update for matio
openSUSE-SU-2026:20017-1: important: Security update for libpng16
openSUSE-SU-2026:20016-1: important: Security update for libmicrohttpd
openSUSE-SU-2026:20013-1: moderate: Security update for avahi
openSUSE-SU-2026:20015-1: important: Security update for python-tornado6
openSUSE-SU-2026:20014-1: important: Security update for MozillaFirefox
openSUSE-SU-2026:10033-1: moderate: libtasn1-6-32bit-4.21.0-1.1 on GA media
openSUSE-SU-2026:10034-1: moderate: python311-Authlib-1.6.6-1.1 on GA media
openSUSE-SU-2026:10030-1: moderate: k6-1.5.0-1.1 on GA media
openSUSE-SU-2026:10035-1: moderate: teleport-17.7.13-1.1 on GA media
openSUSE-SU-2026:10032-1: moderate: libpcap-devel-1.10.6-1.1 on GA media
openSUSE-SU-2026:10031-1: moderate: kubelogin-0.2.14-1.1 on GA media
openSUSE-SU-2026:10029-1: moderate: istioctl-1.28.2-1.1 on GA media
openSUSE-SU-2026:10028-1: moderate: ffmpeg-7-7.1.3-1.1 on GA media
openSUSE-SU-2026:10027-1: moderate: ffmpeg-4-4.4.6-10.1 on GA media



SUSE-SU-2026:0116-1: moderate: Security update for util-linux


# Security update for util-linux

Announcement ID: SUSE-SU-2026:0116-1
Release Date: 2026-01-13T02:33:45Z
Rating: moderate
References:

* bsc#1254666
* jsc#PED-13682

Cross-References:

* CVE-2025-14104

CVSS scores:

* CVE-2025-14104 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-14104 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-14104 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2

An update that solves one vulnerability and contains one feature can now be
installed.

## Description:

This update for util-linux fixes the following issues:

* CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing
256-byte usernames (bsc#1254666).
* lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-116=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-116=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-116=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* libblkid1-debuginfo-2.36.2-150300.4.50.1
* libblkid1-2.36.2-150300.4.50.1
* python3-libmount-2.36.2-150300.4.50.1
* libuuid1-2.36.2-150300.4.50.1
* libsmartcols1-2.36.2-150300.4.50.1
* libblkid-devel-static-2.36.2-150300.4.50.1
* uuidd-2.36.2-150300.4.50.1
* python3-libmount-debuginfo-2.36.2-150300.4.50.1
* libsmartcols-devel-2.36.2-150300.4.50.1
* util-linux-debuginfo-2.36.2-150300.4.50.1
* libfdisk-devel-2.36.2-150300.4.50.1
* uuidd-debuginfo-2.36.2-150300.4.50.1
* util-linux-2.36.2-150300.4.50.1
* libsmartcols-devel-static-2.36.2-150300.4.50.1
* libmount-devel-static-2.36.2-150300.4.50.1
* libfdisk-devel-static-2.36.2-150300.4.50.1
* util-linux-systemd-2.36.2-150300.4.50.1
* libblkid-devel-2.36.2-150300.4.50.1
* libfdisk1-debuginfo-2.36.2-150300.4.50.1
* util-linux-systemd-debuginfo-2.36.2-150300.4.50.1
* libuuid1-debuginfo-2.36.2-150300.4.50.1
* libmount-devel-2.36.2-150300.4.50.1
* util-linux-debugsource-2.36.2-150300.4.50.1
* libmount1-2.36.2-150300.4.50.1
* libuuid-devel-static-2.36.2-150300.4.50.1
* libsmartcols1-debuginfo-2.36.2-150300.4.50.1
* util-linux-systemd-debugsource-2.36.2-150300.4.50.1
* libfdisk1-2.36.2-150300.4.50.1
* libmount1-debuginfo-2.36.2-150300.4.50.1
* libuuid-devel-2.36.2-150300.4.50.1
* python3-libmount-debugsource-2.36.2-150300.4.50.1
* openSUSE Leap 15.3 (x86_64)
* libfdisk1-32bit-debuginfo-2.36.2-150300.4.50.1
* libblkid1-32bit-debuginfo-2.36.2-150300.4.50.1
* libuuid1-32bit-2.36.2-150300.4.50.1
* libblkid-devel-32bit-2.36.2-150300.4.50.1
* libmount-devel-32bit-2.36.2-150300.4.50.1
* libuuid-devel-32bit-2.36.2-150300.4.50.1
* libfdisk-devel-32bit-2.36.2-150300.4.50.1
* libuuid1-32bit-debuginfo-2.36.2-150300.4.50.1
* libsmartcols1-32bit-2.36.2-150300.4.50.1
* libmount1-32bit-debuginfo-2.36.2-150300.4.50.1
* libblkid1-32bit-2.36.2-150300.4.50.1
* libfdisk1-32bit-2.36.2-150300.4.50.1
* libmount1-32bit-2.36.2-150300.4.50.1
* libsmartcols1-32bit-debuginfo-2.36.2-150300.4.50.1
* libsmartcols-devel-32bit-2.36.2-150300.4.50.1
* openSUSE Leap 15.3 (noarch)
* util-linux-lang-2.36.2-150300.4.50.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* libblkid1-64bit-debuginfo-2.36.2-150300.4.50.1
* libsmartcols-devel-64bit-2.36.2-150300.4.50.1
* libfdisk-devel-64bit-2.36.2-150300.4.50.1
* libmount1-64bit-debuginfo-2.36.2-150300.4.50.1
* libsmartcols1-64bit-2.36.2-150300.4.50.1
* libmount1-64bit-2.36.2-150300.4.50.1
* libuuid-devel-64bit-2.36.2-150300.4.50.1
* libmount-devel-64bit-2.36.2-150300.4.50.1
* libfdisk1-64bit-2.36.2-150300.4.50.1
* libuuid1-64bit-debuginfo-2.36.2-150300.4.50.1
* libsmartcols1-64bit-debuginfo-2.36.2-150300.4.50.1
* libblkid-devel-64bit-2.36.2-150300.4.50.1
* libfdisk1-64bit-debuginfo-2.36.2-150300.4.50.1
* libuuid1-64bit-2.36.2-150300.4.50.1
* libblkid1-64bit-2.36.2-150300.4.50.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* libblkid1-debuginfo-2.36.2-150300.4.50.1
* libfdisk1-debuginfo-2.36.2-150300.4.50.1
* util-linux-debuginfo-2.36.2-150300.4.50.1
* libsmartcols1-debuginfo-2.36.2-150300.4.50.1
* libblkid1-2.36.2-150300.4.50.1
* util-linux-2.36.2-150300.4.50.1
* libfdisk1-2.36.2-150300.4.50.1
* libmount1-debuginfo-2.36.2-150300.4.50.1
* util-linux-systemd-debuginfo-2.36.2-150300.4.50.1
* libuuid1-debuginfo-2.36.2-150300.4.50.1
* util-linux-systemd-debugsource-2.36.2-150300.4.50.1
* util-linux-debugsource-2.36.2-150300.4.50.1
* libuuid1-2.36.2-150300.4.50.1
* libmount1-2.36.2-150300.4.50.1
* libsmartcols1-2.36.2-150300.4.50.1
* util-linux-systemd-2.36.2-150300.4.50.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* libblkid1-debuginfo-2.36.2-150300.4.50.1
* libfdisk1-debuginfo-2.36.2-150300.4.50.1
* util-linux-debuginfo-2.36.2-150300.4.50.1
* libsmartcols1-debuginfo-2.36.2-150300.4.50.1
* libblkid1-2.36.2-150300.4.50.1
* util-linux-2.36.2-150300.4.50.1
* libfdisk1-2.36.2-150300.4.50.1
* libmount1-debuginfo-2.36.2-150300.4.50.1
* util-linux-systemd-debuginfo-2.36.2-150300.4.50.1
* libuuid1-debuginfo-2.36.2-150300.4.50.1
* util-linux-systemd-debugsource-2.36.2-150300.4.50.1
* util-linux-debugsource-2.36.2-150300.4.50.1
* libuuid1-2.36.2-150300.4.50.1
* libmount1-2.36.2-150300.4.50.1
* libsmartcols1-2.36.2-150300.4.50.1
* util-linux-systemd-2.36.2-150300.4.50.1

## References:

* https://www.suse.com/security/cve/CVE-2025-14104.html
* https://bugzilla.suse.com/show_bug.cgi?id=1254666
* https://jira.suse.com/browse/PED-13682



SUSE-SU-2026:0117-1: moderate: Security update for util-linux


# Security update for util-linux

Announcement ID: SUSE-SU-2026:0117-1
Release Date: 2026-01-13T04:33:44Z
Rating: moderate
References:

* bsc#1254666
* jsc#PED-13682

Cross-References:

* CVE-2025-14104

CVSS scores:

* CVE-2025-14104 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-14104 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-14104 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise Micro 5.5

An update that solves one vulnerability and contains one feature can now be
installed.

## Description:

This update for util-linux fixes the following issues:

* CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing
256-byte usernames (bsc#1254666).
* lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-117=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-117=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-117=1

## Package List:

* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* util-linux-2.37.4-150500.9.20.1
* libblkid1-2.37.4-150500.9.20.1
* libsmartcols1-debuginfo-2.37.4-150500.9.20.1
* libuuid1-2.37.4-150500.9.20.1
* libmount1-2.37.4-150500.9.20.1
* libmount1-debuginfo-2.37.4-150500.9.20.1
* libsmartcols1-2.37.4-150500.9.20.1
* util-linux-systemd-2.37.4-150500.9.20.1
* util-linux-systemd-debugsource-2.37.4-150500.9.20.1
* util-linux-debugsource-2.37.4-150500.9.20.1
* util-linux-debuginfo-2.37.4-150500.9.20.1
* libfdisk1-2.37.4-150500.9.20.1
* libblkid1-debuginfo-2.37.4-150500.9.20.1
* libuuid1-debuginfo-2.37.4-150500.9.20.1
* util-linux-systemd-debuginfo-2.37.4-150500.9.20.1
* libfdisk1-debuginfo-2.37.4-150500.9.20.1
* SUSE Linux Enterprise Micro 5.5 (s390x)
* util-linux-extra-2.37.4-150500.9.20.1
* util-linux-extra-debuginfo-2.37.4-150500.9.20.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* libblkid-devel-2.37.4-150500.9.20.1
* util-linux-2.37.4-150500.9.20.1
* libfdisk-devel-static-2.37.4-150500.9.20.1
* libuuid1-2.37.4-150500.9.20.1
* python3-libmount-debuginfo-2.37.4-150500.9.20.1
* python3-libmount-2.37.4-150500.9.20.1
* libmount-devel-static-2.37.4-150500.9.20.1
* uuidd-2.37.4-150500.9.20.1
* libblkid1-2.37.4-150500.9.20.1
* libuuid-devel-2.37.4-150500.9.20.1
* libsmartcols-devel-2.37.4-150500.9.20.1
* libsmartcols1-2.37.4-150500.9.20.1
* util-linux-systemd-2.37.4-150500.9.20.1
* util-linux-debugsource-2.37.4-150500.9.20.1
* util-linux-debuginfo-2.37.4-150500.9.20.1
* libmount-devel-2.37.4-150500.9.20.1
* libuuid1-debuginfo-2.37.4-150500.9.20.1
* util-linux-systemd-debugsource-2.37.4-150500.9.20.1
* uuidd-debuginfo-2.37.4-150500.9.20.1
* libfdisk1-debuginfo-2.37.4-150500.9.20.1
* libblkid-devel-static-2.37.4-150500.9.20.1
* python3-libmount-debugsource-2.37.4-150500.9.20.1
* libsmartcols1-debuginfo-2.37.4-150500.9.20.1
* libmount1-2.37.4-150500.9.20.1
* libmount1-debuginfo-2.37.4-150500.9.20.1
* libuuid-devel-static-2.37.4-150500.9.20.1
* libfdisk1-2.37.4-150500.9.20.1
* libblkid1-debuginfo-2.37.4-150500.9.20.1
* libfdisk-devel-2.37.4-150500.9.20.1
* libsmartcols-devel-static-2.37.4-150500.9.20.1
* util-linux-systemd-debuginfo-2.37.4-150500.9.20.1
* openSUSE Leap 15.5 (x86_64)
* libuuid1-32bit-debuginfo-2.37.4-150500.9.20.1
* libsmartcols-devel-32bit-2.37.4-150500.9.20.1
* libmount1-32bit-2.37.4-150500.9.20.1
* libblkid-devel-32bit-2.37.4-150500.9.20.1
* libblkid1-32bit-2.37.4-150500.9.20.1
* libfdisk1-32bit-debuginfo-2.37.4-150500.9.20.1
* libfdisk-devel-32bit-2.37.4-150500.9.20.1
* libmount-devel-32bit-2.37.4-150500.9.20.1
* libmount1-32bit-debuginfo-2.37.4-150500.9.20.1
* libsmartcols1-32bit-debuginfo-2.37.4-150500.9.20.1
* libuuid1-32bit-2.37.4-150500.9.20.1
* libsmartcols1-32bit-2.37.4-150500.9.20.1
* libfdisk1-32bit-2.37.4-150500.9.20.1
* libblkid1-32bit-debuginfo-2.37.4-150500.9.20.1
* libuuid-devel-32bit-2.37.4-150500.9.20.1
* openSUSE Leap 15.5 (noarch)
* util-linux-lang-2.37.4-150500.9.20.1
* openSUSE Leap 15.5 (s390x)
* util-linux-extra-2.37.4-150500.9.20.1
* util-linux-extra-debuginfo-2.37.4-150500.9.20.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* libsmartcols-devel-64bit-2.37.4-150500.9.20.1
* libblkid1-64bit-2.37.4-150500.9.20.1
* libfdisk-devel-64bit-2.37.4-150500.9.20.1
* libblkid1-64bit-debuginfo-2.37.4-150500.9.20.1
* libuuid1-64bit-2.37.4-150500.9.20.1
* libsmartcols1-64bit-debuginfo-2.37.4-150500.9.20.1
* libmount1-64bit-2.37.4-150500.9.20.1
* libsmartcols1-64bit-2.37.4-150500.9.20.1
* libmount-devel-64bit-2.37.4-150500.9.20.1
* libuuid-devel-64bit-2.37.4-150500.9.20.1
* libfdisk1-64bit-debuginfo-2.37.4-150500.9.20.1
* libblkid-devel-64bit-2.37.4-150500.9.20.1
* libmount1-64bit-debuginfo-2.37.4-150500.9.20.1
* libfdisk1-64bit-2.37.4-150500.9.20.1
* libuuid1-64bit-debuginfo-2.37.4-150500.9.20.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python3-libmount-debugsource-2.37.4-150500.9.20.1
* openSUSE Leap 15.6 (s390x)
* util-linux-extra-2.37.4-150500.9.20.1
* util-linux-extra-debuginfo-2.37.4-150500.9.20.1

## References:

* https://www.suse.com/security/cve/CVE-2025-14104.html
* https://bugzilla.suse.com/show_bug.cgi?id=1254666
* https://jira.suse.com/browse/PED-13682



openSUSE-SU-2026:20022-1: important: Security update for matio


openSUSE security update: security update for matio
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20022-1
Rating: important
References:

* bsc#1239677
* bsc#1239678

Cross-References:

* CVE-2025-2337
* CVE-2025-2338

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for matio fixes the following issues:

- update to version 1.5.29:
* Fix printing rank-1-variable in Mat_VarPrint
* Fix array index out of bounds in Mat_VarPrint when printing
UTF-8 character data (boo#1239678, CVE-2025-2337)
* Fix heap-based buffer overflow in strdup_vprintf
(boo#1239677, CVE-2025-2338)
* Changed Mat_VarPrint to print all values of rank-2-variable
* Several other fixes, for example for access violations in
Mat_VarPrint

- Update to version 1.5.28:
* Fixed bug writing MAT_T_INT8/MAT_T_UINT8 encoded character
array to compressed v5 MAT file (regression of v1.5.12).
* Fixed bug reading all-zero sparse array of v4 MAT file
(regression of v1.5.18).
* Updated C99 snprintf.c.
* CMake: Enabled testing.
* Several other fixes, for example for access violations in
Mat_VarPrint.

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-66=1

Package List:

- openSUSE Leap 16.0:

libmatio-devel-1.5.29-bp160.1.1
libmatio13-1.5.29-bp160.1.1
matio-tools-1.5.29-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-2337.html
* https://www.suse.com/security/cve/CVE-2025-2338.html



openSUSE-SU-2026:20017-1: important: Security update for libpng16


openSUSE security update: security update for libpng16
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20017-1
Rating: important
References:

* bsc#1254157
* bsc#1254158
* bsc#1254159
* bsc#1254160
* bsc#1254480

Cross-References:

* CVE-2025-64505
* CVE-2025-64506
* CVE-2025-64720
* CVE-2025-65018
* CVE-2025-66293

CVSS scores:

* CVE-2025-64505 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-64505 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-64506 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-64506 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-64720 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-64720 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-65018 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-65018 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-66293 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2025-66293 ( SUSE ): 6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed.

Description:

This update for libpng16 fixes the following issues:

- CVE-2025-64505: heap buffer over-read in `png_do_quantize` when processing PNG files malformed palette indices
(bsc#1254157).
- CVE-2025-64506: heap buffer over-read in `png_write_image_8bit` when processing 8-bit input with `convert_to_8bit`
enabled (bsc#1254158).
- CVE-2025-64720: out-of-bounds read in `png_image_read_composite` when processing palette images with
`PNG_FLAG_OPTIMIZE_ALPHA` enabled (bsc#1254159).
- CVE-2025-65018: heap buffer overflow in `png_image_finish_read` when processing specially crafted 16-bit interlaced
PNGs with 8-bit output format (bsc#1254160).
- CVE-2025-66293: out-of-bounds read of the `png_sRGB_base` array when processing palette PNG images with partial
transparency and gamma correction (bsc#1254480).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-131=1

Package List:

- openSUSE Leap 16.0:

libpng16-16-1.6.44-160000.3.1
libpng16-16-x86-64-v3-1.6.44-160000.3.1
libpng16-compat-devel-1.6.44-160000.3.1
libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1
libpng16-devel-1.6.44-160000.3.1
libpng16-devel-x86-64-v3-1.6.44-160000.3.1
libpng16-tools-1.6.44-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-64505.html
* https://www.suse.com/security/cve/CVE-2025-64506.html
* https://www.suse.com/security/cve/CVE-2025-64720.html
* https://www.suse.com/security/cve/CVE-2025-65018.html
* https://www.suse.com/security/cve/CVE-2025-66293.html



openSUSE-SU-2026:20016-1: important: Security update for libmicrohttpd


openSUSE security update: security update for libmicrohttpd
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20016-1
Rating: important
References:

* bsc#1253177
* bsc#1253178

Cross-References:

* CVE-2025-59777
* CVE-2025-62689

CVSS scores:

* CVE-2025-59777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-59777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-62689 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-62689 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for libmicrohttpd fixes the following issues:

- CVE-2025-62689: Fixed heap-based buffer overflow through
a specially crafted packet (bsc#1253178)
- CVE-2025-59777: Fixed NULL pointer dereference through
a specially crafted packet (bsc#1253177)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-130=1

Package List:

- openSUSE Leap 16.0:

libmicrohttpd-devel-1.0.1-160000.3.1
libmicrohttpd12-1.0.1-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-59777.html
* https://www.suse.com/security/cve/CVE-2025-62689.html



openSUSE-SU-2026:20013-1: moderate: Security update for avahi


openSUSE security update: security update for avahi
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20013-1
Rating: moderate
References:

* bsc#1233421

Cross-References:

* CVE-2024-52615

CVSS scores:

* CVE-2024-52615 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-52615 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for avahi fixes the following issues:

- CVE-2024-52615: Fixed DNS spoofing (bsc#1233421)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-127=1

Package List:

- openSUSE Leap 16.0:

avahi-0.8-160000.3.1
avahi-autoipd-0.8-160000.3.1
avahi-compat-howl-devel-0.8-160000.3.1
avahi-compat-mDNSResponder-devel-0.8-160000.3.1
avahi-lang-0.8-160000.3.1
avahi-utils-0.8-160000.3.1
avahi-utils-gtk-0.8-160000.3.1
libavahi-client3-0.8-160000.3.1
libavahi-common3-0.8-160000.3.1
libavahi-core7-0.8-160000.3.1
libavahi-devel-0.8-160000.3.1
libavahi-glib-devel-0.8-160000.3.1
libavahi-glib1-0.8-160000.3.1
libavahi-gobject-devel-0.8-160000.3.1
libavahi-gobject0-0.8-160000.3.1
libavahi-libevent1-0.8-160000.3.1
libavahi-qt6-1-0.8-160000.3.1
libavahi-qt6-devel-0.8-160000.3.1
libavahi-ui-gtk3-0-0.8-160000.3.1
libdns_sd-0.8-160000.3.1
libhowl0-0.8-160000.3.1
python3-avahi-gtk-0.8-160000.3.1
python313-avahi-0.8-160000.3.1
typelib-1_0-Avahi-0_6-0.8-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2024-52615.html



openSUSE-SU-2026:20015-1: important: Security update for python-tornado6


openSUSE security update: security update for python-tornado6
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20015-1
Rating: important
References:

* bsc#1254903
* bsc#1254904
* bsc#1254905

Cross-References:

* CVE-2025-67724
* CVE-2025-67725
* CVE-2025-67726

CVSS scores:

* CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-67726 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-67726 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.

Description:

This update for python-tornado6 fixes the following issues:

- CVE-2025-67724: unescaped `reason` argument used in HTTP headers and in HTML default error pages can be used by
attackers to launch header injection or XSS attacks (bsc#1254903).
- CVE-2025-67725: quadratic complexity of string concatenation operations used by the `HTTPHeaders.add` method can lead
o DoS when processing a maliciously crafted HTTP request (bsc#1254905).
- CVE-2025-67726: quadratic complexity algorithm used in the `_parseparam` function of `httputil.py` can lead to DoS
when processing maliciously crafted parameters in a `Content-Disposition` header (bsc#1254904).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-129=1

Package List:

- openSUSE Leap 16.0:

python313-tornado6-6.5-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-67724.html
* https://www.suse.com/security/cve/CVE-2025-67725.html
* https://www.suse.com/security/cve/CVE-2025-67726.html



openSUSE-SU-2026:20014-1: important: Security update for MozillaFirefox


openSUSE security update: security update for mozillafirefox
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20014-1
Rating: important
References:

* bsc#1254551

Cross-References:

* CVE-2025-14321
* CVE-2025-14322
* CVE-2025-14323
* CVE-2025-14324
* CVE-2025-14325
* CVE-2025-14328
* CVE-2025-14329
* CVE-2025-14330
* CVE-2025-14331
* CVE-2025-14333

CVSS scores:

* CVE-2025-14321 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-14321 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-14322 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-14322 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-14323 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-14323 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-14324 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-14324 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-14325 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-14325 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-14328 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-14328 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-14329 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-14329 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-14330 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2025-14330 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-14331 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2025-14331 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-14333 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-14333 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 10 vulnerabilities and has one bug fix can now be installed.

Description:

This update for MozillaFirefox fixes the following issues:

Changes in MozillaFirefox:

Firefox Extended Support Release 140.6.0 ESR was released:

* Fixed: Various security fixes.

MFSA 2025-94 (bsc#1254551):

* CVE-2025-14321: Use-after-free in the WebRTC: Signaling component
* CVE-2025-14322: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component
* CVE-2025-14323: Privilege escalation in the DOM: Notifications component
* CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component
* CVE-2025-14325: JIT miscompilation in the JavaScript Engine: JIT component
* CVE-2025-14328: Privilege escalation in the Netmonitor component
* CVE-2025-14329: Privilege escalation in the Netmonitor component
* CVE-2025-14330: JIT miscompilation in the JavaScript Engine: JIT component
* CVE-2025-14331: Same-origin policy bypass in the Request Handling component
* CVE-2025-14333: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-128=1

Package List:

- openSUSE Leap 16.0:

MozillaFirefox-140.6.0-160000.1.1
MozillaFirefox-branding-upstream-140.6.0-160000.1.1
MozillaFirefox-devel-140.6.0-160000.1.1
MozillaFirefox-translations-common-140.6.0-160000.1.1
MozillaFirefox-translations-other-140.6.0-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-14321.html
* https://www.suse.com/security/cve/CVE-2025-14322.html
* https://www.suse.com/security/cve/CVE-2025-14323.html
* https://www.suse.com/security/cve/CVE-2025-14324.html
* https://www.suse.com/security/cve/CVE-2025-14325.html
* https://www.suse.com/security/cve/CVE-2025-14328.html
* https://www.suse.com/security/cve/CVE-2025-14329.html
* https://www.suse.com/security/cve/CVE-2025-14330.html
* https://www.suse.com/security/cve/CVE-2025-14331.html
* https://www.suse.com/security/cve/CVE-2025-14333.html



openSUSE-SU-2026:10033-1: moderate: libtasn1-6-32bit-4.21.0-1.1 on GA media


# libtasn1-6-32bit-4.21.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10033-1
Rating: moderate

Cross-References:

* CVE-2025-13151

CVSS scores:

* CVE-2025-13151 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2025-13151 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libtasn1-6-32bit-4.21.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libtasn1-6 4.21.0-1.1
* libtasn1-6-32bit 4.21.0-1.1
* libtasn1-devel 4.21.0-1.1
* libtasn1-devel-32bit 4.21.0-1.1
* libtasn1-tools 4.21.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-13151.html



openSUSE-SU-2026:10034-1: moderate: python311-Authlib-1.6.6-1.1 on GA media


# python311-Authlib-1.6.6-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10034-1
Rating: moderate

Cross-References:

* CVE-2025-68158

CVSS scores:

* CVE-2025-68158 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-68158 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-Authlib-1.6.6-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-Authlib 1.6.6-1.1
* python312-Authlib 1.6.6-1.1
* python313-Authlib 1.6.6-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-68158.html



openSUSE-SU-2026:10030-1: moderate: k6-1.5.0-1.1 on GA media


# k6-1.5.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10030-1
Rating: moderate

Cross-References:

* CVE-2025-61729

CVSS scores:

* CVE-2025-61729 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61729 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the k6-1.5.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* k6 1.5.0-1.1
* k6-bash-completion 1.5.0-1.1
* k6-fish-completion 1.5.0-1.1
* k6-zsh-completion 1.5.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-61729.html



openSUSE-SU-2026:10035-1: moderate: teleport-17.7.13-1.1 on GA media


# teleport-17.7.13-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10035-1
Rating: moderate

Cross-References:

* CVE-2025-64702

CVSS scores:

* CVE-2025-64702 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-64702 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the teleport-17.7.13-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* teleport 17.7.13-1.1
* teleport-bash-completion 17.7.13-1.1
* teleport-fdpass-teleport 17.7.13-1.1
* teleport-tbot 17.7.13-1.1
* teleport-tbot-bash-completion 17.7.13-1.1
* teleport-tbot-zsh-completion 17.7.13-1.1
* teleport-tctl 17.7.13-1.1
* teleport-tctl-bash-completion 17.7.13-1.1
* teleport-tctl-zsh-completion 17.7.13-1.1
* teleport-tsh 17.7.13-1.1
* teleport-tsh-bash-completion 17.7.13-1.1
* teleport-tsh-zsh-completion 17.7.13-1.1
* teleport-zsh-completion 17.7.13-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-64702.html



openSUSE-SU-2026:10032-1: moderate: libpcap-devel-1.10.6-1.1 on GA media


# libpcap-devel-1.10.6-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10032-1
Rating: moderate

Cross-References:

* CVE-2025-11961

CVSS scores:

* CVE-2025-11961 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-11961 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libpcap-devel-1.10.6-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libpcap-devel 1.10.6-1.1
* libpcap-devel-32bit 1.10.6-1.1
* libpcap-devel-static 1.10.6-1.1
* libpcap1 1.10.6-1.1
* libpcap1-32bit 1.10.6-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-11961.html



openSUSE-SU-2026:10031-1: moderate: kubelogin-0.2.14-1.1 on GA media


# kubelogin-0.2.14-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10031-1
Rating: moderate

Cross-References:

* CVE-2025-61727

CVSS scores:

* CVE-2025-61727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61727 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the kubelogin-0.2.14-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* kubelogin 0.2.14-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-61727.html



openSUSE-SU-2026:10029-1: moderate: istioctl-1.28.2-1.1 on GA media


# istioctl-1.28.2-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10029-1
Rating: moderate

Cross-References:

* CVE-2025-62408

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the istioctl-1.28.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* istioctl 1.28.2-1.1
* istioctl-bash-completion 1.28.2-1.1
* istioctl-zsh-completion 1.28.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-62408.html



openSUSE-SU-2026:10028-1: moderate: ffmpeg-7-7.1.3-1.1 on GA media


# ffmpeg-7-7.1.3-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10028-1
Rating: moderate

Cross-References:

* CVE-2023-6601

CVSS scores:

* CVE-2023-6601 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ffmpeg-7-7.1.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ffmpeg-7 7.1.3-1.1
* ffmpeg-7-libavcodec-devel 7.1.3-1.1
* ffmpeg-7-libavdevice-devel 7.1.3-1.1
* ffmpeg-7-libavfilter-devel 7.1.3-1.1
* ffmpeg-7-libavformat-devel 7.1.3-1.1
* ffmpeg-7-libavutil-devel 7.1.3-1.1
* ffmpeg-7-libpostproc-devel 7.1.3-1.1
* ffmpeg-7-libswresample-devel 7.1.3-1.1
* ffmpeg-7-libswscale-devel 7.1.3-1.1
* libavcodec61 7.1.3-1.1
* libavdevice61 7.1.3-1.1
* libavfilter10 7.1.3-1.1
* libavformat61 7.1.3-1.1
* libavutil59 7.1.3-1.1
* libpostproc58 7.1.3-1.1
* libswresample5 7.1.3-1.1
* libswscale8 7.1.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2023-6601.html



openSUSE-SU-2026:10027-1: moderate: ffmpeg-4-4.4.6-10.1 on GA media


# ffmpeg-4-4.4.6-10.1 on GA media

Announcement ID: openSUSE-SU-2026:10027-1
Rating: moderate

Cross-References:

* CVE-2023-6601

CVSS scores:

* CVE-2023-6601 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ffmpeg-4-4.4.6-10.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ffmpeg-4 4.4.6-10.1
* ffmpeg-4-libavcodec-devel 4.4.6-10.1
* ffmpeg-4-libavdevice-devel 4.4.6-10.1
* ffmpeg-4-libavfilter-devel 4.4.6-10.1
* ffmpeg-4-libavformat-devel 4.4.6-10.1
* ffmpeg-4-libavresample-devel 4.4.6-10.1
* ffmpeg-4-libavutil-devel 4.4.6-10.1
* ffmpeg-4-libpostproc-devel 4.4.6-10.1
* ffmpeg-4-libswresample-devel 4.4.6-10.1
* ffmpeg-4-libswscale-devel 4.4.6-10.1
* ffmpeg-4-private-devel 4.4.6-10.1
* libavcodec58_134 4.4.6-10.1
* libavdevice58_13 4.4.6-10.1
* libavfilter7_110 4.4.6-10.1
* libavformat58_76 4.4.6-10.1
* libavresample4_0 4.4.6-10.1
* libavutil56_70 4.4.6-10.1
* libpostproc55_9 4.4.6-10.1
* libswresample3_9 4.4.6-10.1
* libswscale5_9 4.4.6-10.1

## References:

* https://www.suse.com/security/cve/CVE-2023-6601.html


OpenScap, Kernel, OpenSSL, Dracut, Device-Mapper updates for Oracle Linux

Google Guest Agent, WebKitGTK, urllib3 updates for Ubuntu

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...