Several important and moderate security updates have been released for various packages in SUSE Linux. The "c3p0" and "mchange-commons" packages, as well as "python-aiohttp", received high-priority updates to address potential security issues. Additionally, openSUSE users are affected by security updates for "rclone" and "python311-pymongo". Security updates have also been made available for the "util-linux" package, with two separate updates addressing moderate security concerns.

SUSE-SU-2026:0855-1: important: Security update for c3p0 and mchange-commons
SUSE-SU-2026:0858-1: important: Security update for python-aiohttp
openSUSE-SU-2026:10313-1: moderate: rclone-1.73.2-1.1 on GA media
openSUSE-SU-2026:10312-1: moderate: python311-pymongo-4.16.0-1.1 on GA media
SUSE-SU-2026:0857-1: moderate: Security update for util-linux
SUSE-SU-2026:0856-1: moderate: Security update for util-linux

SUSE-SU-2026:0855-1: important: Security update for c3p0 and mchange-commons

# Security update for c3p0 and mchange-commons

Announcement ID: SUSE-SU-2026:0855-1
Release Date: 2026-03-10T05:06:42Z
Rating: important
References:

* bsc#1258913
* bsc#1258942
* bsc#1259313

Cross-References:

* CVE-2026-27727
* CVE-2026-27830

CVSS scores:

* CVE-2026-27727 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-27727 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-27727 ( NVD ): 8.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-27830 ( SUSE ): 8.9
CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-27830 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-27830 ( NVD ): 8.9
CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6

An update that solves two vulnerabilities and has one security fix can now be
installed.

## Description:

This update for c3p0 and mchange-commons fixes the following issues:

c3p0:

* Security issues fixed:

* CVE-2026-27830: Fixed unsafe object deserialization (bsc#1258942)

* Fix the null pointer exception in the userOverridesAsString method
(bsc#1259313).

mchange-commons:

* Security issues fixed:

* CVE-2026-27727: Disabled remote ClassLoading when dereferencing
javax.naming.Reference instances (bsc#1258913)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-855=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-855=1

## Package List:

* openSUSE Leap 15.4 (noarch)
* c3p0-0.9.5.5-150400.3.5.1
* c3p0-javadoc-0.9.5.5-150400.3.5.1
* mchange-commons-javadoc-0.2.20-150400.3.3.1
* mchange-commons-0.2.20-150400.3.3.1
* openSUSE Leap 15.6 (noarch)
* c3p0-0.9.5.5-150400.3.5.1
* c3p0-javadoc-0.9.5.5-150400.3.5.1
* mchange-commons-javadoc-0.2.20-150400.3.3.1
* mchange-commons-0.2.20-150400.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-27727.html
* https://www.suse.com/security/cve/CVE-2026-27830.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258913
* https://bugzilla.suse.com/show_bug.cgi?id=1258942
* https://bugzilla.suse.com/show_bug.cgi?id=1259313

SUSE-SU-2026:0858-1: important: Security update for python-aiohttp

# Security update for python-aiohttp

Announcement ID: SUSE-SU-2026:0858-1
Release Date: 2026-03-10T12:39:04Z
Rating: important
References:

* bsc#1256017
* bsc#1256018
* bsc#1256019
* bsc#1256020
* bsc#1256021
* bsc#1256022
* bsc#1256023

Cross-References:

* CVE-2025-69223
* CVE-2025-69224
* CVE-2025-69225
* CVE-2025-69226
* CVE-2025-69227
* CVE-2025-69228
* CVE-2025-69229

CVSS scores:

* CVE-2025-69223 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-69223 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-69223 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-69224 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-69224 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-69224 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-69224 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-69225 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-69225 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-69225 ( NVD ): 2.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-69225 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-69226 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-69226 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-69226 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-69226 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-69227 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-69227 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-69227 ( NVD ): 6.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-69227 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-69228 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-69228 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-69228 ( NVD ): 6.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-69228 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-69229 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-69229 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-69229 ( NVD ): 6.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-69229 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6
* Public Cloud Module 15-SP4
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for python-aiohttp fixes the following issues:

* CVE-2025-69228: Fixed denial of service through large payloads
(bsc#1256022).
* CVE-2025-69226: Fixed brute-force leak of internal static file path
components (bsc#1256020).
* CVE-2025-69224: Fixed unicode processing of header values could cause
parsing discrepancies (bsc#1256018).
* CVE-2025-69223: Fixed aiohttp HTTP Parser auto_decompress feature
susceptible to zip bomb (bsc#1256017).
* CVE-2025-69227: Fixed DoS when bypassing asserts (bsc#1256021).
* CVE-2025-69225: Fixed unicode match groups in regexes for ASCII protocol
elements (bsc#1256019).
* CVE-2025-69229: Fixed DoS through chunked messages (bsc#1256023).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-858=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-858=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-858=1

* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-858=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-858=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-858=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-858=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-858=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-858=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-858=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-858=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-858=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-858=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-858=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python311-aiohttp-debuginfo-3.9.3-150400.10.36.1
* python311-aiohttp-3.9.3-150400.10.36.1
* python-aiohttp-debugsource-3.9.3-150400.10.36.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python311-aiohttp-debuginfo-3.9.3-150400.10.36.1
* python311-aiohttp-3.9.3-150400.10.36.1
* python-aiohttp-debugsource-3.9.3-150400.10.36.1
* Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* python311-aiohttp-3.9.3-150400.10.36.1
* Python 3 Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* python311-aiohttp-debuginfo-3.9.3-150400.10.36.1
* python311-aiohttp-3.9.3-150400.10.36.1
* python-aiohttp-debugsource-3.9.3-150400.10.36.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* python311-aiohttp-debuginfo-3.9.3-150400.10.36.1
* python311-aiohttp-3.9.3-150400.10.36.1
* python-aiohttp-debugsource-3.9.3-150400.10.36.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* python311-aiohttp-debuginfo-3.9.3-150400.10.36.1
* python311-aiohttp-3.9.3-150400.10.36.1
* python-aiohttp-debugsource-3.9.3-150400.10.36.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* python311-aiohttp-debuginfo-3.9.3-150400.10.36.1
* python311-aiohttp-3.9.3-150400.10.36.1
* python-aiohttp-debugsource-3.9.3-150400.10.36.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* python311-aiohttp-debuginfo-3.9.3-150400.10.36.1
* python311-aiohttp-3.9.3-150400.10.36.1
* python-aiohttp-debugsource-3.9.3-150400.10.36.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* python311-aiohttp-debuginfo-3.9.3-150400.10.36.1
* python311-aiohttp-3.9.3-150400.10.36.1
* python-aiohttp-debugsource-3.9.3-150400.10.36.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* python311-aiohttp-debuginfo-3.9.3-150400.10.36.1
* python311-aiohttp-3.9.3-150400.10.36.1
* python-aiohttp-debugsource-3.9.3-150400.10.36.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* python311-aiohttp-debuginfo-3.9.3-150400.10.36.1
* python311-aiohttp-3.9.3-150400.10.36.1
* python-aiohttp-debugsource-3.9.3-150400.10.36.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* python311-aiohttp-debuginfo-3.9.3-150400.10.36.1
* python311-aiohttp-3.9.3-150400.10.36.1
* python-aiohttp-debugsource-3.9.3-150400.10.36.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* python311-aiohttp-debuginfo-3.9.3-150400.10.36.1
* python311-aiohttp-3.9.3-150400.10.36.1
* python-aiohttp-debugsource-3.9.3-150400.10.36.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* python311-aiohttp-debuginfo-3.9.3-150400.10.36.1
* python311-aiohttp-3.9.3-150400.10.36.1
* python-aiohttp-debugsource-3.9.3-150400.10.36.1

## References:

* https://www.suse.com/security/cve/CVE-2025-69223.html
* https://www.suse.com/security/cve/CVE-2025-69224.html
* https://www.suse.com/security/cve/CVE-2025-69225.html
* https://www.suse.com/security/cve/CVE-2025-69226.html
* https://www.suse.com/security/cve/CVE-2025-69227.html
* https://www.suse.com/security/cve/CVE-2025-69228.html
* https://www.suse.com/security/cve/CVE-2025-69229.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256017
* https://bugzilla.suse.com/show_bug.cgi?id=1256018
* https://bugzilla.suse.com/show_bug.cgi?id=1256019
* https://bugzilla.suse.com/show_bug.cgi?id=1256020
* https://bugzilla.suse.com/show_bug.cgi?id=1256021
* https://bugzilla.suse.com/show_bug.cgi?id=1256022
* https://bugzilla.suse.com/show_bug.cgi?id=1256023

openSUSE-SU-2026:10313-1: moderate: rclone-1.73.2-1.1 on GA media

# rclone-1.73.2-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10313-1
Rating: moderate

Cross-References:

* CVE-2026-1229
* CVE-2026-27141

CVSS scores:

* CVE-2026-27141 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-27141 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the rclone-1.73.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* rclone 1.73.2-1.1
* rclone-bash-completion 1.73.2-1.1
* rclone-zsh-completion 1.73.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-1229.html
* https://www.suse.com/security/cve/CVE-2026-27141.html

openSUSE-SU-2026:10312-1: moderate: python311-pymongo-4.16.0-1.1 on GA media

# python311-pymongo-4.16.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10312-1
Rating: moderate

Cross-References:

* CVE-2023-29483

CVSS scores:

* CVE-2023-29483 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-pymongo-4.16.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-pymongo 4.16.0-1.1
* python313-pymongo 4.16.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2023-29483.html

SUSE-SU-2026:0857-1: moderate: Security update for util-linux

# Security update for util-linux

Announcement ID: SUSE-SU-2026:0857-1
Release Date: 2026-03-10T11:01:32Z
Rating: moderate
References:

* bsc#1258859

Cross-References:

* CVE-2026-3184

CVSS scores:

* CVE-2026-3184 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-3184 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2

An update that solves one vulnerability can now be installed.

## Description:

This update for util-linux fixes the following issues:

* CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access
control for "login -h" (bsc#1258859).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-857=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-857=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-857=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* util-linux-systemd-2.36.2-150300.4.53.1
* libfdisk1-debuginfo-2.36.2-150300.4.53.1
* util-linux-debugsource-2.36.2-150300.4.53.1
* libuuid1-2.36.2-150300.4.53.1
* libfdisk1-2.36.2-150300.4.53.1
* python3-libmount-debuginfo-2.36.2-150300.4.53.1
* libblkid1-debuginfo-2.36.2-150300.4.53.1
* libsmartcols1-2.36.2-150300.4.53.1
* util-linux-systemd-debuginfo-2.36.2-150300.4.53.1
* libblkid1-2.36.2-150300.4.53.1
* libuuid1-debuginfo-2.36.2-150300.4.53.1
* libblkid-devel-static-2.36.2-150300.4.53.1
* util-linux-2.36.2-150300.4.53.1
* libmount-devel-static-2.36.2-150300.4.53.1
* libsmartcols-devel-2.36.2-150300.4.53.1
* libmount1-2.36.2-150300.4.53.1
* libuuid-devel-static-2.36.2-150300.4.53.1
* libsmartcols-devel-static-2.36.2-150300.4.53.1
* uuidd-2.36.2-150300.4.53.1
* uuidd-debuginfo-2.36.2-150300.4.53.1
* util-linux-systemd-debugsource-2.36.2-150300.4.53.1
* python3-libmount-2.36.2-150300.4.53.1
* libmount1-debuginfo-2.36.2-150300.4.53.1
* libfdisk-devel-2.36.2-150300.4.53.1
* libfdisk-devel-static-2.36.2-150300.4.53.1
* libuuid-devel-2.36.2-150300.4.53.1
* libmount-devel-2.36.2-150300.4.53.1
* python3-libmount-debugsource-2.36.2-150300.4.53.1
* libsmartcols1-debuginfo-2.36.2-150300.4.53.1
* util-linux-debuginfo-2.36.2-150300.4.53.1
* libblkid-devel-2.36.2-150300.4.53.1
* openSUSE Leap 15.3 (x86_64)
* libfdisk1-32bit-2.36.2-150300.4.53.1
* libsmartcols-devel-32bit-2.36.2-150300.4.53.1
* libmount1-32bit-debuginfo-2.36.2-150300.4.53.1
* libsmartcols1-32bit-2.36.2-150300.4.53.1
* libsmartcols1-32bit-debuginfo-2.36.2-150300.4.53.1
* libuuid-devel-32bit-2.36.2-150300.4.53.1
* libfdisk-devel-32bit-2.36.2-150300.4.53.1
* libblkid-devel-32bit-2.36.2-150300.4.53.1
* libuuid1-32bit-debuginfo-2.36.2-150300.4.53.1
* libmount-devel-32bit-2.36.2-150300.4.53.1
* libuuid1-32bit-2.36.2-150300.4.53.1
* libfdisk1-32bit-debuginfo-2.36.2-150300.4.53.1
* libblkid1-32bit-2.36.2-150300.4.53.1
* libblkid1-32bit-debuginfo-2.36.2-150300.4.53.1
* libmount1-32bit-2.36.2-150300.4.53.1
* openSUSE Leap 15.3 (noarch)
* util-linux-lang-2.36.2-150300.4.53.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* libblkid1-64bit-2.36.2-150300.4.53.1
* libuuid-devel-64bit-2.36.2-150300.4.53.1
* libsmartcols-devel-64bit-2.36.2-150300.4.53.1
* libmount1-64bit-2.36.2-150300.4.53.1
* libsmartcols1-64bit-2.36.2-150300.4.53.1
* libmount-devel-64bit-2.36.2-150300.4.53.1
* libuuid1-64bit-debuginfo-2.36.2-150300.4.53.1
* libfdisk1-64bit-debuginfo-2.36.2-150300.4.53.1
* libfdisk-devel-64bit-2.36.2-150300.4.53.1
* libblkid1-64bit-debuginfo-2.36.2-150300.4.53.1
* libsmartcols1-64bit-debuginfo-2.36.2-150300.4.53.1
* libuuid1-64bit-2.36.2-150300.4.53.1
* libmount1-64bit-debuginfo-2.36.2-150300.4.53.1
* libfdisk1-64bit-2.36.2-150300.4.53.1
* libblkid-devel-64bit-2.36.2-150300.4.53.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* util-linux-systemd-2.36.2-150300.4.53.1
* libblkid1-2.36.2-150300.4.53.1
* libuuid1-debuginfo-2.36.2-150300.4.53.1
* util-linux-systemd-debuginfo-2.36.2-150300.4.53.1
* libfdisk1-debuginfo-2.36.2-150300.4.53.1
* util-linux-debugsource-2.36.2-150300.4.53.1
* util-linux-2.36.2-150300.4.53.1
* libuuid1-2.36.2-150300.4.53.1
* util-linux-systemd-debugsource-2.36.2-150300.4.53.1
* libfdisk1-2.36.2-150300.4.53.1
* libblkid1-debuginfo-2.36.2-150300.4.53.1
* libsmartcols1-debuginfo-2.36.2-150300.4.53.1
* libsmartcols1-2.36.2-150300.4.53.1
* libmount1-debuginfo-2.36.2-150300.4.53.1
* util-linux-debuginfo-2.36.2-150300.4.53.1
* libmount1-2.36.2-150300.4.53.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* util-linux-systemd-2.36.2-150300.4.53.1
* libblkid1-2.36.2-150300.4.53.1
* libuuid1-debuginfo-2.36.2-150300.4.53.1
* util-linux-systemd-debuginfo-2.36.2-150300.4.53.1
* libfdisk1-debuginfo-2.36.2-150300.4.53.1
* util-linux-debugsource-2.36.2-150300.4.53.1
* util-linux-2.36.2-150300.4.53.1
* libuuid1-2.36.2-150300.4.53.1
* util-linux-systemd-debugsource-2.36.2-150300.4.53.1
* libfdisk1-2.36.2-150300.4.53.1
* libblkid1-debuginfo-2.36.2-150300.4.53.1
* libsmartcols1-debuginfo-2.36.2-150300.4.53.1
* libsmartcols1-2.36.2-150300.4.53.1
* libmount1-debuginfo-2.36.2-150300.4.53.1
* util-linux-debuginfo-2.36.2-150300.4.53.1
* libmount1-2.36.2-150300.4.53.1

## References:

* https://www.suse.com/security/cve/CVE-2026-3184.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258859

SUSE-SU-2026:0856-1: moderate: Security update for util-linux

# Security update for util-linux

Announcement ID: SUSE-SU-2026:0856-1
Release Date: 2026-03-10T08:35:31Z
Rating: moderate
References:

* bsc#1258859

Cross-References:

* CVE-2026-3184

CVSS scores:

* CVE-2026-3184 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-3184 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products:

* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise Micro 5.5

An update that solves one vulnerability can now be installed.

## Description:

This update for util-linux fixes the following issues:

* CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access
control for "login -h" (bsc#1258859).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-856=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-856=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-856=1

## Package List:

* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* util-linux-systemd-debuginfo-2.37.4-150500.9.23.1
* util-linux-2.37.4-150500.9.23.1
* libuuid1-2.37.4-150500.9.23.1
* libsmartcols1-debuginfo-2.37.4-150500.9.23.1
* util-linux-debugsource-2.37.4-150500.9.23.1
* libblkid1-2.37.4-150500.9.23.1
* libsmartcols1-2.37.4-150500.9.23.1
* libblkid1-debuginfo-2.37.4-150500.9.23.1
* libuuid1-debuginfo-2.37.4-150500.9.23.1
* libmount1-debuginfo-2.37.4-150500.9.23.1
* util-linux-debuginfo-2.37.4-150500.9.23.1
* libmount1-2.37.4-150500.9.23.1
* libfdisk1-debuginfo-2.37.4-150500.9.23.1
* util-linux-systemd-2.37.4-150500.9.23.1
* util-linux-systemd-debugsource-2.37.4-150500.9.23.1
* libfdisk1-2.37.4-150500.9.23.1
* SUSE Linux Enterprise Micro 5.5 (s390x)
* util-linux-extra-2.37.4-150500.9.23.1
* util-linux-extra-debuginfo-2.37.4-150500.9.23.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* libsmartcols-devel-2.37.4-150500.9.23.1
* libsmartcols1-debuginfo-2.37.4-150500.9.23.1
* libuuid1-2.37.4-150500.9.23.1
* libfdisk-devel-2.37.4-150500.9.23.1
* libblkid-devel-static-2.37.4-150500.9.23.1
* libuuid-devel-static-2.37.4-150500.9.23.1
* uuidd-2.37.4-150500.9.23.1
* util-linux-systemd-debuginfo-2.37.4-150500.9.23.1
* util-linux-debugsource-2.37.4-150500.9.23.1
* libblkid1-2.37.4-150500.9.23.1
* python3-libmount-debugsource-2.37.4-150500.9.23.1
* libblkid1-debuginfo-2.37.4-150500.9.23.1
* libsmartcols1-2.37.4-150500.9.23.1
* libuuid1-debuginfo-2.37.4-150500.9.23.1
* python3-libmount-debuginfo-2.37.4-150500.9.23.1
* libmount1-2.37.4-150500.9.23.1
* uuidd-debuginfo-2.37.4-150500.9.23.1
* util-linux-systemd-2.37.4-150500.9.23.1
* util-linux-systemd-debugsource-2.37.4-150500.9.23.1
* libfdisk1-2.37.4-150500.9.23.1
* libsmartcols-devel-static-2.37.4-150500.9.23.1
* libmount1-debuginfo-2.37.4-150500.9.23.1
* libmount-devel-static-2.37.4-150500.9.23.1
* libuuid-devel-2.37.4-150500.9.23.1
* libfdisk-devel-static-2.37.4-150500.9.23.1
* python3-libmount-2.37.4-150500.9.23.1
* util-linux-2.37.4-150500.9.23.1
* util-linux-debuginfo-2.37.4-150500.9.23.1
* libfdisk1-debuginfo-2.37.4-150500.9.23.1
* libmount-devel-2.37.4-150500.9.23.1
* libblkid-devel-2.37.4-150500.9.23.1
* openSUSE Leap 15.5 (x86_64)
* libmount1-32bit-debuginfo-2.37.4-150500.9.23.1
* libuuid1-32bit-2.37.4-150500.9.23.1
* libblkid-devel-32bit-2.37.4-150500.9.23.1
* libblkid1-32bit-debuginfo-2.37.4-150500.9.23.1
* libfdisk-devel-32bit-2.37.4-150500.9.23.1
* libuuid-devel-32bit-2.37.4-150500.9.23.1
* libuuid1-32bit-debuginfo-2.37.4-150500.9.23.1
* libblkid1-32bit-2.37.4-150500.9.23.1
* libmount-devel-32bit-2.37.4-150500.9.23.1
* libsmartcols1-32bit-2.37.4-150500.9.23.1
* libmount1-32bit-2.37.4-150500.9.23.1
* libsmartcols-devel-32bit-2.37.4-150500.9.23.1
* libsmartcols1-32bit-debuginfo-2.37.4-150500.9.23.1
* libfdisk1-32bit-2.37.4-150500.9.23.1
* libfdisk1-32bit-debuginfo-2.37.4-150500.9.23.1
* openSUSE Leap 15.5 (noarch)
* util-linux-lang-2.37.4-150500.9.23.1
* openSUSE Leap 15.5 (s390x)
* util-linux-extra-2.37.4-150500.9.23.1
* util-linux-extra-debuginfo-2.37.4-150500.9.23.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* libblkid1-64bit-2.37.4-150500.9.23.1
* libsmartcols1-64bit-2.37.4-150500.9.23.1
* libmount1-64bit-2.37.4-150500.9.23.1
* libfdisk1-64bit-2.37.4-150500.9.23.1
* libblkid-devel-64bit-2.37.4-150500.9.23.1
* libuuid1-64bit-2.37.4-150500.9.23.1
* libblkid1-64bit-debuginfo-2.37.4-150500.9.23.1
* libmount1-64bit-debuginfo-2.37.4-150500.9.23.1
* libsmartcols-devel-64bit-2.37.4-150500.9.23.1
* libfdisk1-64bit-debuginfo-2.37.4-150500.9.23.1
* libmount-devel-64bit-2.37.4-150500.9.23.1
* libsmartcols1-64bit-debuginfo-2.37.4-150500.9.23.1
* libuuid-devel-64bit-2.37.4-150500.9.23.1
* libuuid1-64bit-debuginfo-2.37.4-150500.9.23.1
* libfdisk-devel-64bit-2.37.4-150500.9.23.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python3-libmount-debugsource-2.37.4-150500.9.23.1
* openSUSE Leap 15.6 (s390x)
* util-linux-extra-2.37.4-150500.9.23.1
* util-linux-extra-debuginfo-2.37.4-150500.9.23.1

## References:

* https://www.suse.com/security/cve/CVE-2026-3184.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258859