Xen, CURL, Coredns, and more updates for SUSE

SUSE 5638 Published by

SUSE has released a batch of moderate security updates to patch multiple vulnerabilities across several key software packages. The fixes target widely used tools such as Xen, curl, Firefox, Grafana, and Prometheus on openSUSE Tumbleweed, Leap 15.4, and SUSE Linux Enterprise Micro systems. These patches resolve specific cross-referenced CVEs that could potentially allow local privilege escalation or denial of service attacks. Administrators need to apply the updates right away through zypper or YaST, and they must reboot any machines running Xen to complete the process.

SUSE-SU-2026:1692-1: moderate: Security update for xen
openSUSE-SU-2026:10676-1: moderate: golang-github-prometheus-prometheus-3.11.3-1.1 on GA media
openSUSE-SU-2026:10675-1: moderate: dpkg-1.22.22-1.1 on GA media
openSUSE-SU-2026:10674-1: moderate: curl-8.20.0-1.1 on GA media
openSUSE-SU-2026:10673-1: moderate: coredns-1.14.3-1.1 on GA media
openSUSE-SU-2026:10670-1: moderate: avahi-0.8-43.1 on GA media
openSUSE-SU-2026:10677-1: moderate: grafana-11.6.14+security01-2.1 on GA media
openSUSE-SU-2026:10671-1: moderate: bubblewrap-0.11.2-1.1 on GA media
openSUSE-SU-2026:10668-1: moderate: MozillaFirefox-150.0.1-1.1 on GA media
openSUSE-SU-2026:10669-1: moderate: alloy-1.16.0-2.1 on GA media
openSUSE-SU-2026:10672-1: moderate: cmctl-2.5.0-1.1 on GA media



SUSE-SU-2026:1692-1: moderate: Security update for xen


# Security update for xen

Announcement ID: SUSE-SU-2026:1692-1
Release Date: 2026-05-05T08:03:59Z
Rating: moderate
References:

* bsc#1262178
* bsc#1262180
* bsc#1262428

Cross-References:

* CVE-2025-54505
* CVE-2026-23557
* CVE-2026-23558

CVSS scores:

* CVE-2025-54505 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
* CVE-2025-54505 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-54505 ( NVD ): 2.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-23557 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2026-23558 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23558 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves three vulnerabilities can now be installed.

## Description:

This update for xen fixes the following issues:

* CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-
SN-7053 (bsc#1262428).
* CVE-2026-23557: Xenstored DoS via XS_RESET_WATCHES command (bsc#1262178).
* CVE-2026-23558: grant table v2 race in status page mapping (bsc#1262180).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1692=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1692=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1692=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1692=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1692=1

## Package List:

* SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
* xen-debugsource-4.16.7_08-150400.4.81.2
* xen-libs-4.16.7_08-150400.4.81.2
* xen-libs-debuginfo-4.16.7_08-150400.4.81.2
* SUSE Linux Enterprise Micro 5.3 (x86_64)
* xen-debugsource-4.16.7_08-150400.4.81.2
* xen-libs-4.16.7_08-150400.4.81.2
* xen-libs-debuginfo-4.16.7_08-150400.4.81.2
* SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
* xen-debugsource-4.16.7_08-150400.4.81.2
* xen-libs-4.16.7_08-150400.4.81.2
* xen-libs-debuginfo-4.16.7_08-150400.4.81.2
* SUSE Linux Enterprise Micro 5.4 (x86_64)
* xen-debugsource-4.16.7_08-150400.4.81.2
* xen-libs-4.16.7_08-150400.4.81.2
* xen-libs-debuginfo-4.16.7_08-150400.4.81.2
* openSUSE Leap 15.4 (aarch64 x86_64 i586)
* xen-libs-debuginfo-4.16.7_08-150400.4.81.2
* xen-devel-4.16.7_08-150400.4.81.2
* xen-tools-domU-4.16.7_08-150400.4.81.2
* xen-tools-domU-debuginfo-4.16.7_08-150400.4.81.2
* xen-libs-4.16.7_08-150400.4.81.2
* xen-debugsource-4.16.7_08-150400.4.81.2
* openSUSE Leap 15.4 (x86_64)
* xen-libs-32bit-debuginfo-4.16.7_08-150400.4.81.2
* xen-libs-32bit-4.16.7_08-150400.4.81.2
* openSUSE Leap 15.4 (aarch64 x86_64)
* xen-tools-debuginfo-4.16.7_08-150400.4.81.2
* xen-doc-html-4.16.7_08-150400.4.81.2
* xen-4.16.7_08-150400.4.81.2
* xen-tools-4.16.7_08-150400.4.81.2
* openSUSE Leap 15.4 (noarch)
* xen-tools-xendomains-wait-disk-4.16.7_08-150400.4.81.2
* openSUSE Leap 15.4 (aarch64_ilp32)
* xen-libs-64bit-debuginfo-4.16.7_08-150400.4.81.2
* xen-libs-64bit-4.16.7_08-150400.4.81.2

## References:

* https://www.suse.com/security/cve/CVE-2025-54505.html
* https://www.suse.com/security/cve/CVE-2026-23557.html
* https://www.suse.com/security/cve/CVE-2026-23558.html
* https://bugzilla.suse.com/show_bug.cgi?id=1262178
* https://bugzilla.suse.com/show_bug.cgi?id=1262180
* https://bugzilla.suse.com/show_bug.cgi?id=1262428



openSUSE-SU-2026:10676-1: moderate: golang-github-prometheus-prometheus-3.11.3-1.1 on GA media


# golang-github-prometheus-prometheus-3.11.3-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10676-1
Rating: moderate

Cross-References:

* CVE-2026-42151
* CVE-2026-42154

CVSS scores:

* CVE-2026-42151 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-42154 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the golang-github-prometheus-prometheus-3.11.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* golang-github-prometheus-prometheus 3.11.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-42151.html
* https://www.suse.com/security/cve/CVE-2026-42154.html



openSUSE-SU-2026:10675-1: moderate: dpkg-1.22.22-1.1 on GA media


# dpkg-1.22.22-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10675-1
Rating: moderate

Cross-References:

* CVE-2026-2219

CVSS scores:

* CVE-2026-2219 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-2219 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the dpkg-1.22.22-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* dpkg 1.22.22-1.1
* dpkg-devel 1.22.22-1.1
* dpkg-lang 1.22.22-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-2219.html



openSUSE-SU-2026:10674-1: moderate: curl-8.20.0-1.1 on GA media


# curl-8.20.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10674-1
Rating: moderate

Cross-References:

* CVE-2026-4873
* CVE-2026-5545
* CVE-2026-5773
* CVE-2026-6253
* CVE-2026-6276
* CVE-2026-6429

CVSS scores:

* CVE-2026-4873 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-4873 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-5545 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
* CVE-2026-5545 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-5773 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-5773 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-6253 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-6253 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-6276 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-6276 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-6429 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-6429 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 6 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the curl-8.20.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* curl 8.20.0-1.1
* curl-fish-completion 8.20.0-1.1
* curl-zsh-completion 8.20.0-1.1
* libcurl-devel 8.20.0-1.1
* libcurl-devel-32bit 8.20.0-1.1
* libcurl-devel-doc 8.20.0-1.1
* libcurl4 8.20.0-1.1
* libcurl4-32bit 8.20.0-1.1
* wcurl 8.20.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-4873.html
* https://www.suse.com/security/cve/CVE-2026-5545.html
* https://www.suse.com/security/cve/CVE-2026-5773.html
* https://www.suse.com/security/cve/CVE-2026-6253.html
* https://www.suse.com/security/cve/CVE-2026-6276.html
* https://www.suse.com/security/cve/CVE-2026-6429.html



openSUSE-SU-2026:10673-1: moderate: coredns-1.14.3-1.1 on GA media


# coredns-1.14.3-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10673-1
Rating: moderate

Cross-References:

* CVE-2026-27140
* CVE-2026-27144
* CVE-2026-32282
* CVE-2026-33190

CVSS scores:

* CVE-2026-27140 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-27144 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-32282 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the coredns-1.14.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* coredns 1.14.3-1.1
* coredns-extras 1.14.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-27140.html
* https://www.suse.com/security/cve/CVE-2026-27144.html
* https://www.suse.com/security/cve/CVE-2026-32282.html
* https://www.suse.com/security/cve/CVE-2026-33190.html



openSUSE-SU-2026:10670-1: moderate: avahi-0.8-43.1 on GA media


# avahi-0.8-43.1 on GA media

Announcement ID: openSUSE-SU-2026:10670-1
Rating: moderate

Cross-References:

* CVE-2026-34933

CVSS scores:

* CVE-2026-34933 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the avahi-0.8-43.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* avahi 0.8-43.1
* avahi-autoipd 0.8-43.1
* avahi-compat-howl-devel 0.8-43.1
* avahi-compat-mDNSResponder-devel 0.8-43.1
* avahi-lang 0.8-43.1
* avahi-utils 0.8-43.1
* libavahi-client3 0.8-43.1
* libavahi-client3-32bit 0.8-43.1
* libavahi-common3 0.8-43.1
* libavahi-common3-32bit 0.8-43.1
* libavahi-core7 0.8-43.1
* libavahi-devel 0.8-43.1
* libavahi-libevent1 0.8-43.1
* libdns_sd 0.8-43.1
* libdns_sd-32bit 0.8-43.1
* libhowl0 0.8-43.1
* python311-avahi 0.8-43.1
* python313-avahi 0.8-43.1
* python314-avahi 0.8-43.1

## References:

* https://www.suse.com/security/cve/CVE-2026-34933.html



openSUSE-SU-2026:10677-1: moderate: grafana-11.6.14+security01-2.1 on GA media


# grafana-11.6.14+security01-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10677-1
Rating: moderate

Cross-References:

* CVE-2026-34986

CVSS scores:

* CVE-2026-34986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34986 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the grafana-11.6.14+security01-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* grafana 11.6.14+security01-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-34986.html



openSUSE-SU-2026:10671-1: moderate: bubblewrap-0.11.2-1.1 on GA media


# bubblewrap-0.11.2-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10671-1
Rating: moderate

Cross-References:

* CVE-2026-41163

CVSS scores:

* CVE-2026-41163 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41163 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the bubblewrap-0.11.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* bubblewrap 0.11.2-1.1
* bubblewrap-zsh-completion 0.11.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-41163.html



openSUSE-SU-2026:10668-1: moderate: MozillaFirefox-150.0.1-1.1 on GA media


# MozillaFirefox-150.0.1-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10668-1
Rating: moderate

Cross-References:

* CVE-2026-7320
* CVE-2026-7322
* CVE-2026-7323
* CVE-2026-7324

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the MozillaFirefox-150.0.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* MozillaFirefox 150.0.1-1.1
* MozillaFirefox-branding-upstream 150.0.1-1.1
* MozillaFirefox-devel 150.0.1-1.1
* MozillaFirefox-translations-common 150.0.1-1.1
* MozillaFirefox-translations-other 150.0.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-7320.html
* https://www.suse.com/security/cve/CVE-2026-7322.html
* https://www.suse.com/security/cve/CVE-2026-7323.html
* https://www.suse.com/security/cve/CVE-2026-7324.html



openSUSE-SU-2026:10669-1: moderate: alloy-1.16.0-2.1 on GA media


# alloy-1.16.0-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10669-1
Rating: moderate

Cross-References:

* CVE-2026-4427

CVSS scores:

* CVE-2026-4427 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4427 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the alloy-1.16.0-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* alloy 1.16.0-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-4427.html



openSUSE-SU-2026:10672-1: moderate: cmctl-2.5.0-1.1 on GA media


# cmctl-2.5.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10672-1
Rating: moderate

Cross-References:

* CVE-2026-32952

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the cmctl-2.5.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* cmctl 2.5.0-1.1
* cmctl-bash-completion 2.5.0-1.1
* cmctl-fish-completion 2.5.0-1.1
* cmctl-zsh-completion 2.5.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-32952.html


Hunspell update for Slackware

Docker, Mako, Django, nghttp2 updates for Ubuntu

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...