Xorg-X11-Server, Xwayland, Mesa, and more updates for SUSE

SUSE 5620 Published 2026-04-16 08:12 by Philipp Esselbach

News

SUSE-SU-2026:1333-1: important: Security update for xorg-x11-server

# Security update for xorg-x11-server

Announcement ID: SUSE-SU-2026:1333-1
Release Date: 2026-04-14T17:19:03Z
Rating: important
References:

* bsc#1260922
* bsc#1260923
* bsc#1260924
* bsc#1260925
* bsc#1260926

Cross-References:

* CVE-2026-33999
* CVE-2026-34000
* CVE-2026-34001
* CVE-2026-34002
* CVE-2026-34003

CVSS scores:

* CVE-2026-33999 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33999 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-34000 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34000 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-34001 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34001 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-34002 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34002 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-34003 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34003 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves five vulnerabilities can now be installed.

## Description:

This update for xorg-x11-server fixes the following issues:

* CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922).
* CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923).
* CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924).
* CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925).
* CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1333=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1333=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1333=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1333=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1333=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* xorg-x11-server-extra-1.20.3-150400.38.68.1
* xorg-x11-server-extra-debuginfo-1.20.3-150400.38.68.1
* xorg-x11-server-debuginfo-1.20.3-150400.38.68.1
* xorg-x11-server-debugsource-1.20.3-150400.38.68.1
* xorg-x11-server-source-1.20.3-150400.38.68.1
* xorg-x11-server-1.20.3-150400.38.68.1
* xorg-x11-server-sdk-1.20.3-150400.38.68.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* xorg-x11-server-extra-1.20.3-150400.38.68.1
* xorg-x11-server-extra-debuginfo-1.20.3-150400.38.68.1
* xorg-x11-server-debuginfo-1.20.3-150400.38.68.1
* xorg-x11-server-debugsource-1.20.3-150400.38.68.1
* xorg-x11-server-1.20.3-150400.38.68.1
* xorg-x11-server-sdk-1.20.3-150400.38.68.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* xorg-x11-server-extra-1.20.3-150400.38.68.1
* xorg-x11-server-extra-debuginfo-1.20.3-150400.38.68.1
* xorg-x11-server-debuginfo-1.20.3-150400.38.68.1
* xorg-x11-server-debugsource-1.20.3-150400.38.68.1
* xorg-x11-server-1.20.3-150400.38.68.1
* xorg-x11-server-sdk-1.20.3-150400.38.68.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-extra-1.20.3-150400.38.68.1
* xorg-x11-server-extra-debuginfo-1.20.3-150400.38.68.1
* xorg-x11-server-debuginfo-1.20.3-150400.38.68.1
* xorg-x11-server-debugsource-1.20.3-150400.38.68.1
* xorg-x11-server-1.20.3-150400.38.68.1
* xorg-x11-server-sdk-1.20.3-150400.38.68.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* xorg-x11-server-extra-1.20.3-150400.38.68.1
* xorg-x11-server-extra-debuginfo-1.20.3-150400.38.68.1
* xorg-x11-server-debuginfo-1.20.3-150400.38.68.1
* xorg-x11-server-debugsource-1.20.3-150400.38.68.1
* xorg-x11-server-1.20.3-150400.38.68.1
* xorg-x11-server-sdk-1.20.3-150400.38.68.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33999.html
* https://www.suse.com/security/cve/CVE-2026-34000.html
* https://www.suse.com/security/cve/CVE-2026-34001.html
* https://www.suse.com/security/cve/CVE-2026-34002.html
* https://www.suse.com/security/cve/CVE-2026-34003.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260922
* https://bugzilla.suse.com/show_bug.cgi?id=1260923
* https://bugzilla.suse.com/show_bug.cgi?id=1260924
* https://bugzilla.suse.com/show_bug.cgi?id=1260925
* https://bugzilla.suse.com/show_bug.cgi?id=1260926

SUSE-SU-2026:1329-1: important: Security update for xwayland

# Security update for xwayland

Announcement ID: SUSE-SU-2026:1329-1
Release Date: 2026-04-14T17:06:21Z
Rating: important
References:

* bsc#1260922
* bsc#1260923
* bsc#1260924
* bsc#1260925
* bsc#1260926

Cross-References:

* CVE-2026-33999
* CVE-2026-34000
* CVE-2026-34001
* CVE-2026-34002
* CVE-2026-34003

CVSS scores:

* CVE-2026-33999 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33999 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-34000 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34000 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-34001 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34001 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-34002 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34002 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-34003 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34003 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Affected Products:

* openSUSE Leap 15.6

An update that solves five vulnerabilities can now be installed.

## Description:

This update for xwayland fixes the following issues:

* CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922).
* CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923).
* CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924).
* CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925).
* CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1329=1 openSUSE-SLE-15.6-2026-1329=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* xwayland-debuginfo-24.1.1-150600.5.23.1
* xwayland-24.1.1-150600.5.23.1
* xwayland-debugsource-24.1.1-150600.5.23.1
* xwayland-devel-24.1.1-150600.5.23.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33999.html
* https://www.suse.com/security/cve/CVE-2026-34000.html
* https://www.suse.com/security/cve/CVE-2026-34001.html
* https://www.suse.com/security/cve/CVE-2026-34002.html
* https://www.suse.com/security/cve/CVE-2026-34003.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260922
* https://bugzilla.suse.com/show_bug.cgi?id=1260923
* https://bugzilla.suse.com/show_bug.cgi?id=1260924
* https://bugzilla.suse.com/show_bug.cgi?id=1260925
* https://bugzilla.suse.com/show_bug.cgi?id=1260926

SUSE-SU-2026:1331-1: important: Security update for xorg-x11-server

# Security update for xorg-x11-server

Announcement ID: SUSE-SU-2026:1331-1
Release Date: 2026-04-14T17:11:42Z
Rating: important
References:

* bsc#1260922
* bsc#1260923
* bsc#1260924
* bsc#1260925
* bsc#1260926

Cross-References:

* CVE-2026-33999
* CVE-2026-34000
* CVE-2026-34001
* CVE-2026-34002
* CVE-2026-34003

CVSS scores:

* CVE-2026-33999 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33999 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-34000 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34000 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-34001 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34001 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-34002 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34002 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-34003 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34003 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves five vulnerabilities can now be installed.

## Description:

This update for xorg-x11-server fixes the following issues:

* CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922).
* CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923).
* CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924).
* CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925).
* CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1331=1 openSUSE-SLE-15.6-2026-1331=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1331=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1331=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* xorg-x11-server-sdk-21.1.11-150600.5.25.1
* xorg-x11-server-source-21.1.11-150600.5.25.1
* xorg-x11-server-21.1.11-150600.5.25.1
* xorg-x11-server-debugsource-21.1.11-150600.5.25.1
* xorg-x11-server-Xvfb-21.1.11-150600.5.25.1
* xorg-x11-server-Xvfb-debuginfo-21.1.11-150600.5.25.1
* xorg-x11-server-extra-21.1.11-150600.5.25.1
* xorg-x11-server-extra-debuginfo-21.1.11-150600.5.25.1
* xorg-x11-server-debuginfo-21.1.11-150600.5.25.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-sdk-21.1.11-150600.5.25.1
* xorg-x11-server-21.1.11-150600.5.25.1
* xorg-x11-server-debugsource-21.1.11-150600.5.25.1
* xorg-x11-server-Xvfb-21.1.11-150600.5.25.1
* xorg-x11-server-Xvfb-debuginfo-21.1.11-150600.5.25.1
* xorg-x11-server-extra-21.1.11-150600.5.25.1
* xorg-x11-server-extra-debuginfo-21.1.11-150600.5.25.1
* xorg-x11-server-debuginfo-21.1.11-150600.5.25.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* xorg-x11-server-sdk-21.1.11-150600.5.25.1
* xorg-x11-server-21.1.11-150600.5.25.1
* xorg-x11-server-debugsource-21.1.11-150600.5.25.1
* xorg-x11-server-Xvfb-21.1.11-150600.5.25.1
* xorg-x11-server-Xvfb-debuginfo-21.1.11-150600.5.25.1
* xorg-x11-server-extra-21.1.11-150600.5.25.1
* xorg-x11-server-extra-debuginfo-21.1.11-150600.5.25.1
* xorg-x11-server-debuginfo-21.1.11-150600.5.25.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33999.html
* https://www.suse.com/security/cve/CVE-2026-34000.html
* https://www.suse.com/security/cve/CVE-2026-34001.html
* https://www.suse.com/security/cve/CVE-2026-34002.html
* https://www.suse.com/security/cve/CVE-2026-34003.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260922
* https://bugzilla.suse.com/show_bug.cgi?id=1260923
* https://bugzilla.suse.com/show_bug.cgi?id=1260924
* https://bugzilla.suse.com/show_bug.cgi?id=1260925
* https://bugzilla.suse.com/show_bug.cgi?id=1260926

SUSE-SU-2026:1335-1: important: Security update for xorg-x11-server

# Security update for xorg-x11-server

Announcement ID: SUSE-SU-2026:1335-1
Release Date: 2026-04-14T17:28:43Z
Rating: important
References:

* bsc#1260922
* bsc#1260923
* bsc#1260924
* bsc#1260925
* bsc#1260926

Cross-References:

* CVE-2026-33999
* CVE-2026-34000
* CVE-2026-34001
* CVE-2026-34002
* CVE-2026-34003

CVSS scores:

* CVE-2026-33999 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33999 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-34000 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34000 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-34001 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34001 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-34002 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34002 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-34003 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34003 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves five vulnerabilities can now be installed.

## Description:

This update for xorg-x11-server fixes the following issues:

* CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922).
* CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923).
* CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924).
* CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925).
* CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1335=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1335=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1335=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1335=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1335=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* xorg-x11-server-debuginfo-21.1.4-150500.7.46.1
* xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.46.1
* xorg-x11-server-source-21.1.4-150500.7.46.1
* xorg-x11-server-extra-21.1.4-150500.7.46.1
* xorg-x11-server-sdk-21.1.4-150500.7.46.1
* xorg-x11-server-21.1.4-150500.7.46.1
* xorg-x11-server-debugsource-21.1.4-150500.7.46.1
* xorg-x11-server-extra-debuginfo-21.1.4-150500.7.46.1
* xorg-x11-server-Xvfb-21.1.4-150500.7.46.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* xorg-x11-server-debuginfo-21.1.4-150500.7.46.1
* xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.46.1
* xorg-x11-server-extra-21.1.4-150500.7.46.1
* xorg-x11-server-sdk-21.1.4-150500.7.46.1
* xorg-x11-server-21.1.4-150500.7.46.1
* xorg-x11-server-debugsource-21.1.4-150500.7.46.1
* xorg-x11-server-extra-debuginfo-21.1.4-150500.7.46.1
* xorg-x11-server-Xvfb-21.1.4-150500.7.46.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* xorg-x11-server-debuginfo-21.1.4-150500.7.46.1
* xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.46.1
* xorg-x11-server-extra-21.1.4-150500.7.46.1
* xorg-x11-server-sdk-21.1.4-150500.7.46.1
* xorg-x11-server-21.1.4-150500.7.46.1
* xorg-x11-server-debugsource-21.1.4-150500.7.46.1
* xorg-x11-server-extra-debuginfo-21.1.4-150500.7.46.1
* xorg-x11-server-Xvfb-21.1.4-150500.7.46.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-debuginfo-21.1.4-150500.7.46.1
* xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.46.1
* xorg-x11-server-extra-21.1.4-150500.7.46.1
* xorg-x11-server-sdk-21.1.4-150500.7.46.1
* xorg-x11-server-21.1.4-150500.7.46.1
* xorg-x11-server-debugsource-21.1.4-150500.7.46.1
* xorg-x11-server-extra-debuginfo-21.1.4-150500.7.46.1
* xorg-x11-server-Xvfb-21.1.4-150500.7.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* xorg-x11-server-debuginfo-21.1.4-150500.7.46.1
* xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.46.1
* xorg-x11-server-extra-21.1.4-150500.7.46.1
* xorg-x11-server-sdk-21.1.4-150500.7.46.1
* xorg-x11-server-21.1.4-150500.7.46.1
* xorg-x11-server-debugsource-21.1.4-150500.7.46.1
* xorg-x11-server-extra-debuginfo-21.1.4-150500.7.46.1
* xorg-x11-server-Xvfb-21.1.4-150500.7.46.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33999.html
* https://www.suse.com/security/cve/CVE-2026-34000.html
* https://www.suse.com/security/cve/CVE-2026-34001.html
* https://www.suse.com/security/cve/CVE-2026-34002.html
* https://www.suse.com/security/cve/CVE-2026-34003.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260922
* https://bugzilla.suse.com/show_bug.cgi?id=1260923
* https://bugzilla.suse.com/show_bug.cgi?id=1260924
* https://bugzilla.suse.com/show_bug.cgi?id=1260925
* https://bugzilla.suse.com/show_bug.cgi?id=1260926

SUSE-SU-2026:1338-1: moderate: Security update for giflib

# Security update for giflib

Announcement ID: SUSE-SU-2026:1338-1
Release Date: 2026-04-15T07:34:01Z
Rating: moderate
References:

* bsc#1259502

Cross-References:

* CVE-2026-23868

CVSS scores:

* CVE-2026-23868 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23868 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2026-23868 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for giflib fixes the following issue:

* CVE-2026-23868: double-free result of a shallow copy can lead to memory
corruption (bsc#1259502).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1338=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1338=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* giflib-progs-debuginfo-5.2.2-150000.4.19.1
* libgif7-5.2.2-150000.4.19.1
* giflib-debugsource-5.2.2-150000.4.19.1
* libgif7-debuginfo-5.2.2-150000.4.19.1
* giflib-progs-5.2.2-150000.4.19.1
* giflib-devel-5.2.2-150000.4.19.1
* openSUSE Leap 15.6 (x86_64)
* libgif7-32bit-5.2.2-150000.4.19.1
* libgif7-32bit-debuginfo-5.2.2-150000.4.19.1
* giflib-devel-32bit-5.2.2-150000.4.19.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libgif7-5.2.2-150000.4.19.1
* giflib-debugsource-5.2.2-150000.4.19.1
* libgif7-debuginfo-5.2.2-150000.4.19.1
* giflib-devel-5.2.2-150000.4.19.1

## References:

* https://www.suse.com/security/cve/CVE-2026-23868.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259502

SUSE-SU-2026:1337-1: moderate: Security update for rust1.92

# Security update for rust1.92

Announcement ID: SUSE-SU-2026:1337-1
Release Date: 2026-04-15T07:33:35Z
Rating: moderate
References:

* bsc#1259623

Cross-References:

* CVE-2026-31812

CVSS scores:

* CVE-2026-31812 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-31812 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-31812 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* Development Tools Module 15-SP7
* openSUSE Leap 15.3
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for rust1.92 fixes the following issues:

* CVE-2026-31812: Denial of service via crafted QUIC initial packet
(bsc#1259623).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1337=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-1337=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1337=1

## Package List:

* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* cargo1.92-1.92.0-150300.7.6.1
* rust1.92-debuginfo-1.92.0-150300.7.6.1
* cargo1.92-debuginfo-1.92.0-150300.7.6.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64 nosrc)
* rust1.92-1.92.0-150300.7.6.1
* Development Tools Module 15-SP7 (noarch)
* rust1.92-src-1.92.0-150300.7.6.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* cargo1.92-1.92.0-150300.7.6.1
* rust1.92-debuginfo-1.92.0-150300.7.6.1
* cargo1.92-debuginfo-1.92.0-150300.7.6.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586 nosrc)
* rust1.92-1.92.0-150300.7.6.1
* openSUSE Leap 15.3 (noarch)
* rust1.92-src-1.92.0-150300.7.6.1
* openSUSE Leap 15.3 (nosrc)
* rust1.92-test-1.92.0-150300.7.6.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* cargo1.92-1.92.0-150300.7.6.1
* rust1.92-debuginfo-1.92.0-150300.7.6.1
* cargo1.92-debuginfo-1.92.0-150300.7.6.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc)
* rust1.92-1.92.0-150300.7.6.1
* openSUSE Leap 15.6 (noarch)
* rust1.92-src-1.92.0-150300.7.6.1

## References:

* https://www.suse.com/security/cve/CVE-2026-31812.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259623

SUSE-SU-2026:1343-1: moderate: Security update for Mesa

# Security update for Mesa

Announcement ID: SUSE-SU-2026:1343-1
Release Date: 2026-04-15T10:18:56Z
Rating: moderate
References:

* bsc#1261998

Cross-References:

* CVE-2026-40393

CVSS scores:

* CVE-2026-40393 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2026-40393 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2

An update that solves one vulnerability can now be installed.

## Description:

This update for Mesa fixes the following issue:

* CVE-2026-40393: out-of-bounds memory access can occur in WebGPU because the
amount of to-be-allocated data depends on an untrusted party (bsc#1261998).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-1343=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1343=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1343=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* Mesa-libGL1-20.2.4-150300.59.12.1
* Mesa-libEGL1-debuginfo-20.2.4-150300.59.12.1
* Mesa-libEGL-devel-20.2.4-150300.59.12.1
* Mesa-libGL-devel-20.2.4-150300.59.12.1
* libOSMesa-devel-20.2.4-150300.59.12.1
* Mesa-libGLESv1_CM-devel-20.2.4-150300.59.12.1
* libgbm1-20.2.4-150300.59.12.1
* Mesa-drivers-debugsource-20.2.4-150300.59.12.1
* Mesa-libGLESv2-devel-20.2.4-150300.59.12.1
* libgbm-devel-20.2.4-150300.59.12.1
* Mesa-dri-20.2.4-150300.59.12.1
* libOSMesa8-debuginfo-20.2.4-150300.59.12.1
* Mesa-KHR-devel-20.2.4-150300.59.12.1
* Mesa-libglapi-devel-20.2.4-150300.59.12.1
* Mesa-devel-20.2.4-150300.59.12.1
* Mesa-dri-devel-20.2.4-150300.59.12.1
* libOSMesa8-20.2.4-150300.59.12.1
* Mesa-libGLESv3-devel-20.2.4-150300.59.12.1
* Mesa-20.2.4-150300.59.12.1
* Mesa-debugsource-20.2.4-150300.59.12.1
* Mesa-dri-debuginfo-20.2.4-150300.59.12.1
* Mesa-libglapi0-20.2.4-150300.59.12.1
* Mesa-libEGL1-20.2.4-150300.59.12.1
* Mesa-libglapi0-debuginfo-20.2.4-150300.59.12.1
* Mesa-libGL1-debuginfo-20.2.4-150300.59.12.1
* libgbm1-debuginfo-20.2.4-150300.59.12.1
* openSUSE Leap 15.3 (x86_64)
* libXvMC_nouveau-32bit-20.2.4-150300.59.12.1
* Mesa-libd3d-32bit-debuginfo-20.2.4-150300.59.12.1
* libvulkan_radeon-32bit-20.2.4-150300.59.12.1
* libgbm1-32bit-debuginfo-20.2.4-150300.59.12.1
* Mesa-libEGL1-32bit-debuginfo-20.2.4-150300.59.12.1
* Mesa-gallium-32bit-debuginfo-20.2.4-150300.59.12.1
* Mesa-libd3d-32bit-20.2.4-150300.59.12.1
* Mesa-gallium-32bit-20.2.4-150300.59.12.1
* Mesa-32bit-20.2.4-150300.59.12.1
* Mesa-libglapi-devel-32bit-20.2.4-150300.59.12.1
* Mesa-vulkan-device-select-32bit-20.2.4-150300.59.12.1
* libgbm1-32bit-20.2.4-150300.59.12.1
* Mesa-dri-32bit-20.2.4-150300.59.12.1
* Mesa-libGLESv2-devel-32bit-20.2.4-150300.59.12.1
* libOSMesa8-32bit-20.2.4-150300.59.12.1
* libOSMesa8-32bit-debuginfo-20.2.4-150300.59.12.1
* libgbm-devel-32bit-20.2.4-150300.59.12.1
* libXvMC_nouveau-32bit-debuginfo-20.2.4-150300.59.12.1
* libvulkan_intel-32bit-20.2.4-150300.59.12.1
* Mesa-libglapi0-32bit-20.2.4-150300.59.12.1
* libvdpau_nouveau-32bit-debuginfo-20.2.4-150300.59.12.1
* libvdpau_r600-32bit-debuginfo-20.2.4-150300.59.12.1
* Mesa-libGL1-32bit-20.2.4-150300.59.12.1
* libvdpau_radeonsi-32bit-20.2.4-150300.59.12.1
* libXvMC_r600-32bit-20.2.4-150300.59.12.1
* Mesa-libGL1-32bit-debuginfo-20.2.4-150300.59.12.1
* Mesa-vulkan-overlay-32bit-debuginfo-20.2.4-150300.59.12.1
* libvdpau_r300-32bit-20.2.4-150300.59.12.1
* libvdpau_radeonsi-32bit-debuginfo-20.2.4-150300.59.12.1
* libXvMC_r600-32bit-debuginfo-20.2.4-150300.59.12.1
* Mesa-dri-32bit-debuginfo-20.2.4-150300.59.12.1
* Mesa-libd3d-devel-32bit-20.2.4-150300.59.12.1
* Mesa-libEGL1-32bit-20.2.4-150300.59.12.1
* libvdpau_r600-32bit-20.2.4-150300.59.12.1
* Mesa-dri-nouveau-32bit-20.2.4-150300.59.12.1
* Mesa-libGL-devel-32bit-20.2.4-150300.59.12.1
* libOSMesa-devel-32bit-20.2.4-150300.59.12.1
* Mesa-libGLESv1_CM-devel-32bit-20.2.4-150300.59.12.1
* libvdpau_r300-32bit-debuginfo-20.2.4-150300.59.12.1
* Mesa-libglapi0-32bit-debuginfo-20.2.4-150300.59.12.1
* Mesa-vulkan-overlay-32bit-20.2.4-150300.59.12.1
* libvulkan_radeon-32bit-debuginfo-20.2.4-150300.59.12.1
* Mesa-dri-nouveau-32bit-debuginfo-20.2.4-150300.59.12.1
* libvdpau_nouveau-32bit-20.2.4-150300.59.12.1
* Mesa-libEGL-devel-32bit-20.2.4-150300.59.12.1
* libvulkan_intel-32bit-debuginfo-20.2.4-150300.59.12.1
* Mesa-vulkan-device-select-32bit-debuginfo-20.2.4-150300.59.12.1
* openSUSE Leap 15.3 (aarch64 ppc64le x86_64 i586)
* Mesa-gallium-20.2.4-150300.59.12.1
* libvdpau_r600-20.2.4-150300.59.12.1
* libXvMC_nouveau-20.2.4-150300.59.12.1
* libXvMC_r600-debuginfo-20.2.4-150300.59.12.1
* Mesa-dri-nouveau-20.2.4-150300.59.12.1
* libvdpau_radeonsi-20.2.4-150300.59.12.1
* libxatracker2-1.0.0-150300.59.12.1
* libvdpau_radeonsi-debuginfo-20.2.4-150300.59.12.1
* libvdpau_r300-debuginfo-20.2.4-150300.59.12.1
* libvdpau_r300-20.2.4-150300.59.12.1
* Mesa-gallium-debuginfo-20.2.4-150300.59.12.1
* libxatracker2-debuginfo-1.0.0-150300.59.12.1
* Mesa-libva-20.2.4-150300.59.12.1
* libvdpau_nouveau-20.2.4-150300.59.12.1
* libXvMC_r600-20.2.4-150300.59.12.1
* Mesa-libva-debuginfo-20.2.4-150300.59.12.1
* Mesa-dri-nouveau-debuginfo-20.2.4-150300.59.12.1
* Mesa-libOpenCL-debuginfo-20.2.4-150300.59.12.1
* libvdpau_r600-debuginfo-20.2.4-150300.59.12.1
* libxatracker-devel-1.0.0-150300.59.12.1
* libvdpau_nouveau-debuginfo-20.2.4-150300.59.12.1
* libXvMC_nouveau-debuginfo-20.2.4-150300.59.12.1
* Mesa-libOpenCL-20.2.4-150300.59.12.1
* openSUSE Leap 15.3 (x86_64 i586)
* Mesa-vulkan-device-select-debuginfo-20.2.4-150300.59.12.1
* libvulkan_radeon-debuginfo-20.2.4-150300.59.12.1
* Mesa-vulkan-device-select-20.2.4-150300.59.12.1
* libvulkan_intel-debuginfo-20.2.4-150300.59.12.1
* libvulkan_radeon-20.2.4-150300.59.12.1
* Mesa-vulkan-overlay-debuginfo-20.2.4-150300.59.12.1
* Mesa-vulkan-overlay-20.2.4-150300.59.12.1
* Mesa-libVulkan-devel-20.2.4-150300.59.12.1
* libvulkan_intel-20.2.4-150300.59.12.1
* openSUSE Leap 15.3 (aarch64 x86_64 i586)
* Mesa-libd3d-devel-20.2.4-150300.59.12.1
* Mesa-libd3d-debuginfo-20.2.4-150300.59.12.1
* Mesa-libd3d-20.2.4-150300.59.12.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* Mesa-libEGL1-64bit-debuginfo-20.2.4-150300.59.12.1
* libvdpau_r300-64bit-debuginfo-20.2.4-150300.59.12.1
* Mesa-dri-vc4-64bit-20.2.4-150300.59.12.1
* Mesa-libglapi0-64bit-20.2.4-150300.59.12.1
* libvdpau_radeonsi-64bit-20.2.4-150300.59.12.1
* Mesa-libGLESv2-devel-64bit-20.2.4-150300.59.12.1
* Mesa-gallium-64bit-20.2.4-150300.59.12.1
* Mesa-dri-nouveau-64bit-debuginfo-20.2.4-150300.59.12.1
* Mesa-libEGL-devel-64bit-20.2.4-150300.59.12.1
* libvdpau_r600-64bit-debuginfo-20.2.4-150300.59.12.1
* libvdpau_nouveau-64bit-20.2.4-150300.59.12.1
* Mesa-libd3d-64bit-20.2.4-150300.59.12.1
* Mesa-libglapi-devel-64bit-20.2.4-150300.59.12.1
* libvdpau_r300-64bit-20.2.4-150300.59.12.1
* Mesa-dri-vc4-64bit-debuginfo-20.2.4-150300.59.12.1
* Mesa-libGLESv1_CM-devel-64bit-20.2.4-150300.59.12.1
* Mesa-dri-nouveau-64bit-20.2.4-150300.59.12.1
* Mesa-libGL1-64bit-20.2.4-150300.59.12.1
* Mesa-libGL1-64bit-debuginfo-20.2.4-150300.59.12.1
* libgbm1-64bit-20.2.4-150300.59.12.1
* Mesa-libEGL1-64bit-20.2.4-150300.59.12.1
* libvdpau_nouveau-64bit-debuginfo-20.2.4-150300.59.12.1
* libXvMC_nouveau-64bit-debuginfo-20.2.4-150300.59.12.1
* libgbm-devel-64bit-20.2.4-150300.59.12.1
* libgbm1-64bit-debuginfo-20.2.4-150300.59.12.1
* Mesa-64bit-20.2.4-150300.59.12.1
* libXvMC_nouveau-64bit-20.2.4-150300.59.12.1
* libOSMesa-devel-64bit-20.2.4-150300.59.12.1
* Mesa-dri-64bit-20.2.4-150300.59.12.1
* libOSMesa8-64bit-debuginfo-20.2.4-150300.59.12.1
* libvdpau_radeonsi-64bit-debuginfo-20.2.4-150300.59.12.1
* libOSMesa8-64bit-20.2.4-150300.59.12.1
* Mesa-libGL-devel-64bit-20.2.4-150300.59.12.1
* libXvMC_r600-64bit-20.2.4-150300.59.12.1
* Mesa-libd3d-64bit-debuginfo-20.2.4-150300.59.12.1
* libXvMC_r600-64bit-debuginfo-20.2.4-150300.59.12.1
* Mesa-libglapi0-64bit-debuginfo-20.2.4-150300.59.12.1
* Mesa-dri-64bit-debuginfo-20.2.4-150300.59.12.1
* libvdpau_r600-64bit-20.2.4-150300.59.12.1
* Mesa-libd3d-devel-64bit-20.2.4-150300.59.12.1
* Mesa-gallium-64bit-debuginfo-20.2.4-150300.59.12.1
* openSUSE Leap 15.3 (aarch64)
* Mesa-dri-vc4-20.2.4-150300.59.12.1
* Mesa-dri-vc4-debuginfo-20.2.4-150300.59.12.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* Mesa-debugsource-20.2.4-150300.59.12.1
* libgbm1-20.2.4-150300.59.12.1
* libgbm1-debuginfo-20.2.4-150300.59.12.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* Mesa-debugsource-20.2.4-150300.59.12.1
* libgbm1-20.2.4-150300.59.12.1
* libgbm1-debuginfo-20.2.4-150300.59.12.1

## References:

* https://www.suse.com/security/cve/CVE-2026-40393.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261998

SUSE-SU-2026:1342-1: important: Security update for the Linux Kernel

# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2026:1342-1
Release Date: 2026-04-15T10:15:56Z
Rating: important
References:

* bsc#1246057
* bsc#1257773
* bsc#1259797
* bsc#1260005
* bsc#1260009
* bsc#1260486
* bsc#1260730

Cross-References:

* CVE-2025-38234
* CVE-2026-23103
* CVE-2026-23243
* CVE-2026-23272
* CVE-2026-23274
* CVE-2026-23293
* CVE-2026-23398

CVSS scores:

* CVE-2025-38234 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38234 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38234 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23103 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23243 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23272 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23293 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23398 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2

An update that solves seven vulnerabilities can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP3 kernel was updated to fix various security
issues.

The following security issues were fixed:

* CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057).
* CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).
* CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write
(bsc#1259797).
* CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems
before insertion (bsc#1260009).
* CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer
labels (bsc#1260005).
* CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is
disabled (bsc#1260486).
* CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation()
(bsc#1260730).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-1342=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1342=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1342=1

## Package List:

* openSUSE Leap 15.3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.241.1
* openSUSE Leap 15.3 (noarch)
* kernel-devel-5.3.18-150300.59.241.1
* kernel-source-5.3.18-150300.59.241.1
* kernel-source-vanilla-5.3.18-150300.59.241.1
* kernel-docs-html-5.3.18-150300.59.241.1
* kernel-macros-5.3.18-150300.59.241.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64)
* kernel-default-debugsource-5.3.18-150300.59.241.1
* kernel-obs-build-debugsource-5.3.18-150300.59.241.1
* gfs2-kmp-default-debuginfo-5.3.18-150300.59.241.1
* kernel-default-optional-5.3.18-150300.59.241.1
* cluster-md-kmp-default-5.3.18-150300.59.241.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.241.1
* kselftests-kmp-default-5.3.18-150300.59.241.1
* reiserfs-kmp-default-5.3.18-150300.59.241.1
* cluster-md-kmp-default-debuginfo-5.3.18-150300.59.241.1
* kernel-default-devel-5.3.18-150300.59.241.1
* ocfs2-kmp-default-5.3.18-150300.59.241.1
* kernel-default-extra-5.3.18-150300.59.241.1
* kernel-default-debuginfo-5.3.18-150300.59.241.1
* kernel-default-livepatch-5.3.18-150300.59.241.1
* dlm-kmp-default-5.3.18-150300.59.241.1
* kernel-default-base-rebuild-5.3.18-150300.59.241.1.150300.18.144.1
* kernel-obs-build-5.3.18-150300.59.241.1
* ocfs2-kmp-default-debuginfo-5.3.18-150300.59.241.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.241.1
* kernel-syms-5.3.18-150300.59.241.1
* gfs2-kmp-default-5.3.18-150300.59.241.1
* kernel-default-extra-debuginfo-5.3.18-150300.59.241.1
* dlm-kmp-default-debuginfo-5.3.18-150300.59.241.1
* kernel-default-base-5.3.18-150300.59.241.1.150300.18.144.1
* kernel-default-optional-debuginfo-5.3.18-150300.59.241.1
* kernel-obs-qa-5.3.18-150300.59.241.1
* kselftests-kmp-default-debuginfo-5.3.18-150300.59.241.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.3.18-150300.59.241.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-default-livepatch-devel-5.3.18-150300.59.241.1
* openSUSE Leap 15.3 (nosrc ppc64le x86_64)
* kernel-kvmsmall-5.3.18-150300.59.241.1
* openSUSE Leap 15.3 (ppc64le x86_64)
* kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.241.1
* kernel-kvmsmall-debugsource-5.3.18-150300.59.241.1
* kernel-kvmsmall-debuginfo-5.3.18-150300.59.241.1
* kernel-kvmsmall-devel-5.3.18-150300.59.241.1
* openSUSE Leap 15.3 (aarch64 x86_64)
* dlm-kmp-preempt-debuginfo-5.3.18-150300.59.241.1
* kselftests-kmp-preempt-5.3.18-150300.59.241.1
* ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.241.1
* gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.241.1
* kernel-preempt-extra-debuginfo-5.3.18-150300.59.241.1
* reiserfs-kmp-preempt-5.3.18-150300.59.241.1
* kernel-preempt-optional-debuginfo-5.3.18-150300.59.241.1
* cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.241.1
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.241.1
* reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.241.1
* dlm-kmp-preempt-5.3.18-150300.59.241.1
* kernel-preempt-optional-5.3.18-150300.59.241.1
* kernel-preempt-debuginfo-5.3.18-150300.59.241.1
* kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.241.1
* gfs2-kmp-preempt-5.3.18-150300.59.241.1
* ocfs2-kmp-preempt-5.3.18-150300.59.241.1
* kernel-preempt-devel-5.3.18-150300.59.241.1
* kernel-preempt-extra-5.3.18-150300.59.241.1
* kernel-preempt-debugsource-5.3.18-150300.59.241.1
* cluster-md-kmp-preempt-5.3.18-150300.59.241.1
* openSUSE Leap 15.3 (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.241.1
* openSUSE Leap 15.3 (nosrc s390x)
* kernel-zfcpdump-5.3.18-150300.59.241.1
* openSUSE Leap 15.3 (s390x)
* kernel-zfcpdump-debugsource-5.3.18-150300.59.241.1
* kernel-zfcpdump-debuginfo-5.3.18-150300.59.241.1
* openSUSE Leap 15.3 (nosrc)
* dtb-aarch64-5.3.18-150300.59.241.1
* openSUSE Leap 15.3 (aarch64)
* dtb-altera-5.3.18-150300.59.241.1
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.241.1
* reiserfs-kmp-64kb-5.3.18-150300.59.241.1
* dtb-arm-5.3.18-150300.59.241.1
* dtb-renesas-5.3.18-150300.59.241.1
* dtb-sprd-5.3.18-150300.59.241.1
* dtb-rockchip-5.3.18-150300.59.241.1
* dtb-exynos-5.3.18-150300.59.241.1
* dtb-zte-5.3.18-150300.59.241.1
* reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.241.1
* kernel-64kb-extra-5.3.18-150300.59.241.1
* dtb-hisilicon-5.3.18-150300.59.241.1
* dtb-nvidia-5.3.18-150300.59.241.1
* kernel-64kb-debugsource-5.3.18-150300.59.241.1
* dtb-amlogic-5.3.18-150300.59.241.1
* dtb-mediatek-5.3.18-150300.59.241.1
* dtb-amd-5.3.18-150300.59.241.1
* kernel-64kb-optional-debuginfo-5.3.18-150300.59.241.1
* dtb-qcom-5.3.18-150300.59.241.1
* dtb-socionext-5.3.18-150300.59.241.1
* dlm-kmp-64kb-debuginfo-5.3.18-150300.59.241.1
* cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.241.1
* dlm-kmp-64kb-5.3.18-150300.59.241.1
* kernel-64kb-extra-debuginfo-5.3.18-150300.59.241.1
* dtb-freescale-5.3.18-150300.59.241.1
* kernel-64kb-devel-5.3.18-150300.59.241.1
* gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.241.1
* ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.241.1
* kernel-64kb-debuginfo-5.3.18-150300.59.241.1
* dtb-cavium-5.3.18-150300.59.241.1
* dtb-lg-5.3.18-150300.59.241.1
* cluster-md-kmp-64kb-5.3.18-150300.59.241.1
* kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.241.1
* dtb-al-5.3.18-150300.59.241.1
* dtb-marvell-5.3.18-150300.59.241.1
* ocfs2-kmp-64kb-5.3.18-150300.59.241.1
* gfs2-kmp-64kb-5.3.18-150300.59.241.1
* dtb-broadcom-5.3.18-150300.59.241.1
* kselftests-kmp-64kb-5.3.18-150300.59.241.1
* dtb-allwinner-5.3.18-150300.59.241.1
* dtb-xilinx-5.3.18-150300.59.241.1
* kernel-64kb-optional-5.3.18-150300.59.241.1
* dtb-apm-5.3.18-150300.59.241.1
* openSUSE Leap 15.3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.241.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.241.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64)
* kernel-default-base-5.3.18-150300.59.241.1.150300.18.144.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.3.18-150300.59.241.1
* kernel-default-debuginfo-5.3.18-150300.59.241.1
* SUSE Linux Enterprise Micro 5.2 (noarch)
* kernel-macros-5.3.18-150300.59.241.1
* kernel-source-5.3.18-150300.59.241.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.241.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64)
* kernel-default-base-5.3.18-150300.59.241.1.150300.18.144.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.3.18-150300.59.241.1
* kernel-default-debuginfo-5.3.18-150300.59.241.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (noarch)
* kernel-macros-5.3.18-150300.59.241.1
* kernel-source-5.3.18-150300.59.241.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38234.html
* https://www.suse.com/security/cve/CVE-2026-23103.html
* https://www.suse.com/security/cve/CVE-2026-23243.html
* https://www.suse.com/security/cve/CVE-2026-23272.html
* https://www.suse.com/security/cve/CVE-2026-23274.html
* https://www.suse.com/security/cve/CVE-2026-23293.html
* https://www.suse.com/security/cve/CVE-2026-23398.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246057
* https://bugzilla.suse.com/show_bug.cgi?id=1257773
* https://bugzilla.suse.com/show_bug.cgi?id=1259797
* https://bugzilla.suse.com/show_bug.cgi?id=1260005
* https://bugzilla.suse.com/show_bug.cgi?id=1260009
* https://bugzilla.suse.com/show_bug.cgi?id=1260486
* https://bugzilla.suse.com/show_bug.cgi?id=1260730

openSUSE-SU-2026:10549-1: moderate: tomcat11-11.0.21-1.1 on GA media

# tomcat11-11.0.21-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10549-1
Rating: moderate

Cross-References:

* CVE-2026-24880
* CVE-2026-25854
* CVE-2026-29129
* CVE-2026-29145
* CVE-2026-29146
* CVE-2026-32990
* CVE-2026-34483
* CVE-2026-34486
* CVE-2026-34487
* CVE-2026-34500

CVSS scores:

* CVE-2026-24880 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-24880 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-25854 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-25854 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-29129 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-29129 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-29145 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-29145 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-29146 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-29146 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34483 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-34483 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34486 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-34486 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34487 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-34487 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34500 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-34500 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 10 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the tomcat11-11.0.21-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* tomcat11 11.0.21-1.1
* tomcat11-admin-webapps 11.0.21-1.1
* tomcat11-doc 11.0.21-1.1
* tomcat11-docs-webapp 11.0.21-1.1
* tomcat11-el-6_0-api 11.0.21-1.1
* tomcat11-embed 11.0.21-1.1
* tomcat11-jsp-4_0-api 11.0.21-1.1
* tomcat11-jsvc 11.0.21-1.1
* tomcat11-lib 11.0.21-1.1
* tomcat11-servlet-6_1-api 11.0.21-1.1
* tomcat11-webapps 11.0.21-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-24880.html
* https://www.suse.com/security/cve/CVE-2026-25854.html
* https://www.suse.com/security/cve/CVE-2026-29129.html
* https://www.suse.com/security/cve/CVE-2026-29145.html
* https://www.suse.com/security/cve/CVE-2026-29146.html
* https://www.suse.com/security/cve/CVE-2026-32990.html
* https://www.suse.com/security/cve/CVE-2026-34483.html
* https://www.suse.com/security/cve/CVE-2026-34486.html
* https://www.suse.com/security/cve/CVE-2026-34487.html
* https://www.suse.com/security/cve/CVE-2026-34500.html

openSUSE-SU-2026:10548-1: moderate: tomcat10-10.1.54-1.1 on GA media

# tomcat10-10.1.54-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10548-1
Rating: moderate

Cross-References:

* CVE-2026-24880
* CVE-2026-25854
* CVE-2026-29129
* CVE-2026-29145
* CVE-2026-29146
* CVE-2026-32990
* CVE-2026-34483
* CVE-2026-34486
* CVE-2026-34487
* CVE-2026-34500

CVSS scores:

* CVE-2026-24880 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-24880 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-25854 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-25854 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-29129 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-29129 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-29145 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-29145 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-29146 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-29146 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34483 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-34483 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34486 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-34486 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34487 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-34487 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34500 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-34500 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 10 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the tomcat10-10.1.54-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* tomcat10 10.1.54-1.1
* tomcat10-admin-webapps 10.1.54-1.1
* tomcat10-doc 10.1.54-1.1
* tomcat10-docs-webapp 10.1.54-1.1
* tomcat10-el-5_0-api 10.1.54-1.1
* tomcat10-embed 10.1.54-1.1
* tomcat10-jsp-3_1-api 10.1.54-1.1
* tomcat10-jsvc 10.1.54-1.1
* tomcat10-lib 10.1.54-1.1
* tomcat10-servlet-6_0-api 10.1.54-1.1
* tomcat10-webapps 10.1.54-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-24880.html
* https://www.suse.com/security/cve/CVE-2026-25854.html
* https://www.suse.com/security/cve/CVE-2026-29129.html
* https://www.suse.com/security/cve/CVE-2026-29145.html
* https://www.suse.com/security/cve/CVE-2026-29146.html
* https://www.suse.com/security/cve/CVE-2026-32990.html
* https://www.suse.com/security/cve/CVE-2026-34483.html
* https://www.suse.com/security/cve/CVE-2026-34486.html
* https://www.suse.com/security/cve/CVE-2026-34487.html
* https://www.suse.com/security/cve/CVE-2026-34500.html

openSUSE-SU-2026:10547-1: moderate: tomcat-9.0.117-1.1 on GA media

# tomcat-9.0.117-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10547-1
Rating: moderate

Cross-References:

* CVE-2026-24880
* CVE-2026-25854
* CVE-2026-29129
* CVE-2026-29145
* CVE-2026-29146
* CVE-2026-32990
* CVE-2026-34483
* CVE-2026-34486
* CVE-2026-34487
* CVE-2026-34500

CVSS scores:

* CVE-2026-24880 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-24880 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-25854 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-25854 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-29129 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-29129 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-29145 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-29145 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-29146 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-29146 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34483 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-34483 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34486 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-34486 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34487 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-34487 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34500 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-34500 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 10 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the tomcat-9.0.117-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* tomcat 9.0.117-1.1
* tomcat-admin-webapps 9.0.117-1.1
* tomcat-docs-webapp 9.0.117-1.1
* tomcat-el-3_0-api 9.0.117-1.1
* tomcat-embed 9.0.117-1.1
* tomcat-javadoc 9.0.117-1.1
* tomcat-jsp-2_3-api 9.0.117-1.1
* tomcat-jsvc 9.0.117-1.1
* tomcat-lib 9.0.117-1.1
* tomcat-servlet-4_0-api 9.0.117-1.1
* tomcat-webapps 9.0.117-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-24880.html
* https://www.suse.com/security/cve/CVE-2026-25854.html
* https://www.suse.com/security/cve/CVE-2026-29129.html
* https://www.suse.com/security/cve/CVE-2026-29145.html
* https://www.suse.com/security/cve/CVE-2026-29146.html
* https://www.suse.com/security/cve/CVE-2026-32990.html
* https://www.suse.com/security/cve/CVE-2026-34483.html
* https://www.suse.com/security/cve/CVE-2026-34486.html
* https://www.suse.com/security/cve/CVE-2026-34487.html
* https://www.suse.com/security/cve/CVE-2026-34500.html

openSUSE-SU-2026:10546-1: moderate: python311-rfc3161-client-1.0.6-1.1 on GA media

# python311-rfc3161-client-1.0.6-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10546-1
Rating: moderate

Cross-References:

* CVE-2026-33753

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-rfc3161-client-1.0.6-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-rfc3161-client 1.0.6-1.1
* python313-rfc3161-client 1.0.6-1.1
* python314-rfc3161-client 1.0.6-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33753.html

openSUSE-SU-2026:10542-1: moderate: goshs-2.0.0-1.1 on GA media

# goshs-2.0.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10542-1
Rating: moderate

Cross-References:

* CVE-2026-35392
* CVE-2026-35393
* CVE-2026-35471
* CVE-2026-40188
* CVE-2026-40189

CVSS scores:

* CVE-2026-40188 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
* CVE-2026-40188 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
* CVE-2026-40189 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-40189 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 5 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the goshs-2.0.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* goshs 2.0.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-35392.html
* https://www.suse.com/security/cve/CVE-2026-35393.html
* https://www.suse.com/security/cve/CVE-2026-35471.html
* https://www.suse.com/security/cve/CVE-2026-40188.html
* https://www.suse.com/security/cve/CVE-2026-40189.html

openSUSE-SU-2026:10545-1: moderate: python311-aiohttp-3.13.5-3.1 on GA media

# python311-aiohttp-3.13.5-3.1 on GA media

Announcement ID: openSUSE-SU-2026:10545-1
Rating: moderate

Cross-References:

* CVE-2026-34516
* CVE-2026-34520

CVSS scores:

* CVE-2026-34516 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-34516 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-34520 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-34520 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the python311-aiohttp-3.13.5-3.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-aiohttp 3.13.5-3.1
* python313-aiohttp 3.13.5-3.1
* python314-aiohttp 3.13.5-3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-34516.html
* https://www.suse.com/security/cve/CVE-2026-34520.html

openSUSE-SU-2026:10544-1: moderate: log4j-2.20.0-2.1 on GA media

# log4j-2.20.0-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10544-1
Rating: moderate

Cross-References:

* CVE-2026-34477
* CVE-2026-34479
* CVE-2026-34480
* CVE-2026-34481

CVSS scores:

* CVE-2026-34477 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
* CVE-2026-34479 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-34480 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-34481 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the log4j-2.20.0-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* log4j 2.20.0-2.1
* log4j-bom 2.20.0-2.1
* log4j-javadoc 2.20.0-2.1
* log4j-jcl 2.20.0-2.1
* log4j-jmx-gui 2.20.0-2.1
* log4j-nosql 2.20.0-2.1
* log4j-slf4j 2.20.0-2.1
* log4j-taglib 2.20.0-2.1
* log4j-web 2.20.0-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-34477.html
* https://www.suse.com/security/cve/CVE-2026-34479.html
* https://www.suse.com/security/cve/CVE-2026-34480.html
* https://www.suse.com/security/cve/CVE-2026-34481.html

openSUSE-SU-2026:10540-1: moderate: Botan-3.11.1-1.1 on GA media

# Botan-3.11.1-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10540-1
Rating: moderate

Cross-References:

* CVE-2026-35580
* CVE-2026-35582

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the Botan-3.11.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* Botan 3.11.1-1.1
* Botan-doc 3.11.1-1.1
* libbotan-3-11 3.11.1-1.1
* libbotan-devel 3.11.1-1.1
* python3-botan 3.11.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-35580.html
* https://www.suse.com/security/cve/CVE-2026-35582.html

openSUSE-SU-2026:10543-1: moderate: kubo-0.40.1-1.1 on GA media

# kubo-0.40.1-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10543-1
Rating: moderate

Cross-References:

* CVE-2025-58181
* CVE-2025-58190
* CVE-2026-35480

CVSS scores:

* CVE-2025-58181 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58181 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58190 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58190 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-35480 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-35480 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the kubo-0.40.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* kubo 0.40.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-58181.html
* https://www.suse.com/security/cve/CVE-2025-58190.html
* https://www.suse.com/security/cve/CVE-2026-35480.html

openSUSE-SU-2026:10541-1: moderate: flatpak-1.16.6-1.1 on GA media

# flatpak-1.16.6-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10541-1
Rating: moderate

Cross-References:

* CVE-2026-34078
* CVE-2026-34079

CVSS scores:

* CVE-2026-34078 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-34078 ( SUSE ): 6.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
* CVE-2026-34079 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L
* CVE-2026-34079 ( SUSE ): 4.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the flatpak-1.16.6-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* flatpak 1.16.6-1.1
* flatpak-devel 1.16.6-1.1
* flatpak-remote-flathub 1.16.6-1.1
* flatpak-selinux 1.16.6-1.1
* flatpak-zsh-completion 1.16.6-1.1
* libflatpak0 1.16.6-1.1
* system-user-flatpak 1.16.6-1.1
* typelib-1_0-Flatpak-1_0 1.16.6-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-34078.html
* https://www.suse.com/security/cve/CVE-2026-34079.html

SUSE-SU-2026:1349-1: important: Security update for python311

# Security update for python311

Announcement ID: SUSE-SU-2026:1349-1
Release Date: 2026-04-15T13:36:10Z
Rating: important
References:

* bsc#1252974
* bsc#1254400
* bsc#1254401
* bsc#1254997
* bsc#1257029
* bsc#1257031
* bsc#1257042
* bsc#1257046
* bsc#1257181
* bsc#1259240
* bsc#1259611
* bsc#1259734
* bsc#1259735
* bsc#1259989
* bsc#1260026

Cross-References:

* CVE-2025-11468
* CVE-2025-12084
* CVE-2025-13462
* CVE-2025-13836
* CVE-2025-13837
* CVE-2025-15282
* CVE-2025-6075
* CVE-2026-0672
* CVE-2026-0865
* CVE-2026-1299
* CVE-2026-2297
* CVE-2026-3479
* CVE-2026-3644
* CVE-2026-4224
* CVE-2026-4519

CVSS scores:

* CVE-2025-11468 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-11468 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-11468 ( NVD ): 5.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-12084 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-12084 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-12084 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-12084 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-13462 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-13462 ( NVD ): 2.0
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13836 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13836 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-13836 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13836 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-13837 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13837 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-13837 ( NVD ): 2.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13837 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-15282 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-15282 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-15282 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-6075 ( SUSE ): 1.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-6075 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-6075 ( NVD ): 1.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-6075 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-0672 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-0672 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-0672 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-0865 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-0865 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-0865 ( NVD ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-1299 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
* CVE-2026-1299 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-2297 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-2297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-2297 ( NVD ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-3479 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-3479 ( NVD ): 0.0
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-3644 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-3644 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-4224 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4224 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-4519 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N
* CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N
* CVE-2026-4519 ( NVD ): 7.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves 15 vulnerabilities can now be installed.

## Description:

This update for python311 fixes the following issues:

* Updated to Python 3.11.15
* CVE-2025-6075: If the value passed to os.path.expandvars() is user-
controlled a performance degradation is possible when expanding environment
variables (bsc#1252974).
* CVE-2025-11468: header injection when folding a long comment in an email
header containing exclusively unfoldable characters (bsc#1257029).
* CVE-2025-12084: cpython: python: cpython: Quadratic algorithm in
xml.dom.minidom leads to denial of service (bsc#1254997).
* CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and
type AREGTYPE are combined (bsc#1259611).
* CVE-2025-13836: When reading an HTTP response from a server, if no read
amount is specified, the default behavior will be to use Content-Length
(bsc#1254400).
* CVE-2025-13837: When loading a plist file, the plistlib module reads data in
size specified by the file itself, meaning a malicious file can cause OOM
and DoS issues (bsc#1254401).
* CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers
(bsc#1257046).
* CVE-2026-0672: HTTP header injection via user-controlled cookie values and
parameters when using http.cookies.Morsel (bsc#1257031).
* CVE-2026-0865: user-controlled header containing newlines can allow
injecting HTTP headers (bsc#1257042).
* CVE-2026-1299: header injection when an email is serialized due to improper
newline quoting in `BytesGenerator` (bsc#1257181).
* CVE-2026-2297: cpython: incorrectly handled hook in FileLoader can lead to
validation bypass (bsc#1259240).
* CVE-2026-3479: python: improper resource argument validation can allow path
traversal (bsc#1259989).
* CVE-2026-3644: incomplete control character validation in http.cookies
(bsc#1259734).
* CVE-2026-4224: C stack overflow when parsing XML with deeply nested DTD
content models (bsc#1259735).
* CVE-2026-4519: leading dashes in URLs are accepted by the
`webbrowser.open()` API and allow for web browser command line option
injection (bsc#1260026).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1349=1 openSUSE-SLE-15.6-2026-1349=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1349=1

* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1349=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1349=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1349=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* python311-tk-debuginfo-3.11.15-150600.3.53.1
* python311-testsuite-3.11.15-150600.3.53.1
* python311-debugsource-3.11.15-150600.3.53.1
* python311-base-3.11.15-150600.3.53.1
* python311-curses-3.11.15-150600.3.53.1
* python311-tk-3.11.15-150600.3.53.1
* libpython3_11-1_0-3.11.15-150600.3.53.1
* python311-base-debuginfo-3.11.15-150600.3.53.1
* python311-core-debugsource-3.11.15-150600.3.53.1
* python311-testsuite-debuginfo-3.11.15-150600.3.53.1
* python311-doc-devhelp-3.11.15-150600.3.53.1
* python311-doc-3.11.15-150600.3.53.1
* python311-tools-3.11.15-150600.3.53.1
* python311-curses-debuginfo-3.11.15-150600.3.53.1
* python311-3.11.15-150600.3.53.1
* python311-debuginfo-3.11.15-150600.3.53.1
* python311-idle-3.11.15-150600.3.53.1
* python311-devel-3.11.15-150600.3.53.1
* libpython3_11-1_0-debuginfo-3.11.15-150600.3.53.1
* python311-dbm-debuginfo-3.11.15-150600.3.53.1
* python311-dbm-3.11.15-150600.3.53.1
* openSUSE Leap 15.6 (x86_64)
* libpython3_11-1_0-32bit-debuginfo-3.11.15-150600.3.53.1
* python311-32bit-debuginfo-3.11.15-150600.3.53.1
* python311-32bit-3.11.15-150600.3.53.1
* python311-base-32bit-3.11.15-150600.3.53.1
* python311-base-32bit-debuginfo-3.11.15-150600.3.53.1
* libpython3_11-1_0-32bit-3.11.15-150600.3.53.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* python311-base-64bit-3.11.15-150600.3.53.1
* python311-64bit-3.11.15-150600.3.53.1
* python311-64bit-debuginfo-3.11.15-150600.3.53.1
* libpython3_11-1_0-64bit-3.11.15-150600.3.53.1
* libpython3_11-1_0-64bit-debuginfo-3.11.15-150600.3.53.1
* python311-base-64bit-debuginfo-3.11.15-150600.3.53.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libpython3_11-1_0-debuginfo-3.11.15-150600.3.53.1
* libpython3_11-1_0-3.11.15-150600.3.53.1
* python311-base-3.11.15-150600.3.53.1
* python311-base-debuginfo-3.11.15-150600.3.53.1
* python311-core-debugsource-3.11.15-150600.3.53.1
* Python 3 Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* python311-tk-debuginfo-3.11.15-150600.3.53.1
* python311-3.11.15-150600.3.53.1
* python311-debuginfo-3.11.15-150600.3.53.1
* python311-core-debugsource-3.11.15-150600.3.53.1
* python311-idle-3.11.15-150600.3.53.1
* python311-tk-3.11.15-150600.3.53.1
* python311-tools-3.11.15-150600.3.53.1
* python311-devel-3.11.15-150600.3.53.1
* python311-debugsource-3.11.15-150600.3.53.1
* python311-curses-3.11.15-150600.3.53.1
* python311-dbm-debuginfo-3.11.15-150600.3.53.1
* python311-dbm-3.11.15-150600.3.53.1
* python311-curses-debuginfo-3.11.15-150600.3.53.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* python311-tk-debuginfo-3.11.15-150600.3.53.1
* python311-3.11.15-150600.3.53.1
* python311-dbm-debuginfo-3.11.15-150600.3.53.1
* python311-debuginfo-3.11.15-150600.3.53.1
* python311-idle-3.11.15-150600.3.53.1
* python311-tk-3.11.15-150600.3.53.1
* python311-tools-3.11.15-150600.3.53.1
* python311-devel-3.11.15-150600.3.53.1
* libpython3_11-1_0-debuginfo-3.11.15-150600.3.53.1
* libpython3_11-1_0-3.11.15-150600.3.53.1
* python311-dbm-3.11.15-150600.3.53.1
* python311-debugsource-3.11.15-150600.3.53.1
* python311-base-3.11.15-150600.3.53.1
* python311-curses-3.11.15-150600.3.53.1
* python311-base-debuginfo-3.11.15-150600.3.53.1
* python311-core-debugsource-3.11.15-150600.3.53.1
* python311-curses-debuginfo-3.11.15-150600.3.53.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* python311-tk-debuginfo-3.11.15-150600.3.53.1
* python311-3.11.15-150600.3.53.1
* python311-dbm-debuginfo-3.11.15-150600.3.53.1
* python311-debuginfo-3.11.15-150600.3.53.1
* python311-idle-3.11.15-150600.3.53.1
* python311-tk-3.11.15-150600.3.53.1
* python311-tools-3.11.15-150600.3.53.1
* python311-devel-3.11.15-150600.3.53.1
* libpython3_11-1_0-debuginfo-3.11.15-150600.3.53.1
* libpython3_11-1_0-3.11.15-150600.3.53.1
* python311-dbm-3.11.15-150600.3.53.1
* python311-debugsource-3.11.15-150600.3.53.1
* python311-base-3.11.15-150600.3.53.1
* python311-curses-3.11.15-150600.3.53.1
* python311-base-debuginfo-3.11.15-150600.3.53.1
* python311-core-debugsource-3.11.15-150600.3.53.1
* python311-curses-debuginfo-3.11.15-150600.3.53.1

## References:

* https://www.suse.com/security/cve/CVE-2025-11468.html
* https://www.suse.com/security/cve/CVE-2025-12084.html
* https://www.suse.com/security/cve/CVE-2025-13462.html
* https://www.suse.com/security/cve/CVE-2025-13836.html
* https://www.suse.com/security/cve/CVE-2025-13837.html
* https://www.suse.com/security/cve/CVE-2025-15282.html
* https://www.suse.com/security/cve/CVE-2025-6075.html
* https://www.suse.com/security/cve/CVE-2026-0672.html
* https://www.suse.com/security/cve/CVE-2026-0865.html
* https://www.suse.com/security/cve/CVE-2026-1299.html
* https://www.suse.com/security/cve/CVE-2026-2297.html
* https://www.suse.com/security/cve/CVE-2026-3479.html
* https://www.suse.com/security/cve/CVE-2026-3644.html
* https://www.suse.com/security/cve/CVE-2026-4224.html
* https://www.suse.com/security/cve/CVE-2026-4519.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252974
* https://bugzilla.suse.com/show_bug.cgi?id=1254400
* https://bugzilla.suse.com/show_bug.cgi?id=1254401
* https://bugzilla.suse.com/show_bug.cgi?id=1254997
* https://bugzilla.suse.com/show_bug.cgi?id=1257029
* https://bugzilla.suse.com/show_bug.cgi?id=1257031
* https://bugzilla.suse.com/show_bug.cgi?id=1257042
* https://bugzilla.suse.com/show_bug.cgi?id=1257046
* https://bugzilla.suse.com/show_bug.cgi?id=1257181
* https://bugzilla.suse.com/show_bug.cgi?id=1259240
* https://bugzilla.suse.com/show_bug.cgi?id=1259611
* https://bugzilla.suse.com/show_bug.cgi?id=1259734
* https://bugzilla.suse.com/show_bug.cgi?id=1259735
* https://bugzilla.suse.com/show_bug.cgi?id=1259989
* https://bugzilla.suse.com/show_bug.cgi?id=1260026

SUSE-SU-2026:1353-1: important: Security update for netty, netty-tcnative

# Security update for netty, netty-tcnative

Announcement ID: SUSE-SU-2026:1353-1
Release Date: 2026-04-15T13:37:31Z
Rating: important
References:

* bsc#1261031
* bsc#1261043

Cross-References:

* CVE-2026-33870
* CVE-2026-33871

CVSS scores:

* CVE-2026-33870 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-33870 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-33870 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-33871 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33871 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33871 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-33871 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves two vulnerabilities can now be installed.

## Description:

This update for netty, netty-tcnative fixes the following issues:

Upidate to 4.1.132:

* CVE-2026-33870: incorrectly parses quoted strings in HTTP/1.1 can lead to
request smuggling (bsc#1261031).
* CVE-2026-33871: sending a flood of CONTINUATION frames can lead to a denial
of service (bsc#1261043).

Changelog:

* Upgrade to upstream version 4.1.132
* Fixes:
* Fix Incorrect nanos-to-millis conversion in epoll_wait EINTR retry loop
* Make RefCntOpenSslContext.deallocate more robust
* HTTP2: Correctly account for padding when decompress
* Fix high-order bit aliasing in HttpUtil.validateToken
* fix: the precedence of + is higher than >>
* AdaptiveByteBufAllocator: make sure byteBuf.capacity() not greater than
byteBuf.maxCapacity()
* AdaptivePoolingAllocator: call unreserveMatchingBuddy(...) if byteBuf
initialization failed
* Don't assume CertificateFactory is thread-safe
* Fix HttpObjectAggregator leaving connection stuck after 413 with
AUTO_READ=false
* HTTP2: Ensure preface is flushed in all cases
* Fix UnsupportedOperationException in readTrailingHeaders
* Fix client_max_window_bits parameter handling in permessage-deflate
extension
* Native transports: Fix possible fd leak when fcntl fails.
* Kqueue: Fix undefined behaviour when GetStringUTFChars fails and
SO_ACCEPTFILTER is supported
* Kqueue: Possible overflow when using
netty_kqueue_bsdsocket_setAcceptFilter(...)
* Native transports: Fix undefined behaviour when GetStringUTFChars fails
while open FD
* Epoll: Add null checks for safety reasons
* Epoll: Use correct value to initialize mmsghdr.msg_namelen
* Epoll: Fix support for IP_RECVORIGDSTADDR
* AdaptivePoolingAllocator: remove ensureAccessible() call in capacity(int)
method
* Epoll: setTcpMg5Sig(...) might overflow
* JdkZlibDecoder: accumulate decompressed output before firing channelRead
* Limit the number of Continuation frames per HTTP2 Headers (bsc#1261043,
CVE-2026-33871)
* Stricter HTTP/1.1 chunk extension parsing (bsc#1261031, CVE-2026-33870)
* rediff
* Upgrade to upstream version 4.1.131
* NioDatagramChannel.block(...) does not early return on failure
* Support for AWS Libcrypto (AWS-LC) netty-tcnative build
* codec-dns: Decompress MX RDATA exchange domain names during DNS record
decoding
* Buddy allocation for large buffers in adaptive allocator
* SslHandler: Only resume on EventLoop if EventLoop is not shutting down
already
* Wrap ECONNREFUSED in PortUnreachableException for UDP
* Bump com.ning:compress-lzf (4.1)
* Fix adaptive allocator bug from not noticing failed allocation
* Avoid loosing original read exception
* Backport multiple adaptive allocator changes
* Upgrade to version 4.1.130
* Upgrade to version 2.0.75 Final
* No formal changelog present
* Needed by netty >= 4.2.11

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1353=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1353=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1353=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* netty-tcnative-2.0.75-150200.3.36.1
* netty-4.1.132-150200.4.43.1
* openSUSE Leap 15.6 (noarch)
* netty-tcnative-javadoc-2.0.75-150200.3.36.1
* netty-javadoc-4.1.132-150200.4.43.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* netty-tcnative-2.0.75-150200.3.36.1
* netty-tcnative-debugsource-2.0.75-150200.3.36.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* netty-4.1.132-150200.4.43.1
* SUSE Package Hub 15 15-SP7 (noarch)
* netty-javadoc-4.1.132-150200.4.43.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33870.html
* https://www.suse.com/security/cve/CVE-2026-33871.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261031
* https://bugzilla.suse.com/show_bug.cgi?id=1261043

SUSE-SU-2026:1350-1: important: Security update for nghttp2

# Security update for nghttp2

Announcement ID: SUSE-SU-2026:1350-1
Release Date: 2026-04-15T13:36:32Z
Rating: important
References:

* bsc#1259845

Cross-References:

* CVE-2026-27135

CVSS scores:

* CVE-2026-27135 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-27135 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-27135 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for nghttp2 fixes the following issue:

* CVE-2026-27135: assertion failure due to missing state validation can lead
to DoS (bsc#1259845).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1350=1 openSUSE-SLE-15.6-2026-1350=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1350=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1350=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1350=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libnghttp2-devel-1.40.0-150600.25.5.1
* libnghttp2_asio-devel-1.40.0-150600.25.5.1
* libnghttp2_asio1-1.40.0-150600.25.5.1
* nghttp2-debuginfo-1.40.0-150600.25.5.1
* python3-nghttp2-1.40.0-150600.25.5.1
* nghttp2-python-debugsource-1.40.0-150600.25.5.1
* libnghttp2-14-debuginfo-1.40.0-150600.25.5.1
* nghttp2-debugsource-1.40.0-150600.25.5.1
* python3-nghttp2-debuginfo-1.40.0-150600.25.5.1
* libnghttp2-14-1.40.0-150600.25.5.1
* libnghttp2_asio1-debuginfo-1.40.0-150600.25.5.1
* nghttp2-1.40.0-150600.25.5.1
* openSUSE Leap 15.6 (x86_64)
* libnghttp2-14-32bit-1.40.0-150600.25.5.1
* libnghttp2_asio1-32bit-1.40.0-150600.25.5.1
* libnghttp2-14-32bit-debuginfo-1.40.0-150600.25.5.1
* libnghttp2_asio1-32bit-debuginfo-1.40.0-150600.25.5.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libnghttp2-14-64bit-1.40.0-150600.25.5.1
* libnghttp2-14-64bit-debuginfo-1.40.0-150600.25.5.1
* libnghttp2_asio1-64bit-debuginfo-1.40.0-150600.25.5.1
* libnghttp2_asio1-64bit-1.40.0-150600.25.5.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libnghttp2_asio-devel-1.40.0-150600.25.5.1
* nghttp2-debuginfo-1.40.0-150600.25.5.1
* libnghttp2_asio1-1.40.0-150600.25.5.1
* nghttp2-debugsource-1.40.0-150600.25.5.1
* libnghttp2_asio1-debuginfo-1.40.0-150600.25.5.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libnghttp2-devel-1.40.0-150600.25.5.1
* libnghttp2_asio-devel-1.40.0-150600.25.5.1
* libnghttp2_asio1-1.40.0-150600.25.5.1
* nghttp2-debuginfo-1.40.0-150600.25.5.1
* libnghttp2-14-debuginfo-1.40.0-150600.25.5.1
* nghttp2-debugsource-1.40.0-150600.25.5.1
* libnghttp2-14-1.40.0-150600.25.5.1
* libnghttp2_asio1-debuginfo-1.40.0-150600.25.5.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64)
* libnghttp2-14-32bit-1.40.0-150600.25.5.1
* libnghttp2-14-32bit-debuginfo-1.40.0-150600.25.5.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libnghttp2-devel-1.40.0-150600.25.5.1
* libnghttp2_asio-devel-1.40.0-150600.25.5.1
* libnghttp2_asio1-1.40.0-150600.25.5.1
* nghttp2-debuginfo-1.40.0-150600.25.5.1
* libnghttp2-14-debuginfo-1.40.0-150600.25.5.1
* nghttp2-debugsource-1.40.0-150600.25.5.1
* libnghttp2-14-1.40.0-150600.25.5.1
* libnghttp2_asio1-debuginfo-1.40.0-150600.25.5.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64)
* libnghttp2-14-32bit-1.40.0-150600.25.5.1
* libnghttp2-14-32bit-debuginfo-1.40.0-150600.25.5.1

## References:

* https://www.suse.com/security/cve/CVE-2026-27135.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259845

SUSE-SU-2026:1356-1: moderate: Security update for nfs-utils

# Security update for nfs-utils

Announcement ID: SUSE-SU-2026:1356-1
Release Date: 2026-04-15T13:43:53Z
Rating: moderate
References:

* bsc#1246505
* bsc#1259204

Cross-References:

* CVE-2025-12801

CVSS scores:

* CVE-2025-12801 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-12801 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-12801 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for nfs-utils fixes the following issue:

Security fixes:

* CVE-2025-12801: rpc.mountd allows a NFSv3 client to escalate their
privileges and access subdirectories and subtrees of an exported directory
(bsc#1259204).

Other fixes:

* Split from nfs-utils into its own spec and changelog file (bsc#1246505).
* Split legacy libnfsidmap0 into a separate spec file (bsc#1246505).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1356=1 openSUSE-SLE-15.6-2026-1356=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1356=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1356=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1356=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* nfs-kernel-server-debuginfo-2.6.4-150600.28.19.1
* libnfsidmap0-0.26-150600.28.19.1
* nfs-doc-2.6.4-150600.28.19.1
* nfs-client-2.6.4-150600.28.19.1
* nfs-kernel-server-2.6.4-150600.28.19.1
* nfs-utils-debugsource-2.6.4-150600.28.19.1
* libnfsidmap0-debugsource-0.26-150600.28.19.1
* libnfsidmap1-1.0-150600.28.19.1
* nfs-utils-debuginfo-2.6.4-150600.28.19.1
* nfsidmap-devel-1.0-150600.28.19.1
* nfsidmap0-devel-0.26-150600.28.19.1
* libnfsidmap0-debuginfo-0.26-150600.28.19.1
* nfs-client-debuginfo-2.6.4-150600.28.19.1
* libnfsidmap1-debuginfo-1.0-150600.28.19.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* nfs-kernel-server-debuginfo-2.6.4-150600.28.19.1
* libnfsidmap0-0.26-150600.28.19.1
* nfs-doc-2.6.4-150600.28.19.1
* nfs-client-2.6.4-150600.28.19.1
* nfs-kernel-server-2.6.4-150600.28.19.1
* nfs-utils-debugsource-2.6.4-150600.28.19.1
* libnfsidmap1-1.0-150600.28.19.1
* nfs-utils-debuginfo-2.6.4-150600.28.19.1
* nfsidmap-devel-1.0-150600.28.19.1
* nfsidmap0-devel-0.26-150600.28.19.1
* libnfsidmap0-debuginfo-0.26-150600.28.19.1
* nfs-client-debuginfo-2.6.4-150600.28.19.1
* libnfsidmap1-debuginfo-1.0-150600.28.19.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* nfs-kernel-server-debuginfo-2.6.4-150600.28.19.1
* libnfsidmap0-0.26-150600.28.19.1
* nfs-doc-2.6.4-150600.28.19.1
* nfs-client-2.6.4-150600.28.19.1
* nfs-kernel-server-2.6.4-150600.28.19.1
* nfs-utils-debugsource-2.6.4-150600.28.19.1
* libnfsidmap1-1.0-150600.28.19.1
* nfs-utils-debuginfo-2.6.4-150600.28.19.1
* nfsidmap-devel-1.0-150600.28.19.1
* nfsidmap0-devel-0.26-150600.28.19.1
* nfs-client-debuginfo-2.6.4-150600.28.19.1
* libnfsidmap1-debuginfo-1.0-150600.28.19.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* nfs-kernel-server-debuginfo-2.6.4-150600.28.19.1
* libnfsidmap0-0.26-150600.28.19.1
* nfs-doc-2.6.4-150600.28.19.1
* nfs-client-2.6.4-150600.28.19.1
* nfs-kernel-server-2.6.4-150600.28.19.1
* nfs-utils-debugsource-2.6.4-150600.28.19.1
* libnfsidmap1-1.0-150600.28.19.1
* nfs-utils-debuginfo-2.6.4-150600.28.19.1
* nfsidmap-devel-1.0-150600.28.19.1
* nfsidmap0-devel-0.26-150600.28.19.1
* nfs-client-debuginfo-2.6.4-150600.28.19.1
* libnfsidmap1-debuginfo-1.0-150600.28.19.1

## References:

* https://www.suse.com/security/cve/CVE-2025-12801.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246505
* https://bugzilla.suse.com/show_bug.cgi?id=1259204

SUSE-SU-2026:1363-1: important: Security update for nodejs20

# Security update for nodejs20

Announcement ID: SUSE-SU-2026:1363-1
Release Date: 2026-04-15T14:16:21Z
Rating: important
References:

* bsc#1256576
* bsc#1260455
* bsc#1260462
* bsc#1260463
* bsc#1260480
* bsc#1260482
* bsc#1260494

Cross-References:

* CVE-2026-21637
* CVE-2026-21710
* CVE-2026-21713
* CVE-2026-21714
* CVE-2026-21715
* CVE-2026-21716
* CVE-2026-21717

CVSS scores:

* CVE-2026-21637 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21710 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21710 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21713 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-21713 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-21713 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-21714 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-21714 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21714 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-21715 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-21715 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-21715 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-21716 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-21716 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-21716 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-21717 ( SUSE ): 7.2
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-21717 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-21717 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for nodejs20 fixes the following issues:

Update to version 20.20.2.

* CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's
string hashing mechanism allows for performance degradation via a crafted
request (bsc#1260494).
* CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based
FileHandle methods to be used to modify file permissions and ownership on
already-open file descriptors (bsc#1260462).
* CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows
for file existence disclosure and filesystem path enumeration via
`fs.realpathSync.native()` (bsc#1260482).
* CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource
exhaustion via `WINDOW_UPDATE` frames sent on stream 0 (bsc#1260480).
* CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification
allows for discovery of HMAC values and potential MAC forgery (bsc#1260463).
* CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for
a process crash via requests with a header named `__proto__` when the
application accesses `req.headersDistinct` (bsc#1260455).
* CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion
and crash when `pskCallback` or `ALPNCallback` are in use (bsc#1256576).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1363=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1363=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1363=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* nodejs20-20.20.2-150600.3.18.1
* nodejs20-debugsource-20.20.2-150600.3.18.1
* npm20-20.20.2-150600.3.18.1
* nodejs20-debuginfo-20.20.2-150600.3.18.1
* nodejs20-devel-20.20.2-150600.3.18.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* nodejs20-docs-20.20.2-150600.3.18.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* nodejs20-20.20.2-150600.3.18.1
* nodejs20-debugsource-20.20.2-150600.3.18.1
* npm20-20.20.2-150600.3.18.1
* nodejs20-debuginfo-20.20.2-150600.3.18.1
* nodejs20-devel-20.20.2-150600.3.18.1
* corepack20-20.20.2-150600.3.18.1
* openSUSE Leap 15.6 (noarch)
* nodejs20-docs-20.20.2-150600.3.18.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* nodejs20-20.20.2-150600.3.18.1
* nodejs20-debugsource-20.20.2-150600.3.18.1
* npm20-20.20.2-150600.3.18.1
* nodejs20-debuginfo-20.20.2-150600.3.18.1
* nodejs20-devel-20.20.2-150600.3.18.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* nodejs20-docs-20.20.2-150600.3.18.1

## References:

* https://www.suse.com/security/cve/CVE-2026-21637.html
* https://www.suse.com/security/cve/CVE-2026-21710.html
* https://www.suse.com/security/cve/CVE-2026-21713.html
* https://www.suse.com/security/cve/CVE-2026-21714.html
* https://www.suse.com/security/cve/CVE-2026-21715.html
* https://www.suse.com/security/cve/CVE-2026-21716.html
* https://www.suse.com/security/cve/CVE-2026-21717.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256576
* https://bugzilla.suse.com/show_bug.cgi?id=1260455
* https://bugzilla.suse.com/show_bug.cgi?id=1260462
* https://bugzilla.suse.com/show_bug.cgi?id=1260463
* https://bugzilla.suse.com/show_bug.cgi?id=1260480
* https://bugzilla.suse.com/show_bug.cgi?id=1260482
* https://bugzilla.suse.com/show_bug.cgi?id=1260494

SUSE-SU-2026:1364-1: important: Security update for webkit2gtk3

# Security update for webkit2gtk3

Announcement ID: SUSE-SU-2026:1364-1
Release Date: 2026-04-15T14:28:23Z
Rating: important
References:

* bsc#1259934
* bsc#1259935
* bsc#1259936
* bsc#1259937
* bsc#1259938
* bsc#1259939
* bsc#1259940
* bsc#1259941
* bsc#1259942
* bsc#1259943
* bsc#1259944
* bsc#1259945
* bsc#1259946
* bsc#1259947
* bsc#1259948
* bsc#1259949
* bsc#1259950
* bsc#1261172
* bsc#1261173
* bsc#1261174
* bsc#1261175
* bsc#1261176
* bsc#1261177
* bsc#1261178
* bsc#1261179

Cross-References:

* CVE-2023-43010
* CVE-2025-31223
* CVE-2025-31277
* CVE-2025-43213
* CVE-2025-43214
* CVE-2025-43433
* CVE-2025-43438
* CVE-2025-43441
* CVE-2025-43457
* CVE-2025-43511
* CVE-2025-46299
* CVE-2026-20608
* CVE-2026-20635
* CVE-2026-20636
* CVE-2026-20643
* CVE-2026-20644
* CVE-2026-20652
* CVE-2026-20664
* CVE-2026-20665
* CVE-2026-20676
* CVE-2026-20691
* CVE-2026-28857
* CVE-2026-28859
* CVE-2026-28861
* CVE-2026-28871

CVSS scores:

* CVE-2023-43010 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-43010 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-43010 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-31223 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-31223 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-31223 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-31277 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-31277 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-31277 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-43213 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-43213 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-43214 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-43214 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-43214 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-43433 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-43433 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-43433 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-43438 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-43438 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-43438 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-43441 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-43441 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-43441 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-43457 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-43457 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-43457 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-43511 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-43511 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-43511 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-46299 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-46299 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2025-46299 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-20608 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-20608 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-20608 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-20635 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-20635 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-20635 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-20636 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-20636 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-20636 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-20643 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-20643 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-20644 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-20644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-20644 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-20652 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-20652 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20652 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20652 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20664 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-20664 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-20665 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
* CVE-2026-20665 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-20676 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-20676 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-20676 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-20676 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-20691 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-20691 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-28857 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-28857 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-28859 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-28859 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-28861 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
* CVE-2026-28861 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-28871 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-28871 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected Products:

* Basesystem Module 15-SP7
* Desktop Applications Module 15-SP7
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves 25 vulnerabilities can now be installed.

## Description:

This update for webkit2gtk3 fixes the following issues:

Update to version 2.52.1.

Security issues fixed:

* CVE-2023-43010: processing maliciously crafted web content may lead to
memory corruption (bsc#1259950).
* CVE-2025-31223: processing maliciously crafted web content may lead to
memory corruption (bsc#1259949).
* CVE-2025-31277: processing maliciously crafted web content may lead to
memory corruption (bsc#1259948).
* CVE-2025-43213: processing maliciously crafted web content may lead to an
unexpected crash (bsc#1259947).
* CVE-2025-43214: processing maliciously crafted web content may lead to an
unexpected crash (bsc#1259946).
* CVE-2025-43433: processing maliciously crafted web content may lead to
memory corruption (bsc#1259945).
* CVE-2025-43438: processing maliciously crafted web content may lead to an
unexpected crash (bsc#1259944).
* CVE-2025-43441: processing maliciously crafted web content may lead to an
unexpected process crash (bsc#1259943).
* CVE-2025-43457: processing maliciously crafted web content may lead to an
unexpected crash (bsc#1259942).
* CVE-2025-43511: processing maliciously crafted web content may lead to an
unexpected process crash (bsc#1259941).
* CVE-2025-46299: processing maliciously crafted web content may disclose
internal states of an app (bsc#1259940).
* CVE-2026-20608: processing maliciously crafted web content may lead to an
unexpected process crash (bsc#1259939).
* CVE-2026-20635: processing maliciously crafted web content may lead to an
unexpected process crash (bsc#1259938).
* CVE-2026-20636: processing maliciously crafted web content may lead to an
unexpected process crash (bsc#1259937).
* CVE-2026-20643: processing maliciously crafted web content may bypass Same
Origin Policy (bsc#1261172).
* CVE-2026-20644: processing maliciously crafted web content may lead to an
unexpected process crash (bsc#1259936).
* CVE-2026-20652: a remote attacker may be able to cause a denial-of-service
(bsc#1259935).
* CVE-2026-20664: processing maliciously crafted web content may lead to an
unexpected process crash (bsc#1261173).
* CVE-2026-20665: processing maliciously crafted web content may prevent
Content Security Policy from being enforced (bsc#1261174).
* CVE-2026-20676: a website may be able to track users through web extensions
(bsc#1259934).
* CVE-2026-20691: a maliciously crafted webpage may be able to fingerprint the
user (bsc#1261175).
* CVE-2026-28857: processing maliciously crafted web content may lead to an
unexpected process crash (bsc#1261176).
* CVE-2026-28859: a malicious website may be able to process restricted web
content outside the sandbox (bsc#1261177).
* CVE-2026-28861: a malicious website may be able to access script message
handlers intended for other origins (bsc#1261178).
* CVE-2026-28871: visiting a maliciously crafted website may lead to a cross-
site scripting attack (bsc#1261179).

Other updates and bugfixes:

* Make scrolling with touch input smoother for small movements.
* Fix estimated load progress of downloads when Content-Length value is wrong.
* Ensure that "scrollend" events are correctly emitted after scroll
animations.
* Reduce the amount of useless MPRIS notifications produced by MediaSession
when the information about media being played is incomplete.
* Support turning off USE_GSTREAMER to configure the build with all multimedia
features disabled.
* Add Sysprof marks for mouse events.
* Fix MediaSession icon for iheart.com not being displayed.
* Fix the build with USE_GSTREAMER_GL disabled.
* Fix the build with librice version 0.3.0 or newer.
* Fix several crashes and rendering issues.
* Translation updates: Georgian.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1364=1 openSUSE-SLE-15.6-2026-1364=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1364=1

* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1364=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1364=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1364=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1364=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* WebKitGTK-4.0-lang-2.52.1-150600.12.63.1
* WebKitGTK-6.0-lang-2.52.1-150600.12.63.1
* WebKitGTK-4.1-lang-2.52.1-150600.12.63.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* webkit2gtk-4_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1
* webkit2gtk4-minibrowser-debuginfo-2.52.1-150600.12.63.1
* libwebkit2gtk-4_0-37-debuginfo-2.52.1-150600.12.63.1
* webkit-jsc-6.0-debuginfo-2.52.1-150600.12.63.1
* libwebkitgtk-6_0-4-2.52.1-150600.12.63.1
* webkit2gtk3-soup2-minibrowser-2.52.1-150600.12.63.1
* webkit2gtk4-devel-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_1-0-2.52.1-150600.12.63.1
* libjavascriptcoregtk-6_0-1-2.52.1-150600.12.63.1
* webkit2gtk-4_1-injected-bundles-2.52.1-150600.12.63.1
* webkit2gtk-4_0-injected-bundles-2.52.1-150600.12.63.1
* webkit2gtk3-soup2-devel-2.52.1-150600.12.63.1
* webkit2gtk4-debugsource-2.52.1-150600.12.63.1
* webkit-jsc-4-2.52.1-150600.12.63.1
* webkit-jsc-6.0-2.52.1-150600.12.63.1
* webkit2gtk3-soup2-minibrowser-debuginfo-2.52.1-150600.12.63.1
* libwebkit2gtk-4_0-37-2.52.1-150600.12.63.1
* webkit2gtk3-soup2-debugsource-2.52.1-150600.12.63.1
* webkit2gtk3-devel-2.52.1-150600.12.63.1
* webkit2gtk4-minibrowser-2.52.1-150600.12.63.1
* webkit-jsc-4.1-debuginfo-2.52.1-150600.12.63.1
* typelib-1_0-WebKit2-4_1-2.52.1-150600.12.63.1
* libwebkit2gtk-4_1-0-debuginfo-2.52.1-150600.12.63.1
* webkit-jsc-4-debuginfo-2.52.1-150600.12.63.1
* typelib-1_0-WebKit-6_0-2.52.1-150600.12.63.1
* typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-150600.12.63.1
* webkit-jsc-4.1-2.52.1-150600.12.63.1
* typelib-1_0-JavaScriptCore-6_0-2.52.1-150600.12.63.1
* webkitgtk-6_0-injected-bundles-2.52.1-150600.12.63.1
* typelib-1_0-WebKit2WebExtension-4_1-2.52.1-150600.12.63.1
* webkit2gtk3-minibrowser-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.52.1-150600.12.63.1
* typelib-1_0-WebKit2WebExtension-4_0-2.52.1-150600.12.63.1
* typelib-1_0-WebKit2-4_0-2.52.1-150600.12.63.1
* typelib-1_0-JavaScriptCore-4_1-2.52.1-150600.12.63.1
* libwebkitgtk-6_0-4-debuginfo-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_0-18-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.52.1-150600.12.63.1
* typelib-1_0-JavaScriptCore-4_0-2.52.1-150600.12.63.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.52.1-150600.12.63.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.52.1-150600.12.63.1
* webkitgtk-6_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1
* libwebkit2gtk-4_1-0-2.52.1-150600.12.63.1
* webkit2gtk3-debugsource-2.52.1-150600.12.63.1
* webkit2gtk3-minibrowser-debuginfo-2.52.1-150600.12.63.1
* openSUSE Leap 15.6 (x86_64)
* libwebkit2gtk-4_1-0-32bit-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_0-18-32bit-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_1-0-32bit-2.52.1-150600.12.63.1
* libwebkit2gtk-4_0-37-32bit-2.52.1-150600.12.63.1
* libwebkit2gtk-4_1-0-32bit-debuginfo-2.52.1-150600.12.63.1
* libwebkit2gtk-4_0-37-32bit-debuginfo-2.52.1-150600.12.63.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libwebkit2gtk-4_0-37-64bit-2.52.1-150600.12.63.1
* libwebkit2gtk-4_0-37-64bit-debuginfo-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_0-18-64bit-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.52.1-150600.12.63.1
* libwebkit2gtk-4_1-0-64bit-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_1-0-64bit-2.52.1-150600.12.63.1
* libwebkit2gtk-4_1-0-64bit-debuginfo-2.52.1-150600.12.63.1
* Basesystem Module 15-SP7 (noarch)
* WebKitGTK-4.0-lang-2.52.1-150600.12.63.1
* WebKitGTK-6.0-lang-2.52.1-150600.12.63.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* webkit2gtk3-soup2-devel-2.52.1-150600.12.63.1
* libwebkitgtk-6_0-4-debuginfo-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_0-18-2.52.1-150600.12.63.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1
* libwebkit2gtk-4_0-37-debuginfo-2.52.1-150600.12.63.1
* webkit2gtk4-debugsource-2.52.1-150600.12.63.1
* typelib-1_0-JavaScriptCore-4_0-2.52.1-150600.12.63.1
* webkitgtk-6_0-injected-bundles-2.52.1-150600.12.63.1
* libwebkitgtk-6_0-4-2.52.1-150600.12.63.1
* libwebkit2gtk-4_0-37-2.52.1-150600.12.63.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.52.1-150600.12.63.1
* webkit2gtk3-soup2-debugsource-2.52.1-150600.12.63.1
* webkitgtk-6_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1
* libjavascriptcoregtk-6_0-1-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.52.1-150600.12.63.1
* webkit2gtk-4_0-injected-bundles-2.52.1-150600.12.63.1
* typelib-1_0-WebKit2WebExtension-4_0-2.52.1-150600.12.63.1
* typelib-1_0-WebKit2-4_0-2.52.1-150600.12.63.1
* Desktop Applications Module 15-SP7 (noarch)
* WebKitGTK-4.1-lang-2.52.1-150600.12.63.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* typelib-1_0-JavaScriptCore-4_1-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.52.1-150600.12.63.1
* typelib-1_0-WebKit2WebExtension-4_1-2.52.1-150600.12.63.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_1-0-2.52.1-150600.12.63.1
* libwebkit2gtk-4_1-0-2.52.1-150600.12.63.1
* webkit2gtk3-debugsource-2.52.1-150600.12.63.1
* webkit2gtk3-devel-2.52.1-150600.12.63.1
* typelib-1_0-WebKit2-4_1-2.52.1-150600.12.63.1
* webkit2gtk-4_1-injected-bundles-2.52.1-150600.12.63.1
* libwebkit2gtk-4_1-0-debuginfo-2.52.1-150600.12.63.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* typelib-1_0-WebKit-6_0-2.52.1-150600.12.63.1
* webkit2gtk4-debugsource-2.52.1-150600.12.63.1
* typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-150600.12.63.1
* typelib-1_0-JavaScriptCore-6_0-2.52.1-150600.12.63.1
* webkit2gtk4-devel-2.52.1-150600.12.63.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* WebKitGTK-4.0-lang-2.52.1-150600.12.63.1
* WebKitGTK-6.0-lang-2.52.1-150600.12.63.1
* WebKitGTK-4.1-lang-2.52.1-150600.12.63.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* webkit2gtk-4_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1
* libwebkit2gtk-4_0-37-debuginfo-2.52.1-150600.12.63.1
* libwebkitgtk-6_0-4-2.52.1-150600.12.63.1
* webkit2gtk4-devel-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_1-0-2.52.1-150600.12.63.1
* libjavascriptcoregtk-6_0-1-2.52.1-150600.12.63.1
* webkit2gtk-4_0-injected-bundles-2.52.1-150600.12.63.1
* webkit2gtk-4_1-injected-bundles-2.52.1-150600.12.63.1
* webkit2gtk3-soup2-devel-2.52.1-150600.12.63.1
* webkit2gtk4-debugsource-2.52.1-150600.12.63.1
* libwebkit2gtk-4_0-37-2.52.1-150600.12.63.1
* webkit2gtk3-soup2-debugsource-2.52.1-150600.12.63.1
* webkit2gtk3-devel-2.52.1-150600.12.63.1
* typelib-1_0-WebKit2-4_1-2.52.1-150600.12.63.1
* libwebkit2gtk-4_1-0-debuginfo-2.52.1-150600.12.63.1
* typelib-1_0-WebKit-6_0-2.52.1-150600.12.63.1
* typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-150600.12.63.1
* typelib-1_0-JavaScriptCore-6_0-2.52.1-150600.12.63.1
* webkitgtk-6_0-injected-bundles-2.52.1-150600.12.63.1
* typelib-1_0-WebKit2WebExtension-4_1-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.52.1-150600.12.63.1
* typelib-1_0-WebKit2WebExtension-4_0-2.52.1-150600.12.63.1
* typelib-1_0-WebKit2-4_0-2.52.1-150600.12.63.1
* libwebkitgtk-6_0-4-debuginfo-2.52.1-150600.12.63.1
* typelib-1_0-JavaScriptCore-4_1-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_0-18-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.52.1-150600.12.63.1
* typelib-1_0-JavaScriptCore-4_0-2.52.1-150600.12.63.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.52.1-150600.12.63.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.52.1-150600.12.63.1
* webkitgtk-6_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1
* libwebkit2gtk-4_1-0-2.52.1-150600.12.63.1
* webkit2gtk3-debugsource-2.52.1-150600.12.63.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* WebKitGTK-4.0-lang-2.52.1-150600.12.63.1
* WebKitGTK-6.0-lang-2.52.1-150600.12.63.1
* WebKitGTK-4.1-lang-2.52.1-150600.12.63.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* webkit2gtk-4_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1
* libwebkit2gtk-4_0-37-debuginfo-2.52.1-150600.12.63.1
* libwebkitgtk-6_0-4-2.52.1-150600.12.63.1
* webkit2gtk4-devel-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_1-0-2.52.1-150600.12.63.1
* libjavascriptcoregtk-6_0-1-2.52.1-150600.12.63.1
* webkit2gtk-4_0-injected-bundles-2.52.1-150600.12.63.1
* webkit2gtk-4_1-injected-bundles-2.52.1-150600.12.63.1
* webkit2gtk3-soup2-devel-2.52.1-150600.12.63.1
* webkit2gtk4-debugsource-2.52.1-150600.12.63.1
* libwebkit2gtk-4_0-37-2.52.1-150600.12.63.1
* webkit2gtk3-soup2-debugsource-2.52.1-150600.12.63.1
* webkit2gtk3-devel-2.52.1-150600.12.63.1
* typelib-1_0-WebKit2-4_1-2.52.1-150600.12.63.1
* libwebkit2gtk-4_1-0-debuginfo-2.52.1-150600.12.63.1
* typelib-1_0-WebKit-6_0-2.52.1-150600.12.63.1
* typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-150600.12.63.1
* typelib-1_0-JavaScriptCore-6_0-2.52.1-150600.12.63.1
* webkitgtk-6_0-injected-bundles-2.52.1-150600.12.63.1
* typelib-1_0-WebKit2WebExtension-4_1-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.52.1-150600.12.63.1
* typelib-1_0-WebKit2WebExtension-4_0-2.52.1-150600.12.63.1
* typelib-1_0-WebKit2-4_0-2.52.1-150600.12.63.1
* libwebkitgtk-6_0-4-debuginfo-2.52.1-150600.12.63.1
* typelib-1_0-JavaScriptCore-4_1-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_0-18-2.52.1-150600.12.63.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.52.1-150600.12.63.1
* typelib-1_0-JavaScriptCore-4_0-2.52.1-150600.12.63.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.52.1-150600.12.63.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.52.1-150600.12.63.1
* webkitgtk-6_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1
* libwebkit2gtk-4_1-0-2.52.1-150600.12.63.1
* webkit2gtk3-debugsource-2.52.1-150600.12.63.1

## References:

* https://www.suse.com/security/cve/CVE-2023-43010.html
* https://www.suse.com/security/cve/CVE-2025-31223.html
* https://www.suse.com/security/cve/CVE-2025-31277.html
* https://www.suse.com/security/cve/CVE-2025-43213.html
* https://www.suse.com/security/cve/CVE-2025-43214.html
* https://www.suse.com/security/cve/CVE-2025-43433.html
* https://www.suse.com/security/cve/CVE-2025-43438.html
* https://www.suse.com/security/cve/CVE-2025-43441.html
* https://www.suse.com/security/cve/CVE-2025-43457.html
* https://www.suse.com/security/cve/CVE-2025-43511.html
* https://www.suse.com/security/cve/CVE-2025-46299.html
* https://www.suse.com/security/cve/CVE-2026-20608.html
* https://www.suse.com/security/cve/CVE-2026-20635.html
* https://www.suse.com/security/cve/CVE-2026-20636.html
* https://www.suse.com/security/cve/CVE-2026-20643.html
* https://www.suse.com/security/cve/CVE-2026-20644.html
* https://www.suse.com/security/cve/CVE-2026-20652.html
* https://www.suse.com/security/cve/CVE-2026-20664.html
* https://www.suse.com/security/cve/CVE-2026-20665.html
* https://www.suse.com/security/cve/CVE-2026-20676.html
* https://www.suse.com/security/cve/CVE-2026-20691.html
* https://www.suse.com/security/cve/CVE-2026-28857.html
* https://www.suse.com/security/cve/CVE-2026-28859.html
* https://www.suse.com/security/cve/CVE-2026-28861.html
* https://www.suse.com/security/cve/CVE-2026-28871.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259934
* https://bugzilla.suse.com/show_bug.cgi?id=1259935
* https://bugzilla.suse.com/show_bug.cgi?id=1259936
* https://bugzilla.suse.com/show_bug.cgi?id=1259937
* https://bugzilla.suse.com/show_bug.cgi?id=1259938
* https://bugzilla.suse.com/show_bug.cgi?id=1259939
* https://bugzilla.suse.com/show_bug.cgi?id=1259940
* https://bugzilla.suse.com/show_bug.cgi?id=1259941
* https://bugzilla.suse.com/show_bug.cgi?id=1259942
* https://bugzilla.suse.com/show_bug.cgi?id=1259943
* https://bugzilla.suse.com/show_bug.cgi?id=1259944
* https://bugzilla.suse.com/show_bug.cgi?id=1259945
* https://bugzilla.suse.com/show_bug.cgi?id=1259946
* https://bugzilla.suse.com/show_bug.cgi?id=1259947
* https://bugzilla.suse.com/show_bug.cgi?id=1259948
* https://bugzilla.suse.com/show_bug.cgi?id=1259949
* https://bugzilla.suse.com/show_bug.cgi?id=1259950
* https://bugzilla.suse.com/show_bug.cgi?id=1261172
* https://bugzilla.suse.com/show_bug.cgi?id=1261173
* https://bugzilla.suse.com/show_bug.cgi?id=1261174
* https://bugzilla.suse.com/show_bug.cgi?id=1261175
* https://bugzilla.suse.com/show_bug.cgi?id=1261176
* https://bugzilla.suse.com/show_bug.cgi?id=1261177
* https://bugzilla.suse.com/show_bug.cgi?id=1261178
* https://bugzilla.suse.com/show_bug.cgi?id=1261179

SUSE-SU-2026:1359-1: important: Security update for sudo

# Security update for sudo

Announcement ID: SUSE-SU-2026:1359-1
Release Date: 2026-04-15T14:07:04Z
Rating: important
References:

* bsc#1261420

Cross-References:

* CVE-2026-35535

CVSS scores:

* CVE-2026-35535 ( SUSE ): 7.5
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-35535 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-35535 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for sudo fixes the following issue:

* CVE-2026-35535: Fixed potential privilege escalation when running the mailer
(bsc#1261420).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1359=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1359=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1359=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1359=1

## Package List:

* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* sudo-debugsource-1.9.15p5-150600.3.15.1
* sudo-devel-1.9.15p5-150600.3.15.1
* system-group-sudo-1.9.15p5-150600.3.15.1
* sudo-policy-sudo-auth-self-1.9.15p5-150600.3.15.1
* sudo-debuginfo-1.9.15p5-150600.3.15.1
* sudo-plugin-python-debuginfo-1.9.15p5-150600.3.15.1
* sudo-plugin-python-1.9.15p5-150600.3.15.1
* sudo-1.9.15p5-150600.3.15.1
* sudo-policy-wheel-auth-self-1.9.15p5-150600.3.15.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* sudo-debugsource-1.9.15p5-150600.3.15.1
* sudo-devel-1.9.15p5-150600.3.15.1
* system-group-sudo-1.9.15p5-150600.3.15.1
* sudo-policy-sudo-auth-self-1.9.15p5-150600.3.15.1
* sudo-debuginfo-1.9.15p5-150600.3.15.1
* sudo-plugin-python-debuginfo-1.9.15p5-150600.3.15.1
* sudo-plugin-python-1.9.15p5-150600.3.15.1
* sudo-1.9.15p5-150600.3.15.1
* sudo-policy-wheel-auth-self-1.9.15p5-150600.3.15.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* sudo-debugsource-1.9.15p5-150600.3.15.1
* sudo-devel-1.9.15p5-150600.3.15.1
* system-group-sudo-1.9.15p5-150600.3.15.1
* sudo-policy-sudo-auth-self-1.9.15p5-150600.3.15.1
* sudo-debuginfo-1.9.15p5-150600.3.15.1
* sudo-plugin-python-debuginfo-1.9.15p5-150600.3.15.1
* sudo-plugin-python-1.9.15p5-150600.3.15.1
* sudo-1.9.15p5-150600.3.15.1
* sudo-policy-wheel-auth-self-1.9.15p5-150600.3.15.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* sudo-test-1.9.15p5-150600.3.15.1
* sudo-debugsource-1.9.15p5-150600.3.15.1
* sudo-devel-1.9.15p5-150600.3.15.1
* system-group-sudo-1.9.15p5-150600.3.15.1
* sudo-policy-sudo-auth-self-1.9.15p5-150600.3.15.1
* sudo-debuginfo-1.9.15p5-150600.3.15.1
* sudo-plugin-python-debuginfo-1.9.15p5-150600.3.15.1
* sudo-plugin-python-1.9.15p5-150600.3.15.1
* sudo-1.9.15p5-150600.3.15.1
* sudo-policy-wheel-auth-self-1.9.15p5-150600.3.15.1

## References:

* https://www.suse.com/security/cve/CVE-2026-35535.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261420

SUSE-SU-2026:1368-1: important: Security update for libpng16

# Security update for libpng16

Announcement ID: SUSE-SU-2026:1368-1
Release Date: 2026-04-15T14:35:40Z
Rating: important
References:

* bsc#1260754
* bsc#1260755

Cross-References:

* CVE-2026-33416
* CVE-2026-33636

CVSS scores:

* CVE-2026-33416 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-33636 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33636 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-33636 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves two vulnerabilities can now be installed.

## Description:

This update for libpng16 fixes the following issues:

* CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and
`png_set_PLTE` can lead to arbitrary code execution (bsc#1260754).
* CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM
Neon can lead to information leak and crashes (bsc#1260755).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1368=1 openSUSE-SLE-15.6-2026-1368=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1368=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1368=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1368=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libpng16-compat-devel-1.6.40-150600.3.17.1
* libpng16-devel-1.6.40-150600.3.17.1
* libpng16-debugsource-1.6.40-150600.3.17.1
* libpng16-16-debuginfo-1.6.40-150600.3.17.1
* libpng16-tools-1.6.40-150600.3.17.1
* libpng16-tools-debuginfo-1.6.40-150600.3.17.1
* libpng16-16-1.6.40-150600.3.17.1
* openSUSE Leap 15.6 (x86_64)
* libpng16-16-32bit-1.6.40-150600.3.17.1
* libpng16-compat-devel-32bit-1.6.40-150600.3.17.1
* libpng16-devel-32bit-1.6.40-150600.3.17.1
* libpng16-16-32bit-debuginfo-1.6.40-150600.3.17.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libpng16-16-64bit-debuginfo-1.6.40-150600.3.17.1
* libpng16-16-64bit-1.6.40-150600.3.17.1
* libpng16-compat-devel-64bit-1.6.40-150600.3.17.1
* libpng16-devel-64bit-1.6.40-150600.3.17.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libpng16-compat-devel-1.6.40-150600.3.17.1
* libpng16-devel-1.6.40-150600.3.17.1
* libpng16-debugsource-1.6.40-150600.3.17.1
* libpng16-16-debuginfo-1.6.40-150600.3.17.1
* libpng16-16-1.6.40-150600.3.17.1
* Basesystem Module 15-SP7 (x86_64)
* libpng16-16-32bit-1.6.40-150600.3.17.1
* libpng16-16-32bit-debuginfo-1.6.40-150600.3.17.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libpng16-compat-devel-1.6.40-150600.3.17.1
* libpng16-devel-1.6.40-150600.3.17.1
* libpng16-debugsource-1.6.40-150600.3.17.1
* libpng16-16-debuginfo-1.6.40-150600.3.17.1
* libpng16-16-1.6.40-150600.3.17.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64)
* libpng16-16-32bit-1.6.40-150600.3.17.1
* libpng16-16-32bit-debuginfo-1.6.40-150600.3.17.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libpng16-compat-devel-1.6.40-150600.3.17.1
* libpng16-devel-1.6.40-150600.3.17.1
* libpng16-debugsource-1.6.40-150600.3.17.1
* libpng16-16-debuginfo-1.6.40-150600.3.17.1
* libpng16-16-1.6.40-150600.3.17.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64)
* libpng16-16-32bit-1.6.40-150600.3.17.1
* libpng16-16-32bit-debuginfo-1.6.40-150600.3.17.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33416.html
* https://www.suse.com/security/cve/CVE-2026-33636.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260754
* https://bugzilla.suse.com/show_bug.cgi?id=1260755

SUSE-SU-2026:1366-1: important: Security update for bind

# Security update for bind

Announcement ID: SUSE-SU-2026:1366-1
Release Date: 2026-04-15T14:33:07Z
Rating: important
References:

* bsc#1260805

Cross-References:

* CVE-2026-1519

CVSS scores:

* CVE-2026-1519 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-1519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-1519 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.3
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for bind fixes the following issues:

* CVE-2026-1519: high CPU load during insecure delegation validation due to
excessive NSEC3 iterations (bsc#1260805).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-1366=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1366=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1366=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1366=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* libirs-devel-9.16.6-150300.22.56.1
* libns1604-debuginfo-9.16.6-150300.22.56.1
* libisccfg1600-debuginfo-9.16.6-150300.22.56.1
* libns1604-9.16.6-150300.22.56.1
* libirs1601-debuginfo-9.16.6-150300.22.56.1
* libisccfg1600-9.16.6-150300.22.56.1
* libisc1606-9.16.6-150300.22.56.1
* bind-9.16.6-150300.22.56.1
* bind-devel-9.16.6-150300.22.56.1
* libisccc1600-9.16.6-150300.22.56.1
* libisccc1600-debuginfo-9.16.6-150300.22.56.1
* libirs1601-9.16.6-150300.22.56.1
* libisc1606-debuginfo-9.16.6-150300.22.56.1
* libdns1605-debuginfo-9.16.6-150300.22.56.1
* libdns1605-9.16.6-150300.22.56.1
* libbind9-1600-debuginfo-9.16.6-150300.22.56.1
* bind-chrootenv-9.16.6-150300.22.56.1
* bind-utils-9.16.6-150300.22.56.1
* bind-debuginfo-9.16.6-150300.22.56.1
* bind-debugsource-9.16.6-150300.22.56.1
* bind-utils-debuginfo-9.16.6-150300.22.56.1
* libbind9-1600-9.16.6-150300.22.56.1
* openSUSE Leap 15.3 (noarch)
* python3-bind-9.16.6-150300.22.56.1
* bind-doc-9.16.6-150300.22.56.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libdns1605-debuginfo-9.16.6-150300.22.56.1
* libirs-devel-9.16.6-150300.22.56.1
* bind-debugsource-9.16.6-150300.22.56.1
* libisccfg1600-debuginfo-9.16.6-150300.22.56.1
* libdns1605-9.16.6-150300.22.56.1
* libirs1601-debuginfo-9.16.6-150300.22.56.1
* libisccfg1600-9.16.6-150300.22.56.1
* libirs1601-9.16.6-150300.22.56.1
* libisc1606-debuginfo-9.16.6-150300.22.56.1
* libisc1606-9.16.6-150300.22.56.1
* bind-debuginfo-9.16.6-150300.22.56.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libdns1605-debuginfo-9.16.6-150300.22.56.1
* libirs-devel-9.16.6-150300.22.56.1
* bind-debugsource-9.16.6-150300.22.56.1
* libisccfg1600-debuginfo-9.16.6-150300.22.56.1
* libdns1605-9.16.6-150300.22.56.1
* libirs1601-debuginfo-9.16.6-150300.22.56.1
* libisccfg1600-9.16.6-150300.22.56.1
* libirs1601-9.16.6-150300.22.56.1
* libisc1606-debuginfo-9.16.6-150300.22.56.1
* libisc1606-9.16.6-150300.22.56.1
* bind-debuginfo-9.16.6-150300.22.56.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libdns1605-debuginfo-9.16.6-150300.22.56.1
* libirs-devel-9.16.6-150300.22.56.1
* bind-debugsource-9.16.6-150300.22.56.1
* libisccfg1600-debuginfo-9.16.6-150300.22.56.1
* libdns1605-9.16.6-150300.22.56.1
* libirs1601-debuginfo-9.16.6-150300.22.56.1
* libisccfg1600-9.16.6-150300.22.56.1
* libirs1601-9.16.6-150300.22.56.1
* libisc1606-debuginfo-9.16.6-150300.22.56.1
* libisc1606-9.16.6-150300.22.56.1
* bind-debuginfo-9.16.6-150300.22.56.1

## References:

* https://www.suse.com/security/cve/CVE-2026-1519.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260805

SUSE-SU-2026:1371-1: important: Security update for nodejs20

# Security update for nodejs20

Announcement ID: SUSE-SU-2026:1371-1
Release Date: 2026-04-15T14:46:55Z
Rating: important
References:

* bsc#1256576
* bsc#1260455
* bsc#1260462
* bsc#1260463
* bsc#1260480
* bsc#1260482
* bsc#1260494

Cross-References:

* CVE-2026-21637
* CVE-2026-21710
* CVE-2026-21713
* CVE-2026-21714
* CVE-2026-21715
* CVE-2026-21716
* CVE-2026-21717

CVSS scores:

* CVE-2026-21637 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21710 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21710 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21713 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-21713 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-21713 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-21714 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-21714 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21714 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-21715 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-21715 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-21715 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-21716 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-21716 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-21716 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-21717 ( SUSE ): 7.2
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-21717 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-21717 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for nodejs20 fixes the following issues:

Update to version 20.20.2.

* CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's
string hashing mechanism allows for performance degradation via a crafted
request (bsc#1260494).
* CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based
FileHandle methods to be used to modify file permissions and ownership on
already-open file descriptors (bsc#1260462).
* CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows
for file existence disclosure and filesystem path enumeration via
`fs.realpathSync.native()` (bsc#1260482).
* CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource
exhaustion via `WINDOW_UPDATE` frames sent on stream 0 (bsc#1260480).
* CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification
allows for discovery of HMAC values and potential MAC forgery (bsc#1260463).
* CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for
a process crash via requests with a header named `__proto__` when the
application accesses `req.headersDistinct` (bsc#1260455).
* CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion
and crash when `pskCallback` or `ALPNCallback` are in use (bsc#1256576).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1371=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1371=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1371=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1371=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1371=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* nodejs20-debuginfo-20.20.2-150500.11.27.1
* nodejs20-devel-20.20.2-150500.11.27.1
* corepack20-20.20.2-150500.11.27.1
* nodejs20-20.20.2-150500.11.27.1
* nodejs20-debugsource-20.20.2-150500.11.27.1
* npm20-20.20.2-150500.11.27.1
* openSUSE Leap 15.5 (noarch)
* nodejs20-docs-20.20.2-150500.11.27.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* nodejs20-debuginfo-20.20.2-150500.11.27.1
* nodejs20-devel-20.20.2-150500.11.27.1
* nodejs20-debugsource-20.20.2-150500.11.27.1
* npm20-20.20.2-150500.11.27.1
* nodejs20-20.20.2-150500.11.27.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* nodejs20-docs-20.20.2-150500.11.27.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* nodejs20-debuginfo-20.20.2-150500.11.27.1
* nodejs20-devel-20.20.2-150500.11.27.1
* nodejs20-debugsource-20.20.2-150500.11.27.1
* npm20-20.20.2-150500.11.27.1
* nodejs20-20.20.2-150500.11.27.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* nodejs20-docs-20.20.2-150500.11.27.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* nodejs20-debuginfo-20.20.2-150500.11.27.1
* nodejs20-devel-20.20.2-150500.11.27.1
* nodejs20-debugsource-20.20.2-150500.11.27.1
* npm20-20.20.2-150500.11.27.1
* nodejs20-20.20.2-150500.11.27.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* nodejs20-docs-20.20.2-150500.11.27.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* nodejs20-debuginfo-20.20.2-150500.11.27.1
* nodejs20-devel-20.20.2-150500.11.27.1
* nodejs20-debugsource-20.20.2-150500.11.27.1
* npm20-20.20.2-150500.11.27.1
* nodejs20-20.20.2-150500.11.27.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* nodejs20-docs-20.20.2-150500.11.27.1

## References:

* https://www.suse.com/security/cve/CVE-2026-21637.html
* https://www.suse.com/security/cve/CVE-2026-21710.html
* https://www.suse.com/security/cve/CVE-2026-21713.html
* https://www.suse.com/security/cve/CVE-2026-21714.html
* https://www.suse.com/security/cve/CVE-2026-21715.html
* https://www.suse.com/security/cve/CVE-2026-21716.html
* https://www.suse.com/security/cve/CVE-2026-21717.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256576
* https://bugzilla.suse.com/show_bug.cgi?id=1260455
* https://bugzilla.suse.com/show_bug.cgi?id=1260462
* https://bugzilla.suse.com/show_bug.cgi?id=1260463
* https://bugzilla.suse.com/show_bug.cgi?id=1260480
* https://bugzilla.suse.com/show_bug.cgi?id=1260482
* https://bugzilla.suse.com/show_bug.cgi?id=1260494

SUSE-SU-2026:1369-1: moderate: Security update for glibc

# Security update for glibc

Announcement ID: SUSE-SU-2026:1369-1
Release Date: 2026-04-15T14:43:10Z
Rating: moderate
References:

* bsc#1260078
* bsc#1260082

Cross-References:

* CVE-2026-4437
* CVE-2026-4438

CVSS scores:

* CVE-2026-4437 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-4437 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2026-4437 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4438 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-4438 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2026-4438 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products:

* Basesystem Module 15-SP7
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves two vulnerabilities can now be installed.

## Description:

This update for glibc fixes the following issues:

* CVE-2026-4437: incorrect DNS response parsing via crafted DNS server
response (bsc#1260078).
* CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions
(bsc#1260082).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1369=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1369=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1369=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1369=1 openSUSE-SLE-15.6-2026-1369=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1369=1

## Package List:

* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* glibc-utils-2.38-150600.14.46.1
* glibc-devel-static-2.38-150600.14.46.1
* glibc-debuginfo-2.38-150600.14.46.1
* glibc-utils-src-debugsource-2.38-150600.14.46.1
* glibc-debugsource-2.38-150600.14.46.1
* glibc-utils-debuginfo-2.38-150600.14.46.1
* Development Tools Module 15-SP7 (x86_64)
* glibc-32bit-debuginfo-2.38-150600.14.46.1
* glibc-devel-32bit-2.38-150600.14.46.1
* glibc-devel-32bit-debuginfo-2.38-150600.14.46.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libnsl1-debuginfo-2.38-150600.14.46.1
* glibc-utils-2.38-150600.14.46.1
* glibc-2.38-150600.14.46.1
* glibc-extra-2.38-150600.14.46.1
* glibc-devel-static-2.38-150600.14.46.1
* nscd-2.38-150600.14.46.1
* glibc-debuginfo-2.38-150600.14.46.1
* glibc-extra-debuginfo-2.38-150600.14.46.1
* glibc-locale-base-2.38-150600.14.46.1
* glibc-utils-src-debugsource-2.38-150600.14.46.1
* glibc-devel-2.38-150600.14.46.1
* glibc-profile-2.38-150600.14.46.1
* libnsl1-2.38-150600.14.46.1
* nscd-debuginfo-2.38-150600.14.46.1
* glibc-locale-base-debuginfo-2.38-150600.14.46.1
* glibc-locale-2.38-150600.14.46.1
* glibc-debugsource-2.38-150600.14.46.1
* glibc-devel-debuginfo-2.38-150600.14.46.1
* glibc-utils-debuginfo-2.38-150600.14.46.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* glibc-info-2.38-150600.14.46.1
* glibc-i18ndata-2.38-150600.14.46.1
* glibc-lang-2.38-150600.14.46.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64)
* libnsl1-32bit-debuginfo-2.38-150600.14.46.1
* libnsl1-32bit-2.38-150600.14.46.1
* glibc-locale-base-32bit-2.38-150600.14.46.1
* glibc-devel-32bit-2.38-150600.14.46.1
* glibc-locale-base-32bit-debuginfo-2.38-150600.14.46.1
* glibc-devel-32bit-debuginfo-2.38-150600.14.46.1
* glibc-32bit-2.38-150600.14.46.1
* glibc-32bit-debuginfo-2.38-150600.14.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libnsl1-debuginfo-2.38-150600.14.46.1
* glibc-utils-2.38-150600.14.46.1
* glibc-2.38-150600.14.46.1
* glibc-extra-2.38-150600.14.46.1
* glibc-devel-static-2.38-150600.14.46.1
* nscd-2.38-150600.14.46.1
* glibc-debuginfo-2.38-150600.14.46.1
* glibc-extra-debuginfo-2.38-150600.14.46.1
* glibc-locale-base-2.38-150600.14.46.1
* glibc-utils-src-debugsource-2.38-150600.14.46.1
* glibc-devel-2.38-150600.14.46.1
* glibc-profile-2.38-150600.14.46.1
* libnsl1-2.38-150600.14.46.1
* nscd-debuginfo-2.38-150600.14.46.1
* glibc-locale-base-debuginfo-2.38-150600.14.46.1
* glibc-locale-2.38-150600.14.46.1
* glibc-debugsource-2.38-150600.14.46.1
* glibc-devel-debuginfo-2.38-150600.14.46.1
* glibc-utils-debuginfo-2.38-150600.14.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* glibc-info-2.38-150600.14.46.1
* glibc-i18ndata-2.38-150600.14.46.1
* glibc-lang-2.38-150600.14.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64)
* libnsl1-32bit-debuginfo-2.38-150600.14.46.1
* libnsl1-32bit-2.38-150600.14.46.1
* glibc-locale-base-32bit-2.38-150600.14.46.1
* glibc-devel-32bit-2.38-150600.14.46.1
* glibc-locale-base-32bit-debuginfo-2.38-150600.14.46.1
* glibc-devel-32bit-debuginfo-2.38-150600.14.46.1
* glibc-32bit-2.38-150600.14.46.1
* glibc-32bit-debuginfo-2.38-150600.14.46.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586 i686)
* libnsl1-debuginfo-2.38-150600.14.46.1
* glibc-2.38-150600.14.46.1
* glibc-devel-static-2.38-150600.14.46.1
* glibc-debuginfo-2.38-150600.14.46.1
* glibc-locale-base-2.38-150600.14.46.1
* libnsl1-2.38-150600.14.46.1
* glibc-devel-2.38-150600.14.46.1
* glibc-profile-2.38-150600.14.46.1
* glibc-locale-base-debuginfo-2.38-150600.14.46.1
* glibc-locale-2.38-150600.14.46.1
* glibc-debugsource-2.38-150600.14.46.1
* glibc-devel-debuginfo-2.38-150600.14.46.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* glibc-utils-2.38-150600.14.46.1
* glibc-extra-2.38-150600.14.46.1
* nscd-2.38-150600.14.46.1
* glibc-extra-debuginfo-2.38-150600.14.46.1
* nscd-debuginfo-2.38-150600.14.46.1
* glibc-utils-src-debugsource-2.38-150600.14.46.1
* glibc-utils-debuginfo-2.38-150600.14.46.1
* openSUSE Leap 15.6 (noarch)
* glibc-lang-2.38-150600.14.46.1
* glibc-info-2.38-150600.14.46.1
* glibc-i18ndata-2.38-150600.14.46.1
* glibc-html-2.38-150600.14.46.1
* openSUSE Leap 15.6 (x86_64)
* libnsl1-32bit-debuginfo-2.38-150600.14.46.1
* libnsl1-32bit-2.38-150600.14.46.1
* glibc-utils-32bit-2.38-150600.14.46.1
* glibc-profile-32bit-2.38-150600.14.46.1
* glibc-locale-base-32bit-2.38-150600.14.46.1
* glibc-utils-32bit-debuginfo-2.38-150600.14.46.1
* glibc-devel-32bit-2.38-150600.14.46.1
* glibc-devel-static-32bit-2.38-150600.14.46.1
* glibc-devel-32bit-debuginfo-2.38-150600.14.46.1
* glibc-locale-base-32bit-debuginfo-2.38-150600.14.46.1
* glibc-32bit-2.38-150600.14.46.1
* glibc-32bit-debuginfo-2.38-150600.14.46.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* glibc-profile-64bit-2.38-150600.14.46.1
* glibc-64bit-debuginfo-2.38-150600.14.46.1
* glibc-devel-64bit-2.38-150600.14.46.1
* libnsl1-64bit-debuginfo-2.38-150600.14.46.1
* glibc-locale-base-64bit-debuginfo-2.38-150600.14.46.1
* glibc-utils-64bit-debuginfo-2.38-150600.14.46.1
* glibc-locale-base-64bit-2.38-150600.14.46.1
* glibc-devel-static-64bit-2.38-150600.14.46.1
* glibc-devel-64bit-debuginfo-2.38-150600.14.46.1
* glibc-64bit-2.38-150600.14.46.1
* libnsl1-64bit-2.38-150600.14.46.1
* glibc-utils-64bit-2.38-150600.14.46.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libnsl1-debuginfo-2.38-150600.14.46.1
* glibc-2.38-150600.14.46.1
* glibc-extra-2.38-150600.14.46.1
* nscd-2.38-150600.14.46.1
* glibc-debuginfo-2.38-150600.14.46.1
* glibc-extra-debuginfo-2.38-150600.14.46.1
* glibc-locale-base-2.38-150600.14.46.1
* libnsl1-2.38-150600.14.46.1
* glibc-devel-2.38-150600.14.46.1
* glibc-profile-2.38-150600.14.46.1
* nscd-debuginfo-2.38-150600.14.46.1
* glibc-locale-base-debuginfo-2.38-150600.14.46.1
* glibc-locale-2.38-150600.14.46.1
* glibc-debugsource-2.38-150600.14.46.1
* glibc-devel-debuginfo-2.38-150600.14.46.1
* Basesystem Module 15-SP7 (noarch)
* glibc-info-2.38-150600.14.46.1
* glibc-i18ndata-2.38-150600.14.46.1
* glibc-lang-2.38-150600.14.46.1
* Basesystem Module 15-SP7 (x86_64)
* libnsl1-32bit-debuginfo-2.38-150600.14.46.1
* libnsl1-32bit-2.38-150600.14.46.1
* glibc-locale-base-32bit-2.38-150600.14.46.1
* glibc-locale-base-32bit-debuginfo-2.38-150600.14.46.1
* glibc-32bit-2.38-150600.14.46.1
* glibc-32bit-debuginfo-2.38-150600.14.46.1

## References:

* https://www.suse.com/security/cve/CVE-2026-4437.html
* https://www.suse.com/security/cve/CVE-2026-4438.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260078
* https://bugzilla.suse.com/show_bug.cgi?id=1260082

Golang-github-openprinting-ipp-usb, Vim, Squid, and more updates for Rocky Linux

FRR and Kernel updates for Ubuntu

Xorg-X11-Server, Xwayland, Mesa, and more updates for SUSE

SUSE-SU-2026:1333-1: important: Security update for xorg-x11-server

SUSE-SU-2026:1329-1: important: Security update for xwayland

SUSE-SU-2026:1331-1: important: Security update for xorg-x11-server

SUSE-SU-2026:1335-1: important: Security update for xorg-x11-server

SUSE-SU-2026:1338-1: moderate: Security update for giflib

SUSE-SU-2026:1337-1: moderate: Security update for rust1.92

SUSE-SU-2026:1343-1: moderate: Security update for Mesa

SUSE-SU-2026:1342-1: important: Security update for the Linux Kernel

openSUSE-SU-2026:10549-1: moderate: tomcat11-11.0.21-1.1 on GA media

openSUSE-SU-2026:10548-1: moderate: tomcat10-10.1.54-1.1 on GA media

openSUSE-SU-2026:10547-1: moderate: tomcat-9.0.117-1.1 on GA media

openSUSE-SU-2026:10546-1: moderate: python311-rfc3161-client-1.0.6-1.1 on GA media

openSUSE-SU-2026:10542-1: moderate: goshs-2.0.0-1.1 on GA media

openSUSE-SU-2026:10545-1: moderate: python311-aiohttp-3.13.5-3.1 on GA media

openSUSE-SU-2026:10544-1: moderate: log4j-2.20.0-2.1 on GA media

openSUSE-SU-2026:10540-1: moderate: Botan-3.11.1-1.1 on GA media

openSUSE-SU-2026:10543-1: moderate: kubo-0.40.1-1.1 on GA media

openSUSE-SU-2026:10541-1: moderate: flatpak-1.16.6-1.1 on GA media

SUSE-SU-2026:1349-1: important: Security update for python311

SUSE-SU-2026:1353-1: important: Security update for netty, netty-tcnative

SUSE-SU-2026:1350-1: important: Security update for nghttp2

SUSE-SU-2026:1356-1: moderate: Security update for nfs-utils

SUSE-SU-2026:1363-1: important: Security update for nodejs20

SUSE-SU-2026:1364-1: important: Security update for webkit2gtk3

SUSE-SU-2026:1359-1: important: Security update for sudo

SUSE-SU-2026:1368-1: important: Security update for libpng16

SUSE-SU-2026:1366-1: important: Security update for bind

SUSE-SU-2026:1371-1: important: Security update for nodejs20

SUSE-SU-2026:1369-1: moderate: Security update for glibc

Windows

Linux

macOS

Community