SUSE 5701 Published by

openSUSE Tumbleweed administrators should apply ten recent moderate security patches addressing vulnerabilities across several core software packages. The releases resolve multiple CVEs in python313-dulwich, helm, json-c-devel, sdbootutil, librpmbuild10, python313-lxml_html_clean, helm3, python313-openapi-spec-validator, and gi-docgen. Critical flaws like CVE-2017-16228 carry a CVSS score of 9.8, while other issues range from moderate to high severity depending on network and privilege requirements.

openSUSE-SU-2026:11190-1: moderate: python313-dulwich-1.2.7-1.1 on GA media
openSUSE-SU-2026:11186-1: moderate: helm-4.2.2-2.1 on GA media
openSUSE-SU-2026:11188-1: moderate: json-c-devel-0.19-1.1 on GA media
openSUSE-SU-2026:11194-1: moderate: sdbootutil-1+git20260706.f9f4faf-1.1 on GA media
openSUSE-SU-2026:11193-1: moderate: librpmbuild10-4.20.1-8.1 on GA media
openSUSE-SU-2026:11191-1: moderate: python313-lxml_html_clean-0.4.5-1.1 on GA media
openSUSE-SU-2026:11187-1: moderate: helm3-3.21.2-2.1 on GA media
openSUSE-SU-2026:11192-1: moderate: python313-openapi-spec-validator-0.9.0-1.1 on GA media
openSUSE-SU-2026:11185-1: moderate: gi-docgen-2026.1-1.1 on GA media




openSUSE-SU-2026:11190-1: moderate: python313-dulwich-1.2.7-1.1 on GA media


# python313-dulwich-1.2.7-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11190-1
Rating: moderate

Cross-References:

* CVE-2015-0838
* CVE-2017-16228

CVSS scores:

* CVE-2017-16228 ( SUSE ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the python313-dulwich-1.2.7-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python313-dulwich 1.2.7-1.1
* python314-dulwich 1.2.7-1.1

## References:

* https://www.suse.com/security/cve/CVE-2015-0838.html
* https://www.suse.com/security/cve/CVE-2017-16228.html



openSUSE-SU-2026:11186-1: moderate: helm-4.2.2-2.1 on GA media


# helm-4.2.2-2.1 on GA media

Announcement ID: openSUSE-SU-2026:11186-1
Rating: moderate

Cross-References:

* CVE-2026-48978

CVSS scores:

* CVE-2026-48978 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-48978 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the helm-4.2.2-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* helm 4.2.2-2.1
* helm-bash-completion 4.2.2-2.1
* helm-fish-completion 4.2.2-2.1
* helm-zsh-completion 4.2.2-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-48978.html



openSUSE-SU-2026:11188-1: moderate: json-c-devel-0.19-1.1 on GA media


# json-c-devel-0.19-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11188-1
Rating: moderate

Cross-References:

* CVE-2013-6370
* CVE-2013-6371
* CVE-2026-11322
* CVE-2026-9146

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the json-c-devel-0.19-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* json-c-devel 0.19-1.1
* json-c-doc 0.19-1.1
* libjson-c5 0.19-1.1
* libjson-c5-32bit 0.19-1.1

## References:

* https://www.suse.com/security/cve/CVE-2013-6370.html
* https://www.suse.com/security/cve/CVE-2013-6371.html
* https://www.suse.com/security/cve/CVE-2026-11322.html
* https://www.suse.com/security/cve/CVE-2026-9146.html



openSUSE-SU-2026:11194-1: moderate: sdbootutil-1+git20260706.f9f4faf-1.1 on GA media


# sdbootutil-1+git20260706.f9f4faf-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11194-1
Rating: moderate

Cross-References:

* CVE-2026-41676

CVSS scores:

* CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-41676 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the sdbootutil-1+git20260706.f9f4faf-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* sdbootutil 1+git20260706.f9f4faf-1.1
* sdbootutil-bash-completion 1+git20260706.f9f4faf-1.1
* sdbootutil-dracut-measure-pcr 1+git20260706.f9f4faf-1.1
* sdbootutil-enroll 1+git20260706.f9f4faf-1.1
* sdbootutil-jeos-firstboot-enroll 1+git20260706.f9f4faf-1.1
* sdbootutil-kernel-install 1+git20260706.f9f4faf-1.1
* sdbootutil-snapper 1+git20260706.f9f4faf-1.1
* sdbootutil-tukit 1+git20260706.f9f4faf-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-41676.html



openSUSE-SU-2026:11193-1: moderate: librpmbuild10-4.20.1-8.1 on GA media


# librpmbuild10-4.20.1-8.1 on GA media

Announcement ID: openSUSE-SU-2026:11193-1
Rating: moderate

Cross-References:

* CVE-2026-44604
* CVE-2026-44605

CVSS scores:

* CVE-2026-44604 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-44604 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-44605 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-44605 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the librpmbuild10-4.20.1-8.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* librpmbuild10 4.20.1-8.1
* rpm 4.20.1-8.1
* rpm-32bit 4.20.1-8.1
* rpm-build 4.20.1-8.1
* rpm-devel 4.20.1-8.1
* rpm-plugin-fapolicyd 4.20.1-8.1
* rpm-plugin-ima 4.20.1-8.1
* rpm-plugin-prioreset 4.20.1-8.1
* rpm-plugin-selinux 4.20.1-8.1
* rpm-plugin-syslog 4.20.1-8.1
* rpm-plugin-unshare 4.20.1-8.1

## References:

* https://www.suse.com/security/cve/CVE-2026-44604.html
* https://www.suse.com/security/cve/CVE-2026-44605.html



openSUSE-SU-2026:11191-1: moderate: python313-lxml_html_clean-0.4.5-1.1 on GA media


# python313-lxml_html_clean-0.4.5-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11191-1
Rating: moderate

Cross-References:

* CVE-2026-49825

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python313-lxml_html_clean-0.4.5-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python313-lxml_html_clean 0.4.5-1.1
* python314-lxml_html_clean 0.4.5-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-49825.html



openSUSE-SU-2026:11187-1: moderate: helm3-3.21.2-2.1 on GA media


# helm3-3.21.2-2.1 on GA media

Announcement ID: openSUSE-SU-2026:11187-1
Rating: moderate

Cross-References:

* CVE-2026-48978

CVSS scores:

* CVE-2026-48978 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-48978 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the helm3-3.21.2-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* helm3 3.21.2-2.1
* helm3-bash-completion 3.21.2-2.1
* helm3-fish-completion 3.21.2-2.1
* helm3-zsh-completion 3.21.2-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-48978.html



openSUSE-SU-2026:11192-1: moderate: python313-openapi-spec-validator-0.9.0-1.1 on GA media


# python313-openapi-spec-validator-0.9.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11192-1
Rating: moderate

Cross-References:

* CVE-2017-18342

CVSS scores:

* CVE-2017-18342 ( SUSE ): 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python313-openapi-spec-validator-0.9.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python313-openapi-spec-validator 0.9.0-1.1
* python314-openapi-spec-validator 0.9.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2017-18342.html



openSUSE-SU-2026:11185-1: moderate: gi-docgen-2026.1-1.1 on GA media


# gi-docgen-2026.1-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11185-1
Rating: moderate

Cross-References:

* CVE-2025-11687

CVSS scores:

* CVE-2025-11687 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
* CVE-2025-11687 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the gi-docgen-2026.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* gi-docgen 2026.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-11687.html