SUSE-SU-2026:2337-1 Security update for libyang

This update for libyang fixes the following issues - CVE-2026-41401: use-after-free in lydparsersetdataflags when processing crafted YANG XML documents with specific metadata attributes bsc1266316. - CVE-2026-44673: integer overflow in lybreadstring of src/parserlyb.c leads to heap buffer overflo...

Security update for libyang

This update for libyang fixes the following issues CVE-2026-41401: use-after-free in lydparsersetdataflags when processing crafted YANG XML documents with specific metadata attributes bsc1266316. CVE-2026-44673: integer overflow in lybreadstring of src/parserlyb.c leads to heap buffer overflow wh...

SUSE-SU-2026:2335-1 Security update for libyang

This update for libyang fixes the following issues - CVE-2026-41401: use-after-free in lydparsersetdataflags when processing crafted YANG XML documents with specific metadata attributes bsc1266316. - CVE-2026-44673: integer overflow in lybreadstring of src/parserlyb.c leads to heap buffer overflo...

Security update for libyang

This update for libyang fixes the following issues CVE-2026-41401: use-after-free in lydparsersetdataflags when processing crafted YANG XML documents with specific metadata attributes bsc1266316. CVE-2026-44673: integer overflow in lybreadstring of src/parserlyb.c leads to heap buffer overflow wh...

SUSE-SU-2026:2334-1 Security update for libyang

This update for libyang fixes the following issues - CVE-2026-41401: use-after-free in lydparsersetdataflags when processing crafted YANG XML documents with specific metadata attributes bsc1266316. - CVE-2026-44673: integer overflow in lybreadstring of src/parserlyb.c leads to heap buffer overflo...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2026-31405: media: dvb-net: fix OOB access in ULE extension header tables bsc1261700. CVE-2026-31629: nfc: llcp: add missing return after LLCPCLOSED checks bsc126379...

BIT-APACHE-2026-48913 Apache HTTP Server: mod_http2 memory corruption when file handles exhausted

Use After Free vulnerability in Apache HTTP Server module modhttp2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67...

BIT-APACHE-2026-29167 Apache HTTP Server: mod_ldap per-dir use-after-free

Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

Security Bulletin: IBM Cloud Pak for Data System 1.0 is affected by multiple vulnerabilities

Summary IBM Cloud Pak for Data System 1.0 CPDS 1.0 includes multiple third-party components that are affected by various security vulnerabilities. These vulnerabilities include integer overflow issues in GLib leading to heap corruption and denial of service, a write-what-where condition in the...

firefox: thunderbird: Use-after-free in the DOM: Networking component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the DOM: Networking component...

Updated libssh packages fix security vulnerabilities

CVE-2025-4877 Write beyond bounds in binary to base64 conversion functions CVE-2025-4878 Use of uninitialized variable in privatekeyfromfile CVE-2025-5318 Likely read beyond bounds in sftp server handle management CVE-2025-5351 Double free in functions exporting keys CVE-2025-5372 sshkdf returns ...

MGASA-2026-0189 Updated libssh packages fix security vulnerabilities

CVE-2025-4877 Write beyond bounds in binary to base64 conversion functions CVE-2025-4878 Use of uninitialized variable in privatekeyfromfile CVE-2025-5318 Likely read beyond bounds in sftp server handle management CVE-2025-5351 Double free in functions exporting keys CVE-2025-5372 sshkdf returns ...

SUSE CVE-2026-11623

A security vulnerability has been detected in tmux up to 3.6a. Affected is the function imagefree of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The exploitability is told to be...

SUSE CVE-2026-11629

Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

SUSE CVE-2026-11630

Use after free in File Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

SUSE CVE-2026-11632

Use after free in TabStrip in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

SUSE CVE-2026-11633

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a malicious peripheral. Chromium security severity: Critical...

SUSE CVE-2026-11634

Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

SUSE CVE-2026-11636

Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

SUSE CVE-2026-11637

Use after free in Views in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...