5671 matches found
Security update for python-dulwich
This update for python-dulwich fixes the following issue CVE-2026-47734: Unbounded memory allocation in receive-pack from crafted thin packs bsc1268138. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for libqt4
This update for libqt4 fixes the following issue CVE-2025-14575: local user can load rogue CA certificates as trusted system authority via a crafted file placed in the application's working directory bsc1265896. Patch Instructions: To install this SUSE update use the SUSE recommended installation...
Security update for vorbis-tools
This update for vorbis-tools fixes the following issue CVE-2026-34253: buffer underflow in the ogg123 utility in function remotethread of remote.c bsc1265361. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for vorbis-tools
This update for vorbis-tools fixes the following issue CVE-2026-34253: buffer underflow in the ogg123 utility in function remotethread of remote.c bsc1265361. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for python-msgpack
This update for python-msgpack fixes the following issue CVE-2026-57585: Unpacker reuse after a caught error can lead to an out-of-bounds read and a crash bsc1269947. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for tomcat10
This update for tomcat10 fixes the following issues Update to Tomcat 10.1.56. Security issues fixed: CVE-2026-50229: improper neutralization of script-related HTML tags in the number guess example bsc1269791. CVE-2026-53404: always-incorrect control flow implementation in the rewrite valve caused...
Security update for libxml2
This update for libxml2 fixes the following issue CVE-2026-11979: stack-based buffer overflows in the xmlcatalog utility when running in --shell mode bsc1269790. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for mariadb-connector-c
This update for mariadb-connector-c fixes the following issue: CVE-2026-44172: mysqlrealescapestring incorrectly handled big5 bsc1266438. Changes for mariadb-connector-c: Update to 3.1.28. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for joe
This update for joe fixes the following issue CVE-2026-13412: arbitrary command execution via malicious tags file bsc1269379. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...
Security update for php-composer2
This update for php-composer2 fixes the following issues: CVE-2026-45793: Github Actions issued GITHUBTOKEN disclosure in GitHub Actions logs bsc1271504. CVE-2026-59946: path traversal in package bin field lets dependencies chmod arbitrary host files bsc1271151. CVE-2026-59947: URL-embedded...
Security update for python311
This update for python311 fixes the following issues CVE-2026-1502: CR/LF bytes not rejected by HTTP client proxy tunnel headers or host bsc1261969. CVE-2026-4786: URLs containing %action can bypass mitigation that allows command injection via the webbrowser.open API bsc1262319. CVE-2026-6019: HT...
Security update for wpa_supplicant
This update for wpasupplicant fixes the following issues: CVE-2025-24912: hostapd RADIUS authentication of wi-fi devices allows a user in between the hostapd and the RADIUS server to inject crafted RADIUS packets and force RADIUS authentications to fail bsc1239461. CVE-2026-58374: missing bounds...
Security update for go1.26-openssl
This update for go1.26-openssl fixes the following issues Update to version go1.26.5 bsc1255111. CVE-2026-27145: crypto/x509: split candidate hostname only once bsc1267450. CVE-2026-39822: os: Root escape via symlink plus trailing slash bsc1271014. CVE-2026-42504: mime: quadratic complexity in...
Security update for python-idna
This update for python-idna fixes the following issue CVE-2026-45409: specially crafted inputs to idna.encode can bypass earlier security fix bsc1265413. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for python-idna
This update for python-idna fixes the following issue CVE-2026-45409: specially crafted inputs to idna.encode can bypass earlier security fix bsc1265413. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for dash
This update for dash fixes the following issues CVE-2026-31323: arithmetic expansion evaluating INTMAXMIN / -1 can lead to a signed integer overflow and a denial of service bsc1269494. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for shibboleth-sp
This update for shibboleth-sp fixes the following issue: CVE-2025-9943: SQL injection in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service bsc1249394. Patch Instructions: To install this SUSE...
Security update for libxml2
This update for libxml2 fixes the following issue CVE-2026-11979: stack-based buffer overflows in the xmlcatalog utility when running in --shell mode bsc1269790. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for libxml2
This update for libxml2 fixes the following issue CVE-2026-11979: stack-based buffer overflows in the xmlcatalog utility when running in --shell mode bsc1269790. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for libxml2
This update for libxml2 fixes the following issue CVE-2026-11979: stack-based buffer overflows in the xmlcatalog utility when running in --shell mode bsc1269790. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for openssl-3
This update for openssl-3 fixes the following issues CVE-2026-34182: CMS AuthEnvelopedData Processing May Accept Forged Messages bsc1266344. CVE-2026-42767: NULL Pointer Dereference in CRMF EncryptedValue Decryption bsc1266350. Patch Instructions: To install this SUSE update use the SUSE...
Security update for python-paramiko
This update for python-paramiko fixes the following issue CVE-2026-44405: data integrity compromise due to allowed SHA-1 algorithm use bsc1264225. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...
Security update for ruby3.4
This update for ruby3.4 fixes the following issues CVE-2026-42258: Net:IMAP: Command Injection via Symbol Arguments bsc1268011. CVE-2026-47240: Net:IMAP: Command Injection via non-synchronizing literal in "raw" argument bsc1268337. CVE-2026-47241: Net:IMAP: Denial of Service via incomplete raw...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: CVE-2026-31771: Bluetooth: Ignore HCIERRORCANCELLEDBYHOST on adv set terminated event bsc1264145. CVE-2026-43038: ipv6: icmp: clear skb2-cb in ip6errgenicmpv6unreach...
Security update for tomcat
This update for tomcat fixes the following issues Update to Tomcat 9.0.119. Security issues fixed: CVE-2026-50229: improper neutralization of script-related HTML tags in the number guess example bsc1269791. CVE-2026-53404: always-incorrect control flow implementation in the rewrite valve caused...
Security update for tomcat11
This update for tomcat11 fixes the following issues Update to Tomcat 11.0.23. Security issues fixed: CVE-2026-50229: improper neutralization of script-related HTML tags in the number guess example bsc1269791. CVE-2026-53404: always-incorrect control flow implementation in the rewrite valve caused...
Security update for python-python-socketio
This update for python-python-socketio fixes the following issues: CVE-2026-48804: Binary attachment accumulation can cause denial of service bsc1269491. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for python-python-engineio
This update for python-python-engineio fixes the following issues: CVE-2026-48802: remote user can cause the creation of unnecessary background threads in the server through the heartbeat mechanism and cause a DoS bsc1269544. CVE-2026-48809: size of incoming messages is not checked before they ar...
Security update for python-Pillow
This update for python-Pillow fixes the following issues CVE-2026-54058: out-of-bounds read via attacker-controlled row stride on mmap path bsc1271419. CVE-2026-59197: heap out-of-bounds write in ImageFilter.RankFilter via integer overflow in ImagingExpand bsc1271418. CVE-2026-59198: out-of-bound...
Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.60 fixes various security issues The following security issues were fixed: CVE-2026-46120: ip6gre: Use cached t-net in ip6erspanchangelink bsc1267893. CVE-2026-46173: exit: prevent preemption of oopsing TASKDEAD task bsc1267723...
Security update for libssh2_org
This update for libssh2org fixes the following issue CVE-2026-55199: pre-Authentication DoS via SSHMSGEXTINFO Handler bsc1268530. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for rpcbind
This update for rpcbind fixes the following issue Fix several memory leaks and buffer overflow bsc1267212. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your...
Security update for rpcbind
This update for rpcbind fixes the following issue Fix several memory leaks and buffer overflow bsc1267212. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your...
Security update for libssh2_org
This update for libssh2org fixes the following issue CVE-2026-55199: pre-Authentication DoS via SSHMSGEXTINFO Handler bsc1268530. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for the Linux Kernel (Live Patch 15 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.55 fixes various security issues The following security issues were fixed: CVE-2026-43501: ipv6: rpl: reserve maclen headroom when recompressed SRH grows bsc1266015. CVE-2026-45970: bonding: alb: fix UAF in rlbarprecv during bond...
Security update for libssh2_org
This update for libssh2org fixes the following issue Security changes: CVE-2026-55199: pre-Authentication DoS via SSHMSGEXTINFO Handler bsc1268530. Other changes: rebuild libssh2org against openssl 1.1.1, enabling ed25519 support. bsc1227490 Patch Instructions: To install this SUSE update use the...
Security update for podman
This update for podman rebuilds it against the current go security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux Enterprise...
Security update for podman
This update for podman rebuilds it against the current go security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Enterprise Storag...
Security update for rekor
This update for rekor rebuilds it against the current go security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux Enterprise...
Security update for cosign
This update for cosign rebuilds it against the current go security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux Enterprise...
Security update for python-urllib3
This update for python-urllib3 fixes the following issue Regression introduced by CVE-2025-66471 fix during file download with pySSL bsc1270365. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively yo...
Security update for the Linux Kernel (Live Patch 83 for SUSE Linux Enterprise 12 SP5)
This update for the SUSE Linux Enterprise Kernel 4.12.14-122.310 fixes various security issues The following security issues were fixed: CVE-2026-43037: ip6tunnel: clear skb2-cb in ip4ip6err bsc1265197. CVE-2026-45970: bonding: alb: fix UAF in rlbarprecv during bond up/down bsc1267206...
Security update for the Linux Kernel (Live Patch 78 for SUSE Linux Enterprise 12 SP5)
This update for the SUSE Linux Enterprise Kernel 4.12.14-122.296 fixes various security issues The following security issues were fixed: CVE-2026-31685: netfilter: ip6teui64: reject invalid MAC header for all packets bsc1263670. CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new...
Security update for the Linux Kernel (Live Patch 74 for SUSE Linux Enterprise 12 SP5)
This update for the SUSE Linux Enterprise Kernel 4.12.14-122.280 fixes various security issues The following security issues were fixed: CVE-2026-31685: netfilter: ip6teui64: reject invalid MAC header for all packets bsc1263670. CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new...
Security update for docker
This update for docker rebuilds it against the current go security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux Enterprise...
Security update for buildah
This update for buildah rebuilds it against the current go security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux Enterprise...
Security update for python-aiohttp
This update for python-aiohttp fixes the following issues CVE-2026-22815: insufficient header/trailer handling can cause a denial of service bsc1261320. CVE-2026-34513: unbounded DNS cache can cause a denial of service bsc1261321. CVE-2026-34514: contenttype parameter manipulation can lead to...
Security update for gstreamer-plugins-bad
This update for gstreamer-plugins-bad fixes the following issues CVE-2026-12892: 1-byte heap out-of-bounds read in H.264 NAL extension slice parser bsc1268971. CVE-2026-14935: webrtcbin accepts remote SDP without a=fingerprint due to inverted presence check bsc1271051. CVE-2026-52720: invalid che...
Security update for terraform-provider-susepubliccloud
This update for terraform-provider-susepubliccloud fixes the following issues CVE-2022-41723: go1.19,go1.20: net/http2: quadratic complexity in HPACK decoding bsc1208300. CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-header...
Security update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provid
This update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provider-local, terraform-provider-null, terraform-provider-random, terraform-provider-tls fixes the...