5440 matches found
Security update for frr
This update for frr fixes the following issue: CVE-2026-5107: Fixed an improper access controls in EVPN Type-2 Route Handler bsc1261013. CVE-2026-28532: Harden TE/SR TLV iteration against malformed lengths bsc1263859. CVE-2026-37457: Fix off-by-one error in FlowSpec operator array bounds check...
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-10263: arm64: Add workaround for Cortex-A76 erratum 1286807 bsc1266290. CVE-2025-40253: s390/ctcm: Fix double-kfree bsc1255084. CVE-2025-68822: Input: alps - fix...
Security update for 389-ds
This update for 389-ds fixes the following issue Update to 2.7.0git193.9ab79d496: CVE-2026-9064: unbounded LDAP controls count in getldapmessagecontrolsext can lead to amplified CPU time and heap allocation and a denial of service bsc1265898. Changelog: Issue 7503 - CVE-2026-9064 - Add a limit to...
Security update for openssl-1_1-livepatches
This update for openssl-11-livepatches fixes the following issues CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can ru...
Security update for qemu
This update for qemu fixes the following issues: Security fixes: CVE-2026-2243: incorrect bounds check leads to heap out-of-bounds read and a 12-byte information leak when processing specially crafted VMDK files bsc1258509. CVE-2026-3842: hyperv/syndbg: missing mapped-length guard after...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: CVE-2026-31405: media: dvb-net: fix OOB access in ULE extension header tables bsc1261700. CVE-2026-31629: nfc: llcp: add missing return after LLCPCLOSED checks bsc1263790...
Security update for openssh
This update for openssh fixes the following issues CVE-2026-3497: information disclosure or denial of service due to uninitialized variables bsc1259642. CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. CVE-2026-35388: omitted connection multiplexing...
Security update for nginx
This update for nginx fixes the following issues CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a configuration with overlapping captures bsc1266215. CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415...
Security update for google-osconfig-agent
This update for google-osconfig-agent fixes the following issue CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...
Security update for libyang
This update for libyang fixes the following issues CVE-2026-41401: use-after-free in lydparsersetdataflags when processing crafted YANG XML documents with specific metadata attributes bsc1266316. CVE-2026-44673: integer overflow in lybreadstring of src/parserlyb.c leads to heap buffer overflow wh...
Security update for kubernetes1.26
This update for kubernetes1.26 fixes the following issues CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265740. CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of service...
Security update for kubernetes1.24
This update for kubernetes1.24 fixes the following issues CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265740. CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of service...
Security update for 389-ds
This update for 389-ds fixes the following issue CVE-2026-9064: unbounded LDAP controls count in getldapmessagecontrolsext can lead to amplified CPU time and heap allocation and a denial of service bsc1265898. Changes for 389-ds: Update to version 2.0.20git90.9f70d434e. Patch Instructions: To...
Security update for vim
This update for vim fixes the following issues CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes bsc1261833. CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim...
Security update for perl-Protocol-HTTP2
This update for perl-Protocol-HTTP2 fixes the following issue CVE-2026-10725: denial of service due to absence of inbound HPACK header-list size limit HTTP/2 Bomb attack bsc1267857. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdat...
Security update for python311
This update for python311 fixes the following issues: CVE-2026-3446: Base64 decoding stops at first padded quad by default bsc1261970. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run...
Security update for memcached
This update for memcached fixes the following issues CVE-2026-47783: timing side-channel in SASL password database authentication username bsc1265873. CVE-2026-47784: timing side-channel in SASL password database authentication password bsc1265881. Patch Instructions: To install this SUSE update...
Security update for bind
This update for bind fixes the following issues: CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. CVE-2026-5946: Invalid handling of CLASS != IN bsc1265594. Patch...
Security update for evince
This update for evince fixes the following issue CVE-2026-46529: Evince/Atril/Xreader command injection bsc1265880. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed...
Security update for yq
This update for yq fixes the following issues: CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files bsc1267053. CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows...
Security update for unbound
This update for unbound fixes the following issues CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. CVE-2026-40622: "Ghost domain name" variant bsc1265581. CVE-2026-41292: Parsing a long list of incoming...
Security update for ignition
This update for ignition fixes the following issue CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265751. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues Updated to Mozilla Thunderbird 140.11 bsc1265212 MFSA 2026-44: CVE-2026-8090: Use-after-free in the DOM: Networking component. CVE-2026-8092: Memory safety bugs fixed in Thunderbird ESR 140.10.2 and Thunderbird 150.0.2. CVE-2026-8094:...
Security update 5.0.8 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...
Security update 5.0.8 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...
Security update 5.0.8 for Multi-Linux Manager Client Tools
This update fixes the following issues: prometheus-postgresexporter: Security Fixes: CVE-2022-21698: Fixed denial of service using InstrumentHandlerCounter bsc1248699 golang-github-QubitProducts-exporterexporter: Security Fixes: CVE-2022-21698: Fixed denial of service using InstrumentHandlerCount...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 bsc1243603. CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013...
Security update for xorg-x11-server
This update for xorg-x11-server fixes the following issues CreateSaverWindow Use-After-Free Information Disclosure. bsc1266301 DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write. bsc1266302 Font Alias Stack-based Buffer Overflow. bsc1266294 GLX ChangeDrawableAttributes Out-Of-Bounds...
Security update for the Linux Kernel (Live Patch 49 for SUSE Linux Enterprise 15 SP4)
This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.197 fixes various security issues The following security issues were fixed: CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. CVE-2026-23243: RDMA/umad: Reject negative datalen in ibumadwrite bsc1259798...
Security update for xen
This update for xen fixes the following issues CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 bsc1262428. CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264066. CVE-2026-23557: Xenstored DoS via XSRESETWATCHES command bsc1262178. CVE-2026-23558: grant tabl...
Security update for busybox
This update for busybox fixes the following issue CVE-2026-29004: a crafted DHCPv6 response can lead to a heap buffer overflow in the DHCPv6 client bsc1263989. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for xen
This update for xen fixes the following issues CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 bsc1262428. CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264066. CVE-2026-23557: Xenstored DoS via XSRESETWATCHES command bsc1262178. CVE-2026-23558: grant tabl...
Security update for python-urllib3
This update for python-urllib3 fixes the following issue CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied low-level redirects bsc1265267. Patch Instructions: To install this SUSE update use the SUSE recommended installation method...
Security update for libpng16
This update for libpng16 fixes the following issue: CVE-2026-34757: information disclosure and data corruption due to use-after-free in pngsetPLTE, pngsettRNS and pngsethIST bsc1261957. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for xz
This update for xz fixes the following issue CVE-2026-34743: buffer overflow in lzmaindexappend bsc1261280. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your...
Security update for rekor
This update for rekor rebuilds it against the current go security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux Enterprise...
Security update for container-suseconnect
This update for container-suseconnect rebuilds it against the current go security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product:...
Security update for php8
This update for php8 fixes the following issues CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL injection bsc1264778. CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code execution bsc1264776...
Security update for runc
This update for runc rebuilds it against the current go security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux Enterprise...
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issue CVE-2026-42050: Stack buffer overflow in XTileImage bsc1265048. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command...
Security update for PackageKit
This update for PackageKit fixes the following issue: CVE-2026-41651: Do not allow re-invoking methods on non-new transactions bsc1262220. Special Instructions and Notes: Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zyppe...
Security update for tiff
This update for tiff fixes the following issue CVE-2026-4775: signed integer overflow in the putcontig8bitYCbCr44tile function bsc1260411. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can...
Security update for python-python-multipart
This update for python-python-multipart fixes the following issue CVE-2026-42561: denial of service vulnerability in multipart part header parsing bsc1265250. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013. CVE-2026-46300: net: skbuff: propagate shared-frag marker...
Security update for php8
This update for php8 fixes the following issues CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL injection bsc1264778. CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code execution bsc1264776...
Security update for perl-Crypt-URandom
This update for perl-Crypt-URandom fixes the following issue: CVE-2026-2474: negative length parameter in the XS function can lead to a heap-based buffer overflow bsc1258266. Changes for perl-Crypt-URandom: updated to 0.550.0 0.55 Fix for sysread/read failures. Thanks to Miha Purg for GH20 Fix fo...
Security update for nginx
This update for nginx fixes the following issues Security issues: CVE-2026-1642: plain text data injection into the response from an upstream proxied server bsc1257675. CVE-2026-27654: buffer overflow in the NGINX worker process via the ngxhttpdavmodule module bsc1260416. CVE-2026-27784: NGINX...
Security update for perl-Text-CSV_XS
This update for perl-Text-CSVXS fixes the following issue CVE-2026-7111: use-after-free when registered callbacks extend the Perl argument stack may enable type confusion or memory corruption bsc1263690. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods...
Security update for dnsmasq
This update for dnsmasq fixes the following issues Security issues: CVE-2026-4890: DoS vulnerability in the DNSSEC validation bsc1265001. CVE-2026-4891: heap-based out-of-bounds read vulnerability in the DNSSEC validation bsc1265002. CVE-2026-4892: heap-based out-of-bounds write vulnerability in...
Security update for xen
This update for xen fixes the following issue CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264066. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...