5387 matches found
Security update for vim
This update for vim fixes the following issues: Update Vim to version 9.2.0110: CVE-2025-53906: malicious zip archive may cause a path traversal in Vim's zip bsc1246602. CVE-2026-26269: Netbeans specialKeys stack buffer overflow bsc1258229. CVE-2026-28417: crafted URL parsed by netrw plugin can...
Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise 15 SP5)
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.136 fixes one security issue The following security issue was fixed: CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer bsc1257118. Patch Instructions: To install this SUSE update use the SUS...
Security update for the Linux Kernel (Live Patch 36 for SUSE Linux Enterprise 15 SP4)
This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.150 fixes various security issues The following security issues were fixed: CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255595. CVE-2023-53781: smc: Fix use-after-free in tcpwritetimerhandl...
Maintenance update for Multi-Linux Manager 4.3 Release Notes Release Notes
Description: This update fixes the following issues: release-notes-susemanager-proxy: Update to SUSE Manager 4.3.17 CVEs Fixed: CVE-2024-29371, CVE-2026-27727, CVE-2026-27830 Bugs mentioned: bsc1227577, bsc1227579, bsc1236799, bsc1243241, bsc1244724 bsc1248741, bsc1251995, bsc1253068, bsc1253773...
Security update for salt
This update for salt fixes the following issues: Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header parameter parsing algorithm bsc1254904...
Security update 5.0.7 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-67724: fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: fixed HTTP header parameter parsing algorithm bsc1254904...
Security update 5.0.7 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header parameter parsing algorithm bsc1254904...
Security update for libsoup
This update for libsoup fixes the following issue: CVE-2026-0716: improper bounds handling may allow out-of-bounds read bsc1256418. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer bsc1238917. CVE-2025-40242: gfs2: Fix unlikely race in gdlmputlock bsc1255075...
Security update for strongswan
This update for strongswan fixes the following issues: CVE-2026-25075: Fixed integer underflow when handling EAP-TTLS AVP bsc1259472. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run t...
Security update for python-Authlib
This update for python-Authlib fixes the following issues: CVE-2026-27962: JWS deserializecompact allows for signature bypass by accepting user-controlled embedded JWK as verification key bsc1259738. CVE-2026-28490: cryptographic padding oracle in JWE RSA15 key management algorithm bsc1259736...
Security update for freerdp2
This update for freerdp2 fixes the following issue: CVE-2026-24491: Heap-use-after-free in videotimer additional fix bsc1257981. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP7 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-53817: crypto: lib/mpi - avoid null pointer deref in mpicmpui bsc1254992. CVE-2025-39748: bpf: Forget ranges when refining tnum after JSET bsc1249587...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue bsc1255163. CVE-2023-53827: Bluetooth: L2CAP: Fix use-after-free in...
Security update for the Linux Kernel (Live Patch 72 for SUSE Linux Enterprise 12 SP5)
This update for the SUSE Linux Enterprise Kernel 4.12.14-122.272 fixes various security issues The following security issues were fixed: CVE-2022-50423: ACPICA: Fix use-after-free in acpiutcopyipackagetoipackage bsc1250785. CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant...
Security update for
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.28 fixes various security issues The following security issues were fixed: CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handleauthsessionkey bsc1255378. CVE-2025-68285: libceph: fix potential use-after-free in...
Security update for
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.25 fixes various security issues The following security issues were fixed: CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass...
Security update for tomcat
This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. CVE-2026-24734: certificate revocation bypass due ...
Security update for 389-ds
This update for 389-ds fixes the following issues: CVE-2025-14905: Fixed heap buffer overflow due to improper size calculation in schemaattrenumcallback callback bsc1258727. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Security update for curl
This update for curl fixes the following issues: CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. CVE-2026-3783: token leak with redirect and netrc bsc1259363. CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. CVE-2026-3805: use after free in SMB connection...
Security update for xen
This update for xen fixes the following issues: CVE-2026-23554: xen: Use after free of paging structures in EPT bsc1259247, XSA-480 CVE-2026-23555: xen: Xenstored DoS by unprivileged domain bsc1259248, XSA-481 Patch Instructions: To install this SUSE update use the SUSE recommended installation...
Security update for clamav
This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file bsc1259207. Non security issue: Support...
Security update for libpng15
This update for libpng15 fixes the following issues: CVE-2025-64505: heap buffer over-read in 'pngdoquantize' via malformed palette index bsc1254157. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternative...
Security update for python
This update for python fixes the following issue: CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator bsc1257181. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypp...
Security update for tomcat10
This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.52: CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. CVE-2026-24734: certificate revocation bypass du...
Security update for curl
This update for curl fixes the following issues: CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. CVE-2026-3783: token leak with redirect and netrc bsc1259363. CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. CVE-2026-3805: use after free in SMB connection...
Security update for python36
This update for python36 fixes the following issues: CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator bsc1257181. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Security update for go1.26
This update for go1.26 fixes the following issues: Update to go1.26.1 bsc1255111: CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints bsc1259266. CVE-2026-27138: crypto/x509: panic in name constraint...
Security update for python
This update for python fixes the following issue: CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator bsc1257181. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypp...
Security update for gnutls
This update for gnutls fixes the following issues: CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing a large number of name constraints and subject alternative names SANs bsc1257960. Patch Instructions: To install this SUSE update us...
Security update for python-maturin
This update for python-maturin fixes the following issue: CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257918. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate ...
Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. CVE-2025-69224: Fixed unicode processing of header values could cause...
Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. CVE-2025-69224: Fixed unicode processing of header values could cause...
Security update for python-Flask
This update for python-Flask fixes the following issue: CVE-2026-27205: information disclosure due to Flask session not adding the Vary: Cookie header bsc1258700. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for libsoup2
This update for libsoup2 fixes the following issues: CVE-2025-32049: denial of service attack to websocket server bsc1240751. CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests bsc1257398. CVE-2026-1539: proxy authentication credentials leaked via the...
Security update for virtiofsd
This update for virtiofsd fixes the following issue: CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257912. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Security update for wireshark
This update for wireshark fixes the following issues: CVE-2025-13946: MEGACO dissector infinite loop bsc1254472. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for...
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.8.0 ESR MFSA 2026-15 bsc1258568: CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component CVE-2026-2758: Use-after-free in the JavaScript: GC component CVE-2026-2759:...
Security update for python-pip
This update for python-pip fixes the following issues: CVE-2026-1703: Fixed a potential path traversal in python-pip. bsc1257599 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for postgresql17
This update for postgresql17 fixes the following issue: Update to version 17.9 bsc1258754. Regression fixes: the substring function raises an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column caused by CVE-2026-2006 fix. a standby...
Security update for postgresql18
This update for postgresql18 fixes the following issue: Update to version 18.3 bsc1258754. Regression fixes: the substring function raises an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column caused by CVE-2026-2006 fix. a standby...
Security update for libxml2
This update for libxml2 fixes the following issues: CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in xmlCatalogXMLResolveURI. bsc1256807, bsc1256811 CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to...
Security update for patch
This update for patch fixes the following issues: CVE-2021-45261: Clear range of pointers before they are used/freed bsc1194037. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for libssh
This update for libssh fixes the following issues: CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal bsc1258049. CVE-2026-0965: possible denial of service when parsing unexpected configuration files bsc1258045. CVE-2026-0966: buffer underflow in...
Security update for evolution-data-server
This update for evolution-data-server fixes the following issue: CVE-2026-2604: arbitrary file deletion via inconsistent URI handling bsc1258307. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively y...
Security update for python
This update for python fixes the following issue: CVE-2024-7592: uncontrolled CPU resource consumption when in http.cookies module bsc1229596. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you...
Security update for postgresql15
This update for postgresql15 fixes the following issues: Update to version 15.17 bsc1258754. Security issues fixed: CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory bsc1258008. CVE-2026-2004: intarray missing validation of type of input to...
Security update for smc-tools
This update for smc-tools fixes the following issues: Update to version 1.8.7 jscPED-14601. Security issues fixed: VUL-1: smc-tools: predictable /tmp file allows for local denial of service bsc1230052, bsc1258495. Other updates and bugfixes: smcrnics: fix regression when PFT not available...
Security update for freerdp
This update for freerdp fixes the following issues: CVE-2026-22855: heap-buffer-overflow in smartcardunpacksetattribcall bsc1256721. CVE-2026-22857: heap-use-after-free in irpthreadfunc bsc1256723. CVE-2026-23533: improper validation can lead to heap buffer overflow in cleardecompressresidualdata...
Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise 15 SP5)
This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.121 fixes various security issues The following security issues were fixed: CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer bsc1255577. CVE-2023-54142: gtp: Fix use-after-free in gtpencapdestroy bsc1256097...