5114 matches found
Security update for python-requests
This update for python-requests fixes the following issues: CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589. Patch Instructions: To install this SUSE update use the SUSE...
Security update for freerdp
This update for freerdp fixes the following issue: CVE-2026-24684: Heap-use-after-free in playthread bsc1257991. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for...
Security update for openssl-1_1
This update for openssl-11 fixes the following issues: CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo...
Security update for openssl-3
This update for openssl-3 fixes the following issues: CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo...
Security update for openssl-3
This update for openssl-3 fixes the following issues: CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo...
Security update for openssl-3
This update for openssl-3 fixes the following issues: CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo...
Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise 15 SP5)
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.121 fixes various security issues The following security issues were fixed: CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689...
Security update for bind
This update for bind fixes the following issues: CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations bsc1260805. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for ignition
This update for ignition fixes the following issue: CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260251 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for python
This update for python fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. CVE-2026-3644: incomplete control character validation in http.cookies can lead to input...
Security update for govulncheck-vulndb
This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20260402T184258 2026-04-02T18:42:58Z jscPED-11136. Go CVE Numbering Authority IDs added or updated with aliases: GO-2026-4518 CVE-2026-32286 GHSA-jqcq-xjh3-6g23 GO-2026-4753 CVE-2026-33487 GHSA-479m-364c-43vc...
Security update for ImageMagick
This update for ImageMagick fixes the following issues: CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write bsc1259446. CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow bsc1259447. CVE-2026-28686:...
Security update for ImageMagick
This update for ImageMagick fixes the following issues: CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write bsc1259446. CVE-2026-28494: missing bounds checks in...
Security update for ImageMagick
This update for ImageMagick fixes the following issues: CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow bsc1259447...
Security update for ignition
This update for ignition fixes the following issue: CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260251 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for python-PyJWT
This update for python-PyJWT fixes the following issues: CVE-2026-32597: Fixed unknown crit header extensions accepts bsc1259616. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for ignition
This update for ignition fixes the following issue: CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260251 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for ignition
This update for ignition fixes the following issue: CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260251 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for google-cloud-sap-agent
This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 bsc1259816: CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260265. Changelog: Collect WLM metric...
Security update for google-cloud-sap-agent
This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 bsc1259816: CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260265. Changelog: Collect WLM metric...
Security update for gimp
This update for gimp fixes the following issues: CVE-2026-4150: PSD File Parsing Integer Overflow Remote Code Execution Vulnerability bsc1259979. CVE-2026-4153: PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability bsc1259984. CVE-2026-4154: XPM File Parsing Integer...
Security update for python-pyOpenSSL
This update for python-pyOpenSSL fixes the following issues: CVE-2026-27448: unhandled exception can result in connection not being cancelled bsc1259804. CVE-2026-27459: large cookie value can lead to a buffer overflow bsc1259808. Patch Instructions: To install this SUSE update use the SUSE...
Security update for avahi
This update for avahi fixes the following issue: CVE-2026-24401: avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record bsc1257235. Patch Instructions: To install this SUSE update use the SUSE recommended installation metho...
Security update for libsoup2
This update for libsoup2 fixes the following issue: CVE-2026-0716: improper bounds handling may allow out-of-bounds read bsc1256418. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...
Security update for libsoup
This update for libsoup fixes the following issue: CVE-2026-0716: improper bounds handling may allow out-of-bounds read bsc1256418. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for tar
This update for tar fixes the following issue: CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives bsc1246399. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can r...
Security update for LibVNCServer
This update for LibVNCServer fixes the following issues: CVE-2026-32853: crafted FramebufferUpdate message can lead to information disclosure or denial of service bsc1260431. CVE-2026-32854: crafted HTTP requests can cause a denial of service bsc1260429. Patch Instructions: To install this SUSE...
Security update for LibVNCServer
This update for LibVNCServer fixes the following issues: CVE-2026-32853: crafted FramebufferUpdate message can lead to information disclosure or denial of service bsc1260431. CVE-2026-32854: crafted HTTP requests can cause a denial of service bsc1260429. Patch Instructions: To install this SUSE...
Security update for python-tornado
This update for python-tornado fixes the following issues: CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service bsc1259553. incomplete validation of cookie attributes allows for injection of user-controlled values in other cookie attributes bsc1259630. Patc...
Security update for perl-Crypt-URandom
This update for perl-Crypt-URandom fixes the following issue: Update to 0.550.0 0.55: CVE-2026-2474: heap buffer overflow in the XS function crypturandomgetrandom bsc1258266. Changelog: Fix for sysread/read failures. Thanks to Miha Purg for GH20. Fix for test suite failures on STDOUT encoding...
Security update for wireshark
This update for wireshark fixes the following issues: Update Wireshark to version 4.6.4 jscPED-15400. CVE-2024-9780: ITS dissector crash bsc1231475. CVE-2024-9781: AppleTalk and RELOAD Framing dissector crash bsc1231476. CVE-2024-11595: Loop with Unreachable Exit Condition 'Infinite Loop' in...
Security update for expat
This update for expat fixes the following issues: CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. CVE-2026-32778: NUL...
Security update for freerdp
This update for freerdp fixes the following issues: CVE-2026-26271: Buffer Overread in FreeRDP Icon Processing bsc1258979. CVE-2026-26955: Out-of-bounds Write in freerdp bsc1258982. CVE-2026-26965: Out-of-bounds Write in freerdp bsc1258985. CVE-2026-31806: improper validation of server messages c...
Security update for freerdp2
This update for freerdp2 fixes the following issues: CVE-2026-26271: Buffer Overread in FreeRDP Icon Processing bsc1258979. CVE-2026-26955: Out-of-bounds Write in freerdp bsc1258982. CVE-2026-26965: Out-of-bounds Write in freerdp bsc1258985. CVE-2026-31806: improper validation of server messages...
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.9 MFSA 2026-24, bsc1260083: CVE-2026-3889: Spoofing issue in Thunderbird CVE-2026-4371: Out of bounds read in IMAP parsing CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender...
Security update for python-tornado
This update for python-tornado fixes the following issues: CVE-2025-67724: missing validation of the supplied reason phrase bsc1254903. CVE-2025-67725: Denial of Service DoS via maliciously crafted HTTP request caused by the HTTPHeaders.add method bsc1254905. CVE-2026-31958: parsing large multipa...
Security update for freerdp
This update for freerdp fixes the following issues: CVE-2026-26271: Buffer Overread in FreeRDP Icon Processing bsc1258979. CVE-2026-26955: Out-of-bounds Write in freerdp bsc1258982. CVE-2026-26965: Out-of-bounds Write in freerdp bsc1258985. CVE-2026-31806: improper validation of server messages c...
Security update for expat
This update for expat fixes the following issues: CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. CVE-2026-32778: NUL...
Security update for python-pyasn1
This update for python-pyasn1 fixes the following issues: CVE-2026-30922: Denial of Service via Unbounded Recursion bsc1259803. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for libjxl
This update for libjxl fixes the following issue: CVE-2024-11498: Resource exhaustion via Stack overflow in libjxl bsc1233785. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for net-snmp
This update for net-snmp fixes the following issues: CVE-2025-68615: Fixed snmptrapd buffer overflow bsc1255491 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for...
Security update for perl-XML-Parser
This update for perl-XML-Parser fixes the following issues: CVE-2006-10002: heap buffer overflow in parsestream when processing UTF-8 input streams bsc1259901. CVE-2006-10003: off-by-one heap buffer overflow in stserialstack bsc1259902. Patch Instructions: To install this SUSE update use the SUSE...
Security update for perl-XML-Parser
This update for perl-XML-Parser fixes the following issues: CVE-2006-10002: heap buffer overflow in parsestream when processing UTF-8 input streams bsc1259901. CVE-2006-10003: off-by-one heap buffer overflow in stserialstack bsc1259902. Patch Instructions: To install this SUSE update use the SUSE...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.52.0: CVE-2023-43010: processing maliciously crafted web content may lead to memory corruption bsc1259950. CVE-2025-31223: processing maliciously crafted web content may lead to memory corruption bsc1259949. CVE-2025-3127...
Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools
This update fixes the following issues: spacecmd: Version 5.2.6-0 Update translation strings venv-salt-minion: Fix the typo causing buiding EL9 bundle without binary dependencies Backport security patches for Salt vendored tornado: CVE-2025-67724: missing validation of supplied reason phrase...
Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools
This update fixes the following issues: golang-github-prometheus-prometheus: CVE-2026-27606: Fix arbitrary file write via path traversal in rollup bsc1258893 Bump rollup to version 4.59.0 Drop SLE 12 support jscPED-15474 CVE-2026-25547: Fix unbounded brace range expansion leading to excessive CPU...
Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools
This update fixes the following issues: mgr-push: Version 5.2.3-0 Disable build for SLES 16 rhnlib: Version 5.2.4-0 Disable build for SLES 16 spacecmd: Version 5.2.6-0 Update translation strings spacewalk-client-tools: Version 5.2.4-0 Disable build for SLES 16 uyuni-common-libs: Version 5.2.3-0...
Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools
This update fixes the following issues: spacecmd: Version 5.2.6-0 Update translation strings uyuni-tools: Version 5.2.5-0 Remove migrate command Remove template script from mgradm: use the one in the image Split the TFTP server into a separate container Explicitly start proxy pods after operation...
Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools
This update fixes the following issues: spacecmd: Version 5.2.6-0 Update translation strings uyuni-tools: Version 5.2.5-0 Remove migrate command Remove template script from mgradm: use the one in the image Split the TFTP server into a separate container Explicitly start proxy pods after operation...
Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools
This update fixes the following issues: spacecmd: Version 5.2.6-0 Update translation strings uyuni-tools: Version 5.2.5-0 Remove migrate command Remove template script from mgradm: use the one in the image Split the TFTP server into a separate container Explicitly start proxy pods after operation...