5111 matches found
Security update for opensc
This update for opensc fixes the following issues: CVE-2025-49010: specially crafted smart card or USB device can lead to a stack buffer overflow write in GET RESPONSE bsc1261214. CVE-2025-66037: specially crafted input processed by the fuzzpkcs15reader harness can lead to an out-of-bounds heap...
Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.31 fixes one security issue The following security issue was fixed: CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management bsc1259859. Patch Instructions: To install this SUSE update use the SUSE...
Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.22 fixes various security issues The following security issues were fixed: CVE-2025-40309: Bluetooth: SCO: Fix UAF on scoconnfree bsc1255066. CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management...
Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise 15 SP5)
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.136 fixes various security issues The following security issues were fixed: CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger bsc1258396. CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy...
Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP6)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.53 fixes various security issues The following security issues were fixed: CVE-2025-40309: Bluetooth: SCO: Fix UAF on scoconnfree bsc1255066. CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management...
Security update for jetty-minimal
This update for jetty-minimal fixes the following issues: CVE-2025-11143: Fixed different parsing of invalid URIs bsc1259242. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...
Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.19 fixes various security issues The following security issues were fixed: CVE-2025-40309: Bluetooth: SCO: Fix UAF on scoconnfree bsc1255066. CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management...
Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.6 fixes various security issues The following security issues were fixed: CVE-2025-40309: Bluetooth: SCO: Fix UAF on scoconnfree bsc1255066. CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management...
Security update for NetworkManager
This update for NetworkManager fixes the following issue: Security fixes: CVE-2025-9615: Fixed non-admin user using others' certificates bsc1257359. Other fixes: Don't renew DHCP lease when software devices' MAC is empty bsc1225498. Patch Instructions: To install this SUSE update use the SUSE...
Security update for avahi
This update for avahi fixes the following issue: CVE-2026-24401: avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record bsc1257235. Patch Instructions: To install this SUSE update use the SUSE recommended installation metho...
Security update for avahi
This update for avahi fixes the following issue: CVE-2026-24401: avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record bsc1257235. Patch Instructions: To install this SUSE update use the SUSE recommended installation metho...
Security update for openvswitch3
This update for openvswitch3 fixes the following issues: CVE-2026-34956: invalid memory access via crafted FTP payloads in userspace conntrack flows specifying the FTP alg handler bsc1261273. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for openvswitch
This update for openvswitch fixes the following issue: Security updates: CVE-2026-34956: Invalid memory access in conntrack FTP alg bsc1261273. Other updates: Update openvswitch to 3.5.4 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for libraw
This update for libraw fixes the following issues: CVE-2026-20911: heap-based buffer overflow in HuffTable::initvalbsc1261673. CVE-2026-21413: heap-based buffer overflow in losslessjpegloadraw bsc1261674. CVE-2026-24660: heap-based buffer overflow in x3floadhuffman bsc1261676. Patch Instructions:...
Security update for python-ecdsa
This update for python-ecdsa fixes the following issues: CVE-2026-33936: issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions bsc1261009. Patch Instructions: To install this SUSE update use the SUSE recommended installation method...
Security update for libcap
This update for libcap fixes the following issue: CVE-2026-4878: Address a potential TOCTOU race condition in capsetfile bsc1261809. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...
Security update for libcap
This update for libcap fixes the following issue: CVE-2026-4878: Address a potential TOCTOU race condition in capsetfile bsc1261809. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...
Security update for gdk-pixbuf
This update for gdk-pixbuf fixes the following issue: CVE-2026-5201: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image bsc1261210. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Security update for gdk-pixbuf
This update for gdk-pixbuf fixes the following issue: CVE-2026-5201: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image bsc1261210. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Security update for openssl-3
This update for openssl-3 fixes the following issue: CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for bind
This update for bind fixes the following issues: CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations bsc1260805. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for NetworkManager
This update for NetworkManager fixes the following issue: CVE-2025-9615: Fixed non-admin user using others' certificates bsc1257359. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...
Security update for polkit
This update for polkit fixes the following issue: CVE-2026-4897: Fixed possible OOM condition via specially crafted input to polkit-agent-helper-1 bsc1260859. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for polkit
This update for polkit fixes the following issue: CVE-2026-4897: Fixed possible OOM condition via specially crafted input to polkit-agent-helper-1 bsc1260859. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for podman
This update for podman rebuilds it against the current go 1.25 security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: openSUSE Leap 15....
Security update for smc-tools
This update for smc-tools fixes the following issue: Update to smc-tools v1.8.7: predictable /tmp file allows for local denial of service bsc1230052. Changelog: Update to v1.8.7: smcrnics: fix regression when PFT not available smcd/smcr: prevent DoS on statistics workfile present in /tmp/ Update ...
Security update for python-CairoSVG
This update for python-CairoSVG fixes the following issue: CVE-2026-31899: denial of service via recursive element amplification bsc1259690. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...
Security update for NetworkManager
This update for NetworkManager fixes the following issues: CVE-2025-9615: non-admin users are allowed to use certificates from other users bsc1257359. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for NetworkManager
This update for NetworkManager fixes the following issues: CVE-2025-9615: non-admin users are allowed to use certificates from other users bsc1257359. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for iproute2
This update for iproute2 fixes the following issue: CVE-2024-58251: denial of service via terminal escape sequences bsc1254324. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for python
This update for python fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. CVE-2026-3479: improper resource argument validation can allow path traversal bsc1259989. CVE-2026-3644: incomplete control characte...
Security update for python-pyOpenSSL
This update for python-pyOpenSSL fixes the following issue: CVE-2026-27448: unhandled exception can result in connection not being cancelled bsc1259804. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for rust1.93
This update for rust1.93 fixes the following issues: Security issue: CVE-2026-31812: denial of service via crafted QUIC initial packet bsc1259623. Non security issue: Resolve missing gcc requirement that may affect some crate buildin bsc1253321. Patch Instructions: To install this SUSE update use...
Security update for shim
This update for shim fixes the following issues: shim is updated to version 16.1: shimstartimage: fix guid/handle pairing when uninstalling protocols Fix uncompressed ipv6 netboot fix test segfaults caused by uninitialized memory SbatLevelVariable.txt: minor typo fix. Realloc needs to allocate on...
Security update for ovmf
This update for ovmf fixes the following issue: CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting bsc1252441. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for python-urllib3
This update for python-urllib3 fixes the following issues: Security issues: CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain bsc1254866. CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API...
Security update for terraform-provider-local, terraform-provider-random, terraform-provider-tls
This update for terraform-provider-local, terraform-provider-random, terraform-provider-tls fixes the following issue: CVE-2026-25934: github.com/go-git/go-git/v5: improper verification of data integrity values for .pack and .idx files can lead to the consumption of corrupted files bsc1258097...
Security update for tiff
This update for tiff fixes the following issues: CVE-2025-61143: Fixed NULL pointer dereference bsc1258798. CVE-2025-61144: Fixed stack overflow in readSeparateStripsIntoBuffer bsc1258801. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for tiff
This update for tiff fixes the following issues: CVE-2025-61143: Fixed NULL pointer dereference bsc1258798. CVE-2025-61144: Fixed stack overflow in readSeparateStripsIntoBuffer bsc1258801. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for util-linux
This update for util-linux fixes the following issues: Security issue: CVE-2026-3184: access control bypass due to improper hostname canonicalization in login bsc1258859. Non security issues: recognize fuse "portal" as a virtual file system bsc1234736. fdisk: fix possible partition overlay and da...
Security update for python-PyJWT
This update for python-PyJWT fixes the following issues: CVE-2026-32597: Fixed unknown crit header extensions accepts bsc1259616. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for cups
This update for cups fixes the following issue: CVE-2026-34990: Local print admin token disclosure using temporary printers bsc1261568. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run...
Security update for freerdp
This update for freerdp fixes the following issues: Security fixes: CVE-2026-26271: Buffer overread in FreeRDP icon processing bsc1258979. CVE-2026-26955: Out-of-Bounds write in ClearCodec surface command handler bsc1258982. CVE-2026-26965: Out-of-bounds write in planar bitmap RLE decompression...
Security update for plexus-utils
This update for plexus-utils fixes the following issue: Security fixes: CVE-2025-67030: directory traversal via the extractFile method of org.codehaus.plexus.util.Expand bsc1260588. Update to version 4.0.2: Bug Fixes Specify /D for cmd.exe to bypass the Command Processor Autorun folder Dependency...
Security update for azure-storage-azcopy
This update for azure-storage-azcopy fixes the following issues: CVE-2026-33186: Authorization bypass in grpc-go due to improper validation of the HTTP/2 :path pseudo-header bsc1260307. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for corosync
This update for corosync fixes the following issues: CVE-2026-35091: Denial of Service and information disclosure via crafted UDP packet bsc1261299. CVE-2026-35092: Denial of Service via integer overflow in join message validation bsc1261300. Patch Instructions: To install this SUSE update use th...
Security update for python-PyJWT
This update for python-PyJWT fixes the following issues: CVE-2026-32597: Fixed unknown crit header extensions accepts bsc1259616. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for libtpms
This update for libtpms fixes the following issues: CVE-2025-49133: Fixed potential out of bounds OOB read vulnerability bsc1244528 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for vim
This update for vim fixes the following issues: Update to version 9.2.0280. CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution bsc1261271. CVE-2026-34714: missing checks allow for a tabpanel modeline escape and can lead to...
Security update for openssl-1_1
This update for openssl-11 fixes the following issues: CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo...