Stay Vigilant with Timely Linux Security Advisories

security advisoryremote code executionarbitrary code execution

Ubuntu 16.04 Dolibarr Critical Exec Code Risk USN-8448-1

Dolibarr could be made to run programs if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-8448-1 June 17, 2026 dolibarr vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Dolibarr could be made to run programs if it received specially crafted network traffic. Software Description: - dolibarr: Open Source ERP & CRM for business Details: It was discovered that Dolibarr incorrectly handled user-supplied database name values during installation. A remote attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS dolibarr 3.5.8+dfsg1-1ubuntu1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8448-1 CVE-2018-25357 . Dolibarr can be exploited remotely through specially crafted traffic to execute arbitrary programs.. Ubuntu security update Dolibarr exploit. . Severity: Important. LinuxSecurity.com Team

Jun 17, 2026 •Important Ubuntu

security advisorydenial of servicecritical

Ubuntu 26.04 LTS kitty Critical Denial of Service Issues USN-8442-1

Several security issues were fixed in kitty.. ========================================================================== Ubuntu Security Notice USN-8442-1 June 17, 2026 kitty vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in kitty. Software Description: - kitty: The fast, feature-rich, GPU based terminal emulator Details: It was discovered that kitty incorrectly handled certain image data. An attacker able to write to the terminal's input could possibly use this issue to cause kitty to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-33633) It was discovered that kitty incorrectly handled certain graphics commands. An attacker able to write escape sequences to a kitty terminal could possibly use this issue to cause kitty to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-33642) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS kitty 0.45.0-1ubuntu0.1~esm1 Available with Ubuntu Pro kitty-shell-integration 0.45.0-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 25.10 kitty 0.41.1-2+deb13u1build0.25.10.1 kitty-shell-integration 0.41.1-2+deb13u1build0.25.10.1 Ubuntu 24.04 LTS kitty 0.32.2-1ubuntu0.4+esm1 Available with Ubuntu Pro kitty-shell-integration 0.32.2-1ubuntu0.4+esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS kitty 0.21.2-1ubuntu0.22.04.1+esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS kitty 0.15.0-1ubuntu0.2+esm1 Available with Ubuntu Pro After a standard system update you need to restart kitty to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8442-1 CVE-2026-33633, CVE-2026-33642 Package Information: https://launchpad.net/ubuntu/+source/kitty/0.41.1-2+deb13u1build0.25.10.1 . Several security issues fixed in Ubuntu kitty terminal affecting multiple releases. Stay updated against critical risks.. kitty terminal security, Ubuntu system update, denial of service risk. . Severity: Critical. LinuxSecurity.com Team

Jun 17, 2026 •Critical Ubuntu

security advisorydebianimportant

Debian atril Important Command Injection Risk DSA-6349-1 CVE-2026-46529

It was discovered that atril, the MATE document viewer, is prone to a command injection vulnerability if a specially crafted PDF file is opened. For the stable distribution (trixie), this problem has been fixed in version 1.26.2-4+deb13u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6349-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso June 17, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : atril CVE ID : CVE-2026-46529 Debian Bug : 1139874 It was discovered that atril, the MATE document viewer, is prone to a command injection vulnerability if a specially crafted PDF file is opened. For the stable distribution (trixie), this problem has been fixed in version 1.26.2-4+deb13u1. We recommend that you upgrade your atril packages. For the detailed security status of atril please refer to its security tracker page at: https://security-tracker.debian.org/tracker/atril Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Advisory DSA-6349-1 details command injection risk in atril. Upgrade to fix.. atril command injection command vulnerability Debian. . Severity: Important. LinuxSecurity.com Team

Jun 17, 2026 •Important Debian

security advisorydenial of serviceUbuntu

Ubuntu Go Cryptography Important Denial of Service Issues USN-8447-1

Several security issues were fixed in Go Cryptography.. ========================================================================== Ubuntu Security Notice USN-8447-1 June 17, 2026 golang-go.crypto vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Go Cryptography. Software Description: - golang-go.crypto: Supplementary Go cryptography libraries Details: It was discovered that Go Cryptography did not properly handle SSH global request responses. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2026-39830) It was discovered that Go Cryptography did not properly verify user presence when using FIDO/U2F security keys. An attacker could possibly use this issue to bypass user presence verification for hardware security keys. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-39831) It was discovered that Go Cryptography did not properly serialize SSH agent key constraint extensions. An attacker could possibly use this issue to bypass intended key usage restrictions. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-39832) It was discovered that Go Cryptography did not properly enforce the confirm-before-use constraint in the SSH agent keyring. An attacker could possibly use this issue to use SSH keys without the required user confirmation. (CVE-2026-39833) It was discovered that Go Cryptography had an integer overflow when handling large SSH channel writes. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2026-39834) It was discovered that Go Cryptography did not properly check certificate authority key revocation. An attacker could possibly use thisissue to bypass certificate authority revocation checks. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-42508) It was discovered that Go Cryptography did not properly enforce the source- address critical option for all SSH server callback types. An attacker could possibly use this issue to bypass source address authorization restrictions. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-46595) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS golang-golang-x-crypto-dev 1:0.47.0-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 24.04 LTS golang-golang-x-crypto-dev 1:0.19.0-1ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 22.04 LTS golang-golang-x-crypto-dev 1:0.0~git20211202.5770296-1ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS golang-golang-x-crypto-dev 1:0.0~git20200221.2aa609c-1ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS golang-go.crypto-dev 1:0.0~git20170629.0.5ef0053-2ubuntu0.1~esm2 Available with Ubuntu Pro golang-golang-x-crypto-dev 1:0.0~git20170629.0.5ef0053-2ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS golang-go.crypto-dev 1:0.0~git20151201.0.7b85b09-2ubuntu0.1~esm2 Available with Ubuntu Pro golang-golang-x-crypto-dev 1:0.0~git20151201.0.7b85b09-2ubuntu0.1~esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8447-1 CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-42508, CVE-2026-46595 . Critical security issuesin Go Cryptography for Ubuntu's latest versions addressed. Urgent updates recommended for user protection.. Go Cryptography Issues, Ubuntu Security Advisory, SSH Vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Jun 17, 2026 •Important Ubuntu

security advisorybuffer overflowSuSE

SUSE OpenSSL Important Issues Fixed in Update 2026-22132-1

An update that solves 11 vulnerabilities and has one fix can now be installed.. # Security update for openssl-3 Announcement ID: SUSE-SU-2026:22132-1 Release Date: 2026-06-11T12:41:55Z Rating: important References: * bsc#1230698 * bsc#1260446 * bsc#1261678 * bsc#1266340 * bsc#1266341 * bsc#1266342 * bsc#1266344 * bsc#1266349 * bsc#1266353 * bsc#1266355 * bsc#1266356 * bsc#1266357 Cross-References: * CVE-2024-41996 * CVE-2026-28390 * CVE-2026-34180 * CVE-2026-34182 * CVE-2026-42766 * CVE-2026-42770 * CVE-2026-45445 * CVE-2026-45446 * CVE-2026-45447 * CVE-2026-7383 * CVE-2026-9076 CVSS scores: * CVE-2024-41996 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-41996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34180 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-34180 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-34180 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34182 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34182 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34182 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-42766 ( SUSE ): 6.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-42766 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-42766 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H *CVE-2026-42770 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-42770 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N * CVE-2026-42770 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-45445 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-45445 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-45445 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-45446 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-45446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-45446 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-45447 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-45447 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-45447 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-7383 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-7383 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-7383 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-9076 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-9076 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-9076 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves 11 vulnerabilities and has one fix can now be installed. ## Description: This update for openssl-3 fixes the following issues * CVE-2024-41996: DHEATATTACK: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698). * CVE-2026-7383: Possible Heap Buffer Overflow inASN.1 Multibyte String Conversion (bsc#1266340). * CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption (bsc#1266341). * CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). * CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing (bsc#1266342). * CVE-2026-34182: CMS AuthEnvelopedData Processing May Accept Forged Messages (bsc#1266344). * CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption (bsc#1266349). * CVE-2026-42770: FFC-DH Peer Validation Uses Attacker-Supplied q (bsc#1266353). * CVE-2026-45445: AES-OCB IV Ignored on EVP_Cipher() Path (bsc#1266355). * CVE-2026-45446: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes (bsc#1266356). * CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify() (bsc#1266357). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-576=1 ## Package List: * SUSE Linux Micro 6.1 (s390x) * libopenssl-3-fips-provider-debuginfo-3.1.4-slfo.1.1_10.1 * libopenssl3-debuginfo-3.1.4-slfo.1.1_10.1 * openssl-3-3.1.4-slfo.1.1_10.1 * openssl-3-debuginfo-3.1.4-slfo.1.1_10.1 * libopenssl-3-devel-3.1.4-slfo.1.1_10.1 * libopenssl-3-fips-provider-3.1.4-slfo.1.1_10.1 * libopenssl3-3.1.4-slfo.1.1_10.1 * openssl-3-debugsource-3.1.4-slfo.1.1_10.1 ## References: * https://www.suse.com/security/cve/CVE-2024-41996.html * https://www.suse.com/security/cve/CVE-2026-28390.html * https://www.suse.com/security/cve/CVE-2026-34180.html * https://www.suse.com/security/cve/CVE-2026-34182.html * https://www.suse.com/security/cve/CVE-2026-42766.html * https://www.suse.com/security/cve/CVE-2026-42770.html *https://www.suse.com/security/cve/CVE-2026-45445.html * https://www.suse.com/security/cve/CVE-2026-45446.html * https://www.suse.com/security/cve/CVE-2026-45447.html * https://www.suse.com/security/cve/CVE-2026-7383.html * https://www.suse.com/security/cve/CVE-2026-9076.html * https://bugzilla.suse.com/show_bug.cgi?id=1230698 * https://bugzilla.suse.com/show_bug.cgi?id=1260446 * https://bugzilla.suse.com/show_bug.cgi?id=1261678 * https://bugzilla.suse.com/show_bug.cgi?id=1266340 * https://bugzilla.suse.com/show_bug.cgi?id=1266341 * https://bugzilla.suse.com/show_bug.cgi?id=1266342 * https://bugzilla.suse.com/show_bug.cgi?id=1266344 * https://bugzilla.suse.com/show_bug.cgi?id=1266349 * https://bugzilla.suse.com/show_bug.cgi?id=1266353 * https://bugzilla.suse.com/show_bug.cgi?id=1266355 * https://bugzilla.suse.com/show_bug.cgi?id=1266356 * https://bugzilla.suse.com/show_bug.cgi?id=1266357 . SUSE's important security update for openssl-3 addresses multiple vulnerabilities. Install it immediately for protection.. SUSE security update openssl vulnerabilities patch important. . Severity: Important. LinuxSecurity.com Team

Jun 17, 2026 •Important SuSE

security advisorydenial of serviceSuSE

SUSE Google-Guest-Agent Important DoS Security Update 2026-22133-1

An update that solves six vulnerabilities and has five fixes can now be installed.. # Security update for google-guest-agent Announcement ID: SUSE-SU-2026:22133-1 Release Date: 2026-06-12T08:45:38Z Rating: important References: * bsc#1210938 * bsc#1239334 * bsc#1239944 * bsc#1243254 * bsc#1243505 * bsc#1245759 * bsc#1253889 * bsc#1257010 * bsc#1260264 * bsc#1262926 * bsc#1265762 Cross-References: * CVE-2025-22868 * CVE-2025-22869 * CVE-2025-58181 * CVE-2026-33186 * CVE-2026-33814 * CVE-2026-34986 CVSS scores: * CVE-2025-22868 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-22868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-22868 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-22869 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-22869 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-58181 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-58181 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-58181 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34986 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34986 ( NVD): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves six vulnerabilities and has five fixes can now be installed. ## Description: This update for google-guest-agent fixes the following issues: Update to version 20260430.00: * Update dependencies and go version to 1.26.2 (#607) (bsc#1265762, CVE-2026-33814) * Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#604) (bsc#1260264, CVE-2026-33186) * Backport oslogin changes for sles16 to legacy agent (#603) * Bump go.opentelemetry.io/otel/sdk from 1.37.0 to 1.40.0 (#596) * Bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#602) * Actually finally fix the RPM spec (#601) * Correct guest telemetry build target (#600) * Add packaging for new telemetry extension (#599) * Implement new scheduled job for routes monitor (#598) * Add packaging changes for locally bundled extensions feature support (#593) * Ensure the uninstall script handles GCE metadata endpoint unavailability. (#591) * Disable certificates when security keys are enabled (#588) * Move sourcing of per-user configs to the end of sshd_config, fixing 2FA logins. (#590) * Source the contents of /var/google-users.d config files. (#586) * Force remove core plugin configuration for windows (#587) * network: force address manager to always consolidate the OS state (#585) * Bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#583) (bsc#1239334, CVE-2025-22869, bsc#1253889, CVE-2025-58181) * Don't delete the authorized_keys file when an empty key list is passed to updateAuthorizedKeysFile (#582) * Add Tyler, Saswat, Hank to OWNERS (#577) * Honor core plugin setting on windows package update (#576) * Restart agent if core plugin is disabled (#575) * Add extra debug logging around toggling OS Login (#572) * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Removeroutes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20260424.00 * Bring topic-stable up to latest point. (#606) * Bring stable branch up to 822ad49fd52b4d29869604af836a33cb22a667ba (#592) * fix start mode for windows on stable release (#584) * Update agent_uninstall.ps1 (#558) (#580) * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20260423.01 * Update THIRD_PARTY_LICENSES to be package specific location. (#608) * from version 20260423.00 * Update dependencies and go version to 1.26.2 (#607) * Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#604) * Backport oslogin changes for sles16 to legacy agent (#603) * Bump go.opentelemetry.io/otel/sdk from 1.37.0 to 1.40.0 (#596) * Bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#602) * Actually finally fix the RPM spec (#601) * Correct guest telemetry build target (#600) * Add packaging for new telemetry extension (#599) * Implement new scheduled job for routes monitor (#598) * Add packaging changes for locally bundled extensionsfeature support (#593) * Ensure the uninstall script handles GCE metadata endpoint unavailability. (#591) * Disable certificates when security keys are enabled (#588) * Move sourcing of per-user configs to the end of sshd_config, fixing 2FA logins. (#590) * Source the contents of /var/google-users.d config files. (#586) * Force remove core plugin configuration for windows (#587) * network: force address manager to always consolidate the OS state (#585) * Bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#583) * Don't delete the authorized_keys file when an empty key list is passed to updateAuthorizedKeysFile (#582) * Add Tyler, Saswat, Hank to OWNERS (#577) * Honor core plugin setting on windows package update (#576) * Restart agent if core plugin is disabled (#575) * Add extra debug logging around toggling OS Login (#572) * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20260422.01 * Bring topic-stable up to latest point. (#606) * Bring stable branch up to 822ad49fd52b4d29869604af836a33cb22a667ba (#592) * fix start mode for windows on stable release (#584) * Update agent_uninstall.ps1 (#558) (#580) * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20260422.00 * Update dependencies and go version to 1.26.2 (#607) * Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#604) * Backport oslogin changes for sles16 to legacy agent (#603) * Bump go.opentelemetry.io/otel/sdk from 1.37.0 to 1.40.0 (#596) * Bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#602) * Actually finally fix the RPM spec (#601) * Correct guest telemetry build target (#600) * Add packaging for new telemetry extension (#599) * Implement new scheduled job for routes monitor (#598) * Add packaging changes for locally bundled extensions feature support (#593) * Ensure the uninstall script handles GCE metadata endpoint unavailability. (#591) * Disable certificates when security keys are enabled (#588) * Move sourcing of per-user configs to the end of sshd_config, fixing 2FA logins. (#590) * Source the contents of /var/google-users.d config files. (#586) * Force remove core plugin configuration for windows (#587) * network: force address manager to always consolidate the OS state (#585) * Bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#583) * Don't delete the authorized_keys file when an empty key list is passed to updateAuthorizedKeysFile (#582) * Add Tyler, Saswat, Hank to OWNERS (#577) * Honor core plugin setting on windows package update (#576) * Restart agent if core plugin is disabled (#575) * Add extra debug logging around toggling OS Login (#572) * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run onstartup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20260421.00 * Bring topic-stable up to latest point. (#606) * Bring stable branch up to 822ad49fd52b4d29869604af836a33cb22a667ba (#592) * fix start mode for windows on stable release (#584) * Update agent_uninstall.ps1 (#558) (#580) * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20260414.00 * Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#604) * Bump Go API version to 1.26 * CVE-2026-34986: Fixed crafted JWE input with a missing encrypted key can lead to a denial of service (bsc#1262926) * Update to version 20260402.00: (bsc#1257010) * Backport oslogin changes for sles16 to legacy agent (#603) * Bump go.opentelemetry.io/otel/sdk from 1.37.0 to 1.40.0 (#596) * Bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#602) * Actually finally fix the RPM spec (#601) * Correct guest telemetry build target (#600) * Add packaging for new telemetry extension (#599) * Implement new scheduled job for routes monitor (#598) * Add packaging changes for locally bundled extensions feature support(#593) * Ensure the uninstall script handles GCE metadata endpoint unavailability. (#591) * Disable certificates when security keys are enabled (#588) * Move sourcing of per-user configs to the end of sshd_config, fixing 2FA logins. (#590) * Update to version 20260108.00 * Source the contents of /var/google-users.d config files. (#586) * Update to version 20251223.00 * Force remove core plugin configuration for windows (#587) * network: force address manager to always consolidate the OS state (#585) * Bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#583) * Don't delete the authorized_keys file when an empty key list is passed to updateAuthorizedKeysFile (#582) * Add Tyler, Saswat, Hank to OWNERS (#577) * Honor core plugin setting on windows package update (#576) * Restart agent if core plugin is disabled (#575) * Add extra debug logging around toggling OS Login (#572) * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20251218.01 * fix start mode for windows on stable release (#584) * Update agent_uninstall.ps1 (#558) (#580) * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fixfrom #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20251218.00 * Force remove core plugin configuration for windows (#587) * network: force address manager to always consolidate the OS state (#585) * Bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#583) * Don't delete the authorized_keys file when an empty key list is passed to updateAuthorizedKeysFile (#582) * Add Tyler, Saswat, Hank to OWNERS (#577) * Honor core plugin setting on windows package update (#576) * Restart agent if core plugin is disabled (#575) * Add extra debug logging around toggling OS Login (#572) * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20251216.00 * fix start mode for windows on stable release (#584) * Update agent_uninstall.ps1 (#558) (#580) * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) *Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20251215.00 * Force remove core plugin configuration for windows (#587) * network: force address manager to always consolidate the OS state (#585) * Bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#583) * Don't delete the authorized_keys file when an empty key list is passed to updateAuthorizedKeysFile (#582) * Add Tyler, Saswat, Hank to OWNERS (#577) * Honor core plugin setting on windows package update (#576) * Restart agent if core plugin is disabled (#575) * Add extra debug logging around toggling OS Login (#572) * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20251210.00 * fix start mode for windows on stable release (#584) * Update agent_uninstall.ps1 (#558) (#580) * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enableoriginal agent and disable core plugin (#557) * from version 20251209.00 * Force remove core plugin configuration for windows (#587) * Update to version 20251208.00 * network: force address manager to always consolidate the OS state (#585) * Bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#583) * Don't delete the authorized_keys file when an empty key list is passed to updateAuthorizedKeysFile (#582) * Add Tyler, Saswat, Hank to OWNERS (#577) * Honor core plugin setting on windows package update (#576) * Restart agent if core plugin is disabled (#575) * Add extra debug logging around toggling OS Login (#572) * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20251206.00 * fix start mode for windows on stable release (#584) * Update agent_uninstall.ps1 (#558) (#580) * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version20251205.00 * network: force address manager to always consolidate the OS state (#585) * Bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#583) * Don't delete the authorized_keys file when an empty key list is passed to updateAuthorizedKeysFile (#582) * Add Tyler, Saswat, Hank to OWNERS (#577) * Honor core plugin setting on windows package update (#576) * Restart agent if core plugin is disabled (#575) * Add extra debug logging around toggling OS Login (#572) * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * Update to version 20251120.01 * fix start mode for windows on stable release (#584) * Update agent_uninstall.ps1 (#558) (#580) * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20251120.00 * Don't delete the authorized_keys file when an empty key list is passed to updateAuthorizedKeysFile (#582) * Add Tyler, Saswat, Hank to OWNERS(#577) * Honor core plugin setting on windows package update (#576) * Restart agent if core plugin is disabled (#575) * Add extra debug logging around toggling OS Login (#572) * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20251117.00 * Update agent_uninstall.ps1 (#558) (#580) * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20251115.00 * Don't delete the authorized_keys file when an empty key list is passed to updateAuthorizedKeysFile (#582) * Add Tyler, Saswat, Hank to OWNERS (#577) * Honor core plugin setting on windows package update (#576) * Restart agent if core plugin is disabled (#575) * Add extra debug logging around toggling OS Login (#572) * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes scriptfrom packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20251108.00 * Update agent_uninstall.ps1 (#558) (#580) * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20251107.01 * Don't delete the authorized_keys file when an empty key list is passed to updateAuthorizedKeysFile (#582) * Add Tyler, Saswat, Hank to OWNERS (#577) * Honor core plugin setting on windows package update (#576) * Restart agent if core plugin is disabled (#575) * Add extra debug logging around toggling OS Login (#572) * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20251031.00 * Update agent_uninstall.ps1 (#558) (#580) * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20251030.02 * Add Tyler, Saswat, Hank to OWNERS (#577) * Honor core plugin setting on windows package update (#576) * Restart agent if core plugin is disabled (#575) * Add extra debug logging around toggling OS Login (#572) * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20251030.01 * Update agent_uninstall.ps1 (#558) (#580) * Update go version for stable branch to 1.25 (#571) * Add adapt script instable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20251030.00 * Add Tyler, Saswat, Hank to OWNERS (#577) * Honor core plugin setting on windows package update (#576) * Restart agent if core plugin is disabled (#575) * Add extra debug logging around toggling OS Login (#572) * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20251011.00 * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20251009.01 * Add Tyler, Saswat, Hank to OWNERS (#577) * Honor core plugin setting on windows package update (#576) * Restart agent if core plugin is disabled (#575) * Add extra debuglogging around toggling OS Login (#572) * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20251009.00 * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * Update to version 20251007.00 * Add Tyler, Saswat, Hank to OWNERS (#577) * Honor core plugin setting on windows package update (#576) * Restart agent if core plugin is disabled (#575) * Add extra debug logging around toggling OS Login (#572) * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencieson systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20251006.01 * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20251006.00 * Honor core plugin setting on windows package update (#576) * Restart agent if core plugin is disabled (#575) * Add extra debug logging around toggling OS Login (#572) * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20251005.00 * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 tostable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20250930.01 * Honor core plugin setting on windows package update (#576) * from version 20250929.01 * Restart agent if core plugin is disabled (#575) * Add extra debug logging around toggling OS Login (#572) * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20250929.00 * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20250926.00 * Add extra debug logging around toggling OS Login (#572) * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20250924.02 * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20250924.01 * Add extra debug logging around toggling OS Login (#572) * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version20250924.00 * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * Update to version 20250923.01 * Add extra debug logging around toggling OS Login (#572) * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20250923.00 * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20250921.00 * Add extra debug logging around toggling OS Login (#572) * from version 20250920.01 * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20250920.00 * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20250918.01 * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20250917.01 *Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20250917.00 * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20250916.00 * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20250915.00 * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core pluginbefore removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * Disable missing daemon google_guest_agent_manager referenced by google- startup-scripts.service * Update to version 20250908.00 * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20250907.00 * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20250905.01 * Update go version for stable branch to 1.25 (#571) *Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20250905.00 * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20250902.00 * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * Build and install new gce_workload_cert_refresh binary * Fix installation source of google_metadata_script_runner_adapt script * Install new systemd service file * gce-workload-cert-refresh.service * Update to version 20250901.00 * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Removeroutes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20250831.03 * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20250831.02 * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20250831.01 * Update goversion for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20250831.00 * Update go version to 1.25 (#565) * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20250830.02 * Update go version for stable branch to 1.25 (#571) * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20250830.01 * Update go version to 1.25 (#565) * from version 20250830.00 * Add compat adapt script to windows in agent sysprep (#569) * Fix adapt to use more portable shebang line (#567) * Remove routes script from packaging (#566) * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) *Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20250828.00 * Add adapt script in stable branch as per #569 (#570) * Backport fix from #567 to stable branch (#568) * from version 20250826.00 * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20250821.01 * Remove routes script from packaging (#566) * Update Go API version to 1.25 * Update to version 20250718.00 * Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * Update to version 20250709.02 * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20250709.01 *Update adapt script to run on startup/shutdown both (#561) * Update agent_uninstall.ps1 (#558) * Stop core plugin before removing agent package (#554) * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * from version 20250709.00 * Revert compat behavior and call known binary directly (#560) * Revert compat behavior and call known binary directly (#559) * Build rollforward package to re-enable original agent and disable core plugin (#557) * from version 20250702.00 * Update adapt script to run on startup/shutdown both (#561) * from version 20250701.01 * Update agent_uninstall.ps1 (#558) * from version 20250701.00 * Stop core plugin before removing agent package (#554) * from version 20250628.00 * Startup scripts should start after agent manager instead (#553) * Update presets and install dependencies on systemd units (#552) * Ensure agent service is disabled (#551) * from version 20250626.00 * Disable legacy agent to enable core plugin (#550) * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * startup script: wrap compatibility decision into its own scripts (#538) * Reapply "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523) (#540) * from version 20250625.00 * prepare stable release. * Install google_metadata_script_runner_adapt script (bsc#1245759) * Update to version20250624.00 * Final fix for RHEL packaging for routes setup (#549) * Fix RHEL packaging for routes scripts (#548) * Packaging changes to include routes script installation (#542) * Update CLI name in packaging (#543) * systemd should manage only the main process (#544) * startup script: wrap compatibility decision into its own scripts (#538) * Reapply "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523) (#540) * from version 20250611.01 * prepare stable release. * from version 20250611.00 * startup script: wrap compatibility decision into its own scripts (#538) * Reapply "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523) (#540) * from version 20250609.00 * prepare stable release. * from version 20250605.00 * startup script: wrap compatibility decision into its own scripts (#538) * Reapply "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523) (#540) * Make sure agent added connections are activated by NM (#534) * wrap NSS cache refresh in a goroutine (#533) * Wicked: Only reload interfaces for which configurations are written or changed. (#524) * Add AuthorizedKeysCompat to windows packaging (#530) * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Updatestartup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert "Revert bundling new binaries in the package (#509)" (#511) * Update to version 20250604.00 * Preparing stable build. * from version 20250602.00 * Make sure agent added connections are activated by NM (#534) * wrap NSS cache refresh in a goroutine (#533) * Wicked: Only reload interfaces for which configurations are written or changed. (#524) * Add AuthorizedKeysCompat to windows packaging (#530) * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert "Revert bundling new binaries in the package (#509)" (#511) * from version 20250521.00 * Preparing stable build. * from version 20250515.00 * Make sure agent added connections are activated by NM (#534) * wrap NSS cache refresh in a goroutine (#533) * Wicked: Only reload interfaces for which configurations are written or changed. (#524) * Add AuthorizedKeysCompat to windows packaging (#530) * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) * Update guest-logging-go dependency(#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert "Revert bundling new binaries in the package (#509)" (#511) * Update to version 20250508.00 * Preparing stable build. * from version 20250506.01 (bsc#1243254, bsc#1243505) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-577=1 ## Package List: * SUSE Linux Micro 6.1 (s390x) * google-guest-agent-20260430.00-slfo.1.1_1.1 * google-guest-agent-debuginfo-20260430.00-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-22868.html * https://www.suse.com/security/cve/CVE-2025-22869.html * https://www.suse.com/security/cve/CVE-2025-58181.html * https://www.suse.com/security/cve/CVE-2026-33186.html * https://www.suse.com/security/cve/CVE-2026-33814.html * https://www.suse.com/security/cve/CVE-2026-34986.html * https://bugzilla.suse.com/show_bug.cgi?id=1210938 * https://bugzilla.suse.com/show_bug.cgi?id=1239334 * https://bugzilla.suse.com/show_bug.cgi?id=1239944 * https://bugzilla.suse.com/show_bug.cgi?id=1243254 *https://bugzilla.suse.com/show_bug.cgi?id=1243505 * https://bugzilla.suse.com/show_bug.cgi?id=1245759 * https://bugzilla.suse.com/show_bug.cgi?id=1253889 * https://bugzilla.suse.com/show_bug.cgi?id=1257010 * https://bugzilla.suse.com/show_bug.cgi?id=1260264 * https://bugzilla.suse.com/show_bug.cgi?id=1262926 * https://bugzilla.suse.com/show_bug.cgi?id=1265762 . The SUSE update addresses six vulnerabilities in google-guest-agent, enhancing security and performance for users.. SUSE Security, google-guest-agent, Software Updates, Vulnerability Patching. . Severity: Important. LinuxSecurity.com Team

Jun 17, 2026 •Important SuSE

security advisorybuffer overflowSuSE

SUSE sqlite3 Important Memory Corruption Buffer Overflow Fix 2026-22134-1

An update that solves two vulnerabilities can now be installed.. # Security update for sqlite3 Announcement ID: SUSE-SU-2026:22134-1 Release Date: 2026-06-12T09:23:25Z Rating: important References: * bsc#1268012 * bsc#1268013 Cross-References: * CVE-2026-11822 * CVE-2026-11824 CVSS scores: * CVE-2026-11822 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-11822 ( NVD ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-11822 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-11824 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-11824 ( NVD ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-11824 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for sqlite3 fixes the following issues Update to 3.53.2: * CVE-2026-11822: memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution (bsc#1268012). * CVE-2026-11824: heap-based buffer overflow vulnerability in the FTS5 full- text search extension that allows attackers to cause a crash or execute arbitrary code (bsc#1268013). Changes: * Add the Query Result Formatter (QRF) library for formatting the results of SQL queries for human readability on a fixed-pitch font screen. * Enhance ALTER TABLE to permit adding and removing NOT NULL and CHECK constraints. * The REINDEX EXPRESSIONS statement rebuilds expression indexes. * The body of TEMP triggers may now modify and/or query tables inthe main schema. * Enhance VACUUM INTO so that if a URI filename is used as the target and that filename has a reserve=N query parameter with N between 0 and 255, then the reserve amount for the generated database copy is set to N. * New SQL functions json_array_insert() and jsonb_array_insert(). * Renovations to the CLI. * New C-language interfaces: sqlite3_str_truncate(), sqlite3_str_free(), sqlite3_carray_bind_v2(). * Add the SQLITE_PREPARE_FROM_DDL option to sqlite3_prepare_v3(). * Added the SQLITE_UTF8_ZT constant which can be used as the encoding parameter to sqlite3_result_text64() or sqlite3_bind_text64() to indicate that the value is UTF-8 encoded and zero terminated. * The SQLITE_LIMIT_PARSER_DEPTH option is added to sqlite3_limit(). * The SQLITE_DBCONFIG_FP_DIGITS option is added to sqlite3_db_config(). * Query planner improvements. * Add new interfaces to the session extension that enable an application to add changes one at a time to the sqlite3_changegroup object. * Improvements to floating-point text conversions. * Added the self-healing index feature to deal with the stale expression index problem. * Add the "-p|--port" option to sqlite3_rsync. * Add the "opfs-wl" VFS, functionally identical to the "opfs" VFS but using Web Locks for locking, which can promise fairer lock sharing than the "opfs" bespoke protocol can. "opfs-wl" requires Atomics.waitAsync(), so requires newer browsers than "opfs" does. * Fixes for problems in 3.53.0 and 3.53.1 reported by users. * See the check-in timeline for details: https://sqlite.org/src/timeline?from=version-3.53.0&to=version-3.53.2 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-578=1 ## Package List: * SUSE Linux Micro 6.1 (s390x) *sqlite3-debugsource-3.53.2-slfo.1.1_1.1 * libsqlite3-0-3.53.2-slfo.1.1_1.1 * libsqlite3-0-debuginfo-3.53.2-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-11822.html * https://www.suse.com/security/cve/CVE-2026-11824.html * https://bugzilla.suse.com/show_bug.cgi?id=1268012 * https://bugzilla.suse.com/show_bug.cgi?id=1268013 . This update addresses critical security gaps in sqlite3 affecting SUSE systems, ensuring user data safety.. SUSE sqlite3 update security important vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Jun 17, 2026 •Important SuSE

security advisorymoderateSuSE

SUSE glib-networking Moderate Infinite Loop Issue CVE-2026-10028

An update that solves one vulnerability can now be installed.. # Security update for glib-networking Announcement ID: SUSE-SU-2026:22135-1 Release Date: 2026-06-15T09:14:48Z Rating: moderate References: * bsc#1267979 Cross-References: * CVE-2026-10028 CVSS scores: * CVE-2026-10028 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-10028 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-10028 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for glib-networking fixes the following issue * CVE-2026-10028: two certificates which are each signed by the other can lead to an infinite loop (bsc#1267979). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-579=1 ## Package List: * SUSE Linux Micro 6.1 (s390x) * glib-networking-debugsource-2.78.0-slfo.1.1_2.1 * glib-networking-debuginfo-2.78.0-slfo.1.1_2.1 * glib-networking-2.78.0-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-10028.html * https://bugzilla.suse.com/show_bug.cgi?id=1267979 . Update for glib-networking resolves a moderate security issue involving CVE-2026-10028. Install now for safety.. SUSE security update, glib-networking fix, moderate CVE patch, SUSE advisory details. . Severity: moderate. LinuxSecurity.com Team

Jun 17, 2026 •moderate SuSE

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

SUSE Xwayland Important Use-After-Free Buffer Overflow Vuln 2026-2426-1

openSUSE LibVNCServer Important Buffer Overflow Fix SUSE-SU-2026-2427-1

SUSE LibVNCServer Important Buffer Overflow Vuln 2026-2427-1

SUSE LibVNCServer Important Out-of-Bounds Issue Fix Advisory 2026-2428-1

SUSE Docker Significant Security Alert Regarding CVE-2025-58181 Update

SUSE OpenSSH Important Issues Resolved Info Disclosure DoS 2026-2430-1

SUSE elemental-system-agent Important Authorization Fix CVE-2026-33186

SUSE OpenSSL Important Buffer Overflow Heap Use Advisory 2026-22143-1

Debian Firefox-ESR Important Security Issues DSA-6350-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Ubuntu 22.04 OpenSSH Important Remote Access Issues USN-8222-1

Explore Latest Linux Security advisories

Ubuntu 16.04 Dolibarr Critical Exec Code Risk USN-8448-1

Ubuntu 26.04 LTS kitty Critical Denial of Service Issues USN-8442-1

Debian atril Important Command Injection Risk DSA-6349-1 CVE-2026-46529

Ubuntu Go Cryptography Important Denial of Service Issues USN-8447-1

SUSE OpenSSL Important Issues Fixed in Update 2026-22132-1

SUSE Google-Guest-Agent Important DoS Security Update 2026-22133-1

SUSE sqlite3 Important Memory Corruption Buffer Overflow Fix 2026-22134-1

SUSE glib-networking Moderate Infinite Loop Issue CVE-2026-10028

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Ubuntu 22.04 OpenSSH Important Remote Access Issues USN-8222-1

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

SUSE Xwayland Important Use-After-Free Buffer Overflow Vuln 2026-2426-1

openSUSE LibVNCServer Important Buffer Overflow Fix SUSE-SU-2026-2427-1

SUSE LibVNCServer Important Buffer Overflow Vuln 2026-2427-1

SUSE LibVNCServer Important Out-of-Bounds Issue Fix Advisory 2026-2428-1

SUSE Docker Significant Security Alert Regarding CVE-2025-58181 Update

SUSE OpenSSH Important Issues Resolved Info Disclosure DoS 2026-2430-1

SUSE elemental-system-agent Important Authorization Fix CVE-2026-33186

SUSE OpenSSL Important Buffer Overflow Heap Use Advisory 2026-22143-1

Debian Firefox-ESR Important Security Issues DSA-6350-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!