Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed.. openSUSE security update: security update for assimp ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21242-1 Rating: important References: * bsc#1251019 * bsc#1266996 * bsc#1266998 * bsc#1266999 * bsc#1267037 Cross-References: * CVE-2025-11277 * CVE-2026-10197 * CVE-2026-10199 * CVE-2026-10200 * CVE-2026-10232 CVSS scores: * CVE-2025-11277 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2025-11277 ( SUSE ): 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-10197 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-10197 ( SUSE ): 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-10199 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-10199 ( SUSE ): 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-10200 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-10200 ( SUSE ): 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-10232 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-10232 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed. Description: This update for assimp fixes thefollowing issues - CVE-2025-11277: large mWidth and mHeight dimensions can lead to integer overflow and a heap-based buffer overflow (bsc#1251019). - CVE-2026-10197: NULL pointer dereference in ImportEmbeddedTextures when mimeType lacks '/' (bsc#1266996). - CVE-2026-10199: NULL pointer dereference in glTF2::LazyDict::operator[] due to unchecked node access in ImportAnimations (bsc#1266998). - CVE-2026-10200: [glTF] Heap-buffer-overflow in CopyValue() when parsing invalid 4x4 matrix with insufficient data (bsc#1266999). - CVE-2026-10232: heap use-after-free in aiNode::~aiNode due to invalid node tree when processing malformed ASE files (bsc#1267037). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1163=1 Package List: - openSUSE Leap 16.0: assimp-devel-5.4.3-160000.4.1 libassimp5-5.4.3-160000.4.1 References: * https://www.suse.com/security/cve/CVE-2025-11277.html * https://www.suse.com/security/cve/CVE-2026-10197.html * https://www.suse.com/security/cve/CVE-2026-10199.html * https://www.suse.com/security/cve/CVE-2026-10200.html * https://www.suse.com/security/cve/CVE-2026-10232.html . Important security fixes for assimp in openSUSE address multiple vulnerabilities and ensure system integrity. Update now!. openSUSE assimp security patch important. . LinuxSecurity.com Team
An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for gstreamer-plugins-good ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21240-1 Rating: important References: * bsc#1268449 Cross-References: * CVE-2026-53705 CVSS scores: * CVE-2026-53705 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for gstreamer-plugins-good fixes the following issues: - CVE-2026-53705: wavpackdec: Avoid integer overflow when calculating output buffer size and related fixes (bsc#1268449). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1161=1 Package List: - openSUSE Leap 16.0: gstreamer-plugins-good-1.26.7-160000.2.1 gstreamer-plugins-good-extra-1.26.7-160000.2.1 gstreamer-plugins-good-gtk-1.26.7-160000.2.1 gstreamer-plugins-good-jack-1.26.7-160000.2.1 gstreamer-plugins-good-lang-1.26.7-160000.2.1 gstreamer-plugins-good-qtqml6-1.26.7-160000.2.1 References: * https://www.suse.com/security/cve/CVE-2026-53705.html . Critical openSUSE security update addresses a significant risk in gstreamer-plugins-good, ensuring system protection. Stay updated!. gstreamer security patch, openSUSE updates, system vulnerabilities, important software updates. . LinuxSecurity.com Team
An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for python-msgpack ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21239-1 Rating: important References: * bsc#1269947 Cross-References: * CVE-2026-57585 CVSS scores: * CVE-2026-57585 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for python-msgpack fixes the following issue - CVE-2026-57585: reusing an Unpacker instance after an error has been caught can lead to an out-of-bounds read (bsc#1269947). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1160=1 Package List: - openSUSE Leap 16.0: python313-msgpack-1.1.0-160000.3.1 References: * https://www.suse.com/security/cve/CVE-2026-57585.html . Security update for python-msgpack fixes out-of-bounds read issue on openSUSE Leap 16.0. Update recommended.. openSUSE security, python-msgpack patch, important update, out-of-bounds security, CVE-2026-57585. . LinuxSecurity.com Team
An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for krb5 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21238-1 Rating: important References: * bsc#1268131 Cross-References: * CVE-2026-11850 CVSS scores: * CVE-2026-11850 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for krb5 fixes the following issue - CVE-2026-11850: integer underflow in berval2tl_data() leads to heap out-of-bounds read (bsc#1268131). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1159=1 Package List: - openSUSE Leap 16.0: krb5-1.21.3-160000.4.1 krb5-client-1.21.3-160000.4.1 krb5-devel-1.21.3-160000.4.1 krb5-plugin-kdb-ldap-1.21.3-160000.4.1 krb5-plugin-preauth-otp-1.21.3-160000.4.1 krb5-plugin-preauth-pkinit-1.21.3-160000.4.1 krb5-plugin-preauth-spake-1.21.3-160000.4.1 krb5-server-1.21.3-160000.4.1 References: * https://www.suse.com/security/cve/CVE-2026-11850.html . Install the important openSUSE update addressing a heap attack issue in krb5. Secure your system now!. openSUSE updates, krb5 vulnerabilities, important security patches. . LinuxSecurity.com Team
An update that solves 13 vulnerabilities and has 13 bug fixes can now be installed.. openSUSE security update: security update for apache2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21235-1 Rating: important References: * bsc#1267503 * bsc#1267955 * bsc#1267956 * bsc#1267962 * bsc#1267963 * bsc#1267965 * bsc#1267969 * bsc#1267970 * bsc#1267971 * bsc#1267972 * bsc#1267976 * bsc#1267977 * bsc#1267978 Cross-References: * CVE-2026-29167 * CVE-2026-29170 * CVE-2026-34355 * CVE-2026-34356 * CVE-2026-42535 * CVE-2026-42536 * CVE-2026-43951 * CVE-2026-44119 * CVE-2026-44185 * CVE-2026-44186 * CVE-2026-44631 * CVE-2026-48913 * CVE-2026-49975 CVSS scores: * CVE-2026-29167 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-29170 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-34355 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-42535 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2026-42535 ( SUSE ): 7 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-42536 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-42536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-43951 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-44185 ( SUSE ): 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-44186 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44631 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-44631 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-48913 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48913 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-49975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 13 vulnerabilities and has 13 bug fixes can now be installed. Description: This update for apache2 fixes the following issues - CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976). - CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977). - CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978). - CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955). - CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956). - CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962). - CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963). - CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965). - CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request` (bsc#1267969). - CVE-2026-44186: responses from an attacker-controlled FTP backend can lead to resource exhaustion and a denial of service (bsc#1267970). - CVE-2026-44631: crafted regular expression can lead to a buffer underwrite (bsc#1267971). - CVE-2026-48913: file handleexhaustion during request processing in mod_http2 can lead to a use-after-free (bsc#1267972). - CVE-2026-49975: Fix cookie header accounting against LimitRequestFields (bsc#1267503). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1149=1 Package List: - openSUSE Leap 16.0: apache2-2.4.66-160000.3.1 apache2-devel-2.4.66-160000.3.1 apache2-event-2.4.66-160000.3.1 apache2-manual-2.4.66-160000.3.1 apache2-prefork-2.4.66-160000.3.1 apache2-utils-2.4.66-160000.3.1 apache2-worker-2.4.66-160000.3.1 References: * https://www.suse.com/security/cve/CVE-2026-29167.html * https://www.suse.com/security/cve/CVE-2026-29170.html * https://www.suse.com/security/cve/CVE-2026-34355.html * https://www.suse.com/security/cve/CVE-2026-34356.html * https://www.suse.com/security/cve/CVE-2026-42535.html * https://www.suse.com/security/cve/CVE-2026-42536.html * https://www.suse.com/security/cve/CVE-2026-43951.html * https://www.suse.com/security/cve/CVE-2026-44119.html * https://www.suse.com/security/cve/CVE-2026-44185.html * https://www.suse.com/security/cve/CVE-2026-44186.html * https://www.suse.com/security/cve/CVE-2026-44631.html * https://www.suse.com/security/cve/CVE-2026-48913.html * https://www.suse.com/security/cve/CVE-2026-49975.html . This openSUSE security update addresses 13 important vulnerabilities in apache2, enhancing system protection.. openSUSE security update, apache2 vulnerabilities, important security fix, buffer overflow issue, apache2 patch. . LinuxSecurity.com Team
An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for go-sendxmpp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0232-1 Rating: important References: #1265538 #1266617 Cross-References: CVE-2026-1229 CVE-2026-39821 CVSS scores: CVE-2026-1229 (SUSE): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N CVE-2026-39821 (SUSE): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for go-sendxmpp fixes the following issues: Update to 0.16.0: - CVE-2026-1229: circl: The CombinedMult function produces an incorrect value (boo#1265538). - CVE-2026-39821: net: Failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation (boo#1266617). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-232=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64): go-sendxmpp-0.16.0-bp157.2.9.1 References: https://www.suse.com/security/cve/CVE-2026-1229.html https://www.suse.com/security/cve/CVE-2026-39821.html https://bugzilla.suse.com/1265538 https://bugzilla.suse.com/1266617 . An important security update for openSUSE addresses issues in go-sendxmpp, fixing validation and privilege bypass flaws.. go-sendxmpp vulnerabilities, Punycode validation, openSUSE security update. . LinuxSecurity.com Team
An update that fixes 6 vulnerabilities is now available.. openSUSE Security Update: Security update for radare2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0231-1 Rating: important References: #1244121 #1262142 #1265403 Cross-References: CVE-2025-1378 CVE-2025-1744 CVE-2025-1864 CVE-2025-5641 CVE-2026-40499 CVE-2026-8695 CVSS scores: CVE-2025-1378 (SUSE): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-1744 (SUSE): 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2025-5641 (SUSE): 2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for radare2 fixes the following issues: - switch to python311 for sle15 build - CVE-2026-8695: Fix use-after-free in gdbr_threads_list() (boo#1265403) - Update to version 6.1.4 (boo#1262142, CVE-2026-40499): * Analysis: improve autoname scoring, jmptbl detection, and performance * Add callargs modifier, rnum expressions, and typed function context * Refactor autoname into plugin; extend RAnalPlugin hooks * Fix leaks, overflows, and command injection in analysis scripts * Improve string detection, wide strings, and switch/case analysis * Arch: fix v850/nds32 ESIL, optimize to O(1), improve pseudo support * Cache capstone options and improve multi-arch disassembly * ASM: add camel syntax support, unify via RArch API * Bin: major parser fixes (ELF, Mach-O, PE, DEX, PDB, WAD, XCOFF) * Fix leaks, OOB reads/writes, overflows, and improve bounds checks * Improve Swift demangling, ARM hints, relocations, and imports * Add nds32 reloc supportand optimize kernelcache parsing * Build: install to lib64, fix illumos and packaging issues * CI: add GitHub Actions and FilC builds * Console: fix multiple overflows, OOB issues, and improve performance * Core: API renames, plugin load order, sandbox/config fixes * Crash: extensive fixes (UAF, OOB, overflows, injections, fuzz bugs) * Harden ELF, PDB, kernelcache, regex, disassemblers, and webserver * Debug: improve ptrace, winkd support, breakpoints, checkpoints * Disasm: cache flag lookups for performance * FS/IO: fix leaks, bounds, sparse IO, and device handling * HTTP/socket: webserver fixes and SSL fallback handling * Print/projects: improve formatting, endian handling, project metadata * Pseudo: add while/switch support and cleaner control flow * Search/shell: improve commands, parsing, and usability * Security: fix widespread command injection and sandbox escapes * Tests/tools: improve r2r, CLI tools, fuzzing, and plugin support * Types/util: parsing improvements, JSON/base64 updates, optimizations * Visual: fix UAF/leaks, improve panels and UX * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.1.4 - Update to version 6.1.2: * Analysis: preserve timeouts, improve bb/jmptbl validation and limits * Optimize string detection and hot-path functions * Add APIs for function signatures, vars limits, and instruction hints * Fix overlapped functions, invalid code checks, and large bb handling * API: remove deprecated librmagic/filetype APIs and name filter * Arch: fix Thumb/endianness issues, add Python pseudo plugin * ASM: unify settings via RArch, fix directives, add bf pseudo plugin * Bin: improve ELF/Mach-O stripped detection and parsing safety * Harden Mach-O bounds, optimize kernelcache and XNU parsing * Fix many leaks (DEX, demangler, parsers) and infinite loops * Improve DWARF handling and symbol/type extraction * Build: improve meson, toolchains, and add ISO/docker support * Console: preserve timeout, fix themes and UTF-8 handling * Core: fix config bugs, improve startup and addressing support * Crash: fix UAF, OOB, race conditions, regex bugs, and overflows * Add safety checks across dotnet, Mach-O, DWARF, and webserver * Debug/ESIL: safer execution and divide-by-zero handling * FS/IO: fix HFS+, dyldcache speedups, safer zip handling * Graph: add bb size limit option * Print: merge commands, improve UTF-8 and formatting * Projects/tools: new configs, plugin support, CLI improvements * Search: faster analysis search and block buffering * Shell: improve grep/macros and file operations * Types: lazy-load, cache, and improve parsing (varargs, structs) * Tests: expand fuzzing and test suites * General cleanup, performance tuning, and safety improvements * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.1.4 - Update to version 6.1.0: * Reimplement RBufRef using RRef; fix RLibDelHandler API * Remove stale JAY code; improve analysis performance and CI speed * Optimize type propagation, jump tables, and plugin integration * Fix infinite loops, antidisasm tricks, and function autonaming * Add new analysis options and trace import plugin (DRCOV) * Improve RCore seek operations and naming APIs * API: add RNum.getErr, enforce safe alloc macros, new helpers * Arch: update ARC disasm, refactor sessions, remove unsafe string ops * ASM: improve x86 validation, add CIL and ARC pseudo plugins * Bin: major fixes for PE, ELF, Java, MDMP, LE, DEX; reduce memory use * Add/import DWARF types, improve relocations and symbol handling * Extensive memory leak fixes and parser hardening across formats * Improve string handling, caching, and zero-copy optimizations * Build: improve meson, remove zip deps, add 3rd-party plugin support * Console: fix UTF-8graphs and color propagation * Core: improve plugin handling and background task stability * Crash: fix multiple UAF, OOB, overflows, and injection issues * Sanitize inputs (function names, demangler, callconv) * Debug: add source breakpoints, ARM64/XNU support, FPU regs * Disasm: improve string handling, comments, and color logic * ESIL: extend x86 FPU emulation * FS/IO: fixes and plugin reorganizations * HTTP: fix sandbox webserver issues * Hash/tools: minor fixes and output improvements * General cleanup, safety checks, and performance optimizations * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.1.0 - Update to version 6.0.8: * Migrate r_vector to RVec across core components * Refactor and optimize type propagation (now plugin-based) * Remove redundant anal.a2f and related duplication * Improve caching, memoization, and performance in analysis * Fix file corruption, null asserts, and command issues * Enhance x86 (AT&T syntax, enter instruction) and z80 support * Add initial .NET (CIL) disasm/asm support * Improve Java, ELF, Mach-O, APK, and PDB handling * Fix demangling, symbols, and relocation issues * Resolve multiple memory leaks and parser bugs * Fix UAF, OOB, overflows, and command injection vulnerabilities * Improve GDB debugging and breakpoint handling * Enhance disassembly visuals and color options * Update ESIL operators and behavior * Add support for APFS, GPT, BSD, APM partitions * Improve IO handling and add new plugins * Optimize performance (strbuf, memory usage) * Improve console UI, themes, and terminal handling * Refine SDK builds and CI pipelines * Improve CLI tools (rabin2, rasm2, rafs2) * Add JSON support and better help/version info * Expand type parsing (typedef, enum, union) * Improve socket/HTTP handling and downloads * Add and refine tests and reporting *General cleanup, safety checks, and code modernization * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.0.8 - Expand %{bindir}/* - Rename sdb.1 man page to r2sdb.1 to avoid conflict with snobol4 - Fix patch pkgconfig.patch to be -p1-able - Update to version 6.0.7: * shell: Fix parsing r2 -H$(VARNAME) without a space - Update to version 6.0.6: * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.0.6 - Update to version 6.0.4: * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.0.4 - Update to version 6.0.2: * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.0.2 - Add missing sub directories for r_util.h and r_muta.h otherwise it might fails in calling r2pm -ci - Correct library package nameing scheme to make it build also on x86_64 on 15.6 and 15.7 - Update to version 6.0.0: * ABI changes: ~ RCorePlugins now have a session ~ Finish the RKons refactoring, all r_cons calls take instance instead of global ~ Rename RCrypto to RMuta ~ Use RCons instance from RLine ~ Rename RIOPlugin.widget to RIOPlugin.data ~ Refactor the RRegAlias api ~ Camelcase all the RCoreBind methods * Breaking API changes: ~ Boolify r_cons_rgb_parse ~ Add RLogLevel.fromString() and use it from -e log.level=? ~ Deprecate r_bin_addr2line ~ Rename RBinDbgItem into RBinAddrline ~ RNumCalc is now known as RNumMath ~ Move RFlagItem.alias into the Meta ~ Rename core-> offset into core-> addr (asm.offset and more!) ~ Rename RFlagItem.offset -> addr * API changes: ~ Boolify r_cons_rgb_parse ~ Add RLogLevel.fromString() and use it from -e log.level=? ~ Deprecate r_bin_addr2line ~ Rename RBinDbgItem into RBinAddrline ~ RNumCalc is now known as RNumMath ~ Move RFlagItem.alias into the Meta ~ Rename core-> offset into core-> addr (asm.offset and more!) ~ Rename RFlagItem.offset -> addr ~ Deprecate RLang.list() ~ Unified function to jsonify the plugin meta + more fields ~ Redesign the REvent API * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.0.0 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-231=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64): libsdb2_4_2-6.1.4-bp157.5.3.5 radare2-6.1.4-bp157.5.3.5 radare2-devel-6.1.4-bp157.5.3.5 - openSUSE Backports SLE-15-SP7 (noarch): radare2-zsh-completion-6.1.4-bp157.5.3.5 References: https://www.suse.com/security/cve/CVE-2025-1378.html https://www.suse.com/security/cve/CVE-2025-1744.html https://www.suse.com/security/cve/CVE-2025-1864.html https://www.suse.com/security/cve/CVE-2025-5641.html https://www.suse.com/security/cve/CVE-2026-40499.html https://www.suse.com/security/cve/CVE-2026-8695.html https://bugzilla.suse.com/1244121 https://bugzilla.suse.com/1262142 https://bugzilla.suse.com/1265403 . This update enhances radare2 with crucial fixes addressing several security issues and improves overall performance.. opensuse update security radare2 vulnerabilities patch. . LinuxSecurity.com Team
An update that solves three vulnerabilities can now be installed.. # Security update for kubevirt-1.6 Announcement ID: SUSE-SU-2026:2783-1 Release Date: 2026-07-07T15:05:10Z Rating: important References: * bsc#1256434 * bsc#1262265 * bsc#1266733 Cross-References: * CVE-2025-14525 * CVE-2026-35469 * CVE-2026-9804 CVSS scores: * CVE-2025-14525 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2025-14525 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2025-14525 ( NVD ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L * CVE-2026-35469 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35469 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35469 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-35469 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-9804 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2026-9804 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2026-9804 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * Containers Module 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for kubevirt-1.6 fixes the following issues: * CVE-2026-9804: Symlink escape in the VMExport dir handler let an attacker controlling an exported PVC read sensitive files (TLS keys, tokens, service- account creds) from the exporter pod. (bsc#1266733) * CVE-2025-14525: A VM reporting many guest-internal interfaces via the guest agent could flood VMI status and fill etcd (denial of service). Caps reportedinterfaces at 10. (bsc#1256434) * CVE-2026-35469: resource-exhaustion in the SPDY/3 protocol implementation of github.com/moby/spdystream. (GHSA-pc3f-x583-g7j2,bsc#1262265) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-2783=1 ## Package List: * Containers Module 15-SP7 (aarch64 x86_64) * kubevirt-1.6-virtctl-debuginfo-1.6.6-150700.15.10.1 * kubevirt-1.6-virtctl-1.6.6-150700.15.10.1 * kubevirt-1.6-manifests-1.6.6-150700.15.10.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14525.html * https://www.suse.com/security/cve/CVE-2026-35469.html * https://www.suse.com/security/cve/CVE-2026-9804.html * https://bugzilla.suse.com/show_bug.cgi?id=1256434 * https://bugzilla.suse.com/show_bug.cgi?id=1262265 * https://bugzilla.suse.com/show_bug.cgi?id=1266733 . Install the important security update for kubevirt-1.6 to fix three critical issues affecting your system. Learn how.. KubeVirt Update Security Fixes Vulnerabilities Denial of Service. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.