Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 9,991 articles for you...
100
09 Jun 2026, 07:21 AM
security advisorymoderatesecurity issueSUSE Mutt Moderate Loop NULL Pointer Fix Vulnerability 2026-2300-1
An update that solves six vulnerabilities and has one security fix can now be installed.. # Security update for mutt Announcement ID: SUSE-SU-2026:2300-1 Release Date: 2026-06-08T13:54:59Z Rating: moderate References: * bsc#1263892 * bsc#1263893 * bsc#1263894 * bsc#1263895 * bsc#1263896 * bsc#1263897 * bsc#1264047 Cross-References: * CVE-2026-43859 * CVE-2026-43860 * CVE-2026-43861 * CVE-2026-43862 * CVE-2026-43863 * CVE-2026-43864 CVSS scores: * CVE-2026-43859 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43859 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43859 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43860 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43860 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43860 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43861 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43861 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43861 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43862 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43862 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43862 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43863 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43863 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-43863 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-43864 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43864 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-43864 ( NVD ): 2.5CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves six vulnerabilities and has one security fix can now be installed. ## Description: This update for mutt fixes the following issues * CVE-2026-43859: `strfcpy` used instead of `memcpy` for the IMAP `auth_cram` MD5 digest (bsc#1263897). * CVE-2026-43860: truncation of `hash_passwd` by one byte for IMAP `auth_cram` MD5 digest (bsc#1263896). * CVE-2026-43861: missing check for `\0` in `url_pct_decode` (bsc#1263895). * CVE-2026-43862: mishandling of the `imap_auth_gss` security level (bsc#1263894). * CVE-2026-43863: infinite loop in `data_object_to_stream` in `crypt-gpgme.c` (bsc#1263893). * CVE-2026-43864: NULL pointer dereference in function `show_sig_summary` (bsc#1263892). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2300=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * mutt-1.10.1-55.33.1 * mutt-debuginfo-1.10.1-55.33.1 * mutt-debugsource-1.10.1-55.33.1 ## References: * https://www.suse.com/security/cve/CVE-2026-43859.html * https://www.suse.com/security/cve/CVE-2026-43860.html * https://www.suse.com/security/cve/CVE-2026-43861.html * https://www.suse.com/security/cve/CVE-2026-43862.html * https://www.suse.com/security/cve/CVE-2026-43863.html * https://www.suse.com/security/cve/CVE-2026-43864.html * https://bugzilla.suse.com/show_bug.cgi?id=1263892 * https://bugzilla.suse.com/show_bug.cgi?id=1263893 *https://bugzilla.suse.com/show_bug.cgi?id=1263894 * https://bugzilla.suse.com/show_bug.cgi?id=1263895 * https://bugzilla.suse.com/show_bug.cgi?id=1263896 * https://bugzilla.suse.com/show_bug.cgi?id=1263897 * https://bugzilla.suse.com/show_bug.cgi?id=1264047 . Update for mutt resolves multiple vulnerabilities to enhance system security in SUSE Linux environments effectively.. mutt update,SUSE security update,mutt vulnerabilities,moderate advisory. . Severity: moderate. LinuxSecurity.com Team
Jun 08, 2026
•moderate
SuSE
100
09 Jun 2026, 07:21 AM
security advisorybuffer overflowimportantopenSUSE Mutt Important Security Patch for 2026-2301-1 Release
An update that solves six vulnerabilities and has one security fix can now be installed.. # Security update for mutt Announcement ID: SUSE-SU-2026:2301-1 Release Date: 2026-06-08T13:55:10Z Rating: moderate References: * bsc#1263892 * bsc#1263893 * bsc#1263894 * bsc#1263895 * bsc#1263896 * bsc#1263897 * bsc#1264047 Cross-References: * CVE-2026-43859 * CVE-2026-43860 * CVE-2026-43861 * CVE-2026-43862 * CVE-2026-43863 * CVE-2026-43864 CVSS scores: * CVE-2026-43859 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43859 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43859 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43860 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43860 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43860 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43861 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43861 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43861 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43862 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43862 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43862 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43863 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43863 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-43863 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-43864 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43864 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-43864 ( NVD ): 2.5CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves six vulnerabilities and has one security fix can now be installed. ## Description: This update for mutt fixes the following issues * CVE-2026-43859: `strfcpy` used instead of `memcpy` for the IMAP `auth_cram` MD5 digest (bsc#1263897). * CVE-2026-43860: truncation of `hash_passwd` by one byte for IMAP `auth_cram` MD5 digest (bsc#1263896). * CVE-2026-43861: missing check for `\0` in `url_pct_decode` (bsc#1263895). * CVE-2026-43862: mishandling of the `imap_auth_gss` security level (bsc#1263894). * CVE-2026-43863: infinite loop in `data_object_to_stream` in `crypt-gpgme.c` (bsc#1263893). * CVE-2026-43864: NULL pointer dereference in function `show_sig_summary` (bsc#1263892). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2301=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2301=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * mutt-debuginfo-2.2.14-150600.3.6.1 * mutt-2.2.14-150600.3.6.1 * mutt-debugsource-2.2.14-150600.3.6.1 * openSUSE Leap 15.6 (noarch) * mutt-lang-2.2.14-150600.3.6.1 * mutt-doc-2.2.14-150600.3.6.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * mutt-debuginfo-2.2.14-150600.3.6.1 * mutt-2.2.14-150600.3.6.1 * mutt-debugsource-2.2.14-150600.3.6.1 * Basesystem Module 15-SP7 (noarch) * mutt-lang-2.2.14-150600.3.6.1 * mutt-doc-2.2.14-150600.3.6.1 ## References: *https://www.suse.com/security/cve/CVE-2026-43859.html * https://www.suse.com/security/cve/CVE-2026-43860.html * https://www.suse.com/security/cve/CVE-2026-43861.html * https://www.suse.com/security/cve/CVE-2026-43862.html * https://www.suse.com/security/cve/CVE-2026-43863.html * https://www.suse.com/security/cve/CVE-2026-43864.html * https://bugzilla.suse.com/show_bug.cgi?id=1263892 * https://bugzilla.suse.com/show_bug.cgi?id=1263893 * https://bugzilla.suse.com/show_bug.cgi?id=1263894 * https://bugzilla.suse.com/show_bug.cgi?id=1263895 * https://bugzilla.suse.com/show_bug.cgi?id=1263896 * https://bugzilla.suse.com/show_bug.cgi?id=1263897 * https://bugzilla.suse.com/show_bug.cgi?id=1264047 . Moderate security update for mutt resolves six issues, enhancing system integrity and performance in openSUSE 15.6.. mutt update, SUSE security, moderate vulnerabilities. . Severity: moderate. LinuxSecurity.com Team
Jun 08, 2026
•moderate
SuSE
202
09 Jun 2026, 07:21 AM
security advisorymoderatedenial of serviceopenSUSE Mutt Moderate Security Issue Advisory 2026-2301-1 CVE-2026-43859
An update that solves six vulnerabilities and has one security fix can now be installed.. # Security update for mutt Announcement ID: SUSE-SU-2026:2301-1 Release Date: 2026-06-08T13:55:10Z Rating: moderate References: * bsc#1263892 * bsc#1263893 * bsc#1263894 * bsc#1263895 * bsc#1263896 * bsc#1263897 * bsc#1264047 Cross-References: * CVE-2026-43859 * CVE-2026-43860 * CVE-2026-43861 * CVE-2026-43862 * CVE-2026-43863 * CVE-2026-43864 CVSS scores: * CVE-2026-43859 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43859 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43859 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43860 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43860 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43860 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43861 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43861 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43861 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43862 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43862 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43862 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43863 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43863 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-43863 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-43864 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43864 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-43864 ( NVD ): 2.5CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves six vulnerabilities and has one security fix can now be installed. ## Description: This update for mutt fixes the following issues * CVE-2026-43859: `strfcpy` used instead of `memcpy` for the IMAP `auth_cram` MD5 digest (bsc#1263897). * CVE-2026-43860: truncation of `hash_passwd` by one byte for IMAP `auth_cram` MD5 digest (bsc#1263896). * CVE-2026-43861: missing check for `\0` in `url_pct_decode` (bsc#1263895). * CVE-2026-43862: mishandling of the `imap_auth_gss` security level (bsc#1263894). * CVE-2026-43863: infinite loop in `data_object_to_stream` in `crypt-gpgme.c` (bsc#1263893). * CVE-2026-43864: NULL pointer dereference in function `show_sig_summary` (bsc#1263892). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2301=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2301=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * mutt-debuginfo-2.2.14-150600.3.6.1 * mutt-2.2.14-150600.3.6.1 * mutt-debugsource-2.2.14-150600.3.6.1 * openSUSE Leap 15.6 (noarch) * mutt-lang-2.2.14-150600.3.6.1 * mutt-doc-2.2.14-150600.3.6.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * mutt-debuginfo-2.2.14-150600.3.6.1 * mutt-2.2.14-150600.3.6.1 * mutt-debugsource-2.2.14-150600.3.6.1 * Basesystem Module 15-SP7 (noarch) * mutt-lang-2.2.14-150600.3.6.1 * mutt-doc-2.2.14-150600.3.6.1 ## References: *https://www.suse.com/security/cve/CVE-2026-43859.html * https://www.suse.com/security/cve/CVE-2026-43860.html * https://www.suse.com/security/cve/CVE-2026-43861.html * https://www.suse.com/security/cve/CVE-2026-43862.html * https://www.suse.com/security/cve/CVE-2026-43863.html * https://www.suse.com/security/cve/CVE-2026-43864.html * https://bugzilla.suse.com/show_bug.cgi?id=1263892 * https://bugzilla.suse.com/show_bug.cgi?id=1263893 * https://bugzilla.suse.com/show_bug.cgi?id=1263894 * https://bugzilla.suse.com/show_bug.cgi?id=1263895 * https://bugzilla.suse.com/show_bug.cgi?id=1263896 * https://bugzilla.suse.com/show_bug.cgi?id=1263897 * https://bugzilla.suse.com/show_bug.cgi?id=1264047 . # Security update for mutt Announcement ID: SUSE-SU-2026:2301-1 Release Date: 2026-06-08T13:55:10Z R. security, update, solves, vulnerabilities, installed. . Severity: moderate. LinuxSecurity.com Team
Jun 08, 2026
•moderate
OpenSUSE
202
09 Jun 2026, 07:21 AM
security advisoryimportantauthentication issueopenSUSE Firewalld Moderate D-Bus Auth Issue Advisory SUSE-2026-2302-1
An update that solves one vulnerability can now be installed.. # Security update for firewalld Announcement ID: SUSE-SU-2026:2302-1 Release Date: 2026-06-08T15:27:07Z Rating: moderate References: * bsc#1260903 Cross-References: * CVE-2026-4948 CVSS scores: * CVE-2026-4948 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-4948 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for firewalld fixes the following issue: * CVE-2026-4948: local unprivileged users can modify the runtime firewall state without proper authentication due to D-Bus setter mis-authorizations (bsc#1260903). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2302=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2302=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2302=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2302=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2302=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-2302=1 ## Package List: * openSUSE Leap 15.4 (noarch) * firewalld-lang-0.9.3-150400.8.15.1 * firewall-applet-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 *firewall-macros-0.9.3-150400.8.15.1 * python3-firewall-0.9.3-150400.8.15.1 * firewall-config-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4948.html * https://bugzilla.suse.com/show_bug.cgi?id=1260903 . # Security update for firewalld Announcement ID: SUSE-SU-2026:2302-1 Release Date: 2026-06-08T15:27:. update, solves, vulnerability, installed, security, firewalld, announ. . Severity: Important. LinuxSecurity.com Team
Jun 08, 2026
•Important
OpenSUSE
100
09 Jun 2026, 07:21 AM
security advisorymoderatefirewallopenSUSE Medium firewalld D-Bus authorization vulnerability CVE-2026-4948
An update that solves one vulnerability can now be installed.. # Security update for firewalld Announcement ID: SUSE-SU-2026:2302-1 Release Date: 2026-06-08T15:27:07Z Rating: moderate References: * bsc#1260903 Cross-References: * CVE-2026-4948 CVSS scores: * CVE-2026-4948 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-4948 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for firewalld fixes the following issue: * CVE-2026-4948: local unprivileged users can modify the runtime firewall state without proper authentication due to D-Bus setter mis-authorizations (bsc#1260903). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2302=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2302=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2302=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2302=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2302=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-2302=1 ## Package List: * openSUSE Leap 15.4 (noarch) * firewalld-lang-0.9.3-150400.8.15.1 * firewall-applet-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 *firewall-macros-0.9.3-150400.8.15.1 * python3-firewall-0.9.3-150400.8.15.1 * firewall-config-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4948.html * https://bugzilla.suse.com/show_bug.cgi?id=1260903 . A security update for firewalld addresses a vulnerability in openSUSE and SUSE Enterprise Micro, requiring patch installation.. firewalld security, openSUSE patch, SUSE Linux update, firewall vulnerability. . Severity: moderate. LinuxSecurity.com Team
Jun 08, 2026
•moderate
SuSE
100
09 Jun 2026, 07:21 AM
security advisorydenial of servicesecurity issueopenSUSE postgresql17 Critical Security Update Advisory 2026-2303-1
An update that solves 10 vulnerabilities, contains one feature and has two security fixes can now be installed.. # Security update for postgresql17 Announcement ID: SUSE-SU-2026:2303-1 Release Date: 2026-06-08T15:27:52Z Rating: important References: * bsc#1245875 * bsc#1263804 * bsc#1265172 * bsc#1265173 * bsc#1265174 * bsc#1265175 * bsc#1265176 * bsc#1265177 * bsc#1265178 * bsc#1265179 * bsc#1265181 * bsc#1265182 * jsc#PED-14825 Cross-References: * CVE-2026-6472 * CVE-2026-6473 * CVE-2026-6474 * CVE-2026-6475 * CVE-2026-6476 * CVE-2026-6477 * CVE-2026-6478 * CVE-2026-6479 * CVE-2026-6637 * CVE-2026-6638 CVSS scores: * CVE-2026-6472 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6472 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6473 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6473 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6474 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6474 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6475 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6475 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6476 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6476 ( NVD ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6477 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6477 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6478 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6478 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6479 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6479 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6637 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6637 ( NVD ): 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6638 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N * CVE-2026-6638 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N * CVE-2026-6638 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 10 vulnerabilities, contains one feature and has two security fixes can now be installed. ## Description: This update for postgresql17 fixes the following issues Update to version 17.10. Security issues: * CVE-2026-6472: ensure the user has CREATE privilege on the schema specified (bsc#1265172). * CVE-2026-6473: integer overflows in memory-allocation calculations (bsc#1265173). * CVE-2026-6474: Guard against malicious time zone names (bsc#1265174). * CVE-2026-6475: Prevent path traversal in pg_basebackup and pg_rewind (bsc#1265175). * CVE-2026-6476: Properly quote subscription names in pg_createsubscriber (bsc#1265176). * CVE-2026-6477: Mark PQfn() as unsafe, and avoid using it within libpq (bsc#1265177). * CVE-2026-6478: Use timing-safe string comparisons in authentication code (bsc#1265178). * CVE-2026-6479: Prevent unbounded recursion while processing startup packets (bsc#1265179). * CVE-2026-6637: Prevent SQL injection and buffer overruns in contrib/spi (bsc#1265181). * CVE-2026-6638: Properly quote object names in logical replication origin checks (bsc#1265182). Non security issue: * Get rid of update-alternatives for openSUSE/SLE 16.0 and newer to support immutable systems and transactional updates (jsc#PED-14825 bsc#1245875). * /usr/bin/pg_config is missing after migrating away from update-alternatives (bsc#1263804). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2303=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2303=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2303=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2303=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2303=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2303=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2303=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2303=1 ## Package List: * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * postgresql17-devel-debuginfo-17.10-150200.5.28.1 * postgresql17-server-devel-17.10-150200.5.28.1 * postgresql17-contrib-17.10-150200.5.28.1 * postgresql17-server-debuginfo-17.10-150200.5.28.1 * postgresql17-llvmjit-17.10-150200.5.28.1 * postgresql17-plperl-17.10-150200.5.28.1 *postgresql17-17.10-150200.5.28.1 * postgresql17-contrib-debuginfo-17.10-150200.5.28.1 * postgresql17-debuginfo-17.10-150200.5.28.1 * postgresql17-pltcl-17.10-150200.5.28.1 * postgresql17-pltcl-debuginfo-17.10-150200.5.28.1 * postgresql17-server-devel-debuginfo-17.10-150200.5.28.1 * postgresql17-debugsource-17.10-150200.5.28.1 * postgresql17-plpython-17.10-150200.5.28.1 * postgresql17-devel-17.10-150200.5.28.1 * postgresql17-llvmjit-devel-17.10-150200.5.28.1 * postgresql17-plpython-debuginfo-17.10-150200.5.28.1 * postgresql17-plperl-debuginfo-17.10-150200.5.28.1 * postgresql17-server-17.10-150200.5.28.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * postgresql17-docs-17.10-150200.5.28.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * postgresql17-devel-debuginfo-17.10-150200.5.28.1 * postgresql17-plperl-17.10-150200.5.28.1 * postgresql17-pltcl-debuginfo-17.10-150200.5.28.1 * postgresql17-devel-17.10-150200.5.28.1 * postgresql17-server-devel-17.10-150200.5.28.1 * postgresql17-plpython-debuginfo-17.10-150200.5.28.1 * postgresql17-server-devel-debuginfo-17.10-150200.5.28.1 * postgresql17-17.10-150200.5.28.1 * postgresql17-debugsource-17.10-150200.5.28.1 * postgresql17-debuginfo-17.10-150200.5.28.1 * postgresql17-contrib-17.10-150200.5.28.1 * postgresql17-contrib-debuginfo-17.10-150200.5.28.1 * postgresql17-plpython-17.10-150200.5.28.1 * postgresql17-plperl-debuginfo-17.10-150200.5.28.1 * postgresql17-server-debuginfo-17.10-150200.5.28.1 * postgresql17-server-17.10-150200.5.28.1 * postgresql17-pltcl-17.10-150200.5.28.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * postgresql17-docs-17.10-150200.5.28.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * postgresql17-debugsource-17.10-150200.5.28.1 * postgresql17-debuginfo-17.10-150200.5.28.1 * SUSE Linux Enterprise HighPerformance Computing LTSS 15 SP4 (aarch64 x86_64) * postgresql17-debugsource-17.10-150200.5.28.1 * postgresql17-debuginfo-17.10-150200.5.28.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * postgresql17-devel-debuginfo-17.10-150200.5.28.1 * postgresql17-plperl-17.10-150200.5.28.1 * postgresql17-pltcl-debuginfo-17.10-150200.5.28.1 * postgresql17-devel-17.10-150200.5.28.1 * postgresql17-server-devel-17.10-150200.5.28.1 * postgresql17-plpython-debuginfo-17.10-150200.5.28.1 * postgresql17-server-devel-debuginfo-17.10-150200.5.28.1 * postgresql17-17.10-150200.5.28.1 * postgresql17-debugsource-17.10-150200.5.28.1 * postgresql17-contrib-17.10-150200.5.28.1 * postgresql17-contrib-debuginfo-17.10-150200.5.28.1 * postgresql17-debuginfo-17.10-150200.5.28.1 * postgresql17-plpython-17.10-150200.5.28.1 * postgresql17-plperl-debuginfo-17.10-150200.5.28.1 * postgresql17-server-debuginfo-17.10-150200.5.28.1 * postgresql17-server-17.10-150200.5.28.1 * postgresql17-pltcl-17.10-150200.5.28.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * postgresql17-docs-17.10-150200.5.28.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * postgresql17-debugsource-17.10-150200.5.28.1 * postgresql17-debuginfo-17.10-150200.5.28.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * postgresql17-devel-debuginfo-17.10-150200.5.28.1 * postgresql17-server-devel-17.10-150200.5.28.1 * postgresql17-contrib-17.10-150200.5.28.1 * postgresql17-server-debuginfo-17.10-150200.5.28.1 * postgresql17-llvmjit-17.10-150200.5.28.1 * postgresql17-plperl-17.10-150200.5.28.1 * postgresql17-17.10-150200.5.28.1 * postgresql17-contrib-debuginfo-17.10-150200.5.28.1 * postgresql17-debuginfo-17.10-150200.5.28.1 * postgresql17-pltcl-17.10-150200.5.28.1 * postgresql17-pltcl-debuginfo-17.10-150200.5.28.1 *postgresql17-server-devel-debuginfo-17.10-150200.5.28.1 * postgresql17-debugsource-17.10-150200.5.28.1 * postgresql17-plpython-17.10-150200.5.28.1 * postgresql17-devel-17.10-150200.5.28.1 * postgresql17-llvmjit-devel-17.10-150200.5.28.1 * postgresql17-plpython-debuginfo-17.10-150200.5.28.1 * postgresql17-plperl-debuginfo-17.10-150200.5.28.1 * postgresql17-server-17.10-150200.5.28.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * postgresql17-docs-17.10-150200.5.28.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * postgresql17-debugsource-17.10-150200.5.28.1 * postgresql17-debuginfo-17.10-150200.5.28.1 ## References: * https://www.suse.com/security/cve/CVE-2026-6472.html * https://www.suse.com/security/cve/CVE-2026-6473.html * https://www.suse.com/security/cve/CVE-2026-6474.html * https://www.suse.com/security/cve/CVE-2026-6475.html * https://www.suse.com/security/cve/CVE-2026-6476.html * https://www.suse.com/security/cve/CVE-2026-6477.html * https://www.suse.com/security/cve/CVE-2026-6478.html * https://www.suse.com/security/cve/CVE-2026-6479.html * https://www.suse.com/security/cve/CVE-2026-6637.html * https://www.suse.com/security/cve/CVE-2026-6638.html * https://bugzilla.suse.com/show_bug.cgi?id=1245875 * https://bugzilla.suse.com/show_bug.cgi?id=1263804 * https://bugzilla.suse.com/show_bug.cgi?id=1265172 * https://bugzilla.suse.com/show_bug.cgi?id=1265173 * https://bugzilla.suse.com/show_bug.cgi?id=1265174 * https://bugzilla.suse.com/show_bug.cgi?id=1265175 * https://bugzilla.suse.com/show_bug.cgi?id=1265176 * https://bugzilla.suse.com/show_bug.cgi?id=1265177 * https://bugzilla.suse.com/show_bug.cgi?id=1265178 * https://bugzilla.suse.com/show_bug.cgi?id=1265179 * https://bugzilla.suse.com/show_bug.cgi?id=1265181 * https://bugzilla.suse.com/show_bug.cgi?id=1265182 * https://jira.suse.com/browse/PED-14825 . SUSE updates postgresql17 addressing 10 security issues,two fixes, enhancing database security for users.. SUSE PostgreSQL Security Update, PostgreSQL 17 Security Fixes, SUSE Security Advisory. . Severity: Important. LinuxSecurity.com Team
Jun 08, 2026
•Important
SuSE
100
09 Jun 2026, 07:21 AM
security advisorymoderateSuSESUSE Csync2 Moderate Insecure Directories Vuln 2026-21994-1
An update that solves one vulnerability and contains one feature can now be installed.. # Security update for csync2 Announcement ID: SUSE-SU-2026:21994-1 Release Date: 2026-06-03T10:13:39Z Rating: moderate References: * bsc#1262472 * jsc#PED-14855 Cross-References: * CVE-2026-41051 CVSS scores: * CVE-2026-41051 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-41051 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-41051 ( NVD ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41051 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server High Availability Extension 16.0 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for csync2 fixes the following issues Security issue: * CVE-2026-41051: uses insecure temporary directories when compiled with C99 or later (bsc#1262472). Non security issue: * Fix packages for Immutable Mode (jsc#PED-14855). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server High Availability Extension 16.0 zypper in -t patch SUSE-SLES-HA-16.0-886=1 ## Package List: * SUSE Linux Enterprise Server High Availability Extension 16.0 (ppc64le s390x x86_64) * csync2-2.0+git.1600444747.83b3644-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41051.html * https://bugzilla.suse.com/show_bug.cgi?id=1262472 * https://jira.suse.com/browse/PED-14855 . SUSE security advisory addresses moderate risks related to Csync2 vulnerabilities and updates for feature improvements.. SUSE securityadvisory, Csync2 moderate update, secure temporary directories, Linux security patch, Linux feature fix. . Severity: moderate. LinuxSecurity.com Team
Jun 08, 2026
•moderate
SuSE
100
09 Jun 2026, 07:21 AM
security advisorybuffer overflowSuSESUSE Openjpeg2 Important Heap Memory Issue Vuln 2026-21995-1
An update that solves one vulnerability can now be installed.. # Security update for openjpeg2 Announcement ID: SUSE-SU-2026:21995-1 Release Date: 2026-05-29T08:43:29Z Rating: important References: * bsc#1247650 Cross-References: * CVE-2025-54874 CVSS scores: * CVE-2025-54874 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-54874 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-54874 ( NVD ): 6.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-54874 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for openjpeg2 fixes the following issue * CVE-2025-54874: openjpeg: missing error check can lead to the use of an uninitialized pointer and cause an out-of- bounds heap memory write (bsc#1247650). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-823=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-823=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * openjpeg2-debuginfo-2.5.3-160000.4.1 * openjpeg2-devel-2.5.3-160000.4.1 * openjpeg2-debugsource-2.5.3-160000.4.1 * openjpeg2-2.5.3-160000.4.1 * libopenjp2-7-2.5.3-160000.4.1 * libopenjp2-7-debuginfo-2.5.3-160000.4.1 * SUSE Linux Enterprise Server 16.0 (noarch) * openjpeg2-devel-doc-2.5.3-160000.4.1 * SUSE Linux Enterprise Server 16.0(x86_64) * libopenjp2-7-x86-64-v3-debuginfo-2.5.3-160000.4.1 * libopenjp2-7-x86-64-v3-2.5.3-160000.4.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * openjpeg2-debuginfo-2.5.3-160000.4.1 * openjpeg2-devel-2.5.3-160000.4.1 * openjpeg2-debugsource-2.5.3-160000.4.1 * openjpeg2-2.5.3-160000.4.1 * libopenjp2-7-2.5.3-160000.4.1 * libopenjp2-7-debuginfo-2.5.3-160000.4.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * openjpeg2-devel-doc-2.5.3-160000.4.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * libopenjp2-7-x86-64-v3-debuginfo-2.5.3-160000.4.1 * libopenjp2-7-x86-64-v3-2.5.3-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-54874.html * https://bugzilla.suse.com/show_bug.cgi?id=1247650 . Important security update for openjpeg2 in SUSE Linux addressing CVE-2025-54874, enhancing system protection.. openjpeg2 update SUSE security patch CVE-2025-54874. . Severity: Important. LinuxSecurity.com Team
Jun 08, 2026
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!