Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
Can sandbox isolation stop malware?
Loading...
Explore Latest Linux Security advisories
We found 9,991 articles for you...
202
security advisorybuffer overflowimportantopenSUSE libsolv Important Buffer Overflow Path Traversal Vuln 2026-2674-1
An update that solves seven vulnerabilities, contains three features and has 14 security fixes can now be installed.. # Security update for libsolv, libzypp, zypper Announcement ID: SUSE-SU-2026:2674-1 Release Date: 2026-06-29T09:41:17Z Rating: important References: * bsc#1158038 * bsc#1239718 * bsc#1246504 * bsc#1247948 * bsc#1249435 * bsc#1252744 * bsc#1253193 * bsc#1253740 * bsc#1257068 * bsc#1257882 * bsc#1258193 * bsc#1259311 * bsc#1259706 * bsc#1259802 * bsc#1259842 * bsc#1265223 * bsc#1265935 * bsc#1265938 * bsc#1266039 * bsc#1267426 * bsc#1267874 * jsc#PED-13680 * jsc#PED-14658 * jsc#PED-15607 Cross-References: * CVE-2026-25707 * CVE-2026-44933 * CVE-2026-44941 * CVE-2026-44942 * CVE-2026-48863 * CVE-2026-9149 * CVE-2026-9150 CVSS scores: * CVE-2026-25707 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-25707 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-44933 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44933 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-44933 ( NVD ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-44933 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-44941 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44941 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-44942 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44942 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44942 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48863 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48863 ( SUSE ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-9149 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-9149 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-9149 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-9150 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-9150 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves seven vulnerabilities, contains three features and has 14 security fixes can now be installed. ## Description: This update for libsolv, libzypp, zypper fixes the following issues * CVE-2026-9149: Heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file (bsc#1265935). * CVE-2026-9150: Stack-based buffer overflow in libsolv's Debian metadata parser when handling SHA384/SHA512 checksums (bsc#1265938). * CVE-2026-25707: Handcrafted repo metadata may cause arbitrary local files to be overwritten (bsc#1259802). * CVE-2026-44933: scan of the Mandatory signature verification plugin support (bsc#1265223). * CVE-2026-44941: path traversal via "keyhint" (bsc#1267426). * CVE-2026-44942: .repo files can have an optional path which can lead to path traversal attacks (bsc#1267874). * CVE-2026-48863: Fix buffer overflow whenparsing EdDSA signature (bsc#1266039). Changes in libzypp: Updated to version 17.38.13 (35): * A .repo files "path=" entry must not refer to a location outside the repo (bsc#1267874, CVE-2026-44942) A "path=" entry may solely denote a sub- directory of the baseurl where the metadata are located. A relative path trying to access data outside the baseurl is reported and sanitized. * Fix potential crash on malformed or malicious repository metadata (fixes #740) * Repo metadata: discard entries referring to a location outside the repo (bsc#1259802, CVE-2026-25707) Mirroring those data locally would refer to a location outside the repo's local cache directory. Those data entries are reported and discarded. * zypp.conf: Allow [env] section to add environment variables. This feature is designed to enable environment-specific settings or debugging options over an extended period. See zypp.conf(5). * Prevent configured scripts from escaping the sigcheck directory (bsc#1265223, CVE-2026-44933) * StringV: guard hasPrefix/hasPrefixCI against reading past the view end (fixes #735) * Mandatory signature verification plugin support (PED#11922) * Fix purge-kernel -rc kernel handling (bsc#1239718) * Explicitly_set_pool_DISTTYPE_RPM (fixes #726) * Check for trusted key updates when updating the general keyring (bsc#1259706) * Support multiple MirroredOrigin authorities (bsc#1253193) * Workaround doxygen bug: doxygen/doxygen#12057 * libzypp.spec: Add missing graphviz-gd BuildRequires (boo#1259842) * Fix preloader not caching packages from arch specific subrepos (bsc#1253740) * Deprioritize invalid mirrors (fixes openSUSE/zypper#636) * Fix Product::referencePackage lookup (bsc#1259311) Use a provided autoproduct() as hint to the package name of the release package. It might be that not just multiple versions of the same release package provide the same product version, but also different release packages. * specfile: on fedora use%{_prefix}/share as zyppconfdir if %{_distconfdir} is undefined (fixes #693) This will set '-DZYPPCONFDIR=%{zyppconfdir}' for cmake. * Fall back to a writable location when precaching packages without root (bsc#1247948) * Prepare a legacy /etc/zypp/zypp.conf to be installed on old distros. See the ZYPP.CONF(5) man page for details. * Fix runtime check for broken rpm --runposttrans (bsc#1257068) * Avoid libcurl-mini4 when building as it does not support ftp protocol. * Translation: updated .pot file. * zypp.conf: follow the UAPI configuration file specification (PED-14658) In short terms it means we will no longer ship an /etc/zypp/zypp.conf, but store our own defaults in /usr/etc/zypp/zypp.conf. The systems administrator may choose to keep a full copy in /etc/zypp/zypp.conf ignoring our config file settings completely, or - the preferred way - to overwrite specific settings via /etc/zypp/zypp.conf.d/*.conf overlay files. See the ZYPP.CONF(5) man page for details. * cmake: correctly detect rpm6 (fixes #689) * Use 'zypp.tmp' as temp directory component to ease setting up SELinux policies (bsc#1249435) * zyppng: Update Provider to current MediaCurl2 download approach, drop Metalink ( fixes #682 ) Changes in libsolv: Updated to version 0.7.39: * fix solv_chksum_free segfault when called with a NULL pointer * made repo_add_solv more robust against corrupt files [bsc#1265935] [CVE-2026-9149] * fix potential buffer overflow when verifying EdDSA signatures [bsc#1266039] [CVE-2026-48863] * added limit checks in multiple places to catch overflows * reduce the size of the language id cache * fixed Debian canon selection * fixed dbpath detection in repo_rpmdb_librpm * reduced stack usage in repo page compression (needed for musl) * fix parsing of sha512 checksums in debian repositories [bsc#1265938] [CVE-2026-9150] * improve speed of dirpool_add_dir makeing parsing of filelists.xml twice as fast * fix parsing ofrecommends in the old Mandriva synthesis format * respect the "default" attribute in environment optionlist in the comps parser * support suse namespace deps in boolean dependencies [bsc#1258193] * support for the Elbrus2000 (e2k) architecture * support language() suse namespace rewriting Changes in zypper: Update to version 1.14.98: * Transactional systems: Delegate rw-commands to transactional-wrapper if available (jsc#PED-13680, jsc#PED-15607) On a transactional system where the root filesystem is mounted read-only, zypper commands that modify the system cannot be executed directly. If the system provides a transactional-wrapper utility, zypper will automatically attempt to invoke it. The wrapper transparently executes the zypper command within a new, writable snapshot and manages the lifecycle of that snapshot based on the command's exit status. On transactional systems lacking a transactional-wrapper, users must manually invoke specialized tools -such as transactional-update- to install, update, or remove software. * Add --filter-version-change to zypper lu. Adds filtering by version change significance to reduce noise in update listings. Supports levels: rebuild (hides rebuild-only changes) and package (hides all release-only changes). * Autorefresh ris-services the way as plugin-services (bsc#1246504) It's actually wrong to treat service refreshes different depending on the service type. For the purpose of a service it makes no difference how the data about the repos to use are acquired. * Report download progress for command line rpms (fixes #613) * Hint to '-vv ref' to see the mirrors used to download the metadata (bsc#1257882) * Service: Allow "zypper ls SERVICE ..." to test whether a service with this alias is defined (bsc#1252744) The command prints an abstract of all services passed on the command line. It returns 3-ZYPPER_EXIT_ERR_INVALID_ARGS if some argument does not name an existing service. * Keep repo data when updating the service settings (bsc#1252744) * info: Enhance pattern content table (bsc#1158038) Alternatives (multiple packages providing the same requirement) are now listed as a single entry in the content table. The entry shows either the installed package which satisfies the requirement or the requirement itself as type 'Provides'. Listing all potential alternatives was miss leading, especially if the alternatives were mutual exclusive. It looked like an installed pattern had not-installed requirements and it was not possible to install all requirements at the same time. ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-2674=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-2674=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-2674=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2674=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2674=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2674=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2674=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-2674=1 SUSE-SLE-Product- SLES_SAP-15-SP4-2026-2674=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-2674=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-2674=1 * SUSE Manager Proxy 4.3 zypper in -t patchSUSE-SLE-INSTALLER-15-SP4-2026-2674=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2674=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2674=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2674=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2674=1 ## Package List: * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libsolv-tools-base-0.7.39-150400.3.46.1 * libsolv-tools-0.7.39-150400.3.46.1 * libzypp-17.38.13-150400.3.158.1 * SUSE Manager Server 4.3 (ppc64le) * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libsolv-devel-debuginfo-0.7.39-150400.3.46.1 * perl-solv-0.7.39-150400.3.46.1 * libsolv-debugsource-0.7.39-150400.3.46.1 * libzypp-devel-17.38.13-150400.3.158.1 * libsolv-tools-0.7.39-150400.3.46.1 * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 * libzypp-17.38.13-150400.3.158.1 * libsolv-debuginfo-0.7.39-150400.3.46.1 * libsolv-tools-debuginfo-0.7.39-150400.3.46.1 * libsolv-tools-base-0.7.39-150400.3.46.1 * perl-solv-debuginfo-0.7.39-150400.3.46.1 * ruby-solv-0.7.39-150400.3.46.1 * libzypp-debugsource-17.38.13-150400.3.158.1 * python3-solv-debuginfo-0.7.39-150400.3.46.1 * python3-solv-0.7.39-150400.3.46.1 * zypper-debugsource-1.14.98-150400.3.104.1 * libsolv-devel-0.7.39-150400.3.46.1 * libzypp-debuginfo-17.38.13-150400.3.158.1 * zypper-debuginfo-1.14.98-150400.3.104.1 * zypper-1.14.98-150400.3.104.1 * ruby-solv-debuginfo-0.7.39-150400.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * zypper-needs-restarting-1.14.98-150400.3.104.1 * zypper-log-1.14.98-150400.3.104.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64x86_64) * libsolv-tools-base-0.7.39-150400.3.46.1 * libsolv-tools-0.7.39-150400.3.46.1 * libzypp-17.38.13-150400.3.158.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64) * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * libsolv-tools-base-0.7.39-150400.3.46.1 * libsolv-tools-0.7.39-150400.3.46.1 * libzypp-17.38.13-150400.3.158.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libsolv-tools-base-0.7.39-150400.3.46.1 * libsolv-tools-0.7.39-150400.3.46.1 * libzypp-17.38.13-150400.3.158.1 * SUSE Manager Proxy 4.3 (x86_64) * libsolv-tools-base-0.7.39-150400.3.46.1 * libsolv-tools-0.7.39-150400.3.46.1 * libzypp-17.38.13-150400.3.158.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * libsolv-tools-base-0.7.39-150400.3.46.1 * libsolv-tools-0.7.39-150400.3.46.1 * libzypp-17.38.13-150400.3.158.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le) * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libsolv-devel-debuginfo-0.7.39-150400.3.46.1 * perl-solv-0.7.39-150400.3.46.1 * libsolv-debugsource-0.7.39-150400.3.46.1 * libzypp-devel-17.38.13-150400.3.158.1 * libsolv-tools-0.7.39-150400.3.46.1 * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 * libzypp-17.38.13-150400.3.158.1 * libsolv-debuginfo-0.7.39-150400.3.46.1 * libsolv-tools-debuginfo-0.7.39-150400.3.46.1 * libsolv-tools-base-0.7.39-150400.3.46.1 * perl-solv-debuginfo-0.7.39-150400.3.46.1 * ruby-solv-0.7.39-150400.3.46.1 * libzypp-debugsource-17.38.13-150400.3.158.1 * python3-solv-debuginfo-0.7.39-150400.3.46.1 * python3-solv-0.7.39-150400.3.46.1 * zypper-debugsource-1.14.98-150400.3.104.1 * libsolv-devel-0.7.39-150400.3.46.1 * libzypp-debuginfo-17.38.13-150400.3.158.1 * zypper-debuginfo-1.14.98-150400.3.104.1 *zypper-1.14.98-150400.3.104.1 * ruby-solv-debuginfo-0.7.39-150400.3.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * zypper-needs-restarting-1.14.98-150400.3.104.1 * zypper-log-1.14.98-150400.3.104.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libsolv-devel-debuginfo-0.7.39-150400.3.46.1 * perl-solv-0.7.39-150400.3.46.1 * libsolv-debugsource-0.7.39-150400.3.46.1 * libzypp-devel-17.38.13-150400.3.158.1 * libsolv-tools-0.7.39-150400.3.46.1 * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 * libzypp-17.38.13-150400.3.158.1 * libsolv-debuginfo-0.7.39-150400.3.46.1 * libsolv-tools-debuginfo-0.7.39-150400.3.46.1 * libsolv-tools-base-0.7.39-150400.3.46.1 * perl-solv-debuginfo-0.7.39-150400.3.46.1 * ruby-solv-0.7.39-150400.3.46.1 * libzypp-debugsource-17.38.13-150400.3.158.1 * python3-solv-debuginfo-0.7.39-150400.3.46.1 * python3-solv-0.7.39-150400.3.46.1 * zypper-debugsource-1.14.98-150400.3.104.1 * libsolv-devel-0.7.39-150400.3.46.1 * libzypp-debuginfo-17.38.13-150400.3.158.1 * zypper-debuginfo-1.14.98-150400.3.104.1 * zypper-1.14.98-150400.3.104.1 * ruby-solv-debuginfo-0.7.39-150400.3.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * zypper-needs-restarting-1.14.98-150400.3.104.1 * zypper-log-1.14.98-150400.3.104.1 * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * libsolv-devel-debuginfo-0.7.39-150400.3.46.1 * perl-solv-0.7.39-150400.3.46.1 * libsolv-debugsource-0.7.39-150400.3.46.1 * libzypp-devel-17.38.13-150400.3.158.1 * libsolv-tools-0.7.39-150400.3.46.1 * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 * libzypp-17.38.13-150400.3.158.1 * libsolv-debuginfo-0.7.39-150400.3.46.1 * libzypp-devel-doc-17.38.13-150400.3.158.1 * libsolv-tools-debuginfo-0.7.39-150400.3.46.1 * libsolv-tools-base-0.7.39-150400.3.46.1 *perl-solv-debuginfo-0.7.39-150400.3.46.1 * python311-solv-debuginfo-0.7.39-150400.3.46.1 * ruby-solv-0.7.39-150400.3.46.1 * libzypp-debugsource-17.38.13-150400.3.158.1 * python3-solv-debuginfo-0.7.39-150400.3.46.1 * python3-solv-0.7.39-150400.3.46.1 * zypper-debugsource-1.14.98-150400.3.104.1 * libsolv-devel-0.7.39-150400.3.46.1 * libzypp-debuginfo-17.38.13-150400.3.158.1 * zypper-debuginfo-1.14.98-150400.3.104.1 * libsolv-demo-0.7.39-150400.3.46.1 * libsolv-demo-debuginfo-0.7.39-150400.3.46.1 * zypper-1.14.98-150400.3.104.1 * ruby-solv-debuginfo-0.7.39-150400.3.46.1 * python311-solv-0.7.39-150400.3.46.1 * openSUSE Leap 15.4 (noarch) * zypper-needs-restarting-1.14.98-150400.3.104.1 * zypper-log-1.14.98-150400.3.104.1 * zypper-aptitude-1.14.98-150400.3.104.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libzypp-17.38.13-150400.3.158.1 * libzypp-debugsource-17.38.13-150400.3.158.1 * libsolv-debuginfo-0.7.39-150400.3.46.1 * libzypp-debuginfo-17.38.13-150400.3.158.1 * zypper-debuginfo-1.14.98-150400.3.104.1 * libsolv-tools-debuginfo-0.7.39-150400.3.46.1 * libsolv-debugsource-0.7.39-150400.3.46.1 * libsolv-tools-base-0.7.39-150400.3.46.1 * zypper-1.14.98-150400.3.104.1 * libsolv-tools-0.7.39-150400.3.46.1 * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 * zypper-debugsource-1.14.98-150400.3.104.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * zypper-needs-restarting-1.14.98-150400.3.104.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libzypp-17.38.13-150400.3.158.1 * libzypp-debugsource-17.38.13-150400.3.158.1 * libsolv-debuginfo-0.7.39-150400.3.46.1 * libzypp-debuginfo-17.38.13-150400.3.158.1 * zypper-debuginfo-1.14.98-150400.3.104.1 * libsolv-tools-debuginfo-0.7.39-150400.3.46.1 * libsolv-debugsource-0.7.39-150400.3.46.1 * libsolv-tools-base-0.7.39-150400.3.46.1 * zypper-1.14.98-150400.3.104.1 *libsolv-tools-0.7.39-150400.3.46.1 * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 * zypper-debugsource-1.14.98-150400.3.104.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * zypper-needs-restarting-1.14.98-150400.3.104.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libzypp-17.38.13-150400.3.158.1 * libzypp-debugsource-17.38.13-150400.3.158.1 * libsolv-debuginfo-0.7.39-150400.3.46.1 * libzypp-debuginfo-17.38.13-150400.3.158.1 * zypper-debuginfo-1.14.98-150400.3.104.1 * libsolv-tools-debuginfo-0.7.39-150400.3.46.1 * libsolv-debugsource-0.7.39-150400.3.46.1 * libsolv-tools-base-0.7.39-150400.3.46.1 * zypper-1.14.98-150400.3.104.1 * libsolv-tools-0.7.39-150400.3.46.1 * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 * zypper-debugsource-1.14.98-150400.3.104.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * zypper-needs-restarting-1.14.98-150400.3.104.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libzypp-17.38.13-150400.3.158.1 * libzypp-debugsource-17.38.13-150400.3.158.1 * libsolv-debuginfo-0.7.39-150400.3.46.1 * libzypp-debuginfo-17.38.13-150400.3.158.1 * zypper-debuginfo-1.14.98-150400.3.104.1 * libsolv-tools-debuginfo-0.7.39-150400.3.46.1 * libsolv-debugsource-0.7.39-150400.3.46.1 * libsolv-tools-base-0.7.39-150400.3.46.1 * zypper-1.14.98-150400.3.104.1 * libsolv-tools-0.7.39-150400.3.46.1 * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 * zypper-debugsource-1.14.98-150400.3.104.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * zypper-needs-restarting-1.14.98-150400.3.104.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libsolv-devel-debuginfo-0.7.39-150400.3.46.1 * perl-solv-0.7.39-150400.3.46.1 * libsolv-debugsource-0.7.39-150400.3.46.1 * libzypp-devel-17.38.13-150400.3.158.1 * libsolv-tools-0.7.39-150400.3.46.1 * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 *libzypp-17.38.13-150400.3.158.1 * libsolv-debuginfo-0.7.39-150400.3.46.1 * libsolv-tools-debuginfo-0.7.39-150400.3.46.1 * libsolv-tools-base-0.7.39-150400.3.46.1 * perl-solv-debuginfo-0.7.39-150400.3.46.1 * ruby-solv-0.7.39-150400.3.46.1 * libzypp-debugsource-17.38.13-150400.3.158.1 * python3-solv-debuginfo-0.7.39-150400.3.46.1 * python3-solv-0.7.39-150400.3.46.1 * zypper-debugsource-1.14.98-150400.3.104.1 * libsolv-devel-0.7.39-150400.3.46.1 * libzypp-debuginfo-17.38.13-150400.3.158.1 * zypper-debuginfo-1.14.98-150400.3.104.1 * zypper-1.14.98-150400.3.104.1 * ruby-solv-debuginfo-0.7.39-150400.3.46.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * zypper-needs-restarting-1.14.98-150400.3.104.1 * zypper-log-1.14.98-150400.3.104.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25707.html * https://www.suse.com/security/cve/CVE-2026-44933.html * https://www.suse.com/security/cve/CVE-2026-44941.html * https://www.suse.com/security/cve/CVE-2026-44942.html * https://www.suse.com/security/cve/CVE-2026-48863.html * https://www.suse.com/security/cve/CVE-2026-9149.html * https://www.suse.com/security/cve/CVE-2026-9150.html * https://bugzilla.suse.com/show_bug.cgi?id=1158038 * https://bugzilla.suse.com/show_bug.cgi?id=1239718 * https://bugzilla.suse.com/show_bug.cgi?id=1246504 * https://bugzilla.suse.com/show_bug.cgi?id=1247948 * https://bugzilla.suse.com/show_bug.cgi?id=1249435 * https://bugzilla.suse.com/show_bug.cgi?id=1252744 * https://bugzilla.suse.com/show_bug.cgi?id=1253193 * https://bugzilla.suse.com/show_bug.cgi?id=1253740 * https://bugzilla.suse.com/show_bug.cgi?id=1257068 * https://bugzilla.suse.com/show_bug.cgi?id=1257882 * https://bugzilla.suse.com/show_bug.cgi?id=1258193 * https://bugzilla.suse.com/show_bug.cgi?id=1259311 * https://bugzilla.suse.com/show_bug.cgi?id=1259706 * https://bugzilla.suse.com/show_bug.cgi?id=1259802 * https://bugzilla.suse.com/show_bug.cgi?id=1259842 *https://bugzilla.suse.com/show_bug.cgi?id=1265223 * https://bugzilla.suse.com/show_bug.cgi?id=1265935 * https://bugzilla.suse.com/show_bug.cgi?id=1265938 * https://bugzilla.suse.com/show_bug.cgi?id=1266039 * https://bugzilla.suse.com/show_bug.cgi?id=1267426 * https://bugzilla.suse.com/show_bug.cgi?id=1267874 * https://jira.suse.com/browse/PED-13680 * https://jira.suse.com/browse/PED-14658 * https://jira.suse.com/browse/PED-15607 . # Security update for libsolv, libzypp, zypper Announcement ID: SUSE-SU-2026:2674-1 Release Date: 20. update, solves, seven, vulnerabilities, three, features, security, fixes. . Severity: Important. LinuxSecurity.com Team
Jun 29, 2026
•Important
OpenSUSE
100
security advisorysecurity issuebuffer overflowSUSE libsolv Important Buffer Overflow Fix Advisory 2026-2674-1
An update that solves seven vulnerabilities, contains three features and has 14 security fixes can now be installed.. # Security update for libsolv, libzypp, zypper Announcement ID: SUSE-SU-2026:2674-1 Release Date: 2026-06-29T09:41:17Z Rating: important References: * bsc#1158038 * bsc#1239718 * bsc#1246504 * bsc#1247948 * bsc#1249435 * bsc#1252744 * bsc#1253193 * bsc#1253740 * bsc#1257068 * bsc#1257882 * bsc#1258193 * bsc#1259311 * bsc#1259706 * bsc#1259802 * bsc#1259842 * bsc#1265223 * bsc#1265935 * bsc#1265938 * bsc#1266039 * bsc#1267426 * bsc#1267874 * jsc#PED-13680 * jsc#PED-14658 * jsc#PED-15607 Cross-References: * CVE-2026-25707 * CVE-2026-44933 * CVE-2026-44941 * CVE-2026-44942 * CVE-2026-48863 * CVE-2026-9149 * CVE-2026-9150 CVSS scores: * CVE-2026-25707 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-25707 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-44933 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44933 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-44933 ( NVD ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-44933 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-44941 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44941 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-44942 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44942 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44942 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48863 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48863 ( SUSE ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-9149 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-9149 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-9149 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-9150 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-9150 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves seven vulnerabilities, contains three features and has 14 security fixes can now be installed. ## Description: This update for libsolv, libzypp, zypper fixes the following issues * CVE-2026-9149: Heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file (bsc#1265935). * CVE-2026-9150: Stack-based buffer overflow in libsolv's Debian metadata parser when handling SHA384/SHA512 checksums (bsc#1265938). * CVE-2026-25707: Handcrafted repo metadata may cause arbitrary local files to be overwritten (bsc#1259802). * CVE-2026-44933: scan of the Mandatory signature verification plugin support (bsc#1265223). * CVE-2026-44941: path traversal via "keyhint" (bsc#1267426). * CVE-2026-44942: .repo files can have an optional path which can lead to path traversal attacks (bsc#1267874). * CVE-2026-48863: Fix buffer overflow whenparsing EdDSA signature (bsc#1266039). Changes in libzypp: Updated to version 17.38.13 (35): * A .repo files "path=" entry must not refer to a location outside the repo (bsc#1267874, CVE-2026-44942) A "path=" entry may solely denote a sub- directory of the baseurl where the metadata are located. A relative path trying to access data outside the baseurl is reported and sanitized. * Fix potential crash on malformed or malicious repository metadata (fixes #740) * Repo metadata: discard entries referring to a location outside the repo (bsc#1259802, CVE-2026-25707) Mirroring those data locally would refer to a location outside the repo's local cache directory. Those data entries are reported and discarded. * zypp.conf: Allow [env] section to add environment variables. This feature is designed to enable environment-specific settings or debugging options over an extended period. See zypp.conf(5). * Prevent configured scripts from escaping the sigcheck directory (bsc#1265223, CVE-2026-44933) * StringV: guard hasPrefix/hasPrefixCI against reading past the view end (fixes #735) * Mandatory signature verification plugin support (PED#11922) * Fix purge-kernel -rc kernel handling (bsc#1239718) * Explicitly_set_pool_DISTTYPE_RPM (fixes #726) * Check for trusted key updates when updating the general keyring (bsc#1259706) * Support multiple MirroredOrigin authorities (bsc#1253193) * Workaround doxygen bug: doxygen/doxygen#12057 * libzypp.spec: Add missing graphviz-gd BuildRequires (boo#1259842) * Fix preloader not caching packages from arch specific subrepos (bsc#1253740) * Deprioritize invalid mirrors (fixes openSUSE/zypper#636) * Fix Product::referencePackage lookup (bsc#1259311) Use a provided autoproduct() as hint to the package name of the release package. It might be that not just multiple versions of the same release package provide the same product version, but also different release packages. * specfile: on fedora use%{_prefix}/share as zyppconfdir if %{_distconfdir} is undefined (fixes #693) This will set '-DZYPPCONFDIR=%{zyppconfdir}' for cmake. * Fall back to a writable location when precaching packages without root (bsc#1247948) * Prepare a legacy /etc/zypp/zypp.conf to be installed on old distros. See the ZYPP.CONF(5) man page for details. * Fix runtime check for broken rpm --runposttrans (bsc#1257068) * Avoid libcurl-mini4 when building as it does not support ftp protocol. * Translation: updated .pot file. * zypp.conf: follow the UAPI configuration file specification (PED-14658) In short terms it means we will no longer ship an /etc/zypp/zypp.conf, but store our own defaults in /usr/etc/zypp/zypp.conf. The systems administrator may choose to keep a full copy in /etc/zypp/zypp.conf ignoring our config file settings completely, or - the preferred way - to overwrite specific settings via /etc/zypp/zypp.conf.d/*.conf overlay files. See the ZYPP.CONF(5) man page for details. * cmake: correctly detect rpm6 (fixes #689) * Use 'zypp.tmp' as temp directory component to ease setting up SELinux policies (bsc#1249435) * zyppng: Update Provider to current MediaCurl2 download approach, drop Metalink ( fixes #682 ) Changes in libsolv: Updated to version 0.7.39: * fix solv_chksum_free segfault when called with a NULL pointer * made repo_add_solv more robust against corrupt files [bsc#1265935] [CVE-2026-9149] * fix potential buffer overflow when verifying EdDSA signatures [bsc#1266039] [CVE-2026-48863] * added limit checks in multiple places to catch overflows * reduce the size of the language id cache * fixed Debian canon selection * fixed dbpath detection in repo_rpmdb_librpm * reduced stack usage in repo page compression (needed for musl) * fix parsing of sha512 checksums in debian repositories [bsc#1265938] [CVE-2026-9150] * improve speed of dirpool_add_dir makeing parsing of filelists.xml twice as fast * fix parsing ofrecommends in the old Mandriva synthesis format * respect the "default" attribute in environment optionlist in the comps parser * support suse namespace deps in boolean dependencies [bsc#1258193] * support for the Elbrus2000 (e2k) architecture * support language() suse namespace rewriting Changes in zypper: Update to version 1.14.98: * Transactional systems: Delegate rw-commands to transactional-wrapper if available (jsc#PED-13680, jsc#PED-15607) On a transactional system where the root filesystem is mounted read-only, zypper commands that modify the system cannot be executed directly. If the system provides a transactional-wrapper utility, zypper will automatically attempt to invoke it. The wrapper transparently executes the zypper command within a new, writable snapshot and manages the lifecycle of that snapshot based on the command's exit status. On transactional systems lacking a transactional-wrapper, users must manually invoke specialized tools -such as transactional-update- to install, update, or remove software. * Add --filter-version-change to zypper lu. Adds filtering by version change significance to reduce noise in update listings. Supports levels: rebuild (hides rebuild-only changes) and package (hides all release-only changes). * Autorefresh ris-services the way as plugin-services (bsc#1246504) It's actually wrong to treat service refreshes different depending on the service type. For the purpose of a service it makes no difference how the data about the repos to use are acquired. * Report download progress for command line rpms (fixes #613) * Hint to '-vv ref' to see the mirrors used to download the metadata (bsc#1257882) * Service: Allow "zypper ls SERVICE ..." to test whether a service with this alias is defined (bsc#1252744) The command prints an abstract of all services passed on the command line. It returns 3-ZYPPER_EXIT_ERR_INVALID_ARGS if some argument does not name an existing service. * Keep repo data when updating the service settings (bsc#1252744) * info: Enhance pattern content table (bsc#1158038) Alternatives (multiple packages providing the same requirement) are now listed as a single entry in the content table. The entry shows either the installed package which satisfies the requirement or the requirement itself as type 'Provides'. Listing all potential alternatives was miss leading, especially if the alternatives were mutual exclusive. It looked like an installed pattern had not-installed requirements and it was not possible to install all requirements at the same time. ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-2674=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-2674=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-2674=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2674=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2674=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2674=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2674=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-2674=1 SUSE-SLE-Product- SLES_SAP-15-SP4-2026-2674=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-2674=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-2674=1 * SUSE Manager Proxy 4.3 zypper in -t patchSUSE-SLE-INSTALLER-15-SP4-2026-2674=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2674=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2674=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2674=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2674=1 ## Package List: * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libsolv-tools-base-0.7.39-150400.3.46.1 * libsolv-tools-0.7.39-150400.3.46.1 * libzypp-17.38.13-150400.3.158.1 * SUSE Manager Server 4.3 (ppc64le) * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libsolv-devel-debuginfo-0.7.39-150400.3.46.1 * perl-solv-0.7.39-150400.3.46.1 * libsolv-debugsource-0.7.39-150400.3.46.1 * libzypp-devel-17.38.13-150400.3.158.1 * libsolv-tools-0.7.39-150400.3.46.1 * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 * libzypp-17.38.13-150400.3.158.1 * libsolv-debuginfo-0.7.39-150400.3.46.1 * libsolv-tools-debuginfo-0.7.39-150400.3.46.1 * libsolv-tools-base-0.7.39-150400.3.46.1 * perl-solv-debuginfo-0.7.39-150400.3.46.1 * ruby-solv-0.7.39-150400.3.46.1 * libzypp-debugsource-17.38.13-150400.3.158.1 * python3-solv-debuginfo-0.7.39-150400.3.46.1 * python3-solv-0.7.39-150400.3.46.1 * zypper-debugsource-1.14.98-150400.3.104.1 * libsolv-devel-0.7.39-150400.3.46.1 * libzypp-debuginfo-17.38.13-150400.3.158.1 * zypper-debuginfo-1.14.98-150400.3.104.1 * zypper-1.14.98-150400.3.104.1 * ruby-solv-debuginfo-0.7.39-150400.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * zypper-needs-restarting-1.14.98-150400.3.104.1 * zypper-log-1.14.98-150400.3.104.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64x86_64) * libsolv-tools-base-0.7.39-150400.3.46.1 * libsolv-tools-0.7.39-150400.3.46.1 * libzypp-17.38.13-150400.3.158.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64) * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * libsolv-tools-base-0.7.39-150400.3.46.1 * libsolv-tools-0.7.39-150400.3.46.1 * libzypp-17.38.13-150400.3.158.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libsolv-tools-base-0.7.39-150400.3.46.1 * libsolv-tools-0.7.39-150400.3.46.1 * libzypp-17.38.13-150400.3.158.1 * SUSE Manager Proxy 4.3 (x86_64) * libsolv-tools-base-0.7.39-150400.3.46.1 * libsolv-tools-0.7.39-150400.3.46.1 * libzypp-17.38.13-150400.3.158.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * libsolv-tools-base-0.7.39-150400.3.46.1 * libsolv-tools-0.7.39-150400.3.46.1 * libzypp-17.38.13-150400.3.158.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le) * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libsolv-devel-debuginfo-0.7.39-150400.3.46.1 * perl-solv-0.7.39-150400.3.46.1 * libsolv-debugsource-0.7.39-150400.3.46.1 * libzypp-devel-17.38.13-150400.3.158.1 * libsolv-tools-0.7.39-150400.3.46.1 * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 * libzypp-17.38.13-150400.3.158.1 * libsolv-debuginfo-0.7.39-150400.3.46.1 * libsolv-tools-debuginfo-0.7.39-150400.3.46.1 * libsolv-tools-base-0.7.39-150400.3.46.1 * perl-solv-debuginfo-0.7.39-150400.3.46.1 * ruby-solv-0.7.39-150400.3.46.1 * libzypp-debugsource-17.38.13-150400.3.158.1 * python3-solv-debuginfo-0.7.39-150400.3.46.1 * python3-solv-0.7.39-150400.3.46.1 * zypper-debugsource-1.14.98-150400.3.104.1 * libsolv-devel-0.7.39-150400.3.46.1 * libzypp-debuginfo-17.38.13-150400.3.158.1 * zypper-debuginfo-1.14.98-150400.3.104.1 *zypper-1.14.98-150400.3.104.1 * ruby-solv-debuginfo-0.7.39-150400.3.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * zypper-needs-restarting-1.14.98-150400.3.104.1 * zypper-log-1.14.98-150400.3.104.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libsolv-devel-debuginfo-0.7.39-150400.3.46.1 * perl-solv-0.7.39-150400.3.46.1 * libsolv-debugsource-0.7.39-150400.3.46.1 * libzypp-devel-17.38.13-150400.3.158.1 * libsolv-tools-0.7.39-150400.3.46.1 * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 * libzypp-17.38.13-150400.3.158.1 * libsolv-debuginfo-0.7.39-150400.3.46.1 * libsolv-tools-debuginfo-0.7.39-150400.3.46.1 * libsolv-tools-base-0.7.39-150400.3.46.1 * perl-solv-debuginfo-0.7.39-150400.3.46.1 * ruby-solv-0.7.39-150400.3.46.1 * libzypp-debugsource-17.38.13-150400.3.158.1 * python3-solv-debuginfo-0.7.39-150400.3.46.1 * python3-solv-0.7.39-150400.3.46.1 * zypper-debugsource-1.14.98-150400.3.104.1 * libsolv-devel-0.7.39-150400.3.46.1 * libzypp-debuginfo-17.38.13-150400.3.158.1 * zypper-debuginfo-1.14.98-150400.3.104.1 * zypper-1.14.98-150400.3.104.1 * ruby-solv-debuginfo-0.7.39-150400.3.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * zypper-needs-restarting-1.14.98-150400.3.104.1 * zypper-log-1.14.98-150400.3.104.1 * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * libsolv-devel-debuginfo-0.7.39-150400.3.46.1 * perl-solv-0.7.39-150400.3.46.1 * libsolv-debugsource-0.7.39-150400.3.46.1 * libzypp-devel-17.38.13-150400.3.158.1 * libsolv-tools-0.7.39-150400.3.46.1 * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 * libzypp-17.38.13-150400.3.158.1 * libsolv-debuginfo-0.7.39-150400.3.46.1 * libzypp-devel-doc-17.38.13-150400.3.158.1 * libsolv-tools-debuginfo-0.7.39-150400.3.46.1 * libsolv-tools-base-0.7.39-150400.3.46.1 *perl-solv-debuginfo-0.7.39-150400.3.46.1 * python311-solv-debuginfo-0.7.39-150400.3.46.1 * ruby-solv-0.7.39-150400.3.46.1 * libzypp-debugsource-17.38.13-150400.3.158.1 * python3-solv-debuginfo-0.7.39-150400.3.46.1 * python3-solv-0.7.39-150400.3.46.1 * zypper-debugsource-1.14.98-150400.3.104.1 * libsolv-devel-0.7.39-150400.3.46.1 * libzypp-debuginfo-17.38.13-150400.3.158.1 * zypper-debuginfo-1.14.98-150400.3.104.1 * libsolv-demo-0.7.39-150400.3.46.1 * libsolv-demo-debuginfo-0.7.39-150400.3.46.1 * zypper-1.14.98-150400.3.104.1 * ruby-solv-debuginfo-0.7.39-150400.3.46.1 * python311-solv-0.7.39-150400.3.46.1 * openSUSE Leap 15.4 (noarch) * zypper-needs-restarting-1.14.98-150400.3.104.1 * zypper-log-1.14.98-150400.3.104.1 * zypper-aptitude-1.14.98-150400.3.104.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libzypp-17.38.13-150400.3.158.1 * libzypp-debugsource-17.38.13-150400.3.158.1 * libsolv-debuginfo-0.7.39-150400.3.46.1 * libzypp-debuginfo-17.38.13-150400.3.158.1 * zypper-debuginfo-1.14.98-150400.3.104.1 * libsolv-tools-debuginfo-0.7.39-150400.3.46.1 * libsolv-debugsource-0.7.39-150400.3.46.1 * libsolv-tools-base-0.7.39-150400.3.46.1 * zypper-1.14.98-150400.3.104.1 * libsolv-tools-0.7.39-150400.3.46.1 * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 * zypper-debugsource-1.14.98-150400.3.104.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * zypper-needs-restarting-1.14.98-150400.3.104.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libzypp-17.38.13-150400.3.158.1 * libzypp-debugsource-17.38.13-150400.3.158.1 * libsolv-debuginfo-0.7.39-150400.3.46.1 * libzypp-debuginfo-17.38.13-150400.3.158.1 * zypper-debuginfo-1.14.98-150400.3.104.1 * libsolv-tools-debuginfo-0.7.39-150400.3.46.1 * libsolv-debugsource-0.7.39-150400.3.46.1 * libsolv-tools-base-0.7.39-150400.3.46.1 * zypper-1.14.98-150400.3.104.1 *libsolv-tools-0.7.39-150400.3.46.1 * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 * zypper-debugsource-1.14.98-150400.3.104.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * zypper-needs-restarting-1.14.98-150400.3.104.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libzypp-17.38.13-150400.3.158.1 * libzypp-debugsource-17.38.13-150400.3.158.1 * libsolv-debuginfo-0.7.39-150400.3.46.1 * libzypp-debuginfo-17.38.13-150400.3.158.1 * zypper-debuginfo-1.14.98-150400.3.104.1 * libsolv-tools-debuginfo-0.7.39-150400.3.46.1 * libsolv-debugsource-0.7.39-150400.3.46.1 * libsolv-tools-base-0.7.39-150400.3.46.1 * zypper-1.14.98-150400.3.104.1 * libsolv-tools-0.7.39-150400.3.46.1 * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 * zypper-debugsource-1.14.98-150400.3.104.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * zypper-needs-restarting-1.14.98-150400.3.104.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libzypp-17.38.13-150400.3.158.1 * libzypp-debugsource-17.38.13-150400.3.158.1 * libsolv-debuginfo-0.7.39-150400.3.46.1 * libzypp-debuginfo-17.38.13-150400.3.158.1 * zypper-debuginfo-1.14.98-150400.3.104.1 * libsolv-tools-debuginfo-0.7.39-150400.3.46.1 * libsolv-debugsource-0.7.39-150400.3.46.1 * libsolv-tools-base-0.7.39-150400.3.46.1 * zypper-1.14.98-150400.3.104.1 * libsolv-tools-0.7.39-150400.3.46.1 * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 * zypper-debugsource-1.14.98-150400.3.104.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * zypper-needs-restarting-1.14.98-150400.3.104.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libsolv-devel-debuginfo-0.7.39-150400.3.46.1 * perl-solv-0.7.39-150400.3.46.1 * libsolv-debugsource-0.7.39-150400.3.46.1 * libzypp-devel-17.38.13-150400.3.158.1 * libsolv-tools-0.7.39-150400.3.46.1 * libsolv-tools-base-debuginfo-0.7.39-150400.3.46.1 *libzypp-17.38.13-150400.3.158.1 * libsolv-debuginfo-0.7.39-150400.3.46.1 * libsolv-tools-debuginfo-0.7.39-150400.3.46.1 * libsolv-tools-base-0.7.39-150400.3.46.1 * perl-solv-debuginfo-0.7.39-150400.3.46.1 * ruby-solv-0.7.39-150400.3.46.1 * libzypp-debugsource-17.38.13-150400.3.158.1 * python3-solv-debuginfo-0.7.39-150400.3.46.1 * python3-solv-0.7.39-150400.3.46.1 * zypper-debugsource-1.14.98-150400.3.104.1 * libsolv-devel-0.7.39-150400.3.46.1 * libzypp-debuginfo-17.38.13-150400.3.158.1 * zypper-debuginfo-1.14.98-150400.3.104.1 * zypper-1.14.98-150400.3.104.1 * ruby-solv-debuginfo-0.7.39-150400.3.46.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * zypper-needs-restarting-1.14.98-150400.3.104.1 * zypper-log-1.14.98-150400.3.104.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25707.html * https://www.suse.com/security/cve/CVE-2026-44933.html * https://www.suse.com/security/cve/CVE-2026-44941.html * https://www.suse.com/security/cve/CVE-2026-44942.html * https://www.suse.com/security/cve/CVE-2026-48863.html * https://www.suse.com/security/cve/CVE-2026-9149.html * https://www.suse.com/security/cve/CVE-2026-9150.html * https://bugzilla.suse.com/show_bug.cgi?id=1158038 * https://bugzilla.suse.com/show_bug.cgi?id=1239718 * https://bugzilla.suse.com/show_bug.cgi?id=1246504 * https://bugzilla.suse.com/show_bug.cgi?id=1247948 * https://bugzilla.suse.com/show_bug.cgi?id=1249435 * https://bugzilla.suse.com/show_bug.cgi?id=1252744 * https://bugzilla.suse.com/show_bug.cgi?id=1253193 * https://bugzilla.suse.com/show_bug.cgi?id=1253740 * https://bugzilla.suse.com/show_bug.cgi?id=1257068 * https://bugzilla.suse.com/show_bug.cgi?id=1257882 * https://bugzilla.suse.com/show_bug.cgi?id=1258193 * https://bugzilla.suse.com/show_bug.cgi?id=1259311 * https://bugzilla.suse.com/show_bug.cgi?id=1259706 * https://bugzilla.suse.com/show_bug.cgi?id=1259802 * https://bugzilla.suse.com/show_bug.cgi?id=1259842 *https://bugzilla.suse.com/show_bug.cgi?id=1265223 * https://bugzilla.suse.com/show_bug.cgi?id=1265935 * https://bugzilla.suse.com/show_bug.cgi?id=1265938 * https://bugzilla.suse.com/show_bug.cgi?id=1266039 * https://bugzilla.suse.com/show_bug.cgi?id=1267426 * https://bugzilla.suse.com/show_bug.cgi?id=1267874 * https://jira.suse.com/browse/PED-13680 * https://jira.suse.com/browse/PED-14658 * https://jira.suse.com/browse/PED-15607 . Important security update for libsolv, libzypp, and zypper resolves seven issues and enhances system integrity.. SUSE update libsolv zypper buffer overflow. . Severity: Important. LinuxSecurity.com Team
Jun 29, 2026
•Important
SuSE
100
security advisorySuSEimportantSUSE Major Tomcat Security Release Announcement 2026-2675-1 Update
An update that solves seven vulnerabilities can now be installed.. # Security update for tomcat Announcement ID: SUSE-SU-2026:2675-1 Release Date: 2026-06-29T09:45:32Z Rating: important References: * bsc#1265145 * bsc#1265162 * bsc#1265163 * bsc#1265165 * bsc#1265166 * bsc#1265167 * bsc#1265168 Cross-References: * CVE-2026-41284 * CVE-2026-41293 * CVE-2026-42498 * CVE-2026-43512 * CVE-2026-43513 * CVE-2026-43514 * CVE-2026-43515 CVSS scores: * CVE-2026-41284 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-41284 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-41284 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-41293 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-41293 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-41293 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-42498 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-42498 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-42498 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-43512 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-43512 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-43512 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43513 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43513 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43513 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-43514 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-43514 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-43514 ( NVD ): 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-43515 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-43515 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-43515 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * Web and Scripting Module 15-SP7 An update that solves seven vulnerabilities can now be installed. ## Description: This update for tomcat fixes the following issues Update to Tomcat 9.0.118: * CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling (bsc#1265162). * CVE-2026-41293: HTTP/2 request headers not validated (bsc#1265163). * CVE-2026-42498: WebSocket authentication header exposure (bsc#1265165). * CVE-2026-43512: digest authenticator will authenticate any unknown user (bsc#1265145). * CVE-2026-43513: LockOutRealm treats user names as case-sensitive (bsc#1265166). * CVE-2026-43514: AJP secret compared in non-constant time (bsc#1265167). * CVE-2026-43515: Security constraints not correctly applied (bsc#1265168). Changes: *Catalina * Add: Enhance version.sh and version.bat to display APR, Tomcat Native, and OpenSSL version information (both APR and FFM implementations), along with version compatibility warnings and third-party library version information. (csutherl) * Code: Refactor generation of the remote user element in the access log to remove unnecessary code. (markt) * Fix: Fix a regression in the previous release that meant ?- could appear in the access log rather than ? when the query string was present but empty. (markt) * Fix: Failed precondition should make WebDAV DELETE fail. #982 submitted by Mahmoud Alarby. (remm) * Fix: Align the escaping in ExtendedAccessLogValve with the other AccessLogValve implementations. (markt) * Fix: 70000: fix duplication of special headers in the response after commit, following fix for 69967. (remm) * Fix: Correct the handling of URIs mapped to a security constraint that only specifies the special ** role for all authenticated users. Requests without authentication were receiving 403 responses rather than 401 responses. (markt) * Fix: Fix a race condition in StandardContext.getServletContext() that could cause the jakarta.servlet.context.tempdir attribute to be lost during a context reload. Make the context field volatile and use locking to ensure only one ApplicationContext instance is created. (dsoumis) * Fix: Update the Windows authentication (kerberos) documentation to reflect that both Java and Windows are removing / have removed support for RC4-HMAC. The guide now uses AES256-SHA1. (markt) * Fix: Add a new initialisation parameter for WebDAV, maxRequestBodySize which limits the size of a WebDAV request body for LOCK and PROPFIND. The default value is 4096 bytes. (markt) * Add: Add a new caseSensitive attribute to the LockOutRealm that controls the manner in which user names are treated when making locking decisions. The default is false, meaning user names are treated in a caseinsensitive manner. (markt) * Fix: Correct the handling of invalid users with DIGEST authentication. (markt) * Fix: Ensure RealmBase finds all matching extension based security constraints. (markt) * Coyote * Fix: Avoid various edge cases if Content-Length is set via setHeader(String,String) or addHeader(String,String) with an invalid value by always clearing the previous value whether the new value is valid or not and ignoring any invalid new value. (markt) * Code: Refactor the calculation of the real index in the HPACK dynamic header table implementation to reduce code duplication. (markt) * Fix: Fix various minor issues with some HTTP/2 stream error messages for HTTP/2. (markt) * Fix: Consistently reject URIs containing NULL bytes when normalizing. * Fix: Fix a few minor memory leaks on error paths reading TLS keys and certificates when using FFM. (markt) * Fix: Refactor clean-up after HTTP/2 headers have been processed to aid GC after a stream reset. (markt) * Fix: Align HTTP/2 trailer fields with HTTP/1.1 and filter out any fields not permitted in trailers. (markt) * Fix: Free private keys after use in FFM based connector configuration. * Fix: Correct an unlikely edge-case parsing bug in the HTTP/2 HPACK header decoding that could result in a valid header triggering an unexpected connection close. (markt) * Fix: Refactor HTTP/2 HPACK encoding so header field names are only converted to lower case once during the encoding process. (markt) * Fix: Refactor HTTP/2 header field validation so it occurs earlier. Extend validation to check for disallowed characters as well as upper case characters. (markt) * Fix: Add TLS 1.3 groups added in OpenSSL 4.0. (remm) * Fix: Add validation that the HTTP/2 :scheme pseudo-header is consistent with the use (or not) of TLS. (markt) * Fix: Correct the validation of pseudo headers and CONNECT requests to align Tomcat's behaviour with RFC 9113, section 8.5. (markt) * Fix:Fix a potential integer overflow when allocating capacity from a connection level window update to individual HTTP/2 streams. Based on #996 by Mike Tingey Jr. (markt) * Fix: Switch AJP secret comparison to a constant time algorithm. (markt) * WebSocket * Fix: Fix the initial connection to a WebSocket end point where the connection is made via a proxy that requires DIGEST authentication. * Other * Fix: 69993: Update the URL to the CDDL 1.0 license. (markt) * Add: Add warning when OpenSSL binary is not found. (csutherl) * Add: Add check for Tomcat Native library, and log warning when it's not found to make it easier to see when it's not used by the suite. (csutherl) * Update: Update Byte Buddy to 1.18.8. (markt) * Update: Update Bouncy Castle to 1.84. (markt) * Update: Improvements to French translations. (remm) * Update: Improvements to Japanese translations provided by tak7iji. (markt) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2675=1 * Web and Scripting Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-2675=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2675=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2675=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2675=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2675=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2675=1 * SUSE Linux Enterprise Server for SAPApplications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2675=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2675=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2675=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2675=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * tomcat-lib-9.0.118-150200.108.1 * tomcat-9.0.118-150200.108.1 * tomcat-webapps-9.0.118-150200.108.1 * tomcat-admin-webapps-9.0.118-150200.108.1 * tomcat-jsp-2_3-api-9.0.118-150200.108.1 * tomcat-servlet-4_0-api-9.0.118-150200.108.1 * tomcat-el-3_0-api-9.0.118-150200.108.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * tomcat-lib-9.0.118-150200.108.1 * tomcat-9.0.118-150200.108.1 * tomcat-webapps-9.0.118-150200.108.1 * tomcat-admin-webapps-9.0.118-150200.108.1 * tomcat-jsp-2_3-api-9.0.118-150200.108.1 * tomcat-servlet-4_0-api-9.0.118-150200.108.1 * tomcat-el-3_0-api-9.0.118-150200.108.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * tomcat-lib-9.0.118-150200.108.1 * tomcat-9.0.118-150200.108.1 * tomcat-webapps-9.0.118-150200.108.1 * tomcat-admin-webapps-9.0.118-150200.108.1 * tomcat-jsp-2_3-api-9.0.118-150200.108.1 * tomcat-servlet-4_0-api-9.0.118-150200.108.1 * tomcat-el-3_0-api-9.0.118-150200.108.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * tomcat-lib-9.0.118-150200.108.1 * tomcat-9.0.118-150200.108.1 * tomcat-webapps-9.0.118-150200.108.1 * tomcat-admin-webapps-9.0.118-150200.108.1 * tomcat-jsp-2_3-api-9.0.118-150200.108.1 * tomcat-servlet-4_0-api-9.0.118-150200.108.1 * tomcat-el-3_0-api-9.0.118-150200.108.1 * SUSE Linux EnterpriseHigh Performance Computing ESPOS 15 SP5 (noarch) * tomcat-lib-9.0.118-150200.108.1 * tomcat-9.0.118-150200.108.1 * tomcat-webapps-9.0.118-150200.108.1 * tomcat-admin-webapps-9.0.118-150200.108.1 * tomcat-jsp-2_3-api-9.0.118-150200.108.1 * tomcat-servlet-4_0-api-9.0.118-150200.108.1 * tomcat-el-3_0-api-9.0.118-150200.108.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * tomcat-lib-9.0.118-150200.108.1 * tomcat-9.0.118-150200.108.1 * tomcat-webapps-9.0.118-150200.108.1 * tomcat-admin-webapps-9.0.118-150200.108.1 * tomcat-jsp-2_3-api-9.0.118-150200.108.1 * tomcat-servlet-4_0-api-9.0.118-150200.108.1 * tomcat-el-3_0-api-9.0.118-150200.108.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * tomcat-lib-9.0.118-150200.108.1 * tomcat-9.0.118-150200.108.1 * tomcat-webapps-9.0.118-150200.108.1 * tomcat-admin-webapps-9.0.118-150200.108.1 * tomcat-jsp-2_3-api-9.0.118-150200.108.1 * tomcat-servlet-4_0-api-9.0.118-150200.108.1 * tomcat-el-3_0-api-9.0.118-150200.108.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * tomcat-lib-9.0.118-150200.108.1 * tomcat-9.0.118-150200.108.1 * tomcat-webapps-9.0.118-150200.108.1 * tomcat-admin-webapps-9.0.118-150200.108.1 * tomcat-jsp-2_3-api-9.0.118-150200.108.1 * tomcat-servlet-4_0-api-9.0.118-150200.108.1 * tomcat-el-3_0-api-9.0.118-150200.108.1 * Web and Scripting Module 15-SP7 (noarch) * tomcat-lib-9.0.118-150200.108.1 * tomcat-9.0.118-150200.108.1 * tomcat-webapps-9.0.118-150200.108.1 * tomcat-admin-webapps-9.0.118-150200.108.1 * tomcat-jsp-2_3-api-9.0.118-150200.108.1 * tomcat-servlet-4_0-api-9.0.118-150200.108.1 * tomcat-el-3_0-api-9.0.118-150200.108.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * tomcat-lib-9.0.118-150200.108.1 * tomcat-9.0.118-150200.108.1 * tomcat-webapps-9.0.118-150200.108.1 * tomcat-admin-webapps-9.0.118-150200.108.1 *tomcat-jsp-2_3-api-9.0.118-150200.108.1 * tomcat-servlet-4_0-api-9.0.118-150200.108.1 * tomcat-el-3_0-api-9.0.118-150200.108.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * tomcat-lib-9.0.118-150200.108.1 * tomcat-9.0.118-150200.108.1 * tomcat-webapps-9.0.118-150200.108.1 * tomcat-admin-webapps-9.0.118-150200.108.1 * tomcat-jsp-2_3-api-9.0.118-150200.108.1 * tomcat-servlet-4_0-api-9.0.118-150200.108.1 * tomcat-el-3_0-api-9.0.118-150200.108.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41284.html * https://www.suse.com/security/cve/CVE-2026-41293.html * https://www.suse.com/security/cve/CVE-2026-42498.html * https://www.suse.com/security/cve/CVE-2026-43512.html * https://www.suse.com/security/cve/CVE-2026-43513.html * https://www.suse.com/security/cve/CVE-2026-43514.html * https://www.suse.com/security/cve/CVE-2026-43515.html * https://bugzilla.suse.com/show_bug.cgi?id=1265145 * https://bugzilla.suse.com/show_bug.cgi?id=1265162 * https://bugzilla.suse.com/show_bug.cgi?id=1265163 * https://bugzilla.suse.com/show_bug.cgi?id=1265165 * https://bugzilla.suse.com/show_bug.cgi?id=1265166 * https://bugzilla.suse.com/show_bug.cgi?id=1265167 * https://bugzilla.suse.com/show_bug.cgi?id=1265168 . Seven vulnerabilities are addressed in the important security update for Tomcat on SUSE systems, enhancing security measures.. SUSE Security Update 2026 Tomcat Vulnerabilities Authentication. . Severity: Important. LinuxSecurity.com Team
Jun 29, 2026
•Important
SuSE
100
security advisorySuSEbindSUSE 2026-2676-1 Bind Important Memory Exhaustion and Amplification Issues
An update that solves five vulnerabilities can now be installed.. # Security update for bind Announcement ID: SUSE-SU-2026:2676-1 Release Date: 2026-06-29T09:53:56Z Rating: important References: * bsc#1265591 * bsc#1265592 * bsc#1265593 * bsc#1265594 * bsc#1265596 Cross-References: * CVE-2026-3039 * CVE-2026-3592 * CVE-2026-3593 * CVE-2026-5946 * CVE-2026-5950 CVSS scores: * CVE-2026-3039 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3039 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3592 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-3592 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-3593 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-3593 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-3593 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5946 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5946 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5950 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-5950 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves five vulnerabilities can now be installed. ## Description: This update for bind fixes the following issues * CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation (bsc#1265591). * CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records (bsc#1265592). * CVE-2026-5946: Invalid handling of CLASS != IN (bsc#1265594). * CVE-2026-5950: Unbounded resend loop in BIND 9 resolver (bsc#1265596). * CVE-2026-3593: Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation(bsc#1265593). Changes for bind: * Update to release 9.18.49 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2676=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2676=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2676=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * bind-9.18.49-150600.3.26.1 * bind-utils-9.18.49-150600.3.26.1 * bind-debuginfo-9.18.49-150600.3.26.1 * bind-utils-debuginfo-9.18.49-150600.3.26.1 * bind-debugsource-9.18.49-150600.3.26.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * bind-doc-9.18.49-150600.3.26.1 * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * bind-9.18.49-150600.3.26.1 * bind-utils-9.18.49-150600.3.26.1 * bind-debuginfo-9.18.49-150600.3.26.1 * bind-utils-debuginfo-9.18.49-150600.3.26.1 * bind-debugsource-9.18.49-150600.3.26.1 * openSUSE Leap 15.6 (noarch) * bind-doc-9.18.49-150600.3.26.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * bind-9.18.49-150600.3.26.1 * bind-utils-9.18.49-150600.3.26.1 * bind-debuginfo-9.18.49-150600.3.26.1 * bind-utils-debuginfo-9.18.49-150600.3.26.1 * bind-debugsource-9.18.49-150600.3.26.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * bind-doc-9.18.49-150600.3.26.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3039.html * https://www.suse.com/security/cve/CVE-2026-3592.html * https://www.suse.com/security/cve/CVE-2026-3593.html * https://www.suse.com/security/cve/CVE-2026-5946.html * https://www.suse.com/security/cve/CVE-2026-5950.html *https://bugzilla.suse.com/show_bug.cgi?id=1265591 * https://bugzilla.suse.com/show_bug.cgi?id=1265592 * https://bugzilla.suse.com/show_bug.cgi?id=1265593 * https://bugzilla.suse.com/show_bug.cgi?id=1265594 * https://bugzilla.suse.com/show_bug.cgi?id=1265596 . Update for SUSE addressing important security issues in bind with multiple vulnerabilities needing attention.. SUSE Update, Bind Security, Memory Exhaustion, Amplification Issues. . Severity: Important. LinuxSecurity.com Team
Jun 29, 2026
•Important
SuSE
202
security advisorybindimportantopenSUSE bind Important Threats Memory Exhaustion Amplification 2026-2676-1
An update that solves five vulnerabilities can now be installed.. # Security update for bind Announcement ID: SUSE-SU-2026:2676-1 Release Date: 2026-06-29T09:53:56Z Rating: important References: * bsc#1265591 * bsc#1265592 * bsc#1265593 * bsc#1265594 * bsc#1265596 Cross-References: * CVE-2026-3039 * CVE-2026-3592 * CVE-2026-3593 * CVE-2026-5946 * CVE-2026-5950 CVSS scores: * CVE-2026-3039 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3039 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3592 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-3592 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-3593 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-3593 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-3593 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5946 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5946 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5950 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-5950 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves five vulnerabilities can now be installed. ## Description: This update for bind fixes the following issues * CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation (bsc#1265591). * CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records (bsc#1265592). * CVE-2026-5946: Invalid handling of CLASS != IN (bsc#1265594). * CVE-2026-5950: Unbounded resend loop in BIND 9 resolver (bsc#1265596). * CVE-2026-3593: Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation(bsc#1265593). Changes for bind: * Update to release 9.18.49 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2676=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2676=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2676=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * bind-9.18.49-150600.3.26.1 * bind-utils-9.18.49-150600.3.26.1 * bind-debuginfo-9.18.49-150600.3.26.1 * bind-utils-debuginfo-9.18.49-150600.3.26.1 * bind-debugsource-9.18.49-150600.3.26.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * bind-doc-9.18.49-150600.3.26.1 * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * bind-9.18.49-150600.3.26.1 * bind-utils-9.18.49-150600.3.26.1 * bind-debuginfo-9.18.49-150600.3.26.1 * bind-utils-debuginfo-9.18.49-150600.3.26.1 * bind-debugsource-9.18.49-150600.3.26.1 * openSUSE Leap 15.6 (noarch) * bind-doc-9.18.49-150600.3.26.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * bind-9.18.49-150600.3.26.1 * bind-utils-9.18.49-150600.3.26.1 * bind-debuginfo-9.18.49-150600.3.26.1 * bind-utils-debuginfo-9.18.49-150600.3.26.1 * bind-debugsource-9.18.49-150600.3.26.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * bind-doc-9.18.49-150600.3.26.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3039.html * https://www.suse.com/security/cve/CVE-2026-3592.html * https://www.suse.com/security/cve/CVE-2026-3593.html * https://www.suse.com/security/cve/CVE-2026-5946.html * https://www.suse.com/security/cve/CVE-2026-5950.html *https://bugzilla.suse.com/show_bug.cgi?id=1265591 * https://bugzilla.suse.com/show_bug.cgi?id=1265592 * https://bugzilla.suse.com/show_bug.cgi?id=1265593 * https://bugzilla.suse.com/show_bug.cgi?id=1265594 * https://bugzilla.suse.com/show_bug.cgi?id=1265596 . # Security update for bind Announcement ID: SUSE-SU-2026:2676-1 Release Date: 2026-06-29T09:53:56Z R. update, solves, vulnerabilities, installed, security, announce. . Severity: Important. LinuxSecurity.com Team
Jun 29, 2026
•Important
OpenSUSE
100
security advisorybuffer overflowSuSESUSE opensc Important Stack Buffer Overflow Security Advisory 2026-2678-1
An update that solves three vulnerabilities can now be installed.. # Security update for opensc Announcement ID: SUSE-SU-2026:2678-1 Release Date: 2026-06-29T10:57:19Z Rating: important References: * bsc#1261214 * bsc#1261220 * bsc#1267246 Cross-References: * CVE-2025-49010 * CVE-2025-66215 * CVE-2026-10275 CVSS scores: * CVE-2025-49010 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-49010 ( SUSE ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-49010 ( NVD ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-49010 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-66215 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-66215 ( SUSE ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-66215 ( NVD ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-66215 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-10275 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-10275 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-10275 ( NVD ): 1.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-10275 ( NVD ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for opensc fixes the following issues * CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device responses (bsc#1261214). *CVE-2025-66215: crafted smart card or USB device can cause a stack-buffer- overflow write (bsc#1261220). * CVE-2026-10275: global buffer overflow during key pair generation tests due to missing input validation (bsc#1267246). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2678=1 * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-2678=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * opensc-0.13.0-3.36.1 * opensc-debugsource-0.13.0-3.36.1 * opensc-debuginfo-0.13.0-3.36.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * opensc-0.13.0-3.36.1 * opensc-debugsource-0.13.0-3.36.1 * opensc-debuginfo-0.13.0-3.36.1 ## References: * https://www.suse.com/security/cve/CVE-2025-49010.html * https://www.suse.com/security/cve/CVE-2025-66215.html * https://www.suse.com/security/cve/CVE-2026-10275.html * https://bugzilla.suse.com/show_bug.cgi?id=1261214 * https://bugzilla.suse.com/show_bug.cgi?id=1261220 * https://bugzilla.suse.com/show_bug.cgi?id=1267246 . Three important vulnerabilities in SUSE’s opensc are addressed by this security update. Install it now for protection!. SUSE Security Update, opensc Issues, Buffer Overflow Patches, SUSE Vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Jun 29, 2026
•Important
SuSE
100
security advisorybuffer overflowSuSESUSE Linux Micro 6.2 openssl-3 Important Heap Buffer Overflow 2026-22251-1
An update that solves 15 vulnerabilities can now be installed.. # Security update for openssl-3 Announcement ID: SUSE-SU-2026:22251-1 Release Date: 2026-06-22T12:31:02Z Rating: important References: * bsc#1259652 * bsc#1266340 * bsc#1266341 * bsc#1266342 * bsc#1266344 * bsc#1266345 * bsc#1266347 * bsc#1266349 * bsc#1266350 * bsc#1266351 * bsc#1266352 * bsc#1266353 * bsc#1266355 * bsc#1266356 * bsc#1266357 Cross-References: * CVE-2026-2673 * CVE-2026-34180 * CVE-2026-34182 * CVE-2026-34183 * CVE-2026-42764 * CVE-2026-42766 * CVE-2026-42767 * CVE-2026-42768 * CVE-2026-42769 * CVE-2026-42770 * CVE-2026-45445 * CVE-2026-45446 * CVE-2026-45447 * CVE-2026-7383 * CVE-2026-9076 CVSS scores: * CVE-2026-2673 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-2673 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2673 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-34180 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-34180 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-34180 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34182 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34182 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34182 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-34183 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34183 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34183 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42764 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-42764 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-42764 ( NVD ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42766 ( SUSE ): 6.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-42766 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-42766 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42767 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-42767 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42767 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42768 ( SUSE ): 5.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-42768 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N * CVE-2026-42768 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-42769 ( SUSE ): 7.4 CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-42769 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2026-42769 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-42770 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-42770 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N * CVE-2026-42770 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-45445 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-45445 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-45445 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-45446 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-45446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-45446 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-45447 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-45447 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H *CVE-2026-45447 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-7383 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-7383 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-7383 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-9076 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-9076 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-9076 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves 15 vulnerabilities can now be installed. ## Description: This update for openssl-3 fixes the following issues * CVE-2026-2673: TLS 1.3 servers may choose unexpected key agreement group (bsc#1259652). * CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion (bsc#1266340). * CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption (bsc#1266341). * CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing (bsc#1266342). * CVE-2026-34182: CMS AuthEnvelopedData Processing May Accept Forged Messages (bsc#1266344). * CVE-2026-34183: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler (bsc#1266345). * CVE-2026-42764: NULL pointer dereference in QUIC server initial packet handling (bsc#1266347). * CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption (bsc#1266349). * CVE-2026-42767: NULL Pointer Dereference in CRMF EncryptedValue Decryption (bsc#1266350). * CVE-2026-42768: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() (bsc#1266351). * CVE-2026-42769: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate (bsc#1266352). * CVE-2026-42770: FFC-DH Peer Validation Uses Attacker-Supplied q (bsc#1266353). * CVE-2026-45445: AES-OCB IV Ignored on EVP_Cipher() Path (bsc#1266355). *CVE-2026-45446: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes (bsc#1266356). * CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify() (bsc#1266357). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-1017=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * openssl-3-debuginfo-3.5.0-160000.8.1 * libopenssl3-3.5.0-160000.8.1 * openssl-3-3.5.0-160000.8.1 * libopenssl-3-devel-3.5.0-160000.8.1 * libopenssl-3-fips-provider-3.5.0-160000.8.1 * openssl-3-debugsource-3.5.0-160000.8.1 * libopenssl3-debuginfo-3.5.0-160000.8.1 * libopenssl-3-fips-provider-debuginfo-3.5.0-160000.8.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2673.html * https://www.suse.com/security/cve/CVE-2026-34180.html * https://www.suse.com/security/cve/CVE-2026-34182.html * https://www.suse.com/security/cve/CVE-2026-34183.html * https://www.suse.com/security/cve/CVE-2026-42764.html * https://www.suse.com/security/cve/CVE-2026-42766.html * https://www.suse.com/security/cve/CVE-2026-42767.html * https://www.suse.com/security/cve/CVE-2026-42768.html * https://www.suse.com/security/cve/CVE-2026-42769.html * https://www.suse.com/security/cve/CVE-2026-42770.html * https://www.suse.com/security/cve/CVE-2026-45445.html * https://www.suse.com/security/cve/CVE-2026-45446.html * https://www.suse.com/security/cve/CVE-2026-45447.html * https://www.suse.com/security/cve/CVE-2026-7383.html * https://www.suse.com/security/cve/CVE-2026-9076.html * https://bugzilla.suse.com/show_bug.cgi?id=1259652 * https://bugzilla.suse.com/show_bug.cgi?id=1266340 * https://bugzilla.suse.com/show_bug.cgi?id=1266341 * https://bugzilla.suse.com/show_bug.cgi?id=1266342 *https://bugzilla.suse.com/show_bug.cgi?id=1266344 * https://bugzilla.suse.com/show_bug.cgi?id=1266345 * https://bugzilla.suse.com/show_bug.cgi?id=1266347 * https://bugzilla.suse.com/show_bug.cgi?id=1266349 * https://bugzilla.suse.com/show_bug.cgi?id=1266350 * https://bugzilla.suse.com/show_bug.cgi?id=1266351 * https://bugzilla.suse.com/show_bug.cgi?id=1266352 * https://bugzilla.suse.com/show_bug.cgi?id=1266353 * https://bugzilla.suse.com/show_bug.cgi?id=1266355 * https://bugzilla.suse.com/show_bug.cgi?id=1266356 * https://bugzilla.suse.com/show_bug.cgi?id=1266357 . 15 vulnerabilities addressed with an important security patch for openssl-3 on SUSE, including buffer and memory issues.. SUSE openssl-3 security patch, important security update, buffer overflow fix, heap overflow vulnerability. . Severity: Important. LinuxSecurity.com Team
Jun 29, 2026
•Important
SuSE
100
security advisorymoderateupdateSUSE Linux Micro 6.2 Moderate Python Click Command Exec Update 2026-22254-1
An update that solves one vulnerability can now be installed.. # Security update for python-click Announcement ID: SUSE-SU-2026:22254-1 Release Date: 2026-06-22T14:35:17Z Rating: moderate References: * bsc#1263898 Cross-References: * CVE-2026-7246 CVSS scores: * CVE-2026-7246 ( SUSE ): 5.4 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-7246 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2026-7246 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for python-click fixes the following issue * CVE-2026-7246: Arbitrary command execution via command injection in click.edit() (bsc#1263898). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-1029=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * python313-click-8.2.1-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-7246.html * https://bugzilla.suse.com/show_bug.cgi?id=1263898 . An update addresses a moderate risk command execution issue in python-click for SUSE Linux Micro. Install promptly.. SUSE linux security update, python-click security advisory, command execution risk, vulnerability management. . Severity: moderate. LinuxSecurity.com Team
Jun 29, 2026
•moderate
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
Can sandbox isolation stop malware?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!