Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 9,991 articles for you...
202
security advisorysecurity issueremote accessopenSUSE NetworkManager-libreswan Important Security Update CVE-2024-9050
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for NetworkManager-libreswan ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0200-1 Rating: important References: #1232040 Cross-References: CVE-2024-9050 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for NetworkManager-libreswan fixes the following issues: - Update to version 1.2.24 (boo#1232040): + Fixed formatting of ipsec.conf snippet. This is a security issue with severity of "Important." (CVE-2024-9050). + Added support for "require-id-on-certificate" setting. + Updated translations. - Changes from version 1.2.22: + Add IPv6 support. - Changes from version 1.2.20: + Support setting "leftmodecfgclient" to "no" + Support for the "type", "hostaddrfamily" and "clientaddrfamily", "leftsubnet" and "rightcert" parameters. - Changes from version 1.2.18: + Drop libnm-glib compatibility (NetworkManager < 1.0). + Add support for the "authby", "dpdaction", "dpddelay", "dpdtimeout", "ipsec-interface" parameters. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-200=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64): NetworkManager-libreswan-1.2.24-bp157.3.3.1 NetworkManager-libreswan-gnome-1.2.24-bp157.3.3.1 - openSUSE Backports SLE-15-SP7 (noarch): NetworkManager-libreswan-lang-1.2.24-bp157.3.3.1 References: https://www.suse.com/security/cve/CVE-2024-9050.html https://bugzilla.suse.com/1232040 . openSUSE Security Update addresses an important security issue in NetworkManager-libreswan with CVE-2024-9050.. openSUSE, NetworkManager-libreswan, security update, important fix. . Severity: Important. LinuxSecurity.com Team
Jun 12, 2026
•Important
OpenSUSE
89
security advisorysecurity issuefedoraFedora 43kernel Important CVE-2025-10263 Fix for aarch64 CPUs
The 7.0.12-101/201 updates contain fixes for CVE-2025-10263. This CVE, while important, only impacts specific aarch64 CPUs.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-75fcc75b5f 2026-06-12 01:07:40.519563+00:00 -------------------------------------------------------------------------------- Name : kernel Product : Fedora 43 Version : 7.0.12 Release : 101.fc43 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package -------------------------------------------------------------------------------- Update Information: The 7.0.12-101/201 updates contain fixes for CVE-2025-10263. This CVE, while important, only impacts specific aarch64 CPUs. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Justin M. Forbes [7.0.12-1] - New config setting for ARM64 Erratum (Justin M. Forbes) - arm64: errata: Mitigate TLBI errata on NVIDIA Olympus CPU (Shanker Donthineni) - arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Rutland) - arm64: cputype: Add C1-Premium definitions (Mark Rutland) - arm64: cputype: Add C1-Ultra definitions (Mark Rutland) -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-75fcc75b5f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 11, 2026
•Important
Fedora
100
security advisorysecurity issuepatchopenSUSE StrongSwan Important Security Patch CVE-2026-35328 CVE-2026-35329
An update that solves eight vulnerabilities can now be installed.. # Security update for strongswan Announcement ID: SUSE-SU-2026:2368-1 Release Date: 2026-06-11T12:22:00Z Rating: important References: * bsc#1261705 * bsc#1261706 * bsc#1261708 * bsc#1261712 * bsc#1261717 * bsc#1261718 * bsc#1261720 * bsc#1266360 Cross-References: * CVE-2026-35328 * CVE-2026-35329 * CVE-2026-35330 * CVE-2026-35331 * CVE-2026-35332 * CVE-2026-35333 * CVE-2026-35334 * CVE-2026-47895 CVSS scores: * CVE-2026-35328 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35328 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35329 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35329 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35330 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-35330 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-35331 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-35331 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-35332 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35332 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35333 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35333 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35334 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35334 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-47895 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-47895 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE LinuxEnterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves eight vulnerabilities can now be installed. ## Description: This update for strongswan fixes the following issues * CVE-2026-35328: infinite loop when handling supported versions TLS extension (bsc#1261712). * CVE-2026-35329: null pointer dereference when processing padding in PKCS#7 (bsc#1261717). * CVE-2026-35330: integer underflow when handling EAP-SIM/AKA attributes (bsc#1261705). * CVE-2026-35331: accepting certificates violating name constraints (bsc#1261718). * CVE-2026-35332: null pointer dereference when handling ECDH public value in TLS (bsc#1261708). * CVE-2026-35333: integer underflow when handling RADIUS attributes (bsc#1261706). * CVE-2026-35334: possible null pointer dereference in RSA decryption (bsc#1261720). * CVE-2026-47895: double-free when destroying certain cloned identities (bsc#1266360). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2368=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2368=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2368=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2368=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2368=1 ## Package List: *SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * strongswan-libs0-5.9.11-150400.19.35.1 * strongswan-5.9.11-150400.19.35.1 * strongswan-ipsec-debuginfo-5.9.11-150400.19.35.1 * strongswan-debuginfo-5.9.11-150400.19.35.1 * strongswan-debugsource-5.9.11-150400.19.35.1 * strongswan-ipsec-5.9.11-150400.19.35.1 * strongswan-hmac-5.9.11-150400.19.35.1 * strongswan-libs0-debuginfo-5.9.11-150400.19.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * strongswan-doc-5.9.11-150400.19.35.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * strongswan-libs0-5.9.11-150400.19.35.1 * strongswan-5.9.11-150400.19.35.1 * strongswan-ipsec-debuginfo-5.9.11-150400.19.35.1 * strongswan-debuginfo-5.9.11-150400.19.35.1 * strongswan-debugsource-5.9.11-150400.19.35.1 * strongswan-ipsec-5.9.11-150400.19.35.1 * strongswan-hmac-5.9.11-150400.19.35.1 * strongswan-libs0-debuginfo-5.9.11-150400.19.35.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * strongswan-doc-5.9.11-150400.19.35.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * strongswan-nm-5.9.11-150400.19.35.1 * strongswan-libs0-5.9.11-150400.19.35.1 * strongswan-5.9.11-150400.19.35.1 * strongswan-ipsec-debuginfo-5.9.11-150400.19.35.1 * strongswan-nm-debuginfo-5.9.11-150400.19.35.1 * strongswan-debuginfo-5.9.11-150400.19.35.1 * strongswan-debugsource-5.9.11-150400.19.35.1 * strongswan-ipsec-5.9.11-150400.19.35.1 * strongswan-sqlite-debuginfo-5.9.11-150400.19.35.1 * strongswan-mysql-debuginfo-5.9.11-150400.19.35.1 * strongswan-sqlite-5.9.11-150400.19.35.1 * strongswan-hmac-5.9.11-150400.19.35.1 * strongswan-libs0-debuginfo-5.9.11-150400.19.35.1 * strongswan-mysql-5.9.11-150400.19.35.1 * openSUSE Leap 15.4 (noarch) * strongswan-doc-5.9.11-150400.19.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) *strongswan-libs0-5.9.11-150400.19.35.1 * strongswan-5.9.11-150400.19.35.1 * strongswan-ipsec-debuginfo-5.9.11-150400.19.35.1 * strongswan-debuginfo-5.9.11-150400.19.35.1 * strongswan-debugsource-5.9.11-150400.19.35.1 * strongswan-ipsec-5.9.11-150400.19.35.1 * strongswan-hmac-5.9.11-150400.19.35.1 * strongswan-libs0-debuginfo-5.9.11-150400.19.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * strongswan-doc-5.9.11-150400.19.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * strongswan-libs0-5.9.11-150400.19.35.1 * strongswan-5.9.11-150400.19.35.1 * strongswan-ipsec-debuginfo-5.9.11-150400.19.35.1 * strongswan-debuginfo-5.9.11-150400.19.35.1 * strongswan-debugsource-5.9.11-150400.19.35.1 * strongswan-ipsec-5.9.11-150400.19.35.1 * strongswan-hmac-5.9.11-150400.19.35.1 * strongswan-libs0-debuginfo-5.9.11-150400.19.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * strongswan-doc-5.9.11-150400.19.35.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35328.html * https://www.suse.com/security/cve/CVE-2026-35329.html * https://www.suse.com/security/cve/CVE-2026-35330.html * https://www.suse.com/security/cve/CVE-2026-35331.html * https://www.suse.com/security/cve/CVE-2026-35332.html * https://www.suse.com/security/cve/CVE-2026-35333.html * https://www.suse.com/security/cve/CVE-2026-35334.html * https://www.suse.com/security/cve/CVE-2026-47895.html * https://bugzilla.suse.com/show_bug.cgi?id=1261705 * https://bugzilla.suse.com/show_bug.cgi?id=1261706 * https://bugzilla.suse.com/show_bug.cgi?id=1261708 * https://bugzilla.suse.com/show_bug.cgi?id=1261712 * https://bugzilla.suse.com/show_bug.cgi?id=1261717 * https://bugzilla.suse.com/show_bug.cgi?id=1261718 * https://bugzilla.suse.com/show_bug.cgi?id=1261720 * https://bugzilla.suse.com/show_bug.cgi?id=1266360 . SUSE issues important security update for strongswan fixingmultiple vulnerabilities. Install updates to secure your system.. strongswan security update, SUSE Linux vulnerabilities, openSUSE patch instructions. . Severity: Important. LinuxSecurity.com Team
Jun 11, 2026
•Important
SuSE
100
security advisorydenial of servicesecurity issueopenSUSE tomcat11 Important Security Update 2026-2374-1
An update that solves seven vulnerabilities can now be installed.. # Security update for tomcat11 Announcement ID: SUSE-SU-2026:2374-1 Release Date: 2026-06-11T15:34:50Z Rating: important References: * bsc#1265145 * bsc#1265162 * bsc#1265163 * bsc#1265165 * bsc#1265166 * bsc#1265167 * bsc#1265168 Cross-References: * CVE-2026-41284 * CVE-2026-41293 * CVE-2026-42498 * CVE-2026-43512 * CVE-2026-43513 * CVE-2026-43514 * CVE-2026-43515 CVSS scores: * CVE-2026-41284 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-41284 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-41284 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-41293 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-41293 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-41293 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-42498 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-42498 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-42498 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-43512 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-43512 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-43512 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43513 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43513 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43513 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-43514 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-43514 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-43514 ( NVD ): 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-43515 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-43515 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-43515 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * Web and Scripting Module 15-SP7 An update that solves seven vulnerabilities can now be installed. ## Description: This update for tomcat11 fixes the following issues Update to Tomcat 11.0.22: * CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling (bsc#1265162). * CVE-2026-41293: HTTP/2 request headers not validated (bsc#1265163). * CVE-2026-42498: WebSocket authentication header exposure (bsc#1265165). * CVE-2026-43512: digest authenticator will authenticate any unknown user (bsc#1265145). * CVE-2026-43513: LockOutRealm treats user names as case-sensitive (bsc#1265166). * CVE-2026-43514: AJP secret compared in non-constant time (bsc#1265167). * CVE-2026-43515: Security constraints not correctly applied (bsc#1265168). Changes: * Catalina * Add: Enhance version.sh and version.bat to display APR, Tomcat Native, and OpenSSL version information (both APR and FFM implementations), along with version compatibility warnings and third-party library version information. (csutherl) * Code: Refactor generation of the remote user element in the access log to remove unnecessary code. (markt) * Fix: Fix a regression in the previous release that meant ?- could appear in the access log rather than ? when the query string was present but empty. (markt) * Fix: Failed precondition should make WebDAV DELETE fail. #982 submitted by Mahmoud Alarby.(remm) * Fix: Align the escaping in ExtendedAccessLogValve with the other AccessLogValve implementations. (markt) * Fix: 70000: fix duplication of special headers in the response after commit, following fix for 69967. (remm) * Fix: Correct the handling of URIs mapped to a security constraint that only specifies the special ** role for all authenticated users. Requests without authentication were receiving 403 responses rather than 401 responses. (markt) * Fix: Fix a race condition in StandardContext.getServletContext() that could cause the jakarta.servlet.context.tempdir attribute to be lost during a context reload. Make the context field volatile and use locking to ensure only one ApplicationContext instance is created. (dsoumis) * Fix: Update the Windows authentication (kerberos) documentation to reflect that both Java and Windows are removing / have removed support for RC4-HMAC. The guide now uses AES256-SHA1. (markt) * Fix: Add a new initialisation parameter for WebDAV, maxRequestBodySize which limits the size of a WebDAV request body for LOCK and PROPFIND. The default value is 4096 bytes. (markt) * Add: Add a new caseSensitive attribute to the LockOutRealm that controls the manner in which user names are treated when making locking decisions. The default is false, meaning user names are treated in a case insensitive manner. (markt) * Fix: Correct the handling of invalid users with DIGEST authentication. (markt) * Fix: Ensure RealmBase finds all matching extension based security constraints. (markt) * Coyote * Fix: Avoid various edge cases if Content-Length is set via setHeader(String,String) or addHeader(String,String) with an invalid value by always clearing the previous value whether the new value is valid or not and ignoring any invalid new value. (markt) * Code: Refactor the calculation of the real index in the HPACK dynamic header table implementation to reduce code duplication. (markt) * Fix:Fix various minor issues with some HTTP/2 stream error messages for HTTP/2. (markt) * Fix: Consistently reject URIs containing NULL bytes when normalizing. * Fix: Fix a few minor memory leaks on error paths reading TLS keys and certificates when using FFM. (markt) * Fix: Refactor clean-up after HTTP/2 headers have been processed to aid GC after a stream reset. (markt) * Fix: Align HTTP/2 trailer fields with HTTP/1.1 and filter out any fields not permitted in trailers. (markt) * Fix: Free private keys after use in FFM based connector configuration. * Fix: Correct an unlikely edge-case parsing bug in the HTTP/2 HPACK header decoding that could result in a valid header triggering an unexpected connection close. (markt) * Fix: Refactor HTTP/2 HPACK encoding so header field names are only converted to lower case once during the encoding process. (markt) * Fix: Refactor HTTP/2 header field validation so it occurs earlier. Extend validation to check for disallowed characters as well as upper case characters. (markt) * Fix: Add TLS 1.3 groups added in OpenSSL 4.0. (remm) * Fix: Add validation that the HTTP/2 :scheme pseudo-header is consistent with the use (or not) of TLS. (markt) * Fix: Correct the validation of pseudo headers and CONNECT requests to align Tomcat's behaviour with RFC 9113, section 8.5. (markt) * Fix: Fix a potential integer overflow when allocating capacity from a connection level window update to individual HTTP/2 streams. Based on #996 by Mike Tingey Jr. (markt) * Fix: Switch AJP secret comparison to a constant time algorithm. (markt) * WebSocket * Fix: Fix the initial connection to a WebSocket end point where the connection is made via a proxy that requires DIGEST authentication. * Other * Fix: 69993: Update the URL to the CDDL 1.0 license. (markt) * Add: Add warning when OpenSSL binary is not found. (csutherl) * Add: Add check for Tomcat Native library, and log warning when it's not found to make iteasier to see when it's not used by the suite. (csutherl) * Update: Update Byte Buddy to 1.18.8. (markt) * Update: Update Bouncy Castle to 1.84. (markt) * Update: Improvements to French translations. (remm) * Update: Improvements to Japanese translations provided by tak7iji. (markt) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2374=1 * Web and Scripting Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-2374=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2374=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2374=1 ## Package List: * openSUSE Leap 15.6 (noarch) * tomcat11-embed-11.0.22-150600.13.21.1 * tomcat11-jsp-4_0-api-11.0.22-150600.13.21.1 * tomcat11-lib-11.0.22-150600.13.21.1 * tomcat11-webapps-11.0.22-150600.13.21.1 * tomcat11-docs-webapp-11.0.22-150600.13.21.1 * tomcat11-jsvc-11.0.22-150600.13.21.1 * tomcat11-doc-11.0.22-150600.13.21.1 * tomcat11-servlet-6_1-api-11.0.22-150600.13.21.1 * tomcat11-11.0.22-150600.13.21.1 * tomcat11-admin-webapps-11.0.22-150600.13.21.1 * tomcat11-el-6_0-api-11.0.22-150600.13.21.1 * Web and Scripting Module 15-SP7 (noarch) * tomcat11-jsp-4_0-api-11.0.22-150600.13.21.1 * tomcat11-lib-11.0.22-150600.13.21.1 * tomcat11-webapps-11.0.22-150600.13.21.1 * tomcat11-servlet-6_1-api-11.0.22-150600.13.21.1 * tomcat11-11.0.22-150600.13.21.1 * tomcat11-admin-webapps-11.0.22-150600.13.21.1 * tomcat11-el-6_0-api-11.0.22-150600.13.21.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * tomcat11-jsp-4_0-api-11.0.22-150600.13.21.1 * tomcat11-lib-11.0.22-150600.13.21.1 *tomcat11-webapps-11.0.22-150600.13.21.1 * tomcat11-servlet-6_1-api-11.0.22-150600.13.21.1 * tomcat11-11.0.22-150600.13.21.1 * tomcat11-admin-webapps-11.0.22-150600.13.21.1 * tomcat11-el-6_0-api-11.0.22-150600.13.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * tomcat11-jsp-4_0-api-11.0.22-150600.13.21.1 * tomcat11-lib-11.0.22-150600.13.21.1 * tomcat11-webapps-11.0.22-150600.13.21.1 * tomcat11-servlet-6_1-api-11.0.22-150600.13.21.1 * tomcat11-11.0.22-150600.13.21.1 * tomcat11-admin-webapps-11.0.22-150600.13.21.1 * tomcat11-el-6_0-api-11.0.22-150600.13.21.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41284.html * https://www.suse.com/security/cve/CVE-2026-41293.html * https://www.suse.com/security/cve/CVE-2026-42498.html * https://www.suse.com/security/cve/CVE-2026-43512.html * https://www.suse.com/security/cve/CVE-2026-43513.html * https://www.suse.com/security/cve/CVE-2026-43514.html * https://www.suse.com/security/cve/CVE-2026-43515.html * https://bugzilla.suse.com/show_bug.cgi?id=1265145 * https://bugzilla.suse.com/show_bug.cgi?id=1265162 * https://bugzilla.suse.com/show_bug.cgi?id=1265163 * https://bugzilla.suse.com/show_bug.cgi?id=1265165 * https://bugzilla.suse.com/show_bug.cgi?id=1265166 * https://bugzilla.suse.com/show_bug.cgi?id=1265167 * https://bugzilla.suse.com/show_bug.cgi?id=1265168 . Latest update for tomcat11 in openSUSE patches seven important issues, ensuring enhanced security and stability.. tomcat11 security patch, openSUSE vulnerabilities, important security update. . Severity: Important. LinuxSecurity.com Team
Jun 11, 2026
•Important
SuSE
100
security advisorydenial of servicesecurity issueopenSUSE OpenSSH Vital Security Update to Mitigate Info Leak and DoS
An update that solves four vulnerabilities and has one security fix can now be installed.. # Security update for openssh Announcement ID: SUSE-SU-2026:2375-1 Release Date: 2026-06-11T16:06:35Z Rating: important References: * bsc#1259642 * bsc#1261427 * bsc#1261430 * bsc#1261441 * bsc#1264568 Cross-References: * CVE-2026-3497 * CVE-2026-35385 * CVE-2026-35388 * CVE-2026-35414 CVSS scores: * CVE-2026-3497 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-3497 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-3497 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3497 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35385 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-35385 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-35385 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-35385 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-35388 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-35388 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-35388 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-35388 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-35414 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-35414 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-35414 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-35414 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise HighPerformance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities and has one security fix can now be installed. ## Description: This update for openssh fixes the following issues * CVE-2026-3497: information disclosure or denial of service due to uninitialized variables (bsc#1259642). * CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid (bsc#1261427). * CVE-2026-35388: omitted connection multiplexing confirmation for proxy-mode multiplexing sessions (bsc#1261441). * CVE-2026-35414: mishandling of authorized_keys principals option (bsc#1261430). * potential security issue when validating mac (bsc#1264568). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-2375=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-2375=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2375=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2375=1 * SUSE Linux Enterprise Micro for Rancher5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2375=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2375=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2375=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2375=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2375=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2375=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2375=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2375=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2375=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2375=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * openssh-helpers-8.4p1-150300.3.65.1 * openssh-askpass-gnome-8.4p1-150300.3.65.1 * openssh-common-debuginfo-8.4p1-150300.3.65.1 * openssh-common-8.4p1-150300.3.65.1 * openssh-cavs-debuginfo-8.4p1-150300.3.65.1 * openssh-server-debuginfo-8.4p1-150300.3.65.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.65.1 * openssh-debuginfo-8.4p1-150300.3.65.1 * openssh-clients-debuginfo-8.4p1-150300.3.65.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.65.1 * openssh-cavs-8.4p1-150300.3.65.1 * openssh-debugsource-8.4p1-150300.3.65.1 * openssh-clients-8.4p1-150300.3.65.1 * openssh-helpers-debuginfo-8.4p1-150300.3.65.1 * openssh-8.4p1-150300.3.65.1 * openssh-server-8.4p1-150300.3.65.1 *openssh-fips-8.4p1-150300.3.65.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * openssh-common-debuginfo-8.4p1-150300.3.65.1 * openssh-common-8.4p1-150300.3.65.1 * openssh-server-debuginfo-8.4p1-150300.3.65.1 * openssh-debuginfo-8.4p1-150300.3.65.1 * openssh-clients-debuginfo-8.4p1-150300.3.65.1 * openssh-debugsource-8.4p1-150300.3.65.1 * openssh-server-8.4p1-150300.3.65.1 * openssh-clients-8.4p1-150300.3.65.1 * openssh-8.4p1-150300.3.65.1 * openssh-fips-8.4p1-150300.3.65.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * openssh-common-debuginfo-8.4p1-150300.3.65.1 * openssh-common-8.4p1-150300.3.65.1 * openssh-server-debuginfo-8.4p1-150300.3.65.1 * openssh-debuginfo-8.4p1-150300.3.65.1 * openssh-clients-debuginfo-8.4p1-150300.3.65.1 * openssh-debugsource-8.4p1-150300.3.65.1 * openssh-server-8.4p1-150300.3.65.1 * openssh-clients-8.4p1-150300.3.65.1 * openssh-8.4p1-150300.3.65.1 * openssh-fips-8.4p1-150300.3.65.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * openssh-common-debuginfo-8.4p1-150300.3.65.1 * openssh-common-8.4p1-150300.3.65.1 * openssh-server-debuginfo-8.4p1-150300.3.65.1 * openssh-debuginfo-8.4p1-150300.3.65.1 * openssh-clients-debuginfo-8.4p1-150300.3.65.1 * openssh-debugsource-8.4p1-150300.3.65.1 * openssh-server-8.4p1-150300.3.65.1 * openssh-clients-8.4p1-150300.3.65.1 * openssh-8.4p1-150300.3.65.1 * openssh-fips-8.4p1-150300.3.65.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * openssh-common-debuginfo-8.4p1-150300.3.65.1 * openssh-common-8.4p1-150300.3.65.1 * openssh-server-debuginfo-8.4p1-150300.3.65.1 * openssh-debuginfo-8.4p1-150300.3.65.1 * openssh-clients-debuginfo-8.4p1-150300.3.65.1 * openssh-debugsource-8.4p1-150300.3.65.1 * openssh-server-8.4p1-150300.3.65.1 * openssh-clients-8.4p1-150300.3.65.1 * openssh-8.4p1-150300.3.65.1 *openssh-fips-8.4p1-150300.3.65.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * openssh-common-debuginfo-8.4p1-150300.3.65.1 * openssh-common-8.4p1-150300.3.65.1 * openssh-server-debuginfo-8.4p1-150300.3.65.1 * openssh-debuginfo-8.4p1-150300.3.65.1 * openssh-clients-debuginfo-8.4p1-150300.3.65.1 * openssh-debugsource-8.4p1-150300.3.65.1 * openssh-server-8.4p1-150300.3.65.1 * openssh-clients-8.4p1-150300.3.65.1 * openssh-8.4p1-150300.3.65.1 * openssh-fips-8.4p1-150300.3.65.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * openssh-helpers-8.4p1-150300.3.65.1 * openssh-askpass-gnome-8.4p1-150300.3.65.1 * openssh-common-debuginfo-8.4p1-150300.3.65.1 * openssh-common-8.4p1-150300.3.65.1 * openssh-server-debuginfo-8.4p1-150300.3.65.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.65.1 * openssh-debuginfo-8.4p1-150300.3.65.1 * openssh-clients-debuginfo-8.4p1-150300.3.65.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.65.1 * openssh-debugsource-8.4p1-150300.3.65.1 * openssh-helpers-debuginfo-8.4p1-150300.3.65.1 * openssh-clients-8.4p1-150300.3.65.1 * openssh-server-8.4p1-150300.3.65.1 * openssh-8.4p1-150300.3.65.1 * openssh-fips-8.4p1-150300.3.65.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * openssh-helpers-8.4p1-150300.3.65.1 * openssh-askpass-gnome-8.4p1-150300.3.65.1 * openssh-common-debuginfo-8.4p1-150300.3.65.1 * openssh-common-8.4p1-150300.3.65.1 * openssh-server-debuginfo-8.4p1-150300.3.65.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.65.1 * openssh-debuginfo-8.4p1-150300.3.65.1 * openssh-clients-debuginfo-8.4p1-150300.3.65.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.65.1 * openssh-debugsource-8.4p1-150300.3.65.1 * openssh-helpers-debuginfo-8.4p1-150300.3.65.1 * openssh-clients-8.4p1-150300.3.65.1 * openssh-server-8.4p1-150300.3.65.1 *openssh-8.4p1-150300.3.65.1 * openssh-fips-8.4p1-150300.3.65.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * openssh-helpers-8.4p1-150300.3.65.1 * openssh-askpass-gnome-8.4p1-150300.3.65.1 * openssh-common-debuginfo-8.4p1-150300.3.65.1 * openssh-common-8.4p1-150300.3.65.1 * openssh-server-debuginfo-8.4p1-150300.3.65.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.65.1 * openssh-debuginfo-8.4p1-150300.3.65.1 * openssh-clients-debuginfo-8.4p1-150300.3.65.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.65.1 * openssh-debugsource-8.4p1-150300.3.65.1 * openssh-helpers-debuginfo-8.4p1-150300.3.65.1 * openssh-clients-8.4p1-150300.3.65.1 * openssh-server-8.4p1-150300.3.65.1 * openssh-8.4p1-150300.3.65.1 * openssh-fips-8.4p1-150300.3.65.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * openssh-helpers-8.4p1-150300.3.65.1 * openssh-askpass-gnome-8.4p1-150300.3.65.1 * openssh-common-debuginfo-8.4p1-150300.3.65.1 * openssh-common-8.4p1-150300.3.65.1 * openssh-server-debuginfo-8.4p1-150300.3.65.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.65.1 * openssh-debuginfo-8.4p1-150300.3.65.1 * openssh-clients-debuginfo-8.4p1-150300.3.65.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.65.1 * openssh-debugsource-8.4p1-150300.3.65.1 * openssh-helpers-debuginfo-8.4p1-150300.3.65.1 * openssh-clients-8.4p1-150300.3.65.1 * openssh-server-8.4p1-150300.3.65.1 * openssh-8.4p1-150300.3.65.1 * openssh-fips-8.4p1-150300.3.65.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * openssh-helpers-8.4p1-150300.3.65.1 * openssh-askpass-gnome-8.4p1-150300.3.65.1 * openssh-common-debuginfo-8.4p1-150300.3.65.1 * openssh-common-8.4p1-150300.3.65.1 * openssh-server-debuginfo-8.4p1-150300.3.65.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.65.1 *openssh-debuginfo-8.4p1-150300.3.65.1 * openssh-clients-debuginfo-8.4p1-150300.3.65.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.65.1 * openssh-debugsource-8.4p1-150300.3.65.1 * openssh-helpers-debuginfo-8.4p1-150300.3.65.1 * openssh-clients-8.4p1-150300.3.65.1 * openssh-server-8.4p1-150300.3.65.1 * openssh-8.4p1-150300.3.65.1 * openssh-fips-8.4p1-150300.3.65.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * openssh-helpers-8.4p1-150300.3.65.1 * openssh-askpass-gnome-8.4p1-150300.3.65.1 * openssh-common-debuginfo-8.4p1-150300.3.65.1 * openssh-common-8.4p1-150300.3.65.1 * openssh-server-debuginfo-8.4p1-150300.3.65.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.65.1 * openssh-debuginfo-8.4p1-150300.3.65.1 * openssh-clients-debuginfo-8.4p1-150300.3.65.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.65.1 * openssh-debugsource-8.4p1-150300.3.65.1 * openssh-helpers-debuginfo-8.4p1-150300.3.65.1 * openssh-clients-8.4p1-150300.3.65.1 * openssh-server-8.4p1-150300.3.65.1 * openssh-8.4p1-150300.3.65.1 * openssh-fips-8.4p1-150300.3.65.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * openssh-helpers-8.4p1-150300.3.65.1 * openssh-askpass-gnome-8.4p1-150300.3.65.1 * openssh-common-debuginfo-8.4p1-150300.3.65.1 * openssh-common-8.4p1-150300.3.65.1 * openssh-server-debuginfo-8.4p1-150300.3.65.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.65.1 * openssh-debuginfo-8.4p1-150300.3.65.1 * openssh-clients-debuginfo-8.4p1-150300.3.65.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.65.1 * openssh-debugsource-8.4p1-150300.3.65.1 * openssh-helpers-debuginfo-8.4p1-150300.3.65.1 * openssh-clients-8.4p1-150300.3.65.1 * openssh-server-8.4p1-150300.3.65.1 * openssh-8.4p1-150300.3.65.1 * openssh-fips-8.4p1-150300.3.65.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) *openssh-helpers-8.4p1-150300.3.65.1 * openssh-askpass-gnome-8.4p1-150300.3.65.1 * openssh-common-debuginfo-8.4p1-150300.3.65.1 * openssh-common-8.4p1-150300.3.65.1 * openssh-server-debuginfo-8.4p1-150300.3.65.1 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.65.1 * openssh-debuginfo-8.4p1-150300.3.65.1 * openssh-clients-debuginfo-8.4p1-150300.3.65.1 * openssh-debugsource-8.4p1-150300.3.65.1 * openssh-server-8.4p1-150300.3.65.1 * openssh-helpers-debuginfo-8.4p1-150300.3.65.1 * openssh-clients-8.4p1-150300.3.65.1 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.65.1 * openssh-8.4p1-150300.3.65.1 * openssh-fips-8.4p1-150300.3.65.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3497.html * https://www.suse.com/security/cve/CVE-2026-35385.html * https://www.suse.com/security/cve/CVE-2026-35388.html * https://www.suse.com/security/cve/CVE-2026-35414.html * https://bugzilla.suse.com/show_bug.cgi?id=1259642 * https://bugzilla.suse.com/show_bug.cgi?id=1261427 * https://bugzilla.suse.com/show_bug.cgi?id=1261430 * https://bugzilla.suse.com/show_bug.cgi?id=1261441 * https://bugzilla.suse.com/show_bug.cgi?id=1264568 . SUSE releases an important security update for OpenSSH addressing multiple vulnerabilities including information disclosure.. OpenSSH update SUSE vulnerabilities patch. . Severity: Important. LinuxSecurity.com Team
Jun 11, 2026
•Important
SuSE
100
security advisorysecurity issueSuSESUSE Tomcat10 Security Update Released for Critical Issue 2026-2377-1
An update that solves seven vulnerabilities can now be installed.. # Security update for tomcat10 Announcement ID: SUSE-SU-2026:2377-1 Release Date: 2026-06-11T16:09:06Z Rating: important References: * bsc#1265145 * bsc#1265162 * bsc#1265163 * bsc#1265165 * bsc#1265166 * bsc#1265167 * bsc#1265168 Cross-References: * CVE-2026-41284 * CVE-2026-41293 * CVE-2026-42498 * CVE-2026-43512 * CVE-2026-43513 * CVE-2026-43514 * CVE-2026-43515 CVSS scores: * CVE-2026-41284 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-41284 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-41284 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-41293 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-41293 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-41293 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-42498 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-42498 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-42498 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-43512 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-43512 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-43512 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43513 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43513 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43513 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-43514 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-43514 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-43514 ( NVD ): 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-43515 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-43515 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-43515 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * Web and Scripting Module 15-SP7 An update that solves seven vulnerabilities can now be installed. ## Description: This update for tomcat10 fixes the following issues Update to Tomcat 10.1.55: * CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling (bsc#1265162). * CVE-2026-41293: HTTP/2 request headers not validated (bsc#1265163). * CVE-2026-42498: WebSocket authentication header exposure (bsc#1265165). * CVE-2026-43512: digest authenticator will authenticate any unknown user (bsc#1265145). * CVE-2026-43513: LockOutRealm treats user names as case-sensitive (bsc#1265166). * CVE-2026-43514: AJP secret compared in non-constant time (bsc#1265167). * CVE-2026-43515: Security constraints not correctly applied (bsc#1265168). Changes: * Catalina * Add: Enhance version.sh and version.bat to display APR, Tomcat Native, and OpenSSL version information (both APR and FFM implementations), along with version compatibility warnings and third-party library version information. (csutherl) * Code: Refactor generation of the remote user element in the access logto remove unnecessary code. (markt) * Fix: Fix a regression in the previous release that meant ?- could appear in the access log rather than ? when the query string was present but empty. (markt) * Fix: Failed precondition should make WebDAV DELETE fail. #982 submitted by Mahmoud Alarby. (remm) * Fix: Align the escaping in ExtendedAccessLogValve with the other AccessLogValve implementations. (markt) * Fix: 70000: fix duplication of special headers in the response after commit, following fix for 69967. (remm) * Fix: Correct the handling of URIs mapped to a security constraint that only specifies the special ** role for all authenticated users. Requests without authentication were receiving 403 responses rather than 401 responses. (markt) * Fix: Fix a race condition in StandardContext.getServletContext() that could cause the jakarta.servlet.context.tempdir attribute to be lost during a context reload. Make the context field volatile and use locking to ensure only one ApplicationContext instance is created. (dsoumis) * Fix: Update the Windows authentication (kerberos) documentation to reflect that both Java and Windows are removing / have removed support for RC4-HMAC. The guide now uses AES256-SHA1. (markt) * Fix: Add a new initialisation parameter for WebDAV, maxRequestBodySize which limits the size of a WebDAV request body for LOCK and PROPFIND. The default value is 4096 bytes. (markt) * Add: Add a new caseSensitive attribute to the LockOutRealm that controls the manner in which user names are treated when making locking decisions. The default is false, meaning user names are treated in a case insensitive manner. (markt) * Fix: Correct the handling of invalid users with DIGEST authentication. (markt) * Fix: Ensure RealmBase finds all matching extension based security constraints. (markt) * Coyote * Fix: Avoid various edge cases if Content-Length is set via setHeader(String,String) oraddHeader(String,String) with an invalid value by always clearing the previous value whether the new value is valid or not and ignoring any invalid new value. (markt) * Code: Refactor the calculation of the real index in the HPACK dynamic header table implementation to reduce code duplication. (markt) * Fix: Fix various minor issues with some HTTP/2 stream error messages for HTTP/2. (markt) * Fix: Consistently reject URIs containing NULL bytes when normalizing. * Fix: Fix a few minor memory leaks on error paths reading TLS keys and certificates when using FFM. (markt) * Fix: Refactor clean-up after HTTP/2 headers have been processed to aid GC after a stream reset. (markt) * Fix: Align HTTP/2 trailer fields with HTTP/1.1 and filter out any fields not permitted in trailers. (markt) * Fix: Free private keys after use in FFM based connector configuration. * Fix: Correct an unlikely edge-case parsing bug in the HTTP/2 HPACK header decoding that could result in a valid header triggering an unexpected connection close. (markt) * Fix: Refactor HTTP/2 HPACK encoding so header field names are only converted to lower case once during the encoding process. (markt) * Fix: Refactor HTTP/2 header field validation so it occurs earlier. Extend validation to check for disallowed characters as well as upper case characters. (markt) * Fix: Add TLS 1.3 groups added in OpenSSL 4.0. (remm) * Fix: Add validation that the HTTP/2 :scheme pseudo-header is consistent with the use (or not) of TLS. (markt) * Fix: Correct the validation of pseudo headers and CONNECT requests to align Tomcat's behaviour with RFC 9113, section 8.5. (markt) * Fix: Fix a potential integer overflow when allocating capacity from a connection level window update to individual HTTP/2 streams. Based on #996 by Mike Tingey Jr. (markt) * Fix: Switch AJP secret comparison to a constant time algorithm. (markt) * WebSocket * Fix: Fix the initial connection to a WebSocket endpoint where the connection is made via a proxy that requires DIGEST authentication. * Other * Fix: 69993: Update the URL to the CDDL 1.0 license. (markt) * Add: Add warning when OpenSSL binary is not found. (csutherl) * Add: Add check for Tomcat Native library, and log warning when it's not found to make it easier to see when it's not used by the suite. (csutherl) * Update: Update Byte Buddy to 1.18.8. (markt) * Update: Update Bouncy Castle to 1.84. (markt) * Update: Improvements to French translations. (remm) * Update: Improvements to Japanese translations provided by tak7iji. (markt) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2377=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2377=1 * Web and Scripting Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-2377=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2377=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2377=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2377=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2377=1 ## Package List: * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * tomcat10-jsp-3_1-api-10.1.55-150200.5.67.1 * tomcat10-el-5_0-api-10.1.55-150200.5.67.1 * tomcat10-webapps-10.1.55-150200.5.67.1 * tomcat10-10.1.55-150200.5.67.1 * tomcat10-admin-webapps-10.1.55-150200.5.67.1 *tomcat10-lib-10.1.55-150200.5.67.1 * tomcat10-servlet-6_0-api-10.1.55-150200.5.67.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * tomcat10-jsp-3_1-api-10.1.55-150200.5.67.1 * tomcat10-el-5_0-api-10.1.55-150200.5.67.1 * tomcat10-webapps-10.1.55-150200.5.67.1 * tomcat10-10.1.55-150200.5.67.1 * tomcat10-admin-webapps-10.1.55-150200.5.67.1 * tomcat10-lib-10.1.55-150200.5.67.1 * tomcat10-servlet-6_0-api-10.1.55-150200.5.67.1 * Web and Scripting Module 15-SP7 (noarch) * tomcat10-jsp-3_1-api-10.1.55-150200.5.67.1 * tomcat10-el-5_0-api-10.1.55-150200.5.67.1 * tomcat10-webapps-10.1.55-150200.5.67.1 * tomcat10-10.1.55-150200.5.67.1 * tomcat10-admin-webapps-10.1.55-150200.5.67.1 * tomcat10-lib-10.1.55-150200.5.67.1 * tomcat10-servlet-6_0-api-10.1.55-150200.5.67.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * tomcat10-jsp-3_1-api-10.1.55-150200.5.67.1 * tomcat10-el-5_0-api-10.1.55-150200.5.67.1 * tomcat10-webapps-10.1.55-150200.5.67.1 * tomcat10-10.1.55-150200.5.67.1 * tomcat10-admin-webapps-10.1.55-150200.5.67.1 * tomcat10-lib-10.1.55-150200.5.67.1 * tomcat10-servlet-6_0-api-10.1.55-150200.5.67.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * tomcat10-jsp-3_1-api-10.1.55-150200.5.67.1 * tomcat10-el-5_0-api-10.1.55-150200.5.67.1 * tomcat10-webapps-10.1.55-150200.5.67.1 * tomcat10-10.1.55-150200.5.67.1 * tomcat10-admin-webapps-10.1.55-150200.5.67.1 * tomcat10-lib-10.1.55-150200.5.67.1 * tomcat10-servlet-6_0-api-10.1.55-150200.5.67.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * tomcat10-jsp-3_1-api-10.1.55-150200.5.67.1 * tomcat10-el-5_0-api-10.1.55-150200.5.67.1 * tomcat10-webapps-10.1.55-150200.5.67.1 * tomcat10-10.1.55-150200.5.67.1 * tomcat10-admin-webapps-10.1.55-150200.5.67.1 * tomcat10-lib-10.1.55-150200.5.67.1 * tomcat10-servlet-6_0-api-10.1.55-150200.5.67.1 * SUSE LinuxEnterprise Server for SAP Applications 15 SP5 (noarch) * tomcat10-jsp-3_1-api-10.1.55-150200.5.67.1 * tomcat10-el-5_0-api-10.1.55-150200.5.67.1 * tomcat10-webapps-10.1.55-150200.5.67.1 * tomcat10-10.1.55-150200.5.67.1 * tomcat10-admin-webapps-10.1.55-150200.5.67.1 * tomcat10-lib-10.1.55-150200.5.67.1 * tomcat10-servlet-6_0-api-10.1.55-150200.5.67.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41284.html * https://www.suse.com/security/cve/CVE-2026-41293.html * https://www.suse.com/security/cve/CVE-2026-42498.html * https://www.suse.com/security/cve/CVE-2026-43512.html * https://www.suse.com/security/cve/CVE-2026-43513.html * https://www.suse.com/security/cve/CVE-2026-43514.html * https://www.suse.com/security/cve/CVE-2026-43515.html * https://bugzilla.suse.com/show_bug.cgi?id=1265145 * https://bugzilla.suse.com/show_bug.cgi?id=1265162 * https://bugzilla.suse.com/show_bug.cgi?id=1265163 * https://bugzilla.suse.com/show_bug.cgi?id=1265165 * https://bugzilla.suse.com/show_bug.cgi?id=1265166 * https://bugzilla.suse.com/show_bug.cgi?id=1265167 * https://bugzilla.suse.com/show_bug.cgi?id=1265168 . Update for tomcat10 addresses seven important vulnerabilities for SUSE users. Install it to secure your system.. SUSE Tomcat10 security patch Linux vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Jun 11, 2026
•Important
SuSE
100
security advisorysecurity issuebuffer overflowSUSE Linux Enterprise gnutls Important Update Advisories 2026-2367-1
An update that solves four vulnerabilities can now be installed.. # Security update for gnutls Announcement ID: SUSE-SU-2026:2367-1 Release Date: 2026-06-11T09:12:53Z Rating: important References: * bsc#1263704 * bsc#1263705 * bsc#1263708 Cross-References: * CVE-2025-9820 * CVE-2026-33845 * CVE-2026-33846 * CVE-2026-42009 CVSS scores: * CVE-2025-9820 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-9820 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33845 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33845 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-33845 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-33845 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33846 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33846 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33846 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42009 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-42009 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42009 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for gnutls fixes the following issues * CVE-2026-33845: buffers: switch from end_offset over to frag_length (bsc#1263704). * CVE-2026-33846: buffers: add more checks to DTLS reassembly (bsc#1263705). * CVE-2026-42009: lib/buffers: ensure packets have differingsequence numbers (bsc#1263708). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-2367=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2367=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libgnutlsxx-devel-3.3.27-3.18.1 * libgnutls-openssl-devel-3.3.27-3.18.1 * libgnutls28-debuginfo-3.3.27-3.18.1 * libgnutls-openssl27-3.3.27-3.18.1 * gnutls-debugsource-3.3.27-3.18.1 * gnutls-3.3.27-3.18.1 * libgnutls28-3.3.27-3.18.1 * libgnutls-openssl27-debuginfo-3.3.27-3.18.1 * gnutls-debuginfo-3.3.27-3.18.1 * libgnutls-devel-3.3.27-3.18.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libgnutls28-debuginfo-32bit-3.3.27-3.18.1 * libgnutls28-32bit-3.3.27-3.18.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libgnutlsxx-devel-3.3.27-3.18.1 * libgnutls-openssl-devel-3.3.27-3.18.1 * libgnutls28-debuginfo-32bit-3.3.27-3.18.1 * libgnutls28-debuginfo-3.3.27-3.18.1 * libgnutls-openssl27-3.3.27-3.18.1 * gnutls-debugsource-3.3.27-3.18.1 * gnutls-3.3.27-3.18.1 * libgnutls28-3.3.27-3.18.1 * libgnutls-openssl27-debuginfo-3.3.27-3.18.1 * libgnutls28-32bit-3.3.27-3.18.1 * gnutls-debuginfo-3.3.27-3.18.1 * libgnutls-devel-3.3.27-3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2025-9820.html * https://www.suse.com/security/cve/CVE-2026-33845.html * https://www.suse.com/security/cve/CVE-2026-33846.html * https://www.suse.com/security/cve/CVE-2026-42009.html * https://bugzilla.suse.com/show_bug.cgi?id=1263704 * https://bugzilla.suse.com/show_bug.cgi?id=1263705 *https://bugzilla.suse.com/show_bug.cgi?id=1263708 . A critical update is available to address four important security issues in gnutls, enhancing system protection for SUSE users.. SUSE security update, gnutls patch, important security issues, Linux vulnerabilities, system protection. . Severity: Important. LinuxSecurity.com Team
Jun 11, 2026
•Important
SuSE
202
security advisorymoderatesecurity issueopenSUSE Tumbleweed libIex Moderate Security Advisory 2026-10985-1
An update that solves 2 vulnerabilities can now be installed.. # libIex-3_4-33-3.4.12-1.1 on GA media Announcement ID: openSUSE-SU-2026:10985-1 Rating: moderate Cross-References: * CVE-2026-44663 * CVE-2026-45696 Affected Products: * openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the libIex-3_4-33-3.4.12-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * libIex-3_4-33 3.4.12-1.1 * libIex-3_4-33-32bit 3.4.12-1.1 * libIex-3_4-33-x86-64-v3 3.4.12-1.1 * libIlmThread-3_4-33 3.4.12-1.1 * libIlmThread-3_4-33-32bit 3.4.12-1.1 * libIlmThread-3_4-33-x86-64-v3 3.4.12-1.1 * libOpenEXR-3_4-33 3.4.12-1.1 * libOpenEXR-3_4-33-32bit 3.4.12-1.1 * libOpenEXR-3_4-33-x86-64-v3 3.4.12-1.1 * libOpenEXRCore-3_4-33 3.4.12-1.1 * libOpenEXRCore-3_4-33-32bit 3.4.12-1.1 * libOpenEXRCore-3_4-33-x86-64-v3 3.4.12-1.1 * libOpenEXRUtil-3_4-33 3.4.12-1.1 * libOpenEXRUtil-3_4-33-32bit 3.4.12-1.1 * libOpenEXRUtil-3_4-33-x86-64-v3 3.4.12-1.1 * openexr 3.4.12-1.1 * openexr-devel 3.4.12-1.1 * openexr-doc 3.4.12-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-44663.html * https://www.suse.com/security/cve/CVE-2026-45696.html . Update available for openSUSE Tumbleweed addresses 2 moderate issues in libIex-3_4-33-33 package.. openSUSE Tumbleweed, libIex, moderate security, software update. . Severity: moderate. LinuxSecurity.com Team
Jun 11, 2026
•moderate
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!