This update for gegl fixes the following issue:
* CVE-2026-2049: improper validation of the length of user-supplied data when
parsing HDR files can lead to a heap buffer overflow (bsc#1259749).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Workstation Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1481=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1481=1
* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1481=1
* SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64)
* gegl-debuginfo-0.4.46-150600.4.8.2
* gegl-0_4-0.4.46-150600.4.8.2
* gegl-debugsource-0.4.46-150600.4.8.2
* gegl-0_4-debuginfo-0.4.46-150600.4.8.2
* libgegl-0_4-0-0.4.46-150600.4.8.2
* libgegl-0_4-0-debuginfo-0.4.46-150600.4.8.2
* typelib-1_0-Gegl-0_4-0.4.46-150600.4.8.2
* gegl-devel-0.4.46-150600.4.8.2
* SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch)
* gegl-0_4-lang-0.4.46-150600.4.8.2
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* gegl-debuginfo-0.4.46-150600.4.8.2
* gegl-0_4-0.4.46-150600.4.8.2
* gegl-debugsource-0.4.46-150600.4.8.2
* gegl-0_4-debuginfo-0.4.46-150600.4.8.2
* gegl-doc-0.4.46-150600.4.8.2
* libgegl-0_4-0-0.4.46-150600.4.8.2
* libgegl-0_4-0-debuginfo-0.4.46-150600.4.8.2
* typelib-1_0-Gegl-0_4-0.4.46-150600.4.8.2
* gegl-devel-0.4.46-150600.4.8.2
* gegl-0.4.46-150600.4.8.2
* openSUSE Leap 15.6 (noarch)
* gegl-0_4-lang-0.4.46-150600.4.8.2
* openSUSE Leap 15.6 (x86_64)
*...
Read the Full Advisory* bsc#1259749
## References:
* https://www.suse.com/security/cve/CVE-2026-2049.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259749
Get the latest Linux and open source security news straight to your inbox.