This update for micropython fixes the following issues:
- CVE-2026-1998: Fixed a segmentation fault in 'mp_map_lookup' via
'mp_import_all' (boo#1257803)
- Version 1.26.1
* esp32: update esp_tinyusb component to v1.7.6
* tools: add an environment variable MICROPY_MAINTAINER_BUILD
* esp32: add IDF Component Lockfiles to git repo
* shared/tinyusb: fix hang from new tx_overwritabe_if_not_connected flag
* shared/tinyusb/mp_usbd_cdc: rewrite USB CDC TX loop
* tools/mpremote: don't apply Espressif DTR/RTS quirk to TinyUSB CDC dev
- Fix building on single core systems
* Skip tests/thread/stress_schedule.py when single core system detected
- Build with mbedtls-3.6.5 instead of bundled 3.6.2 to fix CVE-2025-59438
- Version 1.26.0
* Added machine.I2CTarget for creating I2C target devices on multiple
ports.
* New MCU support: STM32N6xx (800 MHz, ML accel) and ESP32-C2 (WiFi +
BLE).
* Major float accuracy...
Read the Full AdvisoryPatch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-50=1
- openSUSE Backports SLE-15-SP7 (aarch64 x86_64):
micropython-1.26.1-bp157.5.1
mpy-tools-1.26.1-bp157.5.1
- openSUSE Backports SLE-15-SP7 (noarch):
mpremote-1.26.1-bp157.5.1
https://www.suse.com/security/cve/CVE-2025-59438.html
https://www.suse.com/security/cve/CVE-2026-1998.html
https://bugzilla.suse.com/1257803
Get the latest Linux and open source security news straight to your inbox.