Alerts This Week
Warning Icon 1 1,039
Alerts This Week
Warning Icon 1 1,039

openSUSE 2026-0214-1 mbedtls Important Buffer Handling Issues

opensuse
Calendar Grey June 25, 2026
Dist Opensuse Esm H88
Update available for openSUSE addressing 6 security issues in mbedtls, ensuring system safety with recommended patches.
An update that fixes 6 vulnerabilities is now available.

Description

This update for mbedtls fixes the following issues:

- Update to the 3.6 LTS line (3.6.6) to fix several security issues; this

bumps the SONAMEs (libmbedtls20 -> libmbedtls21, libmbedcrypto15 ->

libmbedcrypto16, libmbedx509-6 -> libmbedx509-7):

* CVE-2025-49600: possible LMS signature forgery due to unchecked return

values in mbedtls_lms_verify (boo#1245808)

* CVE-2025-49601: out-of-bounds read in mbedtls_lms_import_public_key on

truncated input (boo#1245809)

* CVE-2025-52496: race condition in AESNI detection allowing AES key

extraction or GCM forgery (boo#1245810)

* CVE-2025-52497: one-byte heap buffer underflow in PEM parsing

(boo#1245811)

* CVE-2025-59438: observable timing discrepancy (padding

oracle) in CBC-PKCS7 (boo#1252454)

* CVE-2026-34874: NULL pointer dereference in X.509 distinguished-name

parsing (boo#1261527)

- Ship the pkg-config files in the -devel subpackage

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow important OpenSUSE mbedtls

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-214=1

Package List

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

libeverest-3.6.6-bp157.2.3.1

libmbedcrypto16-3.6.6-bp157.2.3.1

libmbedtls21-3.6.6-bp157.2.3.1

libmbedx509-7-3.6.6-bp157.2.3.1

libp256m-3.6.6-bp157.2.3.1

mbedtls-devel-3.6.6-bp157.2.3.1

- openSUSE Backports SLE-15-SP7 (aarch64_ilp32):

libeverest-64bit-3.6.6-bp157.2.3.1

libmbedcrypto16-64bit-3.6.6-bp157.2.3.1

libmbedtls21-64bit-3.6.6-bp157.2.3.1

libmbedx509-7-64bit-3.6.6-bp157.2.3.1

libp256m-64bit-3.6.6-bp157.2.3.1

- openSUSE Backports SLE-15-SP7 (x86_64):

libeverest-32bit-3.6.6-bp157.2.3.1

libmbedcrypto16-32bit-3.6.6-bp157.2.3.1

libmbedtls21-32bit-3.6.6-bp157.2.3.1

libmbedx509-7-32bit-3.6.6-bp157.2.3.1

libp256m-32bit-3.6.6-bp157.2.3.1

References

https://www.suse.com/security/cve/CVE-2025-49600.html

https://www.suse.com/security/cve/CVE-2025-49601.html

https://www.suse.com/security/cve/CVE-2025-52496.html

https://www.suse.com/security/cve/CVE-2025-52497.html

https://www.suse.com/security/cve/CVE-2025-59438.html

https://www.suse.com/security/cve/CVE-2026-34874.html

https://bugzilla.suse.com/1245808

https://bugzilla.suse.com/1245809

https://bugzilla.suse.com/1245810

https://bugzilla.suse.com/1245811

https://bugzilla.suse.com/1252454

https://bugzilla.suse.com/1261527

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:0214-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP7

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow important OpenSUSE mbedtls

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here