This update for erlang26 fixes the following issues
Security issues:
* CVE-2026-21620: remote arbitrary read/write via TFTP relative path traversal
(bsc#1258663).
* CVE-2026-23941: HTTP Request Smuggling in Erlang OTP (bsc#1259687).
* CVE-2026-23942: path traversal vulnerability in Erlang OTP (bsc#1259681).
* CVE-2026-23943: denial of service due to improper handling of highly
compressed data in Erlang OTP ssh (bsc#1259682).
* CVE-2026-28808: incorrect authorization can lead to unauthenticated access
to protected CGI scripts (bsc#1261728).
* CVE-2026-32147: Improper Limitation of a Pathname to a Restricted Directory
('Path Traversal') in SFTP chroot (bsc#1262503).
Non security issue:
* Fixes for FIPS mode (jsc#PED-15166.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-2010=1
* Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-2010=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2010=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2010=1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* erlang26-diameter-src-26.2.1-150300.7.25.1
* erlang26-et-src-26.2.1-150300.7.25.1
* erlang26-diameter-26.2.1-150300.7.25.1
* erlang26-observer-src-26.2.1-150300.7.25.1
* erlang26-debugger-src-26.2.1-150300.7.25.1
* erlang26-reltool-src-26.2.1-150300.7.25.1
* erlang26-dialyzer-debuginfo-26.2.1-150300.7.25.1
* erlang26-jinterface-src-26.2.1-150300.7.25.1
* erlang26-src-26.2.1-150300.7.25.1
* erlang26-dialyzer-26.2.1-150300.7.25.1
* erlang26-debugger-26.2.1-150300.7.25.1
* erlang26-et-26.2.1-150300.7.25.1
* erlang26-reltool-26.2.1-150300.7.25.1
* erlang26-dialyzer-src-26.2.1-150300.7.25.1
* erlang26-wx-debuginfo-26.2.1-150300.7.25.1
* erlang26-debuginfo-26.2.1-150300.7.25.1
* erlang26-debugsource-26.2.1-150300.7.25.1
* erlang26-doc-26.2.1-150300.7.25.1
* erlang26-epmd-debuginfo-26.2.1-150300.7.25.1
* erlang26-epmd-26.2.1-150300.7.25.1
* erlang26-jinterface-26.2.1-150300.7.25.1
* erlang26-26.2.1-150300.7.25.1
* erlang26-wx-26.2.1-150300.7.25.1
*...
Read the Full Advisory* bsc#1258663
* bsc#1259681
* bsc#1259682
* bsc#1259687
* bsc#1261728
* bsc#1262503
* jsc#PED-15166
## References:
* https://www.suse.com/security/cve/CVE-2026-21620.html
* https://www.suse.com/security/cve/CVE-2026-23941.html
* https://www.suse.com/security/cve/CVE-2026-23942.html
* https://www.suse.com/security/cve/CVE-2026-23943.html
* https://www.suse.com/security/cve/CVE-2026-28808.html
* https://www.suse.com/security/cve/CVE-2026-32147.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258663
* https://bugzilla.suse.com/show_bug.cgi?id=1259681
* https://bugzilla.suse.com/show_bug.cgi?id=1259682
* https://bugzilla.suse.com/show_bug.cgi?id=1259687
* https://bugzilla.suse.com/show_bug.cgi?id=1261728
* https://bugzilla.suse.com/show_bug.cgi?id=1262503
* https://jira.suse.com/browse/PED-15166
Get the latest Linux and open source security news straight to your inbox.