Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

openSUSE Leap 16.0 Advisory 2026-20742-1 ongres-scram Moderate Risk

opensuse
Calendar Grey May 19, 2026
Dist Opensuse Esm H88
Install openSUSE security update addressing the timing attack in ongres-scram and related fixes. Patch available now.
An update that solves one vulnerability and has one bug fix can now be installed.

Description

This update for ongres-scram, ongres-stringprep, plexus-testing, maven, maven-doxia, mojo-parent, sisu fixes the following issues:

Changes in ongres-scram:

- Version 3.2

* Fix Timing Attack Vulnerability in SCRAM Authentication

(bsc#1250399, CVE-2025-59432)

* Updated dependencies and maven plugins

* Use central-publishing-maven-plugin to deploy to Maven Central.

- Do not create multirelease jar if the only Java 9+ class file is

module-info.class

Changes in ongres-stringprep:

- Do not create multirelease jar if the only Java 9+ class file is

module-info.class

Changes in plexus-testing:

- The build without tests does not need the full junit5; the

junit5-minimal (built with ant) is enough

Changes in maven:

- Upgrade to upstream version 3.9.14

* Bug Fixes

+ plexus-testing dependencies should be used in test scope

- Upgrade to upstream version 3.9.13

* Bug Fixes

+ Bug: SecDispatcher is managed by legacy Plexus DI

+ [3.9.x]...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

maven-3.9.14-160000.1.1

maven-doxia-core-2.1.0-160000.1.1

maven-doxia-javadoc-2.1.0-160000.1.1

maven-doxia-module-apt-2.1.0-160000.1.1

maven-doxia-module-fml-2.1.0-160000.1.1

maven-doxia-module-xdoc-2.1.0-160000.1.1

maven-doxia-module-xhtml5-2.1.0-160000.1.1

maven-doxia-sink-api-2.1.0-160000.1.1

maven-doxia-test-docs-2.1.0-160000.1.1

maven-javadoc-3.9.14-160000.1.1

maven-lib-3.9.14-160000.1.1

mojo-parent-82-160000.3.1

ongres-scram-3.2-160000.4.1

ongres-scram-client-3.2-160000.4.1

ongres-scram-javadoc-3.2-160000.4.1

ongres-stringprep-2.2-160000.3.1

ongres-stringprep-javadoc-2.2-160000.3.1

plexus-testing-2.1.0-160000.2.1

plexus-testing-javadoc-2.1.0-160000.2.1

sisu-inject-1.0.0-160000.2.1

sisu-inject-extender-1.0.0-160000.2.1

sisu-javadoc-1.0.0-160000.2.1

sisu-mojos-1.0.0-160000.2.1

sisu-mojos-javadoc-1.0.0-160000.2.1

sisu-plexus-1.0.0-160000.2.1

sisu-plexus-extender-1.0.0-160000.2.1

xmvn-4.3.0-160000.3.3

xmvn-api-4.3.0-160000.3.1

xmvn-connector-4.3.0-160000.3.1

xmvn-connector-javadoc-4.3.0-1600...

Read the Full Advisory

References

* bsc#1250399

References:

* https://www.suse.com/security/cve/CVE-2025-59432.html

Announcement ID: openSUSE-SU-2026:20742-1
Rating: moderate
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here