This update for python-zeroconf fixes the following issues:
Changes in python-zeroconf:
- CVE-2026-47180: zeroconf has unbounded recursion in DNS
compression-pointer decoder that allows LAN-local denial of service
(bsc#1268341)
- CVE-2026-47183: zeroconf: Unbounded exception-dedup state retains
packet buffers via traceback frame locals, enabling LAN-local memory
exhaustion (bsc#1268342)
- CVE-2026-47184: zeroconf has unbounded DNS record cache that allows
LAN-local memory exhaustion via multicast flood (bsc#1268343)
- CVE-2026-48045: python-zeroconf: Unbounded TC-deferred queue allows
LAN-local memory exhaustion via spoofed-source flood (bsc#1268388)
- CVE-2026-48487: python-zeroconf: Unvalidated rdlength in record
payload readers allows LAN-local cache corruption via crafted mDNS
packet (bsc#1268235)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
...
Read the Full Advisory- openSUSE Leap 16.0:
python313-zeroconf-0.136.0-bp160.2.1
* bsc#1268235
* bsc#1268341
* bsc#1268342
* bsc#1268343
* bsc#1268388
References:
* https://www.suse.com/security/cve/CVE-2026-47180.html
* https://www.suse.com/security/cve/CVE-2026-47183.html
* https://www.suse.com/security/cve/CVE-2026-47184.html
* https://www.suse.com/security/cve/CVE-2026-48045.html
* https://www.suse.com/security/cve/CVE-2026-48487.html
Get the latest Linux and open source security news straight to your inbox.