Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

openSUSE Hauler Important Update Fixes 6 Issues 2026-21262-1

opensuse
Calendar Grey July 8, 2026
Dist Opensuse Esm H88
This update for openSUSE solves 6 issues in hauler with 2 important bug fixes to enhance system security and performance.
An update that solves 6 vulnerabilities and has 2 bug fixes can now be installed.

Description

This update for hauler fixes the following issues:

Changes in hauler:

- update to 2.0.1 (bsc#1269433, CVE-2026-48702):

* bump go to 1.26.4 to squash CVE noise

* Full v2 Release notes: https://github.com/hauler-

dev/hauler/releases/tag/v2.0.0

- update to 2.0.0:

* `v2.0.0` is a **major** release. It replaces Hauler's entire

OCI plumbing... the ORAS v1 dependency and the in-house

cosign fork with a native containerd based implementation,

drops the deprecated `v1alpha1` API, and layers on a

meaningful set of new capabilities and reliability fixes on

top of that new foundation.

* **Removed the ORAS v1 dependency** - push/pull is now driven

directly by containerd's docker resolver and `google/go-

containerregistry`, new `pkg/content/registry.go`

(`RegistryTarget`) and `pkg/content/types.go` (`Target`

interface, `IoContentWriter`) replaces what ORAS used to own.

* **Removed the hauler-maintained cosign fork** - `pkg/cosign`

is now a...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

hauler-2.0.1-bp160.1.1

References

* bsc#1267150

* bsc#1269433

References:

* https://www.suse.com/security/cve/CVE-2026-25680.html

* https://www.suse.com/security/cve/CVE-2026-25681.html

* https://www.suse.com/security/cve/CVE-2026-27136.html

* https://www.suse.com/security/cve/CVE-2026-42502.html

* https://www.suse.com/security/cve/CVE-2026-42506.html

* https://www.suse.com/security/cve/CVE-2026-48702.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21262-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.