Explore top 10 tips to secure your open-source projects now. Read More
×
This update for patch fixes the following issues
- CVE-2026-56288: crafted unified-diff patch file can cause null pointer derefence (bsc#1271167).
- CVE-2026-56289: improper validation of hunk line offsets can lead to denial of service (bsc#1271166).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1236=1
- openSUSE Leap 16.0:
patch-2.7.6-160000.4.1
* bsc#1271166
* bsc#1271167
References:
* https://www.suse.com/security/cve/CVE-2026-56288.html
* https://www.suse.com/security/cve/CVE-2026-56289.html
Get the latest Linux and open source security news straight to your inbox.