Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

openSUSE Apptainer Important DoS Buffer Overflow Fixes SUSE-SU-2026-2609-1

opensuse
Calendar Grey June 24, 2026
Scroller Opensuse
# Security update for apptainer Announcement ID: SUSE-SU-2026:2609-1 Release Date: 2026-06-24T08:46:
An update that solves 19 vulnerabilities can now be installed.

Description

This update for apptainer fixes the following issues

* CVE-2026-24137: github.com/sigstore/sigstore/pkg/tuf: legacy TUF client

allows for arbitrary file writes with target cache path traversal

(bsc#1264177).

* CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper

validation of the HTTP/2: path pseudo- header (bsc#1260311).

* CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport

when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1265844).

* CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3:

crafted JWE input with a missing encrypted key can lead to a denial of

service (bsc#1262956).

* CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only

Punycode-encoded labels allows for validation bypass and privilege

escalation (bsc#1266656).

* CVE-2026-39827: memory leak when rejecting channels can lead to DoS in

golang.org/x/crypto/ssh (bsc#1266202).

* CVE-2026-39828:...

Read the Full Advisory

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* HPC Module 15-SP7

zypper in -t patch SUSE-SLE-Module-HPC-15-SP7-2026-2609=1

* SUSE Linux Enterprise Server 15 SP6 LTSS

zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2609=1

* openSUSE Leap 15.6

zypper in -t patch SUSE-2026-2609=1

Package List

* openSUSE Leap 15.6 (aarch64 x86_64)

* apptainer-debuginfo-1.5.1-150600.4.24.1

* apptainer-1.5.1-150600.4.24.1

* openSUSE Leap 15.6 (noarch)

* apptainer-sle15_6-1.5.1-150600.4.24.1

* apptainer-leap-1.5.1-150600.4.24.1

* apptainer-sle15_7-1.5.1-150600.4.24.1

* apptainer-sle16-1.5.1-150600.4.24.1

* HPC Module 15-SP7 (aarch64 x86_64)

* apptainer-debuginfo-1.5.1-150600.4.24.1

* apptainer-1.5.1-150600.4.24.1

* HPC Module 15-SP7 (noarch)

* apptainer-sle15_7-1.5.1-150600.4.24.1

* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 x86_64)

* apptainer-debuginfo-1.5.1-150600.4.24.1

* apptainer-1.5.1-150600.4.24.1

* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)

* apptainer-sle15_6-1.5.1-150600.4.24.1

References

* bsc#1260311

* bsc#1262956

* bsc#1264177

* bsc#1265844

* bsc#1266202

* bsc#1266656

* bsc#1267982

## References:

* https://www.suse.com/security/cve/CVE-2026-24137.html

* https://www.suse.com/security/cve/CVE-2026-33186.html

* https://www.suse.com/security/cve/CVE-2026-33814.html

* https://www.suse.com/security/cve/CVE-2026-34986.html

* https://www.suse.com/security/cve/CVE-2026-39821.html

* https://www.suse.com/security/cve/CVE-2026-39827.html

* https://www.suse.com/security/cve/CVE-2026-39828.html

* https://www.suse.com/security/cve/CVE-2026-39829.html

* https://www.suse.com/security/cve/CVE-2026-39830.html

* https://www.suse.com/security/cve/CVE-2026-39831.html

* https://www.suse.com/security/cve/CVE-2026-39832.html

* https://www.suse.com/security/cve/CVE-2026-39833.html

* https://www.suse.com/security/cve/CVE-2026-39834.html

* https://www.suse.com/security/cve/CVE-2026-39835.html

* https://www.suse.com/security/cve/CVE-2026-42508.html

* https://www.suse.com/security/cve/CVE-2026-46595.html

*...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2609-1
Release Date: 2026-06-24T08:46:20Z
Affected Products: * HPC Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.