This update for pacemaker fixes the following issue
* CVE-2026-10649: denial of service via integer overflow in remote message
decompression (bsc#1268381).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2026-2742=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2742=1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* pacemaker-remote-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-2.1.2+20211124.ada5c3b36-150400.4.39.1
* libpacemaker3-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.39.1
* libpacemaker3-2.1.2+20211124.ada5c3b36-150400.4.39.1
* libpacemaker-devel-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-remote-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-debugsource-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-cli-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-cli-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.39.1
* openSUSE Leap 15.4 (noarch)
* pacemaker-cts-2.1.2+20211124.ada5c3b36-150400.4.39.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* pacemaker-remote-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-2.1.2+20211124.ada5c3b36-150400.4.39.1
* libpacemaker3-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.39.1
*...
Read the Full Advisory* bsc#1268381
## References:
* https://www.suse.com/security/cve/CVE-2026-10649.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268381
Get the latest Linux and open source security news straight to your inbox.