Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 602
Alerts This Week
Warning Icon 1 602

openSUSE systemd Moderate Escape-to-Host Threat 2026-2785-1

opensuse
Calendar Grey July 8, 2026
Dist Opensuse Esm H88
An update for openSUSE addresses a moderate issue in systemd with a risk of escape-to-host attacks.
An update that solves one vulnerability and has three security fixes can now be installed.

Description

This update for systemd, systemd-mini fixes the following issue

Security issues fixed:

* CVE-2026-40226: nspawn: escape-to-host via malformed optional config file

(bsc#1261400).

Other updates and bugfixes:

* Import commit eba1930de8 (bsc#1267647).

* Import commit 5d46cdd987 (bsc#1261982 bsc#1261983).

* Import commit ac1173932c (bsc#1261982).

* Import commit c7f3e89374 (bsc#1261983).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro 5.2

zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-2785=1

* SUSE Linux Enterprise Micro for Rancher 5.2

zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-2785=1

* openSUSE Leap 15.3

zypper in -t patch SUSE-2026-2785=1

Package List

* openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64)

* systemd-sysvinit-246.16-150300.7.74.1

* systemd-mini-246.16-150300.7.74.1

* udev-mini-246.16-150300.7.74.1

* systemd-portable-246.16-150300.7.74.1

* systemd-mini-devel-246.16-150300.7.74.1

* systemd-coredump-debuginfo-246.16-150300.7.74.1

* systemd-container-246.16-150300.7.74.1

* nss-mymachines-debuginfo-246.16-150300.7.74.1

* udev-mini-debuginfo-246.16-150300.7.74.1

* udev-debuginfo-246.16-150300.7.74.1

* systemd-network-debuginfo-246.16-150300.7.74.1

* systemd-mini-debuginfo-246.16-150300.7.74.1

* nss-systemd-debuginfo-246.16-150300.7.74.1

* libudev1-debuginfo-246.16-150300.7.74.1

* systemd-coredump-246.16-150300.7.74.1

* libsystemd0-mini-246.16-150300.7.74.1

* systemd-devel-246.16-150300.7.74.1

* nss-resolve-246.16-150300.7.74.1

* libudev-devel-246.16-150300.7.74.1

* libsystemd0-mini-debuginfo-246.16-150300.7.74.1

* nss-myhostname-246.16-150300.7.74.1

* systemd-246.16-150300.7.74.1

* libsystemd0-debuginfo-246.16-150300.7.74.1

*...

Read the Full Advisory

References

* bsc#1261400

* bsc#1261982

* bsc#1261983

* bsc#1267647

## References:

* https://www.suse.com/security/cve/CVE-2026-40226.html

* https://bugzilla.suse.com/show_bug.cgi?id=1261400

* https://bugzilla.suse.com/show_bug.cgi?id=1261982

* https://bugzilla.suse.com/show_bug.cgi?id=1261983

* https://bugzilla.suse.com/show_bug.cgi?id=1267647

Severity
moderate
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2785-1
Release Date: 2026-07-08T06:48:14Z
Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.