Explore top 10 tips to secure your open-source projects now. Read More
×
This update for warewulf4 fixes the following issues:
Update to v4.7.0.
Security issues fixed:
* CVE-2025-69725: incorrect input validation in the `RedirectSlashes` function
can lead to an open redirect (bsc#1258511).
* CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport
when given bad `SETTINGS_MAX_FRAME_SIZE` can lead to a denial of service
(bsc#1265653).
* CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a
missing encrypted key can lead to a denial of service (bsc#1262810).
* CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only
Punycode-encoded labels allows for validation bypass and privilege
escalation (bsc#1266483).
Other updates and bugfixes:
* Add correct flag `--update-overlays` fix (bsc#1268790).
* v4.7.0:
* New `wwctl` unset command
* Refactored server routes (URLs)
* New `/files/` route for serving individual files and templates
* Server TLS support
* Removed...
Read the Full Advisory## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2830=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2830=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2830=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2830=1
* HPC Module 15-SP7
zypper in -t patch SUSE-SLE-Module-HPC-15-SP7-2026-2830=1
* openSUSE Leap 15.5 (noarch)
* warewulf4-dracut-4.7.0-150500.6.42.1
* warewulf4-reference-doc-4.7.0-150500.6.42.1
* warewulf4-man-4.7.0-150500.6.42.1
* warewulf4-overlay-rke2-4.7.0-150500.6.42.1
* openSUSE Leap 15.5 (aarch64 x86_64)
* warewulf4-overlay-4.7.0-150500.6.42.1
* warewulf4-4.7.0-150500.6.42.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* warewulf4-overlay-4.7.0-150500.6.42.1
* warewulf4-4.7.0-150500.6.42.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* warewulf4-dracut-4.7.0-150500.6.42.1
* warewulf4-man-4.7.0-150500.6.42.1
* warewulf4-reference-doc-4.7.0-150500.6.42.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* warewulf4-overlay-4.7.0-150500.6.42.1
* warewulf4-4.7.0-150500.6.42.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* warewulf4-dracut-4.7.0-150500.6.42.1
* warewulf4-man-4.7.0-150500.6.42.1
* warewulf4-reference-doc-4.7.0-150500.6.42.1
* HPC Module 15-SP7...
Read the Full Advisory* bsc#1254470
* bsc#1258511
* bsc#1262810
* bsc#1265653
* bsc#1266483
* bsc#1268790
## References:
* https://www.suse.com/security/cve/CVE-2025-69725.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-34986.html
* https://www.suse.com/security/cve/CVE-2026-39821.html
* https://bugzilla.suse.com/show_bug.cgi?id=1254470
* https://bugzilla.suse.com/show_bug.cgi?id=1258511
* https://bugzilla.suse.com/show_bug.cgi?id=1262810
* https://bugzilla.suse.com/show_bug.cgi?id=1265653
* https://bugzilla.suse.com/show_bug.cgi?id=1266483
* https://bugzilla.suse.com/show_bug.cgi?id=1268790
Get the latest Linux and open source security news straight to your inbox.