Explore top 10 tips to secure your open-source projects now. Read More
×
This update for sccache fixes the following issues:
Update to version 0.15.0~17.
* CVE-2023-26964: hyper,h2: high resource consumption due to stream stacking
when H2 component processes `HTTP2 RST_STREAM` frames (bsc#1210346).
* CVE-2024-32650: rust-rustls: infinite loop in
`rustls::conn::ConnectionCommon:complete_io()` when processing client input
network input (bsc#1223238).
* CVE-2025-3416: openssl: use-after-free in `Md::fetch` and `Cipher::fetch`
(bsc#1242611).
* CVE-2026-25727: time: stack exhaustion in the RFC 2822 date parser when
processing certain user provided input (bsc#1257923).
* CVE-2026-41676: openssl: short buffer overflow via `Deriver:derive` and
`PkeyCtxRef:derive` when using OpenSSL 1.1.1 (bsc#1270206).
* CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when
returning an oversized length (bsc#1270559).
* CVE-2026-41678: openssl: OOB write due to incorrect bounds assertion in
`aes::unwrap_key()`...
Read the Full Advisory## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3022=1
* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-3022=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3022=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3022=1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* sccache-debuginfo-0.16.0~0-150600.10.11.1
* sccache-0.16.0~0-150600.10.11.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* sccache-debuginfo-0.16.0~0-150600.10.11.1
* sccache-0.16.0~0-150600.10.11.1
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* sccache-debuginfo-0.16.0~0-150600.10.11.1
* sccache-debugsource-0.16.0~0-150600.10.11.1
* sccache-0.16.0~0-150600.10.11.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* sccache-debuginfo-0.16.0~0-150600.10.11.1
* sccache-0.16.0~0-150600.10.11.1
* bsc#1210346
* bsc#1223238
* bsc#1229955
* bsc#1242611
* bsc#1243868
* bsc#1257923
* bsc#1270206
* bsc#1270512
* bsc#1270559
* bsc#1270693
* bsc#1270736
* bsc#1270869
* bsc#1270938
* bsc#1270948
## References:
* https://www.suse.com/security/cve/CVE-2023-26964.html
* https://www.suse.com/security/cve/CVE-2024-12224.html
* https://www.suse.com/security/cve/CVE-2024-32650.html
* https://www.suse.com/security/cve/CVE-2024-43806.html
* https://www.suse.com/security/cve/CVE-2025-3416.html
* https://www.suse.com/security/cve/CVE-2026-25727.html
* https://www.suse.com/security/cve/CVE-2026-41676.html
* https://www.suse.com/security/cve/CVE-2026-41677.html
* https://www.suse.com/security/cve/CVE-2026-41678.html
* https://www.suse.com/security/cve/CVE-2026-41681.html
* https://www.suse.com/security/cve/CVE-2026-41898.html
* https://www.suse.com/security/cve/CVE-2026-42327.html
* https://www.suse.com/security/cve/CVE-2026-44662.html
* https://www.suse.com/security/cve/CVE-2026-45784.html
*...
Read the Full AdvisoryGet the latest Linux and open source security news straight to your inbox.