This update for himmelblau fixes the following issues:
Update to version 2.3.9+git0.a9fd29b.
Security issues fixed:
- CVE-2026-34397: Fixed naming collision that can lead to local privilege escalation (bsc#1261324).
Other updates and bugfixes:
- update aws-lc-sys to 0.39.0 for security fixes
- update rustls-webpki to 0.103.10 for CRL revocation fix
- Version 2.3.9:
* packaging: fix if/else block for debian's postrm
* Update apparmor.unix-chkpwd.local (Issue #1252)
* When Hello user encounters SSPR demand, be permissive
* add tests for sudo_groups functionality
* Fix config tests to ignore local host config
* Do not clear $NOTIFY_SOCKET when calling sd_ready
* Fix token cache 24h purge
* broker: use SSO server nonce for PRT only when provided
* Fix pam_himmelblau blocking local user password changes (#1199)
* Remove unused File import
* Use is_ascii_alphanumeric() for account_id validation
* Fix path traversal in LoadProfilePhoto AccountsService writes
*...
Read the Full Advisory- openSUSE Leap 16.0:
himmelblau-2.3.9+git0.a9fd29b-160000.1.1
himmelblau-qr-greeter-2.3.9+git0.a9fd29b-160000.1.1
himmelblau-sshd-config-2.3.9+git0.a9fd29b-160000.1.1
himmelblau-sso-2.3.9+git0.a9fd29b-160000.1.1
libnss_himmelblau2-2.3.9+git0.a9fd29b-160000.1.1
pam-himmelblau-2.3.9+git0.a9fd29b-160000.1.1
* bsc#1261324
* bsc#1261613
References:
* https://www.suse.com/security/cve/CVE-2026-34397.html
Get the latest Linux and open source security news straight to your inbox.