Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

openSUSE Leap 16.0 Moderate himmelblau Local Escalation Vulnerability

opensuse
Calendar Grey May 4, 2026
Dist Opensuse Esm H88
Learn about the moderate security update for himmelblau on openSUSE Leap 16.0, addressing privilege escalation and bugs.
An update that solves one vulnerability and has 2 bug fixes can now be installed.

Description

This update for himmelblau fixes the following issues:

Update to version 2.3.9+git0.a9fd29b.

Security issues fixed:

- CVE-2026-34397: Fixed naming collision that can lead to local privilege escalation (bsc#1261324).

Other updates and bugfixes:

- update aws-lc-sys to 0.39.0 for security fixes

- update rustls-webpki to 0.103.10 for CRL revocation fix

- Version 2.3.9:

* packaging: fix if/else block for debian's postrm

* Update apparmor.unix-chkpwd.local (Issue #1252)

* When Hello user encounters SSPR demand, be permissive

* add tests for sudo_groups functionality

* Fix config tests to ignore local host config

* Do not clear $NOTIFY_SOCKET when calling sd_ready

* Fix token cache 24h purge

* broker: use SSO server nonce for PRT only when provided

* Fix pam_himmelblau blocking local user password changes (#1199)

* Remove unused File import

* Use is_ascii_alphanumeric() for account_id validation

* Fix path traversal in LoadProfilePhoto AccountsService writes

*...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

himmelblau-2.3.9+git0.a9fd29b-160000.1.1

himmelblau-qr-greeter-2.3.9+git0.a9fd29b-160000.1.1

himmelblau-sshd-config-2.3.9+git0.a9fd29b-160000.1.1

himmelblau-sso-2.3.9+git0.a9fd29b-160000.1.1

libnss_himmelblau2-2.3.9+git0.a9fd29b-160000.1.1

pam-himmelblau-2.3.9+git0.a9fd29b-160000.1.1

References

* bsc#1261324

* bsc#1261613

References:

* https://www.suse.com/security/cve/CVE-2026-34397.html

Announcement ID: openSUSE-SU-2026:20658-1
Rating: moderate
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here