Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

SUSE Linux Micro SSH Vulnerability Exploit Creates Unauthorized Access Risk

suse
Calendar Grey February 5, 2026
Dist Suse Esm H88
Critical security update for CUPS addresses major vulnerabilities including DoS and authentication bypass for SUSE systems.
An update that solves four vulnerabilities, contains two features and has one fix can now be installed.

Summary

## This update for cups fixes the following issues: Update to version 2.4.16. Security issues fixed: * CVE-2025-61915: local denial-of-service via cupsd.conf update and related issues (bsc#1253783). * CVE-2025-58436: slow client communication leads to a possible DoS attack (bsc#1244057). * CVE-2025-58364: unsafe deserialization and validation of printer attributes can cause a null dereference (bsc#1249128). * CVE-2025-58060: authentication bypass with AuthType Negotiate (bsc#1249049). Other updates and bugfixes: * Version upgrade to 2.4.16: * 'cupsUTF8ToCharset' didn't validate 2-byte UTF-8 sequences, potentially reading past the end of the source string (Issue #1438) * The web interface did not support domain usernames fully (Issue #1441)

References

* bsc#1244057

* bsc#1249049

* bsc#1249128

* bsc#1253783

* bsc#1254353

* jsc#PED-14688

* jsc#PED-14775

Cross-

* CVE-2025-58060

* CVE-2025-58364

* CVE-2025-58436

* CVE-2025-61915

CVSS scores:

* CVE-2025-58060 ( SUSE ): 7.7

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-58060 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-58060 ( NVD ): 8.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

* CVE-2025-58364 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-58364 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-58436 ( SUSE ): 8.2

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-58436 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:20229-1
Release Date: 2026-02-04T11:35:17Z
Rating: critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here