Alerts This Week
Warning Icon 1 991
Alerts This Week
Warning Icon 1 991

SUSE Linux Enterprise 16 OpenCryptoki CVE-2026-40253 Advisory 21575-1

suse
Calendar Grey May 11, 2026
Dist Suse Esm H88
Update for openCryptoki addresses one fix and vulnerability, essential for system integrity and feature support.
An update that solves one vulnerability, contains one feature and has one fix can now be installed.

Summary

## This update for openCryptoki fixes the following issues Security issue: * CVE-2026-40253: Updated fix for malformed BER-encoded cryptographic objects (bsc#1262283). Non security issue: * Refactored .spec file to fully support transactional and immutable operating systems (jsc#PED-14609): * Migrated user and group creation (pkcs11, pkcsslotd) from imperative %pre shell commands to declarative systemd-sysusers configuration. * Replaced manual /var directory tracking and %ghost directives with comprehensive systemd-tmpfiles configurations. * Implemented dynamic, architecture-specific tmpfiles.d generation to properly provision hardware-specific token directories (e.g., ccatok, ep11tok, lite, and HSM_MK_CHANGE). * Fixed permissions for /run/opencryptoki within tmpfiles.d to ensure the

Topics%20covered

Topics Covered

security advisory moderate patch OpenSUSE cve-2026-40253 malformed objects

References

* bsc#1262283

* bsc#1263819

* jsc#PED-14609

Cross-

* CVE-2026-40253

CVSS scores:

* CVE-2026-40253 ( SUSE ): 7.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2026-40253 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

* CVE-2026-40253 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

* CVE-2026-40253 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Affected Products:

* SUSE Linux Enterprise Server 16.0

* SUSE Linux Enterprise Server for SAP applications 16.0

An update that solves one vulnerability, contains one feature and has one fix

can now be installed.

##

* https://www.suse.com/security/cve/CVE-2026-40253.html

* https://bugzilla.suse.com/show_bug.cgi?id=1262283

* https://bugzilla.suse.com/show_bug.cgi?id=1263819

Announcement ID: SUSE-SU-2026:21575-1
Release Date: 2026-05-07T09:52:13Z
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate patch OpenSUSE cve-2026-40253 malformed objects

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here