Alerts This Week
Warning Icon 1 566
Alerts This Week
Warning Icon 1 566

SUSE 2026 Protobuf Moderate Security Updates SUSE-SU-2026-1653-1

suse
Calendar Grey April 29, 2026
Dist Suse Esm H88
Update addresses moderate security issues in protobuf affecting multiple SUSE Linux products. Immediate patch recommended.
An update that solves two vulnerabilities and has one security fix can now be installed.

Summary

## This update for protobuf fixes the following issues: Refresh fixes: * CVE-2025-4565: parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages can lead to crash due to RecursionError (bsc#1244663). * CVE-2026-0994: `max_recursion_depth` limit can be bypassed when parsing nested `google.protobuf.Any` messages and lead to the exhaustion of the Python recursion stack (bsc#1257173). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1653=1 * SUSE Linux Enterprise Micro 5.3

Topics%20covered

Topics Covered

security advisory moderate SuSE arbitrary code execution python protobuf

References

* bsc#1244663

* bsc#1257173

* bsc#1260019

Cross-

* CVE-2025-4565

* CVE-2026-0994

CVSS scores:

* CVE-2025-4565 ( SUSE ): 8.2

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-4565 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-4565 ( NVD ): 8.2

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-4565 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2026-0994 ( SUSE ): 8.2

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2026-0994 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-0994 ( NVD ): 8.2

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:1653-1
Release Date: 2026-04-29T00:46:40Z
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate SuSE arbitrary code execution python protobuf

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here