Alerts This Week
Warning Icon 1 1,529
Alerts This Week
Warning Icon 1 1,529

SUSE Linux Enterprise 16.0 Mutt Moderate Cryptographic Issues 2026-22340-1

suse
Calendar Grey July 1, 2026
Dist Suse Esm H88
Update for SUSE addresses six issues in mutt, including security weaknesses that require attention. Install recommended patches.
An update that solves six vulnerabilities and has one fix can now be installed.

Summary

## This update for mutt fixes the following issues * CVE-2026-43859: `strfcpy` used instead of `memcpy` for the IMAP `auth_cram` MD5 digest (bsc#1263897). * CVE-2026-43860: truncation of `hash_passwd` by one byte for IMAP `auth_cram` MD5 digest (bsc#1263896). * CVE-2026-43861: missing check for `\0` in `url_pct_decode` (bsc#1263895). * CVE-2026-43862: mishandling of the `imap_auth_gss` security level (bsc#1263894). * CVE-2026-43863: infinite loop in `data_object_to_stream` in `crypt-gpgme.c` (bsc#1263893). * CVE-2026-43864: NULL pointer dereference in function `show_sig_summary` (bsc#1263892). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

* bsc#1263892

* bsc#1263893

* bsc#1263894

* bsc#1263895

* bsc#1263896

* bsc#1263897

* bsc#1264047

Cross-

* CVE-2026-43859

* CVE-2026-43860

* CVE-2026-43861

* CVE-2026-43862

* CVE-2026-43863

* CVE-2026-43864

CVSS scores:

* CVE-2026-43859 ( SUSE ): 6.3

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2026-43859 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

* CVE-2026-43859 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

* CVE-2026-43860 ( SUSE ): 6.3

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2026-43860 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

* CVE-2026-43860 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

* CVE-2026-43861 ( SUSE ): 6.9

Severity
moderate
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:22340-1
Release Date: 2026-06-22T14:45:20Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here