Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 556
Alerts This Week
Warning Icon 1 556

SUSE 16.0 Util-linux Moderate Buffer Overread Access Control 2026-21158-1

suse
Calendar Grey April 21, 2026
Dist Suse Esm H88
SUSE's util-linux update resolves moderate severity security issues, including access control bypass and buffer overread.
An update that solves two vulnerabilities, contains one feature and has one fix can now be installed.

Summary

## This update for util-linux fixes the following issues: Security issues: * CVE-2025-14104: heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). * CVE-2026-3184: access control bypass due to improper hostname canonicalization in `login` (bsc#1258859). Non security issues: * fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465). * lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-510=1 * SUSE Linux Enterprise Server for SAP applications 16.0

References

* bsc#1222465

* bsc#1254666

* bsc#1258859

* jsc#PED-13682

Cross-

* CVE-2025-14104

* CVE-2026-3184

CVSS scores:

* CVE-2025-14104 ( SUSE ): 6.9

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-14104 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

* CVE-2025-14104 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

* CVE-2026-3184 ( SUSE ): 6.3

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

* CVE-2026-3184 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

* CVE-2026-3184 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products:

* SUSE Linux Enterprise Server 16.0

* SUSE Linux Enterprise Server for SAP applications 16.0

Announcement ID: SUSE-SU-2026:21158-1
Release Date: 2026-04-09T13:00:19Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.