Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves one vulnerability can now be installed.. # Security update for sccache Announcement ID: SUSE-SU-2026:2874-1 Release Date: 2026-07-13T09:11:08Z Rating: moderate References: * bsc#1270206 Cross-References: * CVE-2026-41676 CVSS scores: * CVE-2026-41676 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-41676 ( NVD ): 7.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41676 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for sccache fixes the following issue * CVE-2026-41676: openssl: `Deriver:derive` and `PkeyCtxRef:derive` can overflow short buffers on OpenSSL 1.1.1 (bsc#1270206). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2874=1 ## Package List: * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * sccache-0.4.2~4-150400.3.12.1 * sccache-debuginfo-0.4.2~4-150400.3.12.1 * sccache-debugsource-0.4.2~4-150400.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41676.html * https://bugzilla.suse.com/show_bug.cgi?id=1270206 . SUSE updates resolve vulnerabilities in sccache. Install patch to secure against potential buffer overflow attacks.. SUSE, sccache, moderate risk, update, security patch. . LinuxSecurity.com Team
An update that solves four vulnerabilities can now be installed.. # Security update for python-Pillow Announcement ID: SUSE-SU-2026:2875-1 Release Date: 2026-07-13T09:12:44Z Rating: important References: * bsc#1270409 * bsc#1270410 * bsc#1270411 * bsc#1270412 Cross-References: * CVE-2026-54059 * CVE-2026-54060 * CVE-2026-55379 * CVE-2026-55380 CVSS scores: * CVE-2026-54059 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-54059 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-54060 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-54060 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55379 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55379 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55380 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55380 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves four vulnerabilities can now be installed. ## Description: This update for python-Pillow fixes the following issues * CVE-2026-54059: crafted PCF font data can cause excessive memory allocation (bsc#1270409). * CVE-2026-54060: a font can trigger excessive allocation during conversion or saving (bsc#1270410). * CVE-2026-55379: bypass of decompression bomb protection, allowing excessive memory allocation (bsc#1270411). * CVE-2026-55380: crafted .gd file can trigger excessive C-heap allocation when loaded (bsc#1270412). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the commandlisted for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2875=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-2875=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * python-Pillow-debuginfo-7.2.0-150300.3.27.1 * python3-Pillow-debuginfo-7.2.0-150300.3.27.1 * python-Pillow-debugsource-7.2.0-150300.3.27.1 * python3-Pillow-7.2.0-150300.3.27.1 * openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64) * python-Pillow-debuginfo-7.2.0-150300.3.27.1 * python3-Pillow-tk-debuginfo-7.2.0-150300.3.27.1 * python3-Pillow-debuginfo-7.2.0-150300.3.27.1 * python3-Pillow-7.2.0-150300.3.27.1 * python3-Pillow-tk-7.2.0-150300.3.27.1 * python-Pillow-debugsource-7.2.0-150300.3.27.1 ## References: * https://www.suse.com/security/cve/CVE-2026-54059.html * https://www.suse.com/security/cve/CVE-2026-54060.html * https://www.suse.com/security/cve/CVE-2026-55379.html * https://www.suse.com/security/cve/CVE-2026-55380.html * https://bugzilla.suse.com/show_bug.cgi?id=1270409 * https://bugzilla.suse.com/show_bug.cgi?id=1270410 * https://bugzilla.suse.com/show_bug.cgi?id=1270411 * https://bugzilla.suse.com/show_bug.cgi?id=1270412 . Install the important SUSE security update for python-Pillow, addressing memory allocation risks and four vulnerabilities.. python pillow security update, SUSE security advisory, important memory vulnerability, patch instructions for SUSE. . LinuxSecurity.com Team
An update that solves 42 vulnerabilities can now be installed.. # Security update for ImageMagick Announcement ID: SUSE-SU-2026:2877-1 Release Date: 2026-07-13T09:26:30Z Rating: important References: * bsc#1265048 * bsc#1268092 * bsc#1268094 * bsc#1268095 * bsc#1268096 * bsc#1268101 * bsc#1268102 * bsc#1268103 * bsc#1268105 * bsc#1268107 * bsc#1268108 * bsc#1268110 * bsc#1268111 * bsc#1268112 * bsc#1268113 * bsc#1268114 * bsc#1268116 * bsc#1268117 * bsc#1268120 * bsc#1268121 * bsc#1268122 * bsc#1268123 * bsc#1268124 * bsc#1268125 * bsc#1268126 * bsc#1268640 * bsc#1268645 * bsc#1268878 * bsc#1268879 * bsc#1268880 * bsc#1269063 * bsc#1269064 * bsc#1270001 * bsc#1270002 * bsc#1270003 * bsc#1270004 * bsc#1270073 * bsc#1270074 * bsc#1270077 * bsc#1270079 * bsc#1270080 * bsc#1271099 Cross-References: * CVE-2026-40169 * CVE-2026-42050 * CVE-2026-42326 * CVE-2026-45031 * CVE-2026-45358 * CVE-2026-45359 * CVE-2026-45624 * CVE-2026-45664 * CVE-2026-46520 * CVE-2026-46521 * CVE-2026-46522 * CVE-2026-46523 * CVE-2026-46557 * CVE-2026-46559 * CVE-2026-46692 * CVE-2026-46693 * CVE-2026-47165 * CVE-2026-47166 * CVE-2026-48724 * CVE-2026-48734 * CVE-2026-48994 * CVE-2026-49218 * CVE-2026-53460 * CVE-2026-53461 * CVE-2026-53463 * CVE-2026-53464 * CVE-2026-53466 * CVE-2026-53467 * CVE-2026-55594 * CVE-2026-55595 * CVE-2026-55597 * CVE-2026-56361 * CVE-2026-56363 * CVE-2026-56364 * CVE-2026-56365 * CVE-2026-56367 * CVE-2026-56368 * CVE-2026-56370 * CVE-2026-56371 * CVE-2026-56374 * CVE-2026-56376 * CVE-2026-56379 CVSS scores: * CVE-2026-40169 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40169 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40169 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40169 ( NVD ): 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42050 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-42050 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-42326 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-42326 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-42326 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-45031 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-45031 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-45031 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45031 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-45358 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-45358 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-45358 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-45359 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-45359 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L * CVE-2026-45359 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L * CVE-2026-45359 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-45624 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-45624 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-45624 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-45664 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-45664 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-45664 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45664 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-46520 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46520 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-46520 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46520 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46521 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46521 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-46521 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-46522 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46522 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-46522 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46522 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46523 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46523 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-46523 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46523 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46557 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46557 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46557 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46559 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-46559 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-46559 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-46692 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46692 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46692 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46693 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-46693 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2026-46693 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2026-47165 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-47165 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2026-47165 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2026-47166 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-47166 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2026-47166 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2026-48724 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48724 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-48724 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-48734 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48734 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-48734 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-48994 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48994 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-48994 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49218 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-49218 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-49218 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49218 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-53460 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-53460 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H *CVE-2026-53460 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-53460 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-53461 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-53461 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-53461 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-53461 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-53463 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-53463 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-53463 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-53464 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-53464 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-53464 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-53466 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-53466 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-53466 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-53467 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-53467 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-53467 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-55594 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-55594 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-55594 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-55595 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-55595 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-55595 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H *CVE-2026-55597 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-55597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-55597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-56361 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-56361 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-56361 ( NVD ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56361 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-56361 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-56363 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-56363 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-56363 ( NVD ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56363 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-56364 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56364 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56364 ( NVD ): 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56364 ( NVD ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56365 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-56365 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L *CVE-2026-56365 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56365 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56365 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56367 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-56367 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56367 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-56367 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-56368 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-56368 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56368 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56368 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-56368 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56370 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-56370 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-56370 ( NVD ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56370 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-56370 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-56371 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-56371 ( SUSE ): 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56371 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56371 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56371 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56374 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-56374 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-56374 ( NVD ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56374 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-56374 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-56376 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-56376 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-56376 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56376 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56376 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-56379 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-56379 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-56379 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56379 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-56379 ( NVD ): 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-56379 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP7 * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 42 vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2026-53466: integer overflow in the XCF decoder can result in an out-of- bounds read when a crafted image is read (bsc#1270073). * CVE-2026-53467: allocated memory left unchanged in the MNG decoder can lead to a heap information disclosure (bsc#1270074). * CVE-2026-55594: missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided (bsc#1270077). * CVE-2026-55595: providing invalid arguments to the `connected-components` option can lead to an infinite loop (bsc#1270079). * CVE-2026-55597: incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder (bsc#1270080). * CVE-2026-56361: off-by-one error in morphology validation can lead to an out-of-bounds read (bsc#1270001). * CVE-2026-56363: integer overflow leading to a division by zero in binomial kernel processing can cause an application crash (bsc#1270002). * CVE-2026-56364: memory leak in `LoadOpenCLDeviceBenchmark` function when parsing malformed OpenCL device profile XML files with unclosed device elements (bsc#1270003). * CVE-2026-56374: missing boundary checks can lead to a heap buffer overflow in the FTXT encoder when parsing `ftxt:format` (bsc#1271099). * CVE-2026-56379: arbitrary MVG drawing command injection via the SVG decoder when processing specially crafted SVG files (bsc#1268878). * CVE-2026-42050: stack buffer overflow via a malicious MIFF file (bsc#1265048). *CVE-2026-42326: out-of-bounds read of single byte via malicious IPTC file (bsc#1268092). * CVE-2026-45031: missing check in the PSD decoder allows bypass of the list- length resource policy when decoding a PSD image (bsc#1268094). * CVE-2026-45358: off-by-one error in the meta encoder can lead to an out-of- bounds read of a single byte (bsc#1268102). * CVE-2026-45359: heap buffer overread via invalid `connected-components` value (bsc#1268095). * CVE-2026-45624: performing a polynomial distortion can lead to an out-of- bounds over-read of 24 bytes (bsc#1268096). * CVE-2026-45664: missing check in the MNG coder can lead to excessive resource use and a DoS (bsc#1268101). * CVE-2026-46520: out-of-bounds write when processing multiple images with different dimensions (bsc#1268112). * CVE-2026-46521: missing check when using LZMA compression in the MIFF encoder can lead to an out-of-bounds write (bsc#1268124). * CVE-2026-46522: missing check in the MIFF decoder can lead to a denial of service via crafted MIFF file (bsc#1268126). * CVE-2026-46523: heap use-after-free via a crafted MSL image (bsc#1268125). * CVE-2026-46557: missing depth check can lead to a stack buffer overflow in the fx operation when processing a crafted argument (bsc#1268123). * CVE-2026-46559: incorrect check in the JP2 can lead to a heap buffer overwrite of a single byte when specifying certain options (bsc#1268121). * CVE-2026-46692: heap buffer overwrite in the server process via an attacker who can connect to a magick -distribute- cache service (bsc#1268120). * CVE-2026-46693: file descriptor hijacking in the server process when a race condition is met via an attacker who can connect to a magick -distribute- cache service (bsc#1268117). * CVE-2026-47165: distributed pixel cache was designed to operate without a challenge-response authentication model (bsc#1268114). * CVE-2026-47166: heap buffer overread in the server process via an attacker who canconnect to a magick -distribute- cache service (bsc#1268113). * CVE-2026-48724: heap buffer underwrite in the Floyd-Steinberg depth dithering (bsc#1268116). * CVE-2026-48734: missing depth or visited-set check can lead to a stack buffer overflow in the MVG decoder (bsc#1268122). * CVE-2026-48994: missing check of a return value in the MAT decoder can lead to a heap buffer overwrite on 32-bit systems (bsc#1268111). * CVE-2026-49218: missing check in the DCM decoder can lead to a DoS (bsc#1268110). * CVE-2026-53460: missing check for maximum memory request in `AcquireAlignedMemory` can lead to an OOM condition (bsc#1268108). * CVE-2026-53461: incorrect loop in the ICON decoder can lead to an out-of- bounds heap write (bsc#1268107). * CVE-2026-53463: passing incorrect arguments in the distort operation can lead to NULL pointer dereference (bsc#1268105). * CVE-2026-53464: providing invalid options to the wand option parser can lead to a memory leak (bsc#1268103). * CVE-2026-56367: integer overflow in the PSB (PSD v2) RLE decoding path can lead to an heap out-of-bounds read (bsc#1268645). * CVE-2026-56368: improper memory management can lead to memory leak in multiple coders that write raw pixel data (bsc#1269064). * CVE-2026-56370: out-of-bounds access in `ConnectedComponentsImage()` when processing `connected-components:*` artifacts with invalid indices (bsc#1269063). * CVE-2026-56371: memory leak in `coders/txt.c` when processing TXT files with texture attributes (bsc#1268879). * CVE-2026-56376: heap use-after-free in the meta coder can lead to denial of service via specially crafted image files (bsc#1268880). * GHSA-3j4x-rwrx-xxj9: possible use-after-free write in PDB decoder (bsc#1268640). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-2877=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-2877=1 ## Package List: * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.43-150700.3.65.1 * ImageMagick-debuginfo-7.1.1.43-150700.3.65.1 * ImageMagick-debugsource-7.1.1.43-150700.3.65.1 * libMagick++-7_Q16HDRI5-7.1.1.43-150700.3.65.1 * libMagickCore-7_Q16HDRI10-7.1.1.43-150700.3.65.1 * libMagickWand-7_Q16HDRI10-7.1.1.43-150700.3.65.1 * libMagick++-devel-7.1.1.43-150700.3.65.1 * ImageMagick-config-7-upstream-limited-7.1.1.43-150700.3.65.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.43-150700.3.65.1 * ImageMagick-config-7-SUSE-7.1.1.43-150700.3.65.1 * ImageMagick-config-7-upstream-open-7.1.1.43-150700.3.65.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.43-150700.3.65.1 * ImageMagick-devel-7.1.1.43-150700.3.65.1 * ImageMagick-config-7-upstream-secure-7.1.1.43-150700.3.65.1 * ImageMagick-7.1.1.43-150700.3.65.1 * ImageMagick-config-7-upstream-websafe-7.1.1.43-150700.3.65.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ImageMagick-debuginfo-7.1.1.43-150700.3.65.1 * ImageMagick-debugsource-7.1.1.43-150700.3.65.1 * perl-PerlMagick-debuginfo-7.1.1.43-150700.3.65.1 * perl-PerlMagick-7.1.1.43-150700.3.65.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40169.html * https://www.suse.com/security/cve/CVE-2026-42050.html * https://www.suse.com/security/cve/CVE-2026-42326.html * https://www.suse.com/security/cve/CVE-2026-45031.html * https://www.suse.com/security/cve/CVE-2026-45358.html * https://www.suse.com/security/cve/CVE-2026-45359.html * https://www.suse.com/security/cve/CVE-2026-45624.html * https://www.suse.com/security/cve/CVE-2026-45664.html * https://www.suse.com/security/cve/CVE-2026-46520.html *https://www.suse.com/security/cve/CVE-2026-46521.html * https://www.suse.com/security/cve/CVE-2026-46522.html * https://www.suse.com/security/cve/CVE-2026-46523.html * https://www.suse.com/security/cve/CVE-2026-46557.html * https://www.suse.com/security/cve/CVE-2026-46559.html * https://www.suse.com/security/cve/CVE-2026-46692.html * https://www.suse.com/security/cve/CVE-2026-46693.html * https://www.suse.com/security/cve/CVE-2026-47165.html * https://www.suse.com/security/cve/CVE-2026-47166.html * https://www.suse.com/security/cve/CVE-2026-48724.html * https://www.suse.com/security/cve/CVE-2026-48734.html * https://www.suse.com/security/cve/CVE-2026-48994.html * https://www.suse.com/security/cve/CVE-2026-49218.html * https://www.suse.com/security/cve/CVE-2026-53460.html * https://www.suse.com/security/cve/CVE-2026-53461.html * https://www.suse.com/security/cve/CVE-2026-53463.html * https://www.suse.com/security/cve/CVE-2026-53464.html * https://www.suse.com/security/cve/CVE-2026-53466.html * https://www.suse.com/security/cve/CVE-2026-53467.html * https://www.suse.com/security/cve/CVE-2026-55594.html * https://www.suse.com/security/cve/CVE-2026-55595.html * https://www.suse.com/security/cve/CVE-2026-55597.html * https://www.suse.com/security/cve/CVE-2026-56361.html * https://www.suse.com/security/cve/CVE-2026-56363.html * https://www.suse.com/security/cve/CVE-2026-56364.html * https://www.suse.com/security/cve/CVE-2026-56365.html * https://www.suse.com/security/cve/CVE-2026-56367.html * https://www.suse.com/security/cve/CVE-2026-56368.html * https://www.suse.com/security/cve/CVE-2026-56370.html * https://www.suse.com/security/cve/CVE-2026-56371.html * https://www.suse.com/security/cve/CVE-2026-56374.html * https://www.suse.com/security/cve/CVE-2026-56376.html * https://www.suse.com/security/cve/CVE-2026-56379.html * https://bugzilla.suse.com/show_bug.cgi?id=1265048 * https://bugzilla.suse.com/show_bug.cgi?id=1268092 *https://bugzilla.suse.com/show_bug.cgi?id=1268094 * https://bugzilla.suse.com/show_bug.cgi?id=1268095 * https://bugzilla.suse.com/show_bug.cgi?id=1268096 * https://bugzilla.suse.com/show_bug.cgi?id=1268101 * https://bugzilla.suse.com/show_bug.cgi?id=1268102 * https://bugzilla.suse.com/show_bug.cgi?id=1268103 * https://bugzilla.suse.com/show_bug.cgi?id=1268105 * https://bugzilla.suse.com/show_bug.cgi?id=1268107 * https://bugzilla.suse.com/show_bug.cgi?id=1268108 * https://bugzilla.suse.com/show_bug.cgi?id=1268110 * https://bugzilla.suse.com/show_bug.cgi?id=1268111 * https://bugzilla.suse.com/show_bug.cgi?id=1268112 * https://bugzilla.suse.com/show_bug.cgi?id=1268113 * https://bugzilla.suse.com/show_bug.cgi?id=1268114 * https://bugzilla.suse.com/show_bug.cgi?id=1268116 * https://bugzilla.suse.com/show_bug.cgi?id=1268117 * https://bugzilla.suse.com/show_bug.cgi?id=1268120 * https://bugzilla.suse.com/show_bug.cgi?id=1268121 * https://bugzilla.suse.com/show_bug.cgi?id=1268122 * https://bugzilla.suse.com/show_bug.cgi?id=1268123 * https://bugzilla.suse.com/show_bug.cgi?id=1268124 * https://bugzilla.suse.com/show_bug.cgi?id=1268125 * https://bugzilla.suse.com/show_bug.cgi?id=1268126 * https://bugzilla.suse.com/show_bug.cgi?id=1268640 * https://bugzilla.suse.com/show_bug.cgi?id=1268645 * https://bugzilla.suse.com/show_bug.cgi?id=1268878 * https://bugzilla.suse.com/show_bug.cgi?id=1268879 * https://bugzilla.suse.com/show_bug.cgi?id=1268880 * https://bugzilla.suse.com/show_bug.cgi?id=1269063 * https://bugzilla.suse.com/show_bug.cgi?id=1269064 * https://bugzilla.suse.com/show_bug.cgi?id=1270001 * https://bugzilla.suse.com/show_bug.cgi?id=1270002 * https://bugzilla.suse.com/show_bug.cgi?id=1270003 * https://bugzilla.suse.com/show_bug.cgi?id=1270004 * https://bugzilla.suse.com/show_bug.cgi?id=1270073 * https://bugzilla.suse.com/show_bug.cgi?id=1270074 * https://bugzilla.suse.com/show_bug.cgi?id=1270077 *https://bugzilla.suse.com/show_bug.cgi?id=1270079 * https://bugzilla.suse.com/show_bug.cgi?id=1270080 * https://bugzilla.suse.com/show_bug.cgi?id=1271099 . This SUSE advisory addresses critical ImageMagick vulnerabilities requiring immediate attention to enhance security.. SUSE Linux,image processing,ImageMagick,security updates,buffer overflow. . LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for libpng15 Announcement ID: SUSE-SU-2026:2878-1 Release Date: 2026-07-13T09:27:39Z Rating: important References: * bsc#1258020 Cross-References: * CVE-2026-25646 CVSS scores: * CVE-2026-25646 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-25646 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-25646 ( NVD ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25646 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-25646 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libpng15 fixes the following issue * CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-2878=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2878=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libpng15-15-debuginfo-1.5.30-10.16.1 * libpng15-debugsource-1.5.30-10.16.1 *libpng15-15-1.5.30-10.16.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libpng15-15-debuginfo-1.5.30-10.16.1 * libpng15-debugsource-1.5.30-10.16.1 * libpng15-15-1.5.30-10.16.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25646.html * https://bugzilla.suse.com/show_bug.cgi?id=1258020 . Critical update for libpng15 addresses a buffer overflow issue, enhancing security for SUSE users. Install promptly to mitigate risks.. libpng buffer overflow SUSE security. . LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for php8 Announcement ID: SUSE-SU-2026:2880-1 Release Date: 2026-07-13T09:39:59Z Rating: moderate References: * bsc#1270351 Cross-References: * CVE-2026-14355 CVSS scores: * CVE-2026-14355 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-14355 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-14355 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-14355 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for php8 fixes the following issue * CVE-2026-14355: The AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw (bsc#1270351). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2880=1 ## Package List: * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * php8-bcmath-debuginfo-8.0.30-150400.4.68.1 * php8-zip-debuginfo-8.0.30-150400.4.68.1 * php8-mysql-8.0.30-150400.4.68.1 * php8-pcntl-8.0.30-150400.4.68.1 * php8-bcmath-8.0.30-150400.4.68.1 * php8-embed-debuginfo-8.0.30-150400.4.68.1 * apache2-mod_php8-8.0.30-150400.4.68.1 * php8-openssl-debuginfo-8.0.30-150400.4.68.1 * php8-opcache-debuginfo-8.0.30-150400.4.68.1 * php8-sockets-debuginfo-8.0.30-150400.4.68.1 * php8-fileinfo-8.0.30-150400.4.68.1 * php8-phar-8.0.30-150400.4.68.1 * php8-ctype-debuginfo-8.0.30-150400.4.68.1 * php8-ftp-debuginfo-8.0.30-150400.4.68.1 * php8-fileinfo-debuginfo-8.0.30-150400.4.68.1 * php8-fpm-debuginfo-8.0.30-150400.4.68.1 *php8-bz2-debuginfo-8.0.30-150400.4.68.1 * php8-readline-debuginfo-8.0.30-150400.4.68.1 * php8-tidy-8.0.30-150400.4.68.1 * php8-phar-debuginfo-8.0.30-150400.4.68.1 * php8-calendar-8.0.30-150400.4.68.1 * php8-gettext-debuginfo-8.0.30-150400.4.68.1 * php8-xsl-8.0.30-150400.4.68.1 * php8-fastcgi-debugsource-8.0.30-150400.4.68.1 * php8-gmp-debuginfo-8.0.30-150400.4.68.1 * php8-shmop-debuginfo-8.0.30-150400.4.68.1 * php8-posix-debuginfo-8.0.30-150400.4.68.1 * php8-readline-8.0.30-150400.4.68.1 * php8-bz2-8.0.30-150400.4.68.1 * php8-debuginfo-8.0.30-150400.4.68.1 * php8-sysvmsg-debuginfo-8.0.30-150400.4.68.1 * php8-sysvshm-8.0.30-150400.4.68.1 * php8-zip-8.0.30-150400.4.68.1 * php8-pcntl-debuginfo-8.0.30-150400.4.68.1 * php8-enchant-debuginfo-8.0.30-150400.4.68.1 * php8-opcache-8.0.30-150400.4.68.1 * php8-test-8.0.30-150400.4.68.1 * php8-ldap-8.0.30-150400.4.68.1 * php8-tokenizer-8.0.30-150400.4.68.1 * php8-pdo-debuginfo-8.0.30-150400.4.68.1 * php8-sodium-debuginfo-8.0.30-150400.4.68.1 * php8-curl-debuginfo-8.0.30-150400.4.68.1 * php8-devel-8.0.30-150400.4.68.1 * php8-sqlite-debuginfo-8.0.30-150400.4.68.1 * apache2-mod_php8-debuginfo-8.0.30-150400.4.68.1 * php8-dba-8.0.30-150400.4.68.1 * php8-sockets-8.0.30-150400.4.68.1 * php8-calendar-debuginfo-8.0.30-150400.4.68.1 * php8-sysvsem-8.0.30-150400.4.68.1 * php8-xmlreader-debuginfo-8.0.30-150400.4.68.1 * php8-xmlwriter-debuginfo-8.0.30-150400.4.68.1 * php8-gd-debuginfo-8.0.30-150400.4.68.1 * php8-ftp-8.0.30-150400.4.68.1 * php8-enchant-8.0.30-150400.4.68.1 * php8-odbc-8.0.30-150400.4.68.1 * php8-pgsql-8.0.30-150400.4.68.1 * php8-soap-8.0.30-150400.4.68.1 * php8-dba-debuginfo-8.0.30-150400.4.68.1 * php8-gettext-8.0.30-150400.4.68.1 * php8-ctype-8.0.30-150400.4.68.1 * php8-snmp-8.0.30-150400.4.68.1 * php8-dom-debuginfo-8.0.30-150400.4.68.1 * php8-tidy-debuginfo-8.0.30-150400.4.68.1 *php8-tokenizer-debuginfo-8.0.30-150400.4.68.1 * php8-snmp-debuginfo-8.0.30-150400.4.68.1 * php8-dom-8.0.30-150400.4.68.1 * php8-xmlwriter-8.0.30-150400.4.68.1 * apache2-mod_php8-debugsource-8.0.30-150400.4.68.1 * php8-sysvsem-debuginfo-8.0.30-150400.4.68.1 * php8-xmlreader-8.0.30-150400.4.68.1 * php8-fastcgi-debuginfo-8.0.30-150400.4.68.1 * php8-pgsql-debuginfo-8.0.30-150400.4.68.1 * php8-sysvmsg-8.0.30-150400.4.68.1 * php8-xsl-debuginfo-8.0.30-150400.4.68.1 * php8-openssl-8.0.30-150400.4.68.1 * php8-fastcgi-8.0.30-150400.4.68.1 * php8-shmop-8.0.30-150400.4.68.1 * php8-8.0.30-150400.4.68.1 * php8-fpm-debugsource-8.0.30-150400.4.68.1 * php8-debugsource-8.0.30-150400.4.68.1 * php8-exif-8.0.30-150400.4.68.1 * php8-iconv-debuginfo-8.0.30-150400.4.68.1 * php8-odbc-debuginfo-8.0.30-150400.4.68.1 * php8-sqlite-8.0.30-150400.4.68.1 * php8-zlib-8.0.30-150400.4.68.1 * php8-sysvshm-debuginfo-8.0.30-150400.4.68.1 * php8-fpm-8.0.30-150400.4.68.1 * php8-sodium-8.0.30-150400.4.68.1 * php8-embed-8.0.30-150400.4.68.1 * php8-soap-debuginfo-8.0.30-150400.4.68.1 * php8-embed-debugsource-8.0.30-150400.4.68.1 * php8-exif-debuginfo-8.0.30-150400.4.68.1 * php8-mysql-debuginfo-8.0.30-150400.4.68.1 * php8-intl-debuginfo-8.0.30-150400.4.68.1 * php8-cli-8.0.30-150400.4.68.1 * php8-iconv-8.0.30-150400.4.68.1 * php8-ldap-debuginfo-8.0.30-150400.4.68.1 * php8-curl-8.0.30-150400.4.68.1 * php8-intl-8.0.30-150400.4.68.1 * php8-posix-8.0.30-150400.4.68.1 * php8-gmp-8.0.30-150400.4.68.1 * php8-gd-8.0.30-150400.4.68.1 * php8-mbstring-8.0.30-150400.4.68.1 * php8-zlib-debuginfo-8.0.30-150400.4.68.1 * php8-cli-debuginfo-8.0.30-150400.4.68.1 * php8-pdo-8.0.30-150400.4.68.1 * php8-mbstring-debuginfo-8.0.30-150400.4.68.1 ## References: * https://www.suse.com/security/cve/CVE-2026-14355.html * https://bugzilla.suse.com/show_bug.cgi?id=1270351 . The SUSE update fixes a moderateissue in php8 due to a buffer allocation flaw, essential for system integrity and safety.. SUSE Update, php8 Issue, Buffer Flaw, Security Advisory, CVE-2026-14355. . LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for nghttp2 Announcement ID: SUSE-SU-2026:2883-1 Release Date: 2026-07-13T09:54:51Z Rating: moderate References: * bsc#1269489 Cross-References: * CVE-2026-58055 CVSS scores: * CVE-2026-58055 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-58055 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N * CVE-2026-58055 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-58055 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for nghttp2 fixes the following issue * CVE-2026-58055: HTTP/1.1 Upgrade request can lead to HTTP request smuggling and cross-client response-queue poisoning (bsc#1269489). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2883=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2883=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2883=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2883=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patchSUSE-SLE-Micro-5.5-2026-2883=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.25.1 * nghttp2-debuginfo-1.40.0-150200.25.1 * libnghttp2-14-debuginfo-1.40.0-150200.25.1 * nghttp2-debugsource-1.40.0-150200.25.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.25.1 * nghttp2-debuginfo-1.40.0-150200.25.1 * libnghttp2-14-debuginfo-1.40.0-150200.25.1 * nghttp2-debugsource-1.40.0-150200.25.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libnghttp2-14-1.40.0-150200.25.1 * nghttp2-debugsource-1.40.0-150200.25.1 * nghttp2-debuginfo-1.40.0-150200.25.1 * libnghttp2-14-debuginfo-1.40.0-150200.25.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.25.1 * nghttp2-debuginfo-1.40.0-150200.25.1 * libnghttp2-14-debuginfo-1.40.0-150200.25.1 * nghttp2-debugsource-1.40.0-150200.25.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.25.1 * nghttp2-debuginfo-1.40.0-150200.25.1 * libnghttp2-14-debuginfo-1.40.0-150200.25.1 * nghttp2-debugsource-1.40.0-150200.25.1 ## References: * https://www.suse.com/security/cve/CVE-2026-58055.html * https://bugzilla.suse.com/show_bug.cgi?id=1269489 . A security update has been released for nghttp2 addressing a moderate issue related to HTTP smuggling risks. Install now.. SUSE updates, nghttp2 security, moderate threats, HTTP smuggling, Linux patches. . LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for alsa Announcement ID: SUSE-SU-2026:2885-1 Release Date: 2026-07-13T10:02:46Z Rating: moderate References: * bsc#1268853 Cross-References: * CVE-2026-56109 CVSS scores: * CVE-2026-56109 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-56109 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56109 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for alsa fixes the following issue * CVE-2026-56109: crafted ALSA configuration text with nested blocks can cause a double-free and memory corruption (bsc#1268853). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2885=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2885=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2885=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2885=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2885=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libasound2-1.2.6.1-150400.3.3.1 * alsa-debugsource-1.2.6.1-150400.3.3.1 * libasound2-debuginfo-1.2.6.1-150400.3.3.1 * SUSE Linux EnterpriseMicro 5.4 (aarch64 s390x x86_64) * libasound2-1.2.6.1-150400.3.3.1 * alsa-debugsource-1.2.6.1-150400.3.3.1 * libasound2-debuginfo-1.2.6.1-150400.3.3.1 * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * alsa-debugsource-1.2.6.1-150400.3.3.1 * libasound2-1.2.6.1-150400.3.3.1 * libasound2-debuginfo-1.2.6.1-150400.3.3.1 * alsa-1.2.6.1-150400.3.3.1 * alsa-devel-1.2.6.1-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * libasound2-32bit-debuginfo-1.2.6.1-150400.3.3.1 * libatopology2-32bit-debuginfo-1.2.6.1-150400.3.3.1 * alsa-topology-devel-32bit-1.2.6.1-150400.3.3.1 * alsa-devel-32bit-1.2.6.1-150400.3.3.1 * libatopology2-32bit-1.2.6.1-150400.3.3.1 * libasound2-32bit-1.2.6.1-150400.3.3.1 * openSUSE Leap 15.4 (aarch64 i586 ppc64le x86_64) * libatopology2-debuginfo-1.2.6.1-150400.3.3.1 * alsa-topology-devel-1.2.6.1-150400.3.3.1 * libatopology2-1.2.6.1-150400.3.3.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libasound2-64bit-1.2.6.1-150400.3.3.1 * libatopology2-64bit-1.2.6.1-150400.3.3.1 * libatopology2-64bit-debuginfo-1.2.6.1-150400.3.3.1 * alsa-devel-64bit-1.2.6.1-150400.3.3.1 * alsa-topology-devel-64bit-1.2.6.1-150400.3.3.1 * libasound2-64bit-debuginfo-1.2.6.1-150400.3.3.1 * openSUSE Leap 15.4 (noarch) * alsa-docs-1.2.6.1-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * alsa-debugsource-1.2.6.1-150400.3.3.1 * libasound2-1.2.6.1-150400.3.3.1 * libasound2-debuginfo-1.2.6.1-150400.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * alsa-debugsource-1.2.6.1-150400.3.3.1 * libasound2-1.2.6.1-150400.3.3.1 * libasound2-debuginfo-1.2.6.1-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-56109.html * https://bugzilla.suse.com/show_bug.cgi?id=1268853 . A security patch addressing moderate issues in ALSA for SUSE systems, detailing installation procedures and vulnerability impact.. ALSA Security Patch,SUSE Update,MemoryCorruption Fix. . LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for libslirp Announcement ID: SUSE-SU-2026:2886-1 Release Date: 2026-07-13T10:09:11Z Rating: moderate References: * bsc#1268903 Cross-References: * CVE-2026-9539 CVSS scores: * CVE-2026-9539 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2026-9539 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for libslirp fixes the following issues: * CVE-2026-9539: crafted TCP segment with manipulated URG flags and urgent pointers can cause an integer underflow and host-heap memory leak (bsc#1268903). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2886=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2886=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-2886=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2886=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2886=1 ## Package List: * openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64) * libslirp-debugsource-4.7.0+44-150300.18.1 * libslirp-devel-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 * libslirp0-debuginfo-4.7.0+44-150300.18.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libslirp-debugsource-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 *libslirp0-debuginfo-4.7.0+44-150300.18.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libslirp-debugsource-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 * libslirp0-debuginfo-4.7.0+44-150300.18.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libslirp0-debuginfo-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 * libslirp-debugsource-4.7.0+44-150300.18.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libslirp0-debuginfo-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 * libslirp-debugsource-4.7.0+44-150300.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-9539.html * https://bugzilla.suse.com/show_bug.cgi?id=1268903 . SUSE releases a moderate security update for libslirp addressing CVE-2026-9539, improving system stability.. SUSE Linux, libslirp update, system security, openSUSE Leap. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.