Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
Does sandboxing completely stop hackers?
Loading...
Explore Latest Linux Security advisories
We found 1,533 articles for you...
202
security advisorybuffer overflowimportantopenSUSE haproxy Important Buffer Misparse Null Pointer 2026-2651-1
An update that solves two vulnerabilities can now be installed.. # Security update for haproxy Announcement ID: SUSE-SU-2026:2651-1 Release Date: 2026-06-26T12:18:44Z Rating: important References: * bsc#1268557 * bsc#1268558 Cross-References: * CVE-2026-55203 * CVE-2026-55204 CVSS scores: * CVE-2026-55203 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-55203 ( NVD ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55203 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-55203 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N * CVE-2026-55204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55204 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for haproxy fixesthe following issues * CVE-2026-55203: integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers (bsc#1268557). * CVE-2026-55204: null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c (bsc#1268558). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-2651=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2651=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2651=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2026-2651=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2026-2651=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2651=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2651=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2651=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 *haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 ## References: * https://www.suse.com/security/cve/CVE-2026-55203.html * https://www.suse.com/security/cve/CVE-2026-55204.html * https://bugzilla.suse.com/show_bug.cgi?id=1268557 * https://bugzilla.suse.com/show_bug.cgi?id=1268558 . A critical update for openSUSE provides essential fixes for two important vulnerabilities in haproxy software. Install promptly.. openSUSE security patch, haproxy vulnerabilities, patch installation instructions. . Severity: Important. LinuxSecurity.com Team
Jun 26, 2026
•Important
OpenSUSE
202
security advisorybuffer overflowimportantopenSUSE haproxy Important Buffer Overflow Null Pointer Attack 2026-2652-1
An update that solves two vulnerabilities can now be installed.. # Security update for haproxy Announcement ID: SUSE-SU-2026:2652-1 Release Date: 2026-06-26T12:21:07Z Rating: important References: * bsc#1268557 * bsc#1268558 Cross-References: * CVE-2026-55203 * CVE-2026-55204 CVSS scores: * CVE-2026-55203 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-55203 ( NVD ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55203 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-55203 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N * CVE-2026-55204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55204 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise High Availability Extension 15 SP6 * SUSE Linux Enterprise High Availability Extension 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for haproxy fixes the following issues * CVE-2026-55203: integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers (bsc#1268557). * CVE-2026-55204: null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c (bsc#1268558). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaSTonline_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-2652=1 * SUSE Linux Enterprise High Availability Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-HA-15-SP7-2026-2652=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2652=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le s390x x86_64) * haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-2.8.11+git0.01c1056a4-150600.3.15.1 * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-2.8.11+git0.01c1056a4-150600.3.15.1 * SUSE Linux Enterprise High Availability Extension 15 SP7 (aarch64 ppc64le s390x x86_64) * haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-2.8.11+git0.01c1056a4-150600.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-55203.html * https://www.suse.com/security/cve/CVE-2026-55204.html * https://bugzilla.suse.com/show_bug.cgi?id=1268557 * https://bugzilla.suse.com/show_bug.cgi?id=1268558 . A security update for openSUSE fixes critical issues in haproxy due to vulnerabilities. Immediate installation advised.. openSUSE security, haproxy vulnerabilities, SUSE update instruction, Linux patch management. . Severity: Important. LinuxSecurity.com Team
Jun 26, 2026
•Important
OpenSUSE
202
security advisorymoderateOpenSUSEopenSUSE libsoup2 Moderate HTTP Request Smuggling Fix SUSE-SU-2026-2654-1
An update that solves one vulnerability can now be installed.. # Security update for libsoup2 Announcement ID: SUSE-SU-2026:2654-1 Release Date: 2026-06-26T12:23:06Z Rating: moderate References: * bsc#1257649 Cross-References: * CVE-2026-1801 CVSS scores: * CVE-2026-1801 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-1801 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-1801 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-1801 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for libsoup2 fixes the following issue * CVE-2026-1801: HTTP Request Smuggling in soup_filter_input_stream_read_line() (bsc#1257649). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2654=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2654=1 ## Package List: * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * typelib-1_0-Soup-2_4-2.74.3-150600.4.36.1 * libsoup-2_4-1-debuginfo-2.74.3-150600.4.36.1 * libsoup-2_4-1-2.74.3-150600.4.36.1 * libsoup2-debugsource-2.74.3-150600.4.36.1 * libsoup2-devel-2.74.3-150600.4.36.1 * openSUSE Leap 15.6 (x86_64) * libsoup-2_4-1-32bit-debuginfo-2.74.3-150600.4.36.1 * libsoup2-devel-32bit-2.74.3-150600.4.36.1 * libsoup-2_4-1-32bit-2.74.3-150600.4.36.1 * openSUSE Leap 15.6 (aarch64_ilp32) *libsoup-2_4-1-64bit-debuginfo-2.74.3-150600.4.36.1 * libsoup-2_4-1-64bit-2.74.3-150600.4.36.1 * libsoup2-devel-64bit-2.74.3-150600.4.36.1 * openSUSE Leap 15.6 (noarch) * libsoup2-lang-2.74.3-150600.4.36.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * typelib-1_0-Soup-2_4-2.74.3-150600.4.36.1 * libsoup-2_4-1-debuginfo-2.74.3-150600.4.36.1 * libsoup-2_4-1-2.74.3-150600.4.36.1 * libsoup2-debugsource-2.74.3-150600.4.36.1 * libsoup2-devel-2.74.3-150600.4.36.1 * Basesystem Module 15-SP7 (noarch) * libsoup2-lang-2.74.3-150600.4.36.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1801.html * https://bugzilla.suse.com/show_bug.cgi?id=1257649 . Update addresses HTTP Request Smuggling in libsoup2 on openSUSE. Critical Security Fix for 2026-2654-1.. SUSE Linux libsoup2 update HTTP request smuggling patch. . Severity: moderate. LinuxSecurity.com Team
Jun 26, 2026
•moderate
OpenSUSE
202
security advisorybuffer overflowimportantopenSUSE opensc Important Security Update Stack Overflow Vuln 2026-2657-1
An update that solves six vulnerabilities can now be installed.. # Security update for opensc Announcement ID: SUSE-SU-2026:2657-1 Release Date: 2026-06-26T12:25:12Z Rating: important References: * bsc#1261214 * bsc#1261218 * bsc#1261219 * bsc#1261220 * bsc#1266963 * bsc#1267246 Cross-References: * CVE-2025-49010 * CVE-2025-66037 * CVE-2025-66038 * CVE-2025-66215 * CVE-2026-10275 * CVE-2026-40528 CVSS scores: * CVE-2025-49010 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-49010 ( SUSE ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-49010 ( NVD ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-49010 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-66037 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-66037 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-66037 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-66037 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-66038 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-66038 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-66038 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-66038 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-66215 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-66215 ( SUSE ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-66215 ( NVD ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-66215 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-10275 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-10275 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-10275 ( NVD ): 1.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-10275 ( NVD ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-40528 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-40528 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-40528 ( NVD ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-40528 ( NVD ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-40528 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for opensc fixes the following issues * CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device responses (bsc#1261214). * CVE-2025-66037: crafted input can cause an out-of-bounds read(bsc#1261218). * CVE-2025-66038: improper compact-TLV length validation can lead to crash or unexpected behavior (bsc#1261219). * CVE-2025-66215: crafted smart card or USB device can cause a stack-buffer- overflow write (bsc#1261220). * CVE-2026-10275: global buffer overflow during key pair generation tests due to missing input validation (bsc#1267246). * CVE-2026-40528: stack and heap buffer overrun in the `do_key_value()` function due to missing length check allows for memory corruption via a crafted profile configuration file (bsc#1266963). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2657=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2657=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2657=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2657=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2657=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2657=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2657=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2657=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2657=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2657=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-2657=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2657=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2657=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2657=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * opensc-debugsource-0.22.0-150400.3.17.1 * opensc-0.22.0-150400.3.17.1 * opensc-debuginfo-0.22.0-150400.3.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * opensc-debugsource-0.22.0-150400.3.17.1 * opensc-0.22.0-150400.3.17.1 * opensc-debuginfo-0.22.0-150400.3.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * opensc-debugsource-0.22.0-150400.3.17.1 * opensc-0.22.0-150400.3.17.1 * opensc-debuginfo-0.22.0-150400.3.17.1 * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * opensc-debugsource-0.22.0-150400.3.17.1 * opensc-0.22.0-150400.3.17.1 * opensc-debuginfo-0.22.0-150400.3.17.1 * openSUSE Leap 15.4 (x86_64) * opensc-32bit-0.22.0-150400.3.17.1 * opensc-32bit-debuginfo-0.22.0-150400.3.17.1 * openSUSE Leap 15.4 (aarch64_ilp32) * opensc-64bit-debuginfo-0.22.0-150400.3.17.1 * opensc-64bit-0.22.0-150400.3.17.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * opensc-debugsource-0.22.0-150400.3.17.1 * opensc-0.22.0-150400.3.17.1 * opensc-debuginfo-0.22.0-150400.3.17.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * opensc-debugsource-0.22.0-150400.3.17.1 * opensc-0.22.0-150400.3.17.1 * opensc-debuginfo-0.22.0-150400.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * opensc-debugsource-0.22.0-150400.3.17.1 * opensc-0.22.0-150400.3.17.1 * opensc-debuginfo-0.22.0-150400.3.17.1 * SUSE Linux Enterprise High Performance ComputingESPOS 15 SP5 (aarch64 x86_64) * opensc-debugsource-0.22.0-150400.3.17.1 * opensc-0.22.0-150400.3.17.1 * opensc-debuginfo-0.22.0-150400.3.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * opensc-debugsource-0.22.0-150400.3.17.1 * opensc-0.22.0-150400.3.17.1 * opensc-debuginfo-0.22.0-150400.3.17.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * opensc-debugsource-0.22.0-150400.3.17.1 * opensc-0.22.0-150400.3.17.1 * opensc-debuginfo-0.22.0-150400.3.17.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * opensc-debugsource-0.22.0-150400.3.17.1 * opensc-0.22.0-150400.3.17.1 * opensc-debuginfo-0.22.0-150400.3.17.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * opensc-debugsource-0.22.0-150400.3.17.1 * opensc-0.22.0-150400.3.17.1 * opensc-debuginfo-0.22.0-150400.3.17.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * opensc-debugsource-0.22.0-150400.3.17.1 * opensc-0.22.0-150400.3.17.1 * opensc-debuginfo-0.22.0-150400.3.17.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * opensc-debugsource-0.22.0-150400.3.17.1 * opensc-0.22.0-150400.3.17.1 * opensc-debuginfo-0.22.0-150400.3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2025-49010.html * https://www.suse.com/security/cve/CVE-2025-66037.html * https://www.suse.com/security/cve/CVE-2025-66038.html * https://www.suse.com/security/cve/CVE-2025-66215.html * https://www.suse.com/security/cve/CVE-2026-10275.html * https://www.suse.com/security/cve/CVE-2026-40528.html * https://bugzilla.suse.com/show_bug.cgi?id=1261214 * https://bugzilla.suse.com/show_bug.cgi?id=1261218 * https://bugzilla.suse.com/show_bug.cgi?id=1261219 * https://bugzilla.suse.com/show_bug.cgi?id=1261220 * https://bugzilla.suse.com/show_bug.cgi?id=1266963 * https://bugzilla.suse.com/show_bug.cgi?id=1267246 . Critical updatesfor opensc resolve multiple security issues in openSUSE and SUSE Enterprise systems. Immediate installation recommended.. opensuse updates, opensc security, Linux vulnerabilities, buffer overflow patch, important security advisory. . Severity: Important. LinuxSecurity.com Team
Jun 26, 2026
•Important
OpenSUSE
100
security advisorymoderateSuSESUSE Exiv2 Moderate Out-Of-Bounds Integer Overflow Vuln 2026-2663-1
An update that solves four vulnerabilities can now be installed.. # Security update for exiv2 Announcement ID: SUSE-SU-2026:2663-1 Release Date: 2026-06-26T14:04:29Z Rating: moderate References: * bsc#1248962 * bsc#1259083 * bsc#1259084 * bsc#1259085 Cross-References: * CVE-2025-54080 * CVE-2026-25884 * CVE-2026-27596 * CVE-2026-27631 CVSS scores: * CVE-2025-54080 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-54080 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-54080 ( NVD ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25884 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25884 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-25884 ( NVD ): 2.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25884 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-27596 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27596 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-27596 ( NVD ): 2.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27596 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27631 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27631 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-27631 ( NVD ): 2.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27631 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for exiv2 fixes the following issues * CVE-2025-54080: out-of-bounds read in `Exiv2::EpsImage::writeMetadata()` when writing metadata into a crafted image file (bsc#1248962). * CVE-2026-25884: out-of-bounds read in `CrwMap::decode0x0805` (bsc#1259083). * CVE-2026-27596: integer overflow in `LoaderNative::getData()` leads to out- of-bounds read (bsc#1259084). * CVE-2026-27631: crash due to uncaught exception when trying to create `std::vector` larger than `max_size()` (bsc#1259085). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2663=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * exiv2-debuginfo-0.23-12.26.1 * libexiv2-12-debuginfo-0.23-12.26.1 * libexiv2-12-0.23-12.26.1 * libexiv2-devel-0.23-12.26.1 * exiv2-debugsource-0.23-12.26.1 ## References: * https://www.suse.com/security/cve/CVE-2025-54080.html * https://www.suse.com/security/cve/CVE-2026-25884.html * https://www.suse.com/security/cve/CVE-2026-27596.html * https://www.suse.com/security/cve/CVE-2026-27631.html * https://bugzilla.suse.com/show_bug.cgi?id=1248962 * https://bugzilla.suse.com/show_bug.cgi?id=1259083 *https://bugzilla.suse.com/show_bug.cgi?id=1259084 * https://bugzilla.suse.com/show_bug.cgi?id=1259085 . Install this key SUSE update for exiv2 addressing multiple issues, enhancing your system's security and performance.. SUSE Linux Exiv2 Update Security. . Severity: moderate. LinuxSecurity.com Team
Jun 26, 2026
•moderate
SuSE
100
security advisorySuSEarbitrary code executionSUSE Python Important Code Execution Issues Fixed in 2026-2664-1
An update that solves seven vulnerabilities and has one security fix can now be installed.. # Security update for python, python-base, python-doc Announcement ID: SUSE-SU-2026:2664-1 Release Date: 2026-06-26T14:05:20Z Rating: important References: * bsc#1257599 * bsc#1261652 * bsc#1261970 * bsc#1262098 * bsc#1262319 * bsc#1262429 * bsc#1262654 * bsc#1263442 Cross-References: * CVE-2026-1703 * CVE-2026-3219 * CVE-2026-3446 * CVE-2026-4786 * CVE-2026-6019 * CVE-2026-6100 * CVE-2026-6357 CVSS scores: * CVE-2026-1703 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-1703 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-1703 ( NVD ): 2.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3219 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3219 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-3219 ( NVD ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3446 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-3446 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4786 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4786 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2026-4786 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6019 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6019 ( SUSE ): 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6019 ( NVD ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6019 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-6100 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-6100 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6100 ( NVD ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6357 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-6357 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N * CVE-2026-6357 ( NVD ): 5.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves seven vulnerabilities and has one security fix can now be installed. ## Description: This update for python, python-base, python-doc fixes the following issues Security fixes: *CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives (bsc#1257599). * CVE-2026-3219: pip doesn't reject concatenated ZIP (bsc#1262429). * CVE-2026-3446: Base64 decoding stops at first padded quad by default (bsc#1261970). * CVE-2026-4786: Incomplete mitigation of %action expansion for command injection to webbrowser.open() (bsc#1262319). * CVE-2026-6019: BaseCookie.js_output() does not neutralize embedded characters (bsc#1262654). * CVE-2026-6100: Arbitrary code execution or information disclosure via use- after-free in decompression modules (bsc#1262098). * CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation (bsc#1263442). Other fixes: * For SLE-12 use vendored libffi (bsc#1261652). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-2664=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2664=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * python-base-2.7.18-33.79.1 * python-debuginfo-2.7.18-33.79.1 * python-tk-2.7.18-33.79.1 * python-debugsource-2.7.18-33.79.1 * python-devel-2.7.18-33.79.1 * python-gdbm-2.7.18-33.79.1 * python-tk-debuginfo-2.7.18-33.79.1 * python-gdbm-debuginfo-2.7.18-33.79.1 * python-xml-2.7.18-33.79.1 * python-demo-2.7.18-33.79.1 * python-idle-2.7.18-33.79.1 * libpython2_7-1_0-2.7.18-33.79.1 * python-base-debugsource-2.7.18-33.79.1 * python-curses-debuginfo-2.7.18-33.79.1 * python-xml-debuginfo-2.7.18-33.79.1 * libpython2_7-1_0-debuginfo-2.7.18-33.79.1 * python-2.7.18-33.79.1 * python-curses-2.7.18-33.79.1 * python-base-debuginfo-2.7.18-33.79.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * python-32bit-2.7.18-33.79.1 * libpython2_7-1_0-debuginfo-32bit-2.7.18-33.79.1 * python-base-debuginfo-32bit-2.7.18-33.79.1 * python-base-32bit-2.7.18-33.79.1 * python-debuginfo-32bit-2.7.18-33.79.1 * libpython2_7-1_0-32bit-2.7.18-33.79.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * python-doc-2.7.18-33.79.1 * python-doc-pdf-2.7.18-33.79.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * python-base-2.7.18-33.79.1 * libpython2_7-1_0-debuginfo-32bit-2.7.18-33.79.1 * python-debuginfo-2.7.18-33.79.1 * python-tk-2.7.18-33.79.1 * python-debugsource-2.7.18-33.79.1 * python-devel-2.7.18-33.79.1 * python-base-debuginfo-32bit-2.7.18-33.79.1 * python-base-32bit-2.7.18-33.79.1 * python-debuginfo-32bit-2.7.18-33.79.1 * python-gdbm-2.7.18-33.79.1 * python-tk-debuginfo-2.7.18-33.79.1 * python-gdbm-debuginfo-2.7.18-33.79.1 * python-xml-2.7.18-33.79.1 * python-demo-2.7.18-33.79.1 * python-idle-2.7.18-33.79.1 * libpython2_7-1_0-2.7.18-33.79.1 * python-32bit-2.7.18-33.79.1 * python-base-debugsource-2.7.18-33.79.1 * python-curses-debuginfo-2.7.18-33.79.1 * python-xml-debuginfo-2.7.18-33.79.1 * libpython2_7-1_0-debuginfo-2.7.18-33.79.1 * python-2.7.18-33.79.1 * python-curses-2.7.18-33.79.1 * python-base-debuginfo-2.7.18-33.79.1 * libpython2_7-1_0-32bit-2.7.18-33.79.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * python-doc-2.7.18-33.79.1 * python-doc-pdf-2.7.18-33.79.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1703.html * https://www.suse.com/security/cve/CVE-2026-3219.html * https://www.suse.com/security/cve/CVE-2026-3446.html * https://www.suse.com/security/cve/CVE-2026-4786.html * https://www.suse.com/security/cve/CVE-2026-6019.html *https://www.suse.com/security/cve/CVE-2026-6100.html * https://www.suse.com/security/cve/CVE-2026-6357.html * https://bugzilla.suse.com/show_bug.cgi?id=1257599 * https://bugzilla.suse.com/show_bug.cgi?id=1261652 * https://bugzilla.suse.com/show_bug.cgi?id=1261970 * https://bugzilla.suse.com/show_bug.cgi?id=1262098 * https://bugzilla.suse.com/show_bug.cgi?id=1262319 * https://bugzilla.suse.com/show_bug.cgi?id=1262429 * https://bugzilla.suse.com/show_bug.cgi?id=1262654 * https://bugzilla.suse.com/show_bug.cgi?id=1263442 . Update for python addresses multiple flaws, enhancing security across SUSE distributions and resolving several risks.. python security patch, SUSE vulnerabilities, python update, SUSE python advisory, code execution. . Severity: Important. LinuxSecurity.com Team
Jun 26, 2026
•Important
SuSE
100
security advisorySuSEimportantSUSE giflib Important Heap Overflow Vulnerability CVE-2026-26740
An update that solves one vulnerability can now be installed.. # Security update for giflib Announcement ID: SUSE-SU-2026:2666-1 Release Date: 2026-06-26T14:08:24Z Rating: important References: * bsc#1259836 Cross-References: * CVE-2026-26740 CVSS scores: * CVE-2026-26740 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-26740 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-26740 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for giflib fixes the following issue * CVE-2026-26740: heap out-of-bounds read when processing a specially crafted GIF file containing a GCE block with a truncated extension byte count (bsc#1259836). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypperpatch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2666=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2666=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2666=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2666=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2666=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2666=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2666=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2666=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2666=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2666=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2666=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libgif7-debuginfo-5.2.2-150000.4.22.1 * giflib-debugsource-5.2.2-150000.4.22.1 * libgif7-5.2.2-150000.4.22.1 * giflib-devel-5.2.2-150000.4.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libgif7-debuginfo-5.2.2-150000.4.22.1 * giflib-debugsource-5.2.2-150000.4.22.1 * libgif7-5.2.2-150000.4.22.1 * giflib-devel-5.2.2-150000.4.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4(aarch64 x86_64) * libgif7-debuginfo-5.2.2-150000.4.22.1 * giflib-debugsource-5.2.2-150000.4.22.1 * libgif7-5.2.2-150000.4.22.1 * giflib-devel-5.2.2-150000.4.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libgif7-debuginfo-5.2.2-150000.4.22.1 * giflib-debugsource-5.2.2-150000.4.22.1 * libgif7-5.2.2-150000.4.22.1 * giflib-devel-5.2.2-150000.4.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libgif7-debuginfo-5.2.2-150000.4.22.1 * giflib-debugsource-5.2.2-150000.4.22.1 * libgif7-5.2.2-150000.4.22.1 * giflib-devel-5.2.2-150000.4.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libgif7-debuginfo-5.2.2-150000.4.22.1 * giflib-debugsource-5.2.2-150000.4.22.1 * libgif7-5.2.2-150000.4.22.1 * giflib-devel-5.2.2-150000.4.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libgif7-debuginfo-5.2.2-150000.4.22.1 * giflib-debugsource-5.2.2-150000.4.22.1 * libgif7-5.2.2-150000.4.22.1 * giflib-devel-5.2.2-150000.4.22.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libgif7-debuginfo-5.2.2-150000.4.22.1 * giflib-debugsource-5.2.2-150000.4.22.1 * libgif7-5.2.2-150000.4.22.1 * giflib-devel-5.2.2-150000.4.22.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libgif7-debuginfo-5.2.2-150000.4.22.1 * giflib-debugsource-5.2.2-150000.4.22.1 * libgif7-5.2.2-150000.4.22.1 * giflib-devel-5.2.2-150000.4.22.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libgif7-debuginfo-5.2.2-150000.4.22.1 * giflib-debugsource-5.2.2-150000.4.22.1 * libgif7-5.2.2-150000.4.22.1 * giflib-devel-5.2.2-150000.4.22.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libgif7-debuginfo-5.2.2-150000.4.22.1 * giflib-debugsource-5.2.2-150000.4.22.1 *libgif7-5.2.2-150000.4.22.1 * giflib-devel-5.2.2-150000.4.22.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26740.html * https://bugzilla.suse.com/show_bug.cgi?id=1259836 . SUSE Linux updates important GIF processing issue, fixing out-of-bounds access for enhanced security.. SUSE giflib security patch important threat CVE-2026-26740. . Severity: Important. LinuxSecurity.com Team
Jun 26, 2026
•Important
SuSE
100
security advisorybuffer overflowSuSESUSE giflib Important Heap Buffer Overflow Fix 2026-2667-1
An update that solves one vulnerability can now be installed.. # Security update for giflib Announcement ID: SUSE-SU-2026:2667-1 Release Date: 2026-06-26T14:08:44Z Rating: important References: * bsc#1259836 Cross-References: * CVE-2026-26740 CVSS scores: * CVE-2026-26740 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-26740 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-26740 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for giflib fixes the following issue * CVE-2026-26740: heap out-of-bounds read when processing a specially crafted GIF file containing a GCE block with a truncated extension byte count (bsc#1259836). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-2667=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2667=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * giflib-devel-5.0.6-13.15.1 * giflib-debugsource-5.0.6-13.15.1 * libgif6-5.0.6-13.15.1 * giflib-progs-5.0.6-13.15.1 * libgif6-debuginfo-5.0.6-13.15.1 * giflib-progs-debuginfo-5.0.6-13.15.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libgif6-32bit-5.0.6-13.15.1 *libgif6-debuginfo-32bit-5.0.6-13.15.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * giflib-devel-5.0.6-13.15.1 * giflib-debugsource-5.0.6-13.15.1 * libgif6-5.0.6-13.15.1 * libgif6-debuginfo-32bit-5.0.6-13.15.1 * libgif6-32bit-5.0.6-13.15.1 * giflib-progs-5.0.6-13.15.1 * libgif6-debuginfo-5.0.6-13.15.1 * giflib-progs-debuginfo-5.0.6-13.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26740.html * https://bugzilla.suse.com/show_bug.cgi?id=1259836 . An important update addresses a heap out-of-bounds issue in giflib for SUSE, enhancing system security and stability.. SUSE Linux giflib update security buffer overflow. . Severity: Important. LinuxSecurity.com Team
Jun 26, 2026
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
Does sandboxing completely stop hackers?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!