Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 17 articles for you...
100
security advisorySuSEsecurity fixSUSE Multi-Linux Manager Client Tools Get Key Security Patch CVE-2026-31958
An update that solves one vulnerability, contains one feature and has 15 security fixes can now be installed.. # Security update 5.1.3 for Multi-Linux Manager Client Tools Announcement ID: SUSE-SU-2026:1516-1 Release Date: 2026-04-21T09:21:03Z Rating: important References: * bsc#1250367 * bsc#1252548 * bsc#1252964 * bsc#1254154 * bsc#1254619 * bsc#1254629 * bsc#1257447 * bsc#1257660 * bsc#1257831 * bsc#1257941 * bsc#1258015 * bsc#1258418 * bsc#1258927 * bsc#1258957 * bsc#1259208 * bsc#1259554 * jsc#MSQA-1048 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for Ubuntu 24.04 2404 An update that solves one vulnerability, contains one feature and has 15 security fixes can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 5.1.13-0 * Updated translation strings uyuni-tools: * Version 5.1.26-0 * Fixed applying PTF with images from RPMs (bsc#1252548) * Ssl Key file can miss if CA password is blank (bsc#1254154) * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619) * Fixed default value for helm registry (bsc#1258927). * Removed hub register command * Optimized postgres migration disk space usage (bsc#1257447) * Added continuous database backup support (bsc#1250367) * Explicitly start proxy pods after operations (bsc#1258015) * Use static supportconfig name to avoid dynamic search (bsc#1257941) * Do not nest multiple tarball files andinstead collect all files into one tarball (bsc#1252964) * Show where final tarball was generated (bsc#1259208) * Set proxy config file permissions (bsc#1257660) * Version 5.1.25-0 * If PTF image doesn't exists, use the current service image (bsc#1258418) venv-salt-minion: * Security issues fixed: * CVE-2026-31958: Security patch for Salt vendored tornado: Added limits on multipart form data parsing (bsc#1259554) * Added x86_64_v2 as a possible rpm package architecture * Make users with backslash working for salt-ssh (bsc#1254629) * Fixed ansible.playbooks extra-vars quoting (bsc#1257831) * Fixed virtualenv call in test helper to use proper python version * Fixed the issue preventing SELinux profile to be loaded on SLES 16 deployed using cloud images (bsc#1258957) * Fixed the typo causing buiding EL9 bundle without binary dependencies ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for Ubuntu 24.04 2404 zypper in -t patch SUSE-MultiLinuxManagerTools-Ubuntu-24.04-2026-1516=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for Ubuntu 24.04 2404 (all) * spacecmd-5.1.13-240402.3.20.1 * mgrctl-zsh-completion-5.1.26-240402.3.15.1 * mgrctl-bash-completion-5.1.26-240402.3.15.1 * mgrctl-fish-completion-5.1.26-240402.3.15.1 * SUSE Multi-Linux Manager Client Tools for Ubuntu 24.04 2404 (amd64) * mgrctl-5.1.26-240402.3.15.1 * venv-salt-minion-3006.0-240402.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1250367 * https://bugzilla.suse.com/show_bug.cgi?id=1252548 * https://bugzilla.suse.com/show_bug.cgi?id=1252964 * https://bugzilla.suse.com/show_bug.cgi?id=1254154 * https://bugzilla.suse.com/show_bug.cgi?id=1254619 *https://bugzilla.suse.com/show_bug.cgi?id=1254629 * https://bugzilla.suse.com/show_bug.cgi?id=1257447 * https://bugzilla.suse.com/show_bug.cgi?id=1257660 * https://bugzilla.suse.com/show_bug.cgi?id=1257831 * https://bugzilla.suse.com/show_bug.cgi?id=1257941 * https://bugzilla.suse.com/show_bug.cgi?id=1258015 * https://bugzilla.suse.com/show_bug.cgi?id=1258418 * https://bugzilla.suse.com/show_bug.cgi?id=1258927 * https://bugzilla.suse.com/show_bug.cgi?id=1258957 * https://bugzilla.suse.com/show_bug.cgi?id=1259208 * https://bugzilla.suse.com/show_bug.cgi?id=1259554 * https://jira.suse.com/browse/MSQA-1048 . An important update for Multi-Linux Manager Client Tools resolves a security issue and includes various enhancements.. SUSE update, Multi-Linux Manager, security fixes. . Severity: Important. LinuxSecurity.com Team
Apr 21, 2026
•Important
SuSE
100
security advisorySuSEimportantSUSE 15 SP7 MozillaFirefox Important Memory Safety Patch 2026-1322-1
An update that solves three vulnerabilities and contains one feature can now be installed.. # Security update for MozillaFirefox Announcement ID: SUSE-SU-2026:1322-1 Release Date: 2026-04-14T12:42:13Z Rating: important References: * bsc#1261663 * jsc#PED-15778 Cross-References: * CVE-2026-5731 * CVE-2026-5732 * CVE-2026-5734 CVSS scores: * CVE-2026-5731 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5731 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5732 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5732 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5734 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5734 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5734 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities and containsone feature can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Update to 149.0.2 and 140.9.1esr (bsc#1261663). * CVE-2026-5731: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. * CVE-2026-5732: Incorrect boundary conditions, integer overflow in the Graphics: Text component. * CVE-2026-5734: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1322=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1322=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1322=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1322=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1322=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1322=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1322=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1322=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1322=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patchSUSE-SLE-Product-SLES_SAP-15-SP6-2026-1322=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1322=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 *MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) *MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * Desktop Applications Module 15-SP7 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5731.html * https://www.suse.com/security/cve/CVE-2026-5732.html * https://www.suse.com/security/cve/CVE-2026-5734.html * https://bugzilla.suse.com/show_bug.cgi?id=1261663 * https://jira.suse.com/browse/PED-15778 . Update for MozillaFirefox resolves three critical memory safety issues across multiple SUSE Linux products.. MozillaFirefox security patch, SUSE update, important security advisory, memory safety fix. . Severity: Important. LinuxSecurity.com Team
Apr 14, 2026
•Important
SuSE
100
security advisoryimportantOpenSUSEDebian 12 security-notification Key Update DSA-2023-1456-1
An update that solves 34 vulnerabilities and contains one feature can now be installed.. # Security update for govulncheck-vulndb Announcement ID: SUSE-SU-2026:1205-1 Release Date: 2026-04-07T14:18:21Z Rating: important References: * jsc#PED-11136 Cross-References: * CVE-2026-26060 * CVE-2026-26061 * CVE-2026-26233 * CVE-2026-27018 * CVE-2026-29180 * CVE-2026-32241 * CVE-2026-32286 * CVE-2026-32695 * CVE-2026-33026 * CVE-2026-33027 * CVE-2026-33028 * CVE-2026-33029 * CVE-2026-33030 * CVE-2026-33032 * CVE-2026-33186 * CVE-2026-33433 * CVE-2026-33487 * CVE-2026-33634 * CVE-2026-33747 * CVE-2026-33748 * CVE-2026-33903 * CVE-2026-33904 * CVE-2026-33906 * CVE-2026-33907 * CVE-2026-33990 * CVE-2026-33997 * CVE-2026-34040 * CVE-2026-34041 * CVE-2026-34042 * CVE-2026-34204 * CVE-2026-34385 * CVE-2026-34386 * CVE-2026-34388 * CVE-2026-34389 CVSS scores: * CVE-2026-26060 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26060 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-26061 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26061 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26233 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-26233 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27018 ( NVD ): 7.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-29180 ( NVD ): 4.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-29180 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32241 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32286 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32286 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32286 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32695 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-32695 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2026-33026 ( NVD ): 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33026 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-33027 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33027 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33028 ( NVD ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33028 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33029 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33029 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H *CVE-2026-33029 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33030 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-33030 ( NVD ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-33032 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33433 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N * CVE-2026-33433 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2026-33433 ( NVD ): 5.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33433 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-33634 ( SUSE ): 9.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-33634 ( SUSE ): 9.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2026-33634 ( NVD ): 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33634 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33747 ( SUSE ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33747 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33747 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33747 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33748 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-33748 (SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-33748 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33903 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33904 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33906 ( NVD ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33907 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33990 ( NVD ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33990 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33997 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-33997 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-34040 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34040 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-34041 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34041 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34042 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N * CVE-2026-34204 ( NVD ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34204 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-34385 ( NVD ): 6.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34386 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34386 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34388 ( NVD ): 6.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34389 ( NVD ): 4.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34389 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.6 An update that solves 34 vulnerabilities and contains one feature can now be installed. ## Description: This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20260402T184258 2026-04-02T18:42:58Z (jsc#PED-11136). Go CVE Numbering Authority IDs added or updated with aliases: * GO-2026-4518 CVE-2026-32286 GHSA-jqcq-xjh3-6g23 * GO-2026-4753 CVE-2026-33487 GHSA-479m-364c-43vc * GO-2026-4760 GHSA-hwqm-qvj9-4jr2 * GO-2026-4762 CVE-2026-33186 GHSA-p77j-4mvh-x3m3 * GO-2026-4764 GHSA-pcgw-qcv5-h8ch * GO-2026-4858 CVE-2026-33747 GHSA-4c29-8rgm-jvjj * GO-2026-4859 CVE-2026-33748 GHSA-4vrq-3vrq-g6gg * GO-2026-4863 GHSA-g9ww-x58f-9g6m * GO-2026-4872 CVE-2026-33907 GHSA-55q8-2gwx-29pc * GO-2026-4873 CVE-2026-33906 GHSA-87j9-m7x6-hvw2 * GO-2026-4874 CVE-2026-33904 GHSA-9h59-p45g-445h * GO-2026-4875 CVE-2026-33903 GHSA-f2f3-9cx3-wcmf * GO-2026-4876 GHSA-prh4-vhfh-24mj * GO-2026-4880CVE-2026-32695 GHSA-67jx-r9pv-98rj * GO-2026-4883 CVE-2026-33997 GHSA-pxq6-2prw-chj9 * GO-2026-4887 CVE-2026-34040 GHSA-x744-4wpc-v9h2 * GO-2026-4888 CVE-2026-26060 GHSA-3458-r943-hmx4 * GO-2026-4889 CVE-2026-26061 GHSA-99hj-44vg-hfcp * GO-2026-4890 CVE-2026-34042 GHSA-x34h-54cw-9825 * GO-2026-4891 CVE-2026-34041 GHSA-xmgr-9pqc-h5vw * GO-2026-4892 CVE-2026-29180 GHSA-m2h6-4xpq-qw3m * GO-2026-4893 CVE-2026-33433 GHSA-qr99-7898-vr7c * GO-2026-4894 CVE-2026-32241 GHSA-vchx-5pr6-ffx2 * GO-2026-4896 CVE-2026-34204 GHSA-3rh2-v3gr-35p9 * GO-2026-4897 GHSA-46wh-3698-f2cx * GO-2026-4899 GHSA-c279-989m-238f * GO-2026-4901 CVE-2026-33030 GHSA-5hf2-vhj6-gj9m * GO-2026-4902 CVE-2026-33029 GHSA-cp8r-8jvw-v3qg * GO-2026-4903 CVE-2026-33026 GHSA-fhh2-gg7w-gwpq * GO-2026-4904 CVE-2026-33032 GHSA-h6c2-x2m2-mwhf * GO-2026-4905 CVE-2026-27018 GHSA-jjwv-57xh-xr6r * GO-2026-4906 CVE-2026-33028 GHSA-m468-xcm6-fxg4 * GO-2026-4907 CVE-2026-33027 GHSA-m8p8-53vf-8357 * GO-2026-4911 CVE-2026-33990 GHSA-x2f5-332j-9xwq * GO-2026-4912 CVE-2026-34389 GHSA-4f9r-x588-pp2h * GO-2026-4913 CVE-2026-34386 GHSA-9p23-p2m4-2r4m * GO-2026-4914 CVE-2026-34385 GHSA-v895-833r-8c45 * GO-2026-4915 CVE-2026-34388 GHSA-w254-4hp5-7cvv * GO-2026-4916 CVE-2026-26233 GHSA-247x-7qw8-fp98 * GO-2026-4919 CVE-2026-33634 GHSA-69fq-xp46-6x23 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1205=1 ## Package List: * openSUSE Leap 15.6 (noarch) * govulncheck-vulndb-0.0.20260402T184258-150000.1.158.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26060.html * https://www.suse.com/security/cve/CVE-2026-26061.html * https://www.suse.com/security/cve/CVE-2026-26233.html * https://www.suse.com/security/cve/CVE-2026-27018.html *https://www.suse.com/security/cve/CVE-2026-29180.html * https://www.suse.com/security/cve/CVE-2026-32241.html * https://www.suse.com/security/cve/CVE-2026-32286.html * https://www.suse.com/security/cve/CVE-2026-32695.html * https://www.suse.com/security/cve/CVE-2026-33026.html * https://www.suse.com/security/cve/CVE-2026-33027.html * https://www.suse.com/security/cve/CVE-2026-33028.html * https://www.suse.com/security/cve/CVE-2026-33029.html * https://www.suse.com/security/cve/CVE-2026-33030.html * https://www.suse.com/security/cve/CVE-2026-33032.html * https://www.suse.com/security/cve/CVE-2026-33186.html * https://www.suse.com/security/cve/CVE-2026-33433.html * https://www.suse.com/security/cve/CVE-2026-33487.html * https://www.suse.com/security/cve/CVE-2026-33634.html * https://www.suse.com/security/cve/CVE-2026-33747.html * https://www.suse.com/security/cve/CVE-2026-33748.html * https://www.suse.com/security/cve/CVE-2026-33903.html * https://www.suse.com/security/cve/CVE-2026-33904.html * https://www.suse.com/security/cve/CVE-2026-33906.html * https://www.suse.com/security/cve/CVE-2026-33907.html * https://www.suse.com/security/cve/CVE-2026-33990.html * https://www.suse.com/security/cve/CVE-2026-33997.html * https://www.suse.com/security/cve/CVE-2026-34040.html * https://www.suse.com/security/cve/CVE-2026-34041.html * https://www.suse.com/security/cve/CVE-2026-34042.html * https://www.suse.com/security/cve/CVE-2026-34204.html * https://www.suse.com/security/cve/CVE-2026-34385.html * https://www.suse.com/security/cve/CVE-2026-34386.html * https://www.suse.com/security/cve/CVE-2026-34388.html * https://www.suse.com/security/cve/CVE-2026-34389.html * https://jira.suse.com/browse/PED-11136 . An important update for govulncheck-vulndb on openSUSE fixes 34 issues including a new feature for enhanced security.. SUSE security, openSUSE vulnerabilities, govulncheck updates, system patch management. . Severity: Important. LinuxSecurity.com Team
Apr 07, 2026
•Important
SuSE
202
security advisorydenial of serviceimportantopenSUSE 15.6 Grafana Significant DoS Vulnerability Fix 2026-1037-1
An update that solves five vulnerabilities and contains one feature can now be installed.. # Security update for grafana Announcement ID: SUSE-SU-2026:1037-1 Release Date: 2026-03-25T10:31:13Z Rating: important References: * bsc#1245302 * bsc#1255340 * bsc#1257337 * bsc#1257349 * bsc#1258136 * jsc#MSQA-1045 Cross-References: * CVE-2025-3415 * CVE-2025-68156 * CVE-2026-21720 * CVE-2026-21721 * CVE-2026-21722 CVSS scores: * CVE-2025-3415 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-3415 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-3415 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-68156 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21720 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21720 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21721 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21721 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21721 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21722 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21722 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21722 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves five vulnerabilities and contains one feature can now be installed. ## Description: This updatefor grafana fixes the following issues: * Security issues fixed: * CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled (bsc#1258136) * CVE-2026-21721: Fixed access control by the dashboard permissions API (bsc#1257337) * CVE-2026-21720: Fixed unauthenticated DoS (bsc#1257349) * CVE-2025-68156: Fixed potential DoS via unbounded recursion in builtin functions (bsc#1255340) * CVE-2025-3415: Fixed exposure of DingDing alerting integration URL to Viewer level users (bsc#1245302) * Version update from 11.5.10 to 11.6.11 with the following highlighted changes and fixes: * Performance Boost: Introduced WebGL-powered geomaps for smoother map visualizations and removed blurred backgrounds from UI overlays to speed up the interface. * One-Click Actions: Visualizations now support faster navigation via one- click links and actions. * Alerting History: Added version history for alert rules, allowing you to track changes over time. * Service Accounts: Automated the migration of old API keys to more secure Service Accounts upon startup. * Cron Support: Annotations now support Cron syntax for more flexible scheduling. * Identity and Auth: Hardened the Avatar feature (now requires sign-in) and fixed several login redirection issues when Grafana is hosted on a subpath. * Data Source Support: Added support for Cloud Partner Prometheus data sources and improved Azure legend formatting. * Alerting Limits: Added size limits for expanded notification templates to prevent system strain. * RBAC: Integrated Role-Based Access Control (RBAC) into the Alertmanager via the reqAction field. * Data Consistency: Fixed several issues with Graphite and InfluxDB regarding how variables are handled in repeated rows or nested queries. * Dashboard Reliability: Resolved bugs involving row repeats and "self- referencing" data links. * Alerting Fixes: Patched a critical "panic" (crash) caused by arace condition in alert rules and fixed issues where contact points weren't working correctly. * URL Handling: Fixed a bug where "true" values in URL parameters weren't being read correctly ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1037=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1037=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * grafana-debuginfo-11.6.11-150200.3.83.1 * grafana-11.6.11-150200.3.83.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * grafana-debuginfo-11.6.11-150200.3.83.1 * grafana-11.6.11-150200.3.83.1 ## References: * https://www.suse.com/security/cve/CVE-2025-3415.html * https://www.suse.com/security/cve/CVE-2025-68156.html * https://www.suse.com/security/cve/CVE-2026-21720.html * https://www.suse.com/security/cve/CVE-2026-21721.html * https://www.suse.com/security/cve/CVE-2026-21722.html * https://bugzilla.suse.com/show_bug.cgi?id=1245302 * https://bugzilla.suse.com/show_bug.cgi?id=1255340 * https://bugzilla.suse.com/show_bug.cgi?id=1257337 * https://bugzilla.suse.com/show_bug.cgi?id=1257349 * https://bugzilla.suse.com/show_bug.cgi?id=1258136 * https://jira.suse.com/browse/MSQA-1045 . The openSUSE security update for Grafana fixes five issues and enhances system features. Act quickly to secure your setup.. openSUSE grafana security update vulnerabilities threat. . Severity: Important. LinuxSecurity.com Team
Mar 25, 2026
•Important
OpenSUSE
202
security advisorycriticalsecurity fixopenSUSE 2026 go1.25-openssl Critical Security Fix 2026-0977-1
An update that solves five vulnerabilities, contains one feature and has one security fix can now be installed.. # Security update for go1.25-openssl Announcement ID: SUSE-SU-2026:0977-1 Release Date: 2026-03-23T16:35:18Z Rating: critical References: * bsc#1244485 * bsc#1256818 * bsc#1257692 * bsc#1259264 * bsc#1259265 * bsc#1259268 * jsc#SLE-18320 Cross-References: * CVE-2025-61732 * CVE-2025-68121 * CVE-2026-25679 * CVE-2026-27139 * CVE-2026-27142 CVSS scores: * CVE-2025-61732 ( SUSE ): 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-61732 ( SUSE ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-61732 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-68121 ( SUSE ): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-68121 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-68121 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2025-68121 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-25679 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-25679 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-25679 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27139 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-27139 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-27139 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-27142 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-27142 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-27142 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves five vulnerabilities, contains one feature and has one security fix can now be installed. ## Description: This update for go1.25-openssl fixes the following issues: Update to go 1.25.8 (bsc#1244485, jsc#SLE-18320): * CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692). * CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). * CVE-2026-25679: net/url: reject IPv6 literal not at start of host (bsc#1259264). * CVE-2026-27139: os: FileInfo can escape from a Root (bsc#1259268). * CVE-2026-27142: html/template: URLs in meta content attribute actions are not escaped (bsc#1259265). Changelog: * go#77253 cmd/compile: miscompile of global array initialization * go#77406 os: Go 1.25.x regression on RemoveAll for windows * go#77413 runtime: netpollinit() incorrectly prints the error from linux.Eventfd * go#77438 cmd/go: CGO compilation fails after upgrading from Go 1.25.5 to 1.25.6 due to --define-variable flag in pkg-config * go#77531 net/smtp: expiry date of localhostCert for testing is too short * go#75844 cmd/compile: OOM killed on linux/arm64 * go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs * go#77425 crypto/tls: CL 737700 broke session resumption on macOS ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-977=1openSUSE-SLE-15.6-2026-977=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-977=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-977=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-977=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * go1.25-openssl-doc-1.25.8-150600.13.15.1 * go1.25-openssl-1.25.8-150600.13.15.1 * go1.25-openssl-debuginfo-1.25.8-150600.13.15.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * go1.25-openssl-race-1.25.8-150600.13.15.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * go1.25-openssl-race-1.25.8-150600.13.15.1 * go1.25-openssl-doc-1.25.8-150600.13.15.1 * go1.25-openssl-1.25.8-150600.13.15.1 * go1.25-openssl-debuginfo-1.25.8-150600.13.15.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-openssl-race-1.25.8-150600.13.15.1 * go1.25-openssl-doc-1.25.8-150600.13.15.1 * go1.25-openssl-1.25.8-150600.13.15.1 * go1.25-openssl-debuginfo-1.25.8-150600.13.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * go1.25-openssl-race-1.25.8-150600.13.15.1 * go1.25-openssl-doc-1.25.8-150600.13.15.1 * go1.25-openssl-1.25.8-150600.13.15.1 * go1.25-openssl-debuginfo-1.25.8-150600.13.15.1 ## References: * https://www.suse.com/security/cve/CVE-2025-61732.html * https://www.suse.com/security/cve/CVE-2025-68121.html * https://www.suse.com/security/cve/CVE-2026-25679.html * https://www.suse.com/security/cve/CVE-2026-27139.html * https://www.suse.com/security/cve/CVE-2026-27142.html * https://bugzilla.suse.com/show_bug.cgi?id=1244485 * https://bugzilla.suse.com/show_bug.cgi?id=1256818 * https://bugzilla.suse.com/show_bug.cgi?id=1257692 * https://bugzilla.suse.com/show_bug.cgi?id=1259264 *https://bugzilla.suse.com/show_bug.cgi?id=1259265 * https://bugzilla.suse.com/show_bug.cgi?id=1259268 * https://jira.suse.com/browse/SLE-18320 . Installation of go1.25-openssl brings critical security fix and five vulnerabilities resolved for openSUSE systems.. go1.25-openssl security update, openSUSE patch, critical vulnerabilities fix. . Severity: Critical. LinuxSecurity.com Team
Mar 24, 2026
•Critical
OpenSUSE
100
security advisorySuSEimportantSUSE Linux Micro 5.4 rust-keylime Important Stack Exhaustion 2026-0452-1
An update that solves one vulnerability and contains one feature can now be installed.. # Security update for rust-keylime Announcement ID: SUSE-SU-2026:0452-1 Release Date: 2026-02-11T16:17:17Z Rating: important References: * bsc#1257908 * jsc#PED-14736 Cross-References: * CVE-2026-25727 CVSS scores: * CVE-2026-25727 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25727 ( NVD ): 6.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for rust-keylime fixes the following issues: Update to version 0.2.8+116. Security issues fixed: * CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257908). Other updates and bugfixes: * Update vendored crates `time` to version 0.3.47. * Update to version 0.2.8+116: * build(deps): bump bytes from 1.7.2 to 1.11.1 * api: Modify /version endpoint output in version 2.5 * Add API v2.5 with backward-compatible /v2.5/quotes/integrity * tests: add unit test for resolve_agent_id (#1182) * (pull-model): enable retry logic for registration * rpm: Update specfiles to apply on master * workflows: Add test to detect unused crates * lib: Drop unused crates * push-model: Drop unused crates * keylime-agent: Drop unused crates * build(deps): bump uuid from 1.18.1 to 1.19.0 * Update reqwest-retry to 0.8, retry-policies to 0.5 * rpm: Fix cargo_build macro usage on CentOS Stream * fix(push-model): resolve hash_ek uuid to actual EK hash * build(deps): bump thiserror from 2.0.16 to2.0.17 * workflows: Separate upstream test suite from e2e coverage * Send UEFI measured boot logs as raw bytes (#1173) * auth: Add unit tests for SecretToken implementation * packit: Enable push-attestation tests * resilient_client: Prevent authentication token leakage in logs * Use tmpfiles.d for /var directories (PED-14736) * Update to version 0.2.8+96: * build(deps): bump wiremock from 0.6.4 to 0.6.5 * build(deps): bump actions/checkout from 5 to 6 * build(deps): bump chrono from 0.4.41 to 0.4.42 * packit: Get coverage from Fedora 43 runs * Fix issues pointed out by clippy * Replace mutex unwraps with proper error handling in TPM library * Remove unused session request methods from StructureFiller * Fix config panic on missing ek_handle in push model agent * build(deps): bump tempfile from 3.21.0 to 3.23.0 * build(deps): bump actions/upload-artifact from 4 to 6 (#1163) * Fix clippy warnings project-wide * Add KEYLIME_DIR support for verifier TLS certificates in push model agent * Thread privileged resources and use MeasurementList for IMA reading * Add privileged resource initialization and privilege dropping to push model agent * Fix privilege dropping order in run_as() * add documentation on FQDN hostnames * Remove confusing logs for push mode agent * Set correct default Verifier port (8891-> 8881) (#1159) * Add verifier_url to reference configuration file (#1158) * Add TLS support for Registrar communication (#1139) * Fix agent handling of 403 registration responses (#1154) * Add minor README.md rephrasing (#1151) * build(deps): bump actions/checkout from 5 to 6 (#1153) * ci: update spec files for packit COPR build * docs: improve challenge encoding and async TPM documentation * refactor: improve middleware and error handling * feat: add authentication client with middleware integration * docker: Include keylime_push_model_agent binary * Include attestation_interval configuration (#1146) * Persist payload keys to avoidattestation failure on restart * crypto: Implement the load or generate pattern for keys * Use simple algorithm specifiers in certification_keys object (#1140) * tests: Enable more tests in CI * Fix RSA2048 algorithm reporting in keylime agent * Remove disabled_signing_algorithms configuration * rpm: Fix metadata patches to apply to current code * workflows/rpm.yml: Use more strict patching * build(deps): bump uuid from 1.17.0 to 1.18.1 * Fix ECC algorithm selection and reporting for keylime agent * Improve logging consistency and coherency * Implement minimal RFC compliance for Location header and URI parsing (#1125) * Use separate keys for payload mechanism and mTLS * docker: update rust to 1.81 for distroless Dockerfile * Ensure UEFI log capabilities are set to false * build(deps): bump http from 1.1.0 to 1.3.1 * build(deps): bump log from 0.4.27 to 0.4.28 * build(deps): bump cfg-if from 1.0.1 to 1.0.3 * build(deps): bump actix-rt from 2.10.0 to 2.11.0 * build(deps): bump async-trait from 0.1.88 to 0.1.89 * build(deps): bump trybuild from 1.0.105 to 1.0.110 * Accept evidence handling structures null entries * workflows: Add test to check if RPM patches still apply * CI: Enable test add-agent-with-malformed-ek-cert * config: Fix singleton tests * FSM: Remove needless lifetime annotations (#1105) * rpm: Do not remove wiremock which is now available in Fedora * Use latest Fedora httpdate version (1.0.3) * Enhance coverage with parse_retry_after test * Fix issues reported by CI regarding unwrap() calls * Reuse max retries indicated to the ResilientClient * Include limit of retries to 5 for Retry-After * Add policy to handle Retry-After response headers * build(deps): bump wiremock from 0.6.3 to 0.6.4 * build(deps): bump serde_json from 1.0.140 to 1.0.143 * build(deps): bump pest_derive from 2.8.0 to 2.8.1 * build(deps): bump syn from 2.0.90 to 2.0.106 * build(deps): bump tempfile from 3.20.0 to 3.21.0 * build(deps): bump thiserror from2.0.12 to 2.0.16 * rpm: Fix patches to apply to current master code * build(deps): bump anyhow from 1.0.98 to 1.0.99 * state_machine: Automatically clean config override during tests * config: Implement singleton and factory pattern * testing: Support overriding configuration during tests * feat: implement standalone challenge-response authentication module * structures: rename session structs for clarity and fix typos * tpm: refactor certify_credential_with_iak() into a more generic function * Add Push Model Agent Mermaid FSM chart (#1095) * Add state to avoid exiting on wrong attestation (#1093) * Add 6 alphanumeric lowercase X-Request-ID header * Enhance Evidence Handling response parsing * build(deps): bump quote from 1.0.35 to 1.0.40 * build(deps): bump libc from 0.2.172 to 0.2.175 * build(deps): bump glob from 0.3.2 to 0.3.3 * build(deps): bump actix-web from 4.10.2 to 4.11.0 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-452=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-452=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * rust-keylime-0.2.8+116-150400.3.11.1 * rust-keylime-debuginfo-0.2.8+116-150400.3.11.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * rust-keylime-0.2.8+116-150400.3.11.1 * rust-keylime-debuginfo-0.2.8+116-150400.3.11.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25727.html * https://bugzilla.suse.com/show_bug.cgi?id=1257908 * https://jira.suse.com/browse/PED-14736 . Security update for rust-keylime addresses critical issues and enhances functionality in SUSE Enterprise Micro.. rust-keylime update stack exhaustion SUSE important. . Severity: Important.LinuxSecurity.com Team
Feb 12, 2026
•Important
SuSE
202
security advisorysecurity issueimportantopenSUSE Leap 15.6: Important Security Update for apache2-mod_auth_openidc
An update that solves 12 vulnerabilities and contains one feature can now be installed.. # Security update for apache2-mod_auth_openidc Announcement ID: SUSE-SU-2025:4532-1 Release Date: 2025-12-29T13:54:09Z Rating: important References: * bsc#1248806 * jsc#PED-14130 Cross-References: * CVE-2019-14857 * CVE-2019-20479 * CVE-2021-32785 * CVE-2021-32786 * CVE-2021-32791 * CVE-2021-32792 * CVE-2021-39191 * CVE-2022-23527 * CVE-2023-28625 * CVE-2024-24814 * CVE-2025-31492 * CVE-2025-3891 CVSS scores: * CVE-2019-14857 ( SUSE ): 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2019-14857 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2019-14857 ( NVD ): 5.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2019-20479 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2019-20479 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2021-32785 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-32785 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-32786 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2021-32786 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2021-32791 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2021-32791 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2021-32792 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2021-32792 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2021-39191 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2021-39191 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2022-23527 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2022-23527 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28625 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28625 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H *CVE-2023-28625 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-24814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-24814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-24814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-31492 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-31492 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-31492 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-3891 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-3891 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-3891 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-3891 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 12 vulnerabilities and contains one feature can now be installed. ## Description: This update for apache2-mod_auth_openidc fixes the following issues: * Update to 2.4.17.1 (bsc#1248806 / PED-14130). * Remove many patches, as they've been merged upstream. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-4532=1 SUSE-2025-4532=1 *Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-4532=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-4532=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1 * apache2-mod_auth_openidc-debugsource-2.4.17.1-150600.16.14.1 * apache2-mod_auth_openidc-debuginfo-2.4.17.1-150600.16.14.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1 * apache2-mod_auth_openidc-debugsource-2.4.17.1-150600.16.14.1 * apache2-mod_auth_openidc-debuginfo-2.4.17.1-150600.16.14.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1 * apache2-mod_auth_openidc-debugsource-2.4.17.1-150600.16.14.1 * apache2-mod_auth_openidc-debuginfo-2.4.17.1-150600.16.14.1 ## References: * https://www.suse.com/security/cve/CVE-2019-14857.html * https://www.suse.com/security/cve/CVE-2019-20479.html * https://www.suse.com/security/cve/CVE-2021-32785.html * https://www.suse.com/security/cve/CVE-2021-32786.html * https://www.suse.com/security/cve/CVE-2021-32791.html * https://www.suse.com/security/cve/CVE-2021-32792.html * https://www.suse.com/security/cve/CVE-2021-39191.html * https://www.suse.com/security/cve/CVE-2022-23527.html * https://www.suse.com/security/cve/CVE-2023-28625.html * https://www.suse.com/security/cve/CVE-2024-24814.html * https://www.suse.com/security/cve/CVE-2025-31492.html * https://www.suse.com/security/cve/CVE-2025-3891.html * https://bugzilla.suse.com/show_bug.cgi?id=1248806 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=https%3A%2F%2Fjira.suse.com%2Fbrowse%2FPED-14130 . This update addresses 12 vulnerabilities in apache2-mod_auth_openidc for openSUSE, enhancing system security and stability.. openSUSESecurity, apache2-mod_auth_openidc, security advisory, patch update, software vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Dec 29, 2025
•Important
OpenSUSE
100
security advisorySuSEsecurity fixSUSE: Salt Important Security Update 2025-4475-1 CVE-2025-62348
An update that solves two vulnerabilities, contains one feature and has six security fixes can now be installed.. # Security update for salt Announcement ID: SUSE-SU-2025:4475-1 Release Date: 2025-12-18T12:08:22Z Rating: important References: * bsc#1227207 * bsc#1250520 * bsc#1250755 * bsc#1251776 * bsc#1252244 * bsc#1252285 * bsc#1254256 * bsc#1254257 * jsc#MSQA-1034 Cross-References: * CVE-2025-62348 * CVE-2025-62349 CVSS scores: * CVE-2025-62348 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-62348 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-62349 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-62349 ( SUSE ): 6.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities, contains one feature and has six security fixes can now be installed. ## Description: This update for salt fixes the following issues: * Security issues fixed: * CVE-2025-62349: Added minimum_auth_version to enforce security (bsc#1254257) * CVE-2025-62348: Fixed Junos module yaml loader (bsc#1254256) * Backport security fixes for vendored tornado * BDSA-2024-3438 * BDSA-2024-3439 * BDSA-2024-9026 * Other changes and bugs fixed: * Fixed TLS and x509 modules for OSes with older cryptography module * Fixed Salt for Python > 3.11 (bsc#1252285) (bsc#1252244) * Use external tornado on Python > 3.11 * Make tls and x509 to use python-cryptography * Remove usage of spwd *Fixed payload signature verification on Tumbleweed (bsc#1251776) * Fixed broken symlink on migration to Leap 16.0 (bsc#1250755) * Fixed known_hosts error on gitfs (bsc#1250520) (bsc#1227207) * Improved SL Micro 6.2 detection with grains * Reverted requirement of M2Crypto > = 0.44.0 for SUSE Family distros * Set python-CherryPy as required for python-salt-testsuite ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-4475=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4475=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4475=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4475=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-4475=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-4475=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-4475=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * python3-salt-testsuite-3006.0-150300.53.101.1 * salt-master-3006.0-150300.53.101.1 * salt-transactional-update-3006.0-150300.53.101.1 * salt-ssh-3006.0-150300.53.101.1 * salt-standalone-formulas-configuration-3006.0-150300.53.101.1 * salt-proxy-3006.0-150300.53.101.1 * salt-3006.0-150300.53.101.1 * salt-syndic-3006.0-150300.53.101.1 * salt-doc-3006.0-150300.53.101.1 * salt-minion-3006.0-150300.53.101.1 * python3-salt-3006.0-150300.53.101.1 * salt-cloud-3006.0-150300.53.101.1 * salt-api-3006.0-150300.53.101.1 * openSUSE Leap 15.3 (noarch) *salt-fish-completion-3006.0-150300.53.101.1 * salt-bash-completion-3006.0-150300.53.101.1 * salt-zsh-completion-3006.0-150300.53.101.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * salt-master-3006.0-150300.53.101.1 * salt-ssh-3006.0-150300.53.101.1 * salt-standalone-formulas-configuration-3006.0-150300.53.101.1 * salt-proxy-3006.0-150300.53.101.1 * salt-3006.0-150300.53.101.1 * salt-syndic-3006.0-150300.53.101.1 * salt-doc-3006.0-150300.53.101.1 * salt-minion-3006.0-150300.53.101.1 * python3-salt-3006.0-150300.53.101.1 * salt-cloud-3006.0-150300.53.101.1 * salt-api-3006.0-150300.53.101.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * salt-fish-completion-3006.0-150300.53.101.1 * salt-bash-completion-3006.0-150300.53.101.1 * salt-zsh-completion-3006.0-150300.53.101.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * salt-master-3006.0-150300.53.101.1 * salt-transactional-update-3006.0-150300.53.101.1 * salt-ssh-3006.0-150300.53.101.1 * salt-standalone-formulas-configuration-3006.0-150300.53.101.1 * salt-proxy-3006.0-150300.53.101.1 * salt-3006.0-150300.53.101.1 * salt-syndic-3006.0-150300.53.101.1 * salt-doc-3006.0-150300.53.101.1 * salt-minion-3006.0-150300.53.101.1 * python3-salt-3006.0-150300.53.101.1 * salt-cloud-3006.0-150300.53.101.1 * salt-api-3006.0-150300.53.101.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * salt-fish-completion-3006.0-150300.53.101.1 * salt-bash-completion-3006.0-150300.53.101.1 * salt-zsh-completion-3006.0-150300.53.101.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * salt-master-3006.0-150300.53.101.1 * salt-ssh-3006.0-150300.53.101.1 * salt-standalone-formulas-configuration-3006.0-150300.53.101.1 * salt-proxy-3006.0-150300.53.101.1 * salt-3006.0-150300.53.101.1 *salt-syndic-3006.0-150300.53.101.1 * salt-doc-3006.0-150300.53.101.1 * salt-minion-3006.0-150300.53.101.1 * python3-salt-3006.0-150300.53.101.1 * salt-cloud-3006.0-150300.53.101.1 * salt-api-3006.0-150300.53.101.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * salt-fish-completion-3006.0-150300.53.101.1 * salt-bash-completion-3006.0-150300.53.101.1 * salt-zsh-completion-3006.0-150300.53.101.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * salt-master-3006.0-150300.53.101.1 * salt-transactional-update-3006.0-150300.53.101.1 * salt-ssh-3006.0-150300.53.101.1 * salt-standalone-formulas-configuration-3006.0-150300.53.101.1 * salt-proxy-3006.0-150300.53.101.1 * salt-3006.0-150300.53.101.1 * salt-syndic-3006.0-150300.53.101.1 * salt-doc-3006.0-150300.53.101.1 * salt-minion-3006.0-150300.53.101.1 * python3-salt-3006.0-150300.53.101.1 * salt-cloud-3006.0-150300.53.101.1 * salt-api-3006.0-150300.53.101.1 * SUSE Enterprise Storage 7.1 (noarch) * salt-fish-completion-3006.0-150300.53.101.1 * salt-bash-completion-3006.0-150300.53.101.1 * salt-zsh-completion-3006.0-150300.53.101.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * salt-minion-3006.0-150300.53.101.1 * salt-transactional-update-3006.0-150300.53.101.1 * salt-3006.0-150300.53.101.1 * python3-salt-3006.0-150300.53.101.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * salt-minion-3006.0-150300.53.101.1 * salt-transactional-update-3006.0-150300.53.101.1 * salt-3006.0-150300.53.101.1 * python3-salt-3006.0-150300.53.101.1 ## References: * https://www.suse.com/security/cve/CVE-2025-62348.html * https://www.suse.com/security/cve/CVE-2025-62349.html * https://bugzilla.suse.com/show_bug.cgi?id=1227207 * https://bugzilla.suse.com/show_bug.cgi?id=1250520 * https://bugzilla.suse.com/show_bug.cgi?id=1250755 * https://bugzilla.suse.com/show_bug.cgi?id=1251776 *https://bugzilla.suse.com/show_bug.cgi?id=1252244 * https://bugzilla.suse.com/show_bug.cgi?id=1252285 * https://bugzilla.suse.com/show_bug.cgi?id=1254256 * https://bugzilla.suse.com/show_bug.cgi?id=1254257 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=https%3A%2F%2Fjira.suse.com%2Fbrowse%2FMSQA-1034 . Important security update for Salt on SUSE with fixes for two vulnerabilities and enhanced features available now.. Salt Security Update SUSE Fixes Features. . Severity: Important. LinuxSecurity.com Team
Dec 18, 2025
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!