Stay Secure with the Latest Linux Advisories

security advisorybuffer overflowimportant

openSUSE hamlib Important IC-7600 Buffer Overflow Fix 2026-0212-1

An update that solves one vulnerability and has one errata is now available.. openSUSE Security Update: Security update for hamlib ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0212-1 Rating: important References: #1268628 #1268629 Cross-References: CVE-2026-54634 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for hamlib fixes the following issues: - Update to 4.7.2: * Fix IC-7600/IC-7610 clock commands * Icom: Add CWR to modes eligible for DSP filtering * Kenwood: New model Hamgeek uSGX * Various fixes for Skywatcher, DX-SR8, FT-710, FTX-1, IC-705, X6100 * rigctld: Fix send_raw stack out-of-bounds write and uninitialized memory CVE-2026-54634 (boo#1268628) * rigctld: Fix stack/heap overflow primitive in read_string_generic + auth bypass in rigctld + weak password handling (boo#1268629) - Update to 4.7.1: * Various compiler and portability fixes * Fix rig port timeout * Fix various FTX-1 meter, level and CTCSS table * Add power off capability to Flrig backend * Add SWR to supported 'get levels' for K3/K4 * Add get_split_vfo to TS-850 backend * New simplecat backend * Fix and generalize clock handling for Icom radios * Fix Yaesu attenuator levels and LVL_KEYSPD reinitialization * Add new rig model Harris PRC-138 * Various FT-710 fixes, eespecially handling SH format and RX bandwidth * Ensure FT-710 simulator rejects RF command * Fix low power calculation for K3/K3S * Fix FTX-1 SH bandwidth command in set/get_mode - Update to 4.7.0: * Revamp Kenwood voice memory handler - Fixes TS-890S & TS-990S * libusb is now detected using the pkg-config facility. * Functionsrig_get_conf, rot_get_conf, amp_get_conf deprecated use *_get_conf2() instead * rig_set_trn and rig_get_trn deprecated. * Many fixes for SWIG binding generation and improved Python support and testing * Fix AGC for IC-R75, fix AGC for all Icom rigs * New Drake R8 backend * New AF6SA WRC rotator backend * New Yaesu FTX-1 model support (alpha) * Update QRPLabs QMX backend for max serial rate of 230400 bps * Updates to Icom IC-F8101 * New rig model Icom ID-52A/W Plus * Fix memory leaks in rigctld and rigctltcp * Fix Skywatcher backend for firmware that doesn't echo commands * Additional Yaesu FTX-1 capabilities * Add extended commands for the IC-7300MK2-- * Revert updating FLRig model name * Add manual pages for rigctltcp, rigtestlibusb, rigtestmcast, and rigtestmcastrx * Pause building rigfreqwalk as the code does not align with the required commandline parameters * Developer visible changes, code moves and refactoring - Update to 4.6.5: * Update Kenwood CW buffer max message size, fix one byte buffer overrun * Fix segmentation Faults - Update to 4.6.4: * Fix handling of unprintable characters affecting radios such as the TM-D710/TM-V71 * Fix memory leak in rigctld * Fix powerstat check for Icom R75 which rejects the command * Restore TS-590S/SG RIG_LEVEL_RFPOWER_METER * Fix rotctl \dump_caps output * Add CW sending capability to Flex SmartSDR * Handle spaces correctly for Fles SmartSDR - Update to 4.6.3: * JRC: Remove RIG_FUNC_FAGC from 535D as erroneous * Add RIG_FUNC_NB2 functionality to both 535D and 545 * * Restore IC-7300 spectrum data callback - regression in 4.6 * Add locking to rig_[gs]et_level() - fixes sending CW from tlf * Fix attempt to use memory returned by setlocale() after being freed * Language bindings configuration and build fixes * Various build system and compilation fixes * IC-705 filter selection bandwidth for FM and WFM * IC-705 COMP, VD, and ID meter calibration values * Fix ACLog thousands separator * Documentation updates, typo fixes, man page fixes * Drop redundant token lookups and make local functions static * Fix rigctl showing hamlib_verson when connecting to rigctld * Add rig CODAN 2110 - Update to 4.6.2: * Add missing levels for IC746/PRO RIG_LEVEL_RFPOWER_METER, RIG_LEVEL_RFPOWER_METER_WATTS,RIG_LEVEL_SWR,RIG_LEVEL_ALC * Fix IC905 for gpredict * Fix potential segfault on QMX * Fix pmr171 - update to 4.6.1: * Fix C++ builds failing on rig_list_foreach function * Fix IC9100 rigctld startup to end up on VFOA * Fix grig build by removing sys/socket.h -- apparently not needed * Add new QMX entry to fix incompability with QDX * Fix IC746/PROT to not use data byte * FLRig to add DATA-U DATA-L modes * Fix TS570 RIG_LEVEL_STRENGTH with cal table * Remove get_powerstat from IC785X -- not supported * Fix SDRConsole by removing lots of things it does not have - Update to version 4.6 (2024-12-24) * send_raw can now take hex digits as colon-separated -- e.g. send _raw icom xfe:xfe:x94:xe0:03:xfd * Add IC7760 * IC7300 Mode filter can now be set by # (i.e. 1,2,3) * Fixed AF6SA WRC rotor controller * Added Rhode&Schwarz XK852 * Added Xiegu X6200 * Added Commradio CTX-10 * Added Guoehe PMR-171 * Added csntechnoligies.net S.A.T Satellite rotor control * Added PSTRotator control * Added Flex SmartSDR slices A-H * Added Motorola Micom M2/M3 * Added SDR Radio SDRConsole -- TS-2000 is now hardware flow control so need separate entry * Added --set-conf=filter_usb, filter_usbd, and filter_cw to allow Icom rigs set mode to set filter number too * Added macros for applications to obtain pointers to Hamlib structures(issues #1445, #1420, #487). Internal conversion is still a WIP, but use of these macros will make the final cutover transparent to applications. * Added Guohe Q900 entry * Unify behavior of all rigctl split commands * Make the set_split_* commands modify the state of the specified split VFO -- the current or targeted VFO do not have any effect * Make the set_split_* commands enable split automatically if not enabled * Make the get_split_* commands return frequency of 0 Hz, mode NONE and filter of 0 Hz if split is not enabled * Allow all split commands to avoid VFO swapping if supported by the rig model * Improve Icom backend to set/get frequency, mode and filter without VFO swapping if supported by the rig model * Improve Yaesu newcat backend split handling * Expose "Targetable features" (RIG_TARGETABLE_*) in dump_caps output to allow clients to determine which commands can be executed without VFO swapping * Added RIG_FUNC_SYNC for FTDX101D/MP * Added Barrett 4100 * Added DL2MAN (tr)uSDX -- needs refinement * Added Thetis entry -- derived from FlexRadio/Apache PowerSDR * Added VOICE/CW memory capability to many rigs -- thanks to David Balharrie M0DGB/G8FKH * Add -# --skip_init option to rigctl to skip rig initialization -- useful for executing commands quickly * rig_caps is no longer constant -- this may break some 3rd party relying on the "const" declaration. * IC7610 now has IPP, DPP, and TX_INHIBIT functions set/get * Hamlib now starts a multicast server that sends out rig information. Does not receive commands yet. See README.multicast * rigctld has new -b/bind-all option to try all interfaces -- restores original behavior. This was done to fix duplicate rigctld instances on Windows * Yaesu rigs can now use send_morse to send keyer message 1-5 or a CW message up to 50 chars (which will use memory 1) * rig set level METER can now take SWR,COMP,ALC,IC/ID,DB,PO,VDD,TEMP arguments to set which meter to display * reg get level displays meter number=name now * Added parm BANDSELECT for Yaesu rigs 'p BANDSELECT' returns current band of VFOA 'P BANDSELECT BAND160M' example selects the 160M band 'P BANDSELECT ?' shows bands available for the rig * Added rig_cm108_get/set_bit to API and get/set_gpio to rigctl(d) for GPIO1,2,3,4 access on CM108 * Added BG2FX FX4/C/CR/L * Fixed IC7610 to use new 0x25 0x26 command added in latest firmware * Fix W command in rigctld to work properly -- can take terminating char or # of bytes to expect * Add rig_set_debug_filename so Python can redirect debug stream * Fix Yaesu LBL_NR to use proper values * Add IC-905 * Add Anytone D578UVIII -- should work on any D558 model and perhaps others too * Add saebrtrack rotor https://sites.google.com/site/marklhammond/saebrtrack * Add offset_vfoa and offset_vfob applying to rig_set_freq * Fix K4 to put it in K40 mode when requesting ID * Fixes for M2 Rotors * Add rigctlsync utility to synchronize frequency from a rig to SDR# (or others) * Add SDR# rig for use with SDR#'s gpredict plugin -- can only get/set freq * Add Apex Shared Loop rotator -- unidirectional only so far * Add client_version to rigctld so client can report it's version for future use/compatibility/alternatives * Add --set-conf=tuner_control_pathname=hamlib_tuner_control (default). If file exists then it will be called with 0/1 (Off/On) argument with 'U TUNER 0' or 'U TUNER 1". Default path is for current directory * Add MDS 4710/9710 rigs * Add FLIR PTU-D48, E46, D100, D300 rotors * Fix FTDX3000 rig split * Fix rigctld/rigctltcp information * Fix FT817 get/set_vfo Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-212=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64): hamlib-4.7.2-bp157.2.3.1 hamlib-devel-4.7.2-bp157.2.3.1 libhamlib++4-4.7.2-bp157.2.3.1 libhamlib4-4.7.2-bp157.2.3.1 lua-Hamliblua-4.7.2-bp157.2.3.1 perl-Hamlib-4.7.2-bp157.2.3.1 python3-Hamlib-4.7.2-bp157.2.3.1 tcl-Hamlib-4.7.2-bp157.2.3.1 References: https://www.suse.com/security/cve/CVE-2026-54634.html https://bugzilla.suse.com/1268628 https://bugzilla.suse.com/1268629 . Update for hamlib addresses an important issue on openSUSE improving system functionality and mitigating risks.. opensuse security update, hamlib patch, important software update, application security fixes. . Severity: Important. LinuxSecurity.com Team

Jun 23, 2026 •Important OpenSUSE