Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
202
security advisorymoderatesecurity updateopenSUSE Leap 16.0 Moderate himmelblau Local Escalation Vulnerability
An update that solves one vulnerability and has 2 bug fixes can now be installed.. openSUSE security update: security update for himmelblau ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20658-1 Rating: moderate References: * bsc#1261324 * bsc#1261613 Cross-References: * CVE-2026-34397 CVSS scores: * CVE-2026-34397 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-34397 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has 2 bug fixes can now be installed. Description: This update for himmelblau fixes the following issues: Update to version 2.3.9+git0.a9fd29b. Security issues fixed: - CVE-2026-34397: Fixed naming collision that can lead to local privilege escalation (bsc#1261324). Other updates and bugfixes: - update aws-lc-sys to 0.39.0 for security fixes - update rustls-webpki to 0.103.10 for CRL revocation fix - Version 2.3.9: * packaging: fix if/else block for debian's postrm * Update apparmor.unix-chkpwd.local (Issue #1252) * When Hello user encounters SSPR demand, be permissive * add tests for sudo_groups functionality * Fix config tests to ignore local host config * Do not clear $NOTIFY_SOCKET when calling sd_ready * Fix token cache 24h purge * broker: use SSO server nonce for PRT only when provided * Fix pam_himmelblau blocking local user password changes (#1199) * Remove unused File import * Use is_ascii_alphanumeric() for account_id validation * Fix path traversal in LoadProfilePhoto AccountsService writes * Drop initialization tracing span * himmelblau-hsm-pin-init: drop RemainAfterExit=yes * Add fallback behavior when consent is required * qr-greeter: enable extension without socket noise * debian: make install/remove noninteractive; reduce QR postinst noise; soften missing hello prt *Never respond with BadRequest without error detail * deps(rust): bump the all-cargo-updates group across 1 directory with 7 updates Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-664=1 Package List: - openSUSE Leap 16.0: himmelblau-2.3.9+git0.a9fd29b-160000.1.1 himmelblau-qr-greeter-2.3.9+git0.a9fd29b-160000.1.1 himmelblau-sshd-config-2.3.9+git0.a9fd29b-160000.1.1 himmelblau-sso-2.3.9+git0.a9fd29b-160000.1.1 libnss_himmelblau2-2.3.9+git0.a9fd29b-160000.1.1 pam-himmelblau-2.3.9+git0.a9fd29b-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2026-34397.html . Learn about the moderate security update for himmelblau on openSUSE Leap 16.0, addressing privilege escalation and bugs.. openSUSE updates,himmelblau security,local privilege fixes. . LinuxSecurity.com Team
May 04, 2026
OpenSUSE
100
security advisorymoderatelocal privilege escalationSUSE Linux 16.0 Himmelblau Local Privilege Escalation CVE-2026-34397
An update that solves one vulnerability and has one fix can now be installed.. # Security update for himmelblau Announcement ID: SUSE-SU-2026:21437-1 Release Date: 2026-04-30T17:06:48Z Rating: moderate References: * bsc#1261324 * bsc#1261613 Cross-References: * CVE-2026-34397 CVSS scores: * CVE-2026-34397 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34397 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-34397 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-34397 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for himmelblau fixes the following issues: Update to version 2.3.9+git0.a9fd29b. Security issues fixed: * CVE-2026-34397: Fixed naming collision that can lead to local privilege escalation (bsc#1261324). Other updates and bugfixes: * update aws-lc-sys to 0.39.0 for security fixes * update rustls-webpki to 0.103.10 for CRL revocation fix * Version 2.3.9: * packaging: fix if/else block for debian's postrm * Update apparmor.unix-chkpwd.local (Issue #1252) * When Hello user encounters SSPR demand, be permissive * add tests for sudo_groups functionality * Fix config tests to ignore local host config * Do not clear $NOTIFY_SOCKET when calling sd_ready * Fix token cache 24h purge * broker: use SSO server nonce for PRT only when provided * Fix pam_himmelblau blocking local user password changes (#1199) * Remove unused File import * Use is_ascii_alphanumeric() for account_id validation * Fix path traversal in LoadProfilePhoto AccountsService writes * Drop initialization tracing span * himmelblau-hsm-pin-init: drop RemainAfterExit=yes * Add fallback behavior when consent is required * qr-greeter:enable extension without socket noise * debian: make install/remove noninteractive; reduce QR postinst noise; soften missing hello prt * Never respond with BadRequest without error detail * deps(rust): bump the all-cargo-updates group across 1 directory with 7 updates ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-664=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-664=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * himmelblau-sso-2.3.9+git0.a9fd29b-160000.1.1 * libnss_himmelblau2-2.3.9+git0.a9fd29b-160000.1.1 * himmelblau-2.3.9+git0.a9fd29b-160000.1.1 * himmelblau-debuginfo-2.3.9+git0.a9fd29b-160000.1.1 * himmelblau-sso-debuginfo-2.3.9+git0.a9fd29b-160000.1.1 * pam-himmelblau-2.3.9+git0.a9fd29b-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * himmelblau-sshd-config-2.3.9+git0.a9fd29b-160000.1.1 * himmelblau-qr-greeter-2.3.9+git0.a9fd29b-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 x86_64) * himmelblau-sso-2.3.9+git0.a9fd29b-160000.1.1 * libnss_himmelblau2-2.3.9+git0.a9fd29b-160000.1.1 * himmelblau-2.3.9+git0.a9fd29b-160000.1.1 * himmelblau-debuginfo-2.3.9+git0.a9fd29b-160000.1.1 * himmelblau-sso-debuginfo-2.3.9+git0.a9fd29b-160000.1.1 * pam-himmelblau-2.3.9+git0.a9fd29b-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * himmelblau-sshd-config-2.3.9+git0.a9fd29b-160000.1.1 * himmelblau-qr-greeter-2.3.9+git0.a9fd29b-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34397.html * https://bugzilla.suse.com/show_bug.cgi?id=1261324 * https://bugzilla.suse.com/show_bug.cgi?id=1261613 . SUSE releases a security advisory forhimmelblau with a moderate severity fix for local privilege escalation.. SUSE Linux, himmelblau security, local privilege escalation, software update, Linux advisory. . LinuxSecurity.com Team
May 04, 2026
SuSE
100
security advisorylocal privilege escalationSuSESUSE 2026 Himmelblau Important Update RCE Issues SUSE-SU-2026-1361-1
An update that solves seven vulnerabilities, contains one feature and has one security fix can now be installed.. # Security update for himmelblau Announcement ID: SUSE-SU-2026:1361-1 Release Date: 2026-04-15T14:14:01Z Rating: important References: * bsc#1233949 * bsc#1245437 * bsc#1247735 * bsc#1249013 * bsc#1257904 * bsc#1258236 * bsc#1259548 * bsc#1261324 * jsc#PED-14511 Cross-References: * CVE-2024-11738 * CVE-2025-53013 * CVE-2025-54882 * CVE-2025-58160 * CVE-2026-25727 * CVE-2026-31979 * CVE-2026-34397 CVSS scores: * CVE-2024-11738 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-11738 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-11738 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-11738 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-53013 ( SUSE ): 4.3 CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-53013 ( SUSE ): 5.2 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2025-53013 ( NVD ): 5.2 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2025-54882 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-54882 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-54882 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-58160 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-58160 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2025-58160 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25727 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25727 ( NVD ): 6.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-31979 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-31979 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34397 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34397 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-34397 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-34397 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves seven vulnerabilities, contains one feature and has one security fix can now be installed. ## Description: This update for himmelblau fixes the following issues: Update to version 2.3.9+git0.a9fd29b; (jsc#PED-14511): * CVE-2026-34397: Fix LPE due to name collision during NSS fake-primary group lookup (bsc#1261324). * CVE-2026-31979: Fix race condition when accessiung /tmp/krb5cc_uid (bsc#1259548). * CVE-2026-25727: deps(rust): Bump the `all-cargo-updates` group with 8 updates (bsc#1257904). * CVE-2025-58160: deps(rust): Bump `tracing-subscriber` in the cargo group (bsc#1249013). * CVE-2025-54882: Fix Kerberos credential cache permissions (bsc#1247735). * CVE-2025-53013: Fix permitted authentication with invalid Hello PIN (bsc#1245437). * CVE-2024-11738: Fix `rustls` network-reachable panic in `Acceptor::accept` (bsc#1233949). Other bug fixes: * Fix SELinux module packaging to use standard policy macros (bsc#1258236). ## Patch Instructions: To install this SUSE update usethe SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1361=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 x86_64) * himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1 * himmelblau-debuginfo-2.3.9+git0.a9fd29b-150700.3.15.1 * libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1 * pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1 * Basesystem Module 15-SP7 (noarch) * himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2024-11738.html * https://www.suse.com/security/cve/CVE-2025-53013.html * https://www.suse.com/security/cve/CVE-2025-54882.html * https://www.suse.com/security/cve/CVE-2025-58160.html * https://www.suse.com/security/cve/CVE-2026-25727.html * https://www.suse.com/security/cve/CVE-2026-31979.html * https://www.suse.com/security/cve/CVE-2026-34397.html * https://bugzilla.suse.com/show_bug.cgi?id=1233949 * https://bugzilla.suse.com/show_bug.cgi?id=1245437 * https://bugzilla.suse.com/show_bug.cgi?id=1247735 * https://bugzilla.suse.com/show_bug.cgi?id=1249013 * https://bugzilla.suse.com/show_bug.cgi?id=1257904 * https://bugzilla.suse.com/show_bug.cgi?id=1258236 * https://bugzilla.suse.com/show_bug.cgi?id=1259548 * https://bugzilla.suse.com/show_bug.cgi?id=1261324 * https://jira.suse.com/browse/PED-14511 . SUSE update addresses seven issues, including security fixes for himmelblau and important updates.. SUSE Linux important fix, security patch himmelblau, local privilege escalation. . Severity: Important. LinuxSecurity.com Team
Apr 15, 2026
•Important
SuSE
202
security advisorymoderateupdateopenSUSE Tumbleweed Security Advisory openSUSE-CT-2026-30467-5 Quantum
An update that solves one vulnerability can now be installed.. # himmelblau-2.3.8+git0.dec3693-1.1 on GA media Announcement ID: openSUSE-SU-2026:10328-1 Rating: moderate Cross-References: * CVE-2026-31979 Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the himmelblau-2.3.8+git0.dec3693-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * himmelblau 2.3.8+git0.dec3693-1.1 * himmelblau-qr-greeter 2.3.8+git0.dec3693-1.1 * himmelblau-sshd-config 2.3.8+git0.dec3693-1.1 * himmelblau-sso 2.3.8+git0.dec3693-1.1 * libnss_himmelblau2 2.3.8+git0.dec3693-1.1 * pam-himmelblau 2.3.8+git0.dec3693-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31979.html . Upgrade himmelblau on openSUSE Tumbleweed to fix moderate security issues and enhance system safety.. openSUSE Tumbleweed, himmelblau update, security fix, moderate risks, software vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Mar 14, 2026
•Important
OpenSUSE
202
security advisorymoderatesecurity issueopenSUSE Tumbleweed himmelblau Moderate CVE-2026-25727 Notice 2026-10202-1
An update that solves one vulnerability can now be installed.. # himmelblau-2.3.5+git0.9dd526c-1.1 on GA media Announcement ID: openSUSE-SU-2026:10202-1 Rating: moderate Cross-References: * CVE-2026-25727 CVSS scores: * CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25727 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the himmelblau-2.3.5+git0.9dd526c-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * himmelblau 2.3.5+git0.9dd526c-1.1 * himmelblau-qr-greeter 2.3.5+git0.9dd526c-1.1 * himmelblau-sshd-config 2.3.5+git0.9dd526c-1.1 * himmelblau-sso 2.3.5+git0.9dd526c-1.1 * libnss_himmelblau2 2.3.5+git0.9dd526c-1.1 * pam-himmelblau 2.3.5+git0.9dd526c-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25727.html . Solve moderate security issue with himmelblau-2.3.5+git0.9dd526c-1.1 on openSUSE Tumbleweed. Get essential updates now.. openSUSE update,himmelblau security,security patch,moderate threat. . LinuxSecurity.com Team
Feb 15, 2026
OpenSUSE
100
security advisorySuSEprivilege escalationSUSE: Important Himmelblau Fix for CVE-2025-58160 Privilege Escalation
* bsc#1249013 * bsc#1250687 Cross-References: * CVE-2025-58160 . # Security update for himmelblau Announcement ID: SUSE-SU-2025:21158-1 Release Date: 2025-11-27T20:16:29Z Rating: important References: * bsc#1249013 * bsc#1250687 Cross-References: * CVE-2025-58160 * CVE-2025-59044 CVSS scores: * CVE-2025-58160 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-58160 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2025-58160 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-59044 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-59044 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for himmelblau fixes the following issues: * Update to version 0.9.23+git.0.9776141: * CVE-2025-59044: Fixed GID collision of same-name groups allowing privilege escalation (bsc#1250687) * deps(rust): bump the all-cargo-updates group * CVE-2025-58160: tracing-subscriber: Fixed log pollution (bsc#1249013) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-80=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-80=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 x86_64) * pam-himmelblau-0.9.23+git.0.9776141-160000.1.1 * himmelblau-debuginfo-0.9.23+git.0.9776141-160000.1.1 * himmelblau-0.9.23+git.0.9776141-160000.1.1 * himmelblau-qr-greeter-0.9.23+git.0.9776141-160000.1.1 * himmelblau-sso-debuginfo-0.9.23+git.0.9776141-160000.1.1 * himmelblau-sso-0.9.23+git.0.9776141-160000.1.1 * libnss_himmelblau2-0.9.23+git.0.9776141-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * himmelblau-sshd-config-0.9.23+git.0.9776141-160000.1.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (x86_64) * pam-himmelblau-0.9.23+git.0.9776141-160000.1.1 * himmelblau-debuginfo-0.9.23+git.0.9776141-160000.1.1 * himmelblau-0.9.23+git.0.9776141-160000.1.1 * himmelblau-qr-greeter-0.9.23+git.0.9776141-160000.1.1 * himmelblau-sso-debuginfo-0.9.23+git.0.9776141-160000.1.1 * himmelblau-sso-0.9.23+git.0.9776141-160000.1.1 * libnss_himmelblau2-0.9.23+git.0.9776141-160000.1.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * himmelblau-sshd-config-0.9.23+git.0.9776141-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-58160.html * https://www.suse.com/security/cve/CVE-2025-59044.html * https://bugzilla.suse.com/show_bug.cgi?id=1249013 * https://bugzilla.suse.com/show_bug.cgi?id=1250687 . Update it now to fix important issues like privilege escalation and log pollution for SUSE Himmelblau security.. SUSE security update, himmelblau issues, privilege escalation fix, Linux patch instructions, SUSE vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Dec 10, 2025
•Important
SuSE
202
security advisoryprivilege escalationimportantopenSUSE Leap 16.0: Himmelblau Important Security Update 2025-20114-1
An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.. openSUSE security update: security update for himmelblau ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20114-1 Rating: important References: * bsc#1249013 * bsc#1250687 Cross-References: * CVE-2025-58160 * CVE-2025-59044 CVSS scores: * CVE-2025-58160 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2025-58160 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-59044 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed. Description: This update for himmelblau fixes the following issues: - Update to version 0.9.23+git.0.9776141: * CVE-2025-59044: Fixed GID collision of same-name groups allowing privilege escalation (bsc#1250687) * deps(rust): bump the all-cargo-updates group * CVE-2025-58160: tracing-subscriber: Fixed log pollution (bsc#1249013) Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-80=1 Package List: - openSUSE Leap 16.0: himmelblau-0.9.23+git.0.9776141-160000.1.1 himmelblau-qr-greeter-0.9.23+git.0.9776141-160000.1.1 himmelblau-sshd-config-0.9.23+git.0.9776141-160000.1.1 himmelblau-sso-0.9.23+git.0.9776141-160000.1.1 libnss_himmelblau2-0.9.23+git.0.9776141-160000.1.1 pam-himmelblau-0.9.23+git.0.9776141-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2025-58160.html * https://www.suse.com/security/cve/CVE-2025-59044.html . Critical openSUSE update fixes two issues in himmelblau with important severity. Installrecommended patches now.. openSUSE updates, himmelblau security, privilege escalation fix, log pollution vulnerability. . Severity: Important. LinuxSecurity.com Team
Nov 28, 2025
•Important
OpenSUSE
100
security advisorysecurity issueSuSESUSE: himmelblau Low Input Risk CVE-2025-58160 Advisory 2025:3869-1
* bsc#1249013 Cross-References: * CVE-2025-58160 . # Security update for himmelblau Announcement ID: SUSE-SU-2025:3869-1 Release Date: 2025-10-30T13:45:10Z Rating: low References: * bsc#1249013 Cross-References: * CVE-2025-58160 CVSS scores: * CVE-2025-58160 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-58160 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2025-58160 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for himmelblau fixes the following issues: Update to version 0.7.18+git.0.8485a75. * CVE-2025-58160: tracing-subscriber: untrusted user input containing ANSI escape sequences could be injected into terminal output when logged (bsc#1249013). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3869=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 x86_64) * pam-himmelblau-0.7.18+git.0.8485a75-150700.3.6.1 * himmelblau-0.7.18+git.0.8485a75-150700.3.6.1 * libnss_himmelblau2-0.7.18+git.0.8485a75-150700.3.6.1 * himmelblau-debuginfo-0.7.18+git.0.8485a75-150700.3.6.1 * Basesystem Module 15-SP7 (noarch) * himmelblau-sshd-config-0.7.18+git.0.8485a75-150700.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-58160.html *https://bugzilla.suse.com/show_bug.cgi?id=1249013 . Critical security update for himmelblau in SUSE affecting enterprise modules, addressing untrusted user inputs.. SUSE Update, Himmelblau Security, CVE-2025-58160, Risk Management, Cybersecurity. . Severity: Low. LinuxSecurity.com Team
Oct 30, 2025
•Low
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!