An update that solves two vulnerabilities can now be installed.. # Security update for libheif Announcement ID: SUSE-SU-2026:2681-1 Release Date: 2026-06-29T13:27:52Z Rating: moderate References: * bsc#1261658 * bsc#1265878 Cross-References: * CVE-2026-32282 * CVE-2026-32814 CVSS scores: * CVE-2026-32282 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-32282 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32282 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32814 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-32814 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-32814 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 An update that solves two vulnerabilities can now be installed. ## Description: This update for libheif fixes the following issues * CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux (bsc#1261658). * CVE-2026-32814: Uninitialized Heap Memory Information Leak via Failed Grid Tiles (bsc#1265878). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2681=1 ## Package List: * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * libheif-devel-1.12.0-150400.3.20.1 * libheif-debugsource-1.12.0-150400.3.20.1 * gdk-pixbuf-loader-libheif-debuginfo-1.12.0-150400.3.20.1 * libheif1-debuginfo-1.12.0-150400.3.20.1 * gdk-pixbuf-loader-libheif-1.12.0-150400.3.20.1 * libheif1-1.12.0-150400.3.20.1 * openSUSE Leap 15.4 (x86_64) * libheif1-32bit-debuginfo-1.12.0-150400.3.20.1 * libheif1-32bit-1.12.0-150400.3.20.1 * openSUSE Leap 15.4 (aarch64_ilp32) *libheif1-64bit-debuginfo-1.12.0-150400.3.20.1 * libheif1-64bit-1.12.0-150400.3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32282.html * https://www.suse.com/security/cve/CVE-2026-32814.html * https://bugzilla.suse.com/show_bug.cgi?id=1261658 * https://bugzilla.suse.com/show_bug.cgi?id=1265878 . # Security update for libheif Announcement ID: SUSE-SU-2026:2681-1 Release Date: 2026-06-29T13:27:52. update, solves, vulnerabilities, installed, security, libheif, announ. . LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for libheif Announcement ID: SUSE-SU-2026:2681-1 Release Date: 2026-06-29T13:27:52Z Rating: moderate References: * bsc#1261658 * bsc#1265878 Cross-References: * CVE-2026-32282 * CVE-2026-32814 CVSS scores: * CVE-2026-32282 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-32282 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32282 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32814 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-32814 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-32814 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 An update that solves two vulnerabilities can now be installed. ## Description: This update for libheif fixes the following issues * CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux (bsc#1261658). * CVE-2026-32814: Uninitialized Heap Memory Information Leak via Failed Grid Tiles (bsc#1265878). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2681=1 ## Package List: * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * libheif-devel-1.12.0-150400.3.20.1 * libheif-debugsource-1.12.0-150400.3.20.1 * gdk-pixbuf-loader-libheif-debuginfo-1.12.0-150400.3.20.1 * libheif1-debuginfo-1.12.0-150400.3.20.1 * gdk-pixbuf-loader-libheif-1.12.0-150400.3.20.1 * libheif1-1.12.0-150400.3.20.1 * openSUSE Leap 15.4 (x86_64) * libheif1-32bit-debuginfo-1.12.0-150400.3.20.1 * libheif1-32bit-1.12.0-150400.3.20.1 * openSUSE Leap 15.4 (aarch64_ilp32) *libheif1-64bit-debuginfo-1.12.0-150400.3.20.1 * libheif1-64bit-1.12.0-150400.3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32282.html * https://www.suse.com/security/cve/CVE-2026-32814.html * https://bugzilla.suse.com/show_bug.cgi?id=1261658 * https://bugzilla.suse.com/show_bug.cgi?id=1265878 . Update for libheif fixes two vulnerabilities including root symlink privilege escalation and a memory leak issue.. SUSE libheif vulnerabilities update information leak root symlink. . LinuxSecurity.com Team
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for xtrabackup ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0221-1 Rating: moderate References: #1244285 Cross-References: CVE-2025-5918 CVSS scores: CVE-2025-5918 (SUSE): 2.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xtrabackup fixes the following issues: - CVE-2025-5918: embedded libarchive: Reading past EOF may be triggered for piped file streams (boo#1244285) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-221=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64): xtrabackup-2.4.26-bp157.2.6.1 xtrabackup-test-2.4.26-bp157.2.6.1 References: https://www.suse.com/security/cve/CVE-2025-5918.html https://bugzilla.suse.com/1244285 . Security update for xtrabackup on openSUSE addresses CVE-2025-5918 and other issues.. openSUSE update,xtrabackup security patch,moderate vulnerability,CVE-2025-5918,opensuse patch. . LinuxSecurity.com Team
Moderate: freeradius:3.0 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:2870", "synopsis": "Moderate: freeradius:3.0 security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for module.freeradius, freeradius.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network.\n\nSecurity Fix(es):\n\n* freeradius: Information leakage in EAP-PWD (CVE-2022-41859)\n\n* freeradius: Crash on unknown option in EAP-SIM (CVE-2022-41860)\n\n* freeradius: Crash on invalid abinary data (CVE-2022-41861)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2078483", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2078483", "description": ""}, {"ticket": "2078485", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2078485", "description": ""}, {"ticket": "2078487", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2078487", "description": ""}], "cves": [{"name": "CVE-2022-41859", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41859", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3BaseScore": "7.5", "cwe": "CWE-208"}, {"name": "CVE-2022-41860", "sourceBy": "MITRE", "sourceLink":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41860", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-476"}, {"name": "CVE-2022-41861", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41861", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-20"}], "references": [], "publishedAt": "2026-06-26T18:00:57.979049Z", "rpms": {"Rocky Linux 8": {"nvras": ["freeradius-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.src.rpm", "freeradius-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.x86_64.rpm", "freeradius-debuginfo-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "freeradius-debugsource-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "freeradius-devel-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.x86_64.rpm", "freeradius-doc-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.x86_64.rpm", "freeradius-krb5-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.x86_64.rpm", "freeradius-krb5-debuginfo-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "freeradius-ldap-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.x86_64.rpm", "freeradius-ldap-debuginfo-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "freeradius-mysql-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.x86_64.rpm", "freeradius-mysql-debuginfo-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "freeradius-perl-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.x86_64.rpm", "freeradius-perl-debuginfo-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "freeradius-postgresql-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.x86_64.rpm", "freeradius-postgresql-debuginfo-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "freeradius-rest-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.x86_64.rpm", "freeradius-rest-debuginfo-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "freeradius-sqlite-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.x86_64.rpm", "freeradius-sqlite-debuginfo-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm","freeradius-unixODBC-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.x86_64.rpm", "freeradius-unixODBC-debuginfo-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "freeradius-utils-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.x86_64.rpm", "freeradius-utils-debuginfo-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "python3-freeradius-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.x86_64.rpm", "python3-freeradius-debuginfo-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "freeradius-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "freeradius-devel-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "freeradius-doc-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "freeradius-krb5-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "freeradius-ldap-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "freeradius-mysql-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "freeradius-perl-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "freeradius-postgresql-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "freeradius-rest-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "freeradius-sqlite-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "freeradius-unixODBC-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "freeradius-utils-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm", "python3-freeradius-0:3.0.20-14.module+el8.8.0+1130+46a6e0a1.aarch64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Moderate security advisory for FreeRADIUS on Rocky Linux addressing critical information leakage and crashes.. FreeRADIUS Security Update, Rocky Linux Security Advisories, Moderate Vulnerability Impact. . LinuxSecurity.com Team
Multiple issues where found in u-boot, a cross-platform bootloader for embedded systems, which could lead to information leak and signature verification bypass. CVE-2024-42040 buffer overread vulnerability in the DHCP implementation. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4642-1
An update that solves 16 vulnerabilities can now be installed.. # Security update for distribution Announcement ID: SUSE-SU-2026:22159-1 Release Date: 2026-06-18T14:30:03Z Rating: important References: * bsc#1265429 * bsc#1265788 * bsc#1266049 * bsc#1266629 Cross-References: * CVE-2026-33814 * CVE-2026-39821 * CVE-2026-39827 * CVE-2026-39828 * CVE-2026-39829 * CVE-2026-39830 * CVE-2026-39831 * CVE-2026-39832 * CVE-2026-39833 * CVE-2026-39834 * CVE-2026-39835 * CVE-2026-41888 * CVE-2026-42508 * CVE-2026-46595 * CVE-2026-46597 * CVE-2026-46598 CVSS scores: * CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39821 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39827 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39828 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39828 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-39829 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39829 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39830 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39830 ( SUSE ): 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39830 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39831 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39832 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N * CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-39832 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39833 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39833 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39834 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-39835 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39835 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-41888 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-41888 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-41888 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41888 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-42508 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-42508 ( SUSE ): 8.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-42508 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46595 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46595 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-46597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46597 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46598 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46598 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves 16 vulnerabilities can now be installed. ## Description: This update for distribution fixes the following issues * CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1265788). * CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation (bsc#1266629). * CVE-2026-41888: tag deletion bypasses the storage.delete.enabled configuration (bsc#1265429). * CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266049). * CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266049). * CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266049). * CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses ingolang.org/x/crypto/ssh (bsc#1266049). * CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh (bsc#1266049). * CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent (bsc#1266049). * CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266049). * CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266049). * CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266049). * CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts (bsc#1266049). * CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh (bsc#1266049). * CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266049). * CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266049). Changes: * Bounds-check the file basename in PurgeUploads Walk callback * Add S3 Express One Zone support to the S3 storage driver * Fix tag list endpoint in proxy mode * Clamp oversized `n` query parameter in proxy mode instead of returning 400 * See the full changelog below for the full list of changes. * internal/client/auth/challenge: cleanups and minor refactor * build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp from 0.18.0 to 0.19.0 in the go_modules group across 1 directory * build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otl ptrace/otlptracehttp from 1.42.0 to 1.43.0 in the go_modules group across 1 directory * build(deps): bump github/codeql-action from 4.34.1 to 4.35.1 * chore(build): Bump go version to latest * refactor: use slices.Backward to simplify the code * fix(proxy): fix tag list endpoint inproxy mode * Update docker-compose structure in deploying.md * build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 * build(deps): bump actions/upload-pages-artifact from 4.0.0 to 5.0.0 * build(deps): bump docker/login-action from 4.0.0 to 4.1.0 * build(deps): bump docker/bake-action from 7.0.0 to 7.1.0 * fix(proxy): clamp oversized n query param instead of * feat(s3): add express zone one support to S3 driver * fix(storage): bounds-check the file basename in PurgeUploads Walk callback * chore(release): prepare for v3.1.1 release ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-949=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-949=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * distribution-registry-3.1.1-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * distribution-registry-3.1.1-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33814.html * https://www.suse.com/security/cve/CVE-2026-39821.html * https://www.suse.com/security/cve/CVE-2026-39827.html * https://www.suse.com/security/cve/CVE-2026-39828.html * https://www.suse.com/security/cve/CVE-2026-39829.html * https://www.suse.com/security/cve/CVE-2026-39830.html * https://www.suse.com/security/cve/CVE-2026-39831.html * https://www.suse.com/security/cve/CVE-2026-39832.html * https://www.suse.com/security/cve/CVE-2026-39833.html * https://www.suse.com/security/cve/CVE-2026-39834.html * https://www.suse.com/security/cve/CVE-2026-39835.html * https://www.suse.com/security/cve/CVE-2026-41888.html * https://www.suse.com/security/cve/CVE-2026-42508.html * https://www.suse.com/security/cve/CVE-2026-46595.html *https://www.suse.com/security/cve/CVE-2026-46597.html * https://www.suse.com/security/cve/CVE-2026-46598.html * https://bugzilla.suse.com/show_bug.cgi?id=1265429 * https://bugzilla.suse.com/show_bug.cgi?id=1265788 * https://bugzilla.suse.com/show_bug.cgi?id=1266049 * https://bugzilla.suse.com/show_bug.cgi?id=1266629 . SUSE updates address 16 issues including important fixes for DoS, privilege escalation, and information leak vulnerabilities.. SUSE Security Patch, Important Update, Information Leak Fix, System Integrity, Privilege Escalation. . LinuxSecurity.com Team
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable distribution (trixie), these problems have been fixed in version 6.12.94-1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6355-1
An update that solves two vulnerabilities and has one security fix can now be installed.. # Security update for qemu Announcement ID: SUSE-SU-2026:2388-1 Release Date: 2026-06-12T13:59:31Z Rating: moderate References: * bsc#1199023 * bsc#1258509 * bsc#1262089 Cross-References: * CVE-2026-2243 * CVE-2026-3842 CVSS scores: * CVE-2026-2243 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-2243 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-2243 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-3842 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-3842 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for qemu fixes the following issues: Security fixes: * CVE-2026-2243: incorrect bounds check leads to heap out-of-bounds read and a 12-byte information leak when processing specially crafted VMDK files (bsc#1258509). * CVE-2026-3842: hyperv/syndbg: missing mapped-length guard after cpu_physical_memory_map causes host OOB write (bsc#1262089). Other fixes: * [openSUSE] qemu-ga: fix service file against no-autostart (bsc#1199023) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-2388=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-2388=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-2388=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * qemu-ivshmem-tools-7.1.0-150500.49.42.1 * qemu-audio-dbus-debuginfo-7.1.0-150500.49.42.1 * qemu-ppc-debuginfo-7.1.0-150500.49.42.1 * qemu-chardev-spice-debuginfo-7.1.0-150500.49.42.1 * qemu-hw-s390x-virtio-gpu-ccw-7.1.0-150500.49.42.1 * qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.42.1 * qemu-ui-spice-core-7.1.0-150500.49.42.1 * qemu-ui-opengl-debuginfo-7.1.0-150500.49.42.1 * qemu-block-ssh-7.1.0-150500.49.42.1 * qemu-guest-agent-debuginfo-7.1.0-150500.49.42.1 * qemu-audio-alsa-7.1.0-150500.49.42.1 * qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.42.1 * qemu-ui-spice-core-debuginfo-7.1.0-150500.49.42.1 * qemu-hw-usb-smartcard-debuginfo-7.1.0-150500.49.42.1 * qemu-block-iscsi-7.1.0-150500.49.42.1 * qemu-audio-jack-7.1.0-150500.49.42.1 * qemu-audio-alsa-debuginfo-7.1.0-150500.49.42.1 * qemu-s390x-debuginfo-7.1.0-150500.49.42.1 * qemu-x86-7.1.0-150500.49.42.1 * qemu-extra-debuginfo-7.1.0-150500.49.42.1 * qemu-block-curl-debuginfo-7.1.0-150500.49.42.1 * qemu-extra-7.1.0-150500.49.42.1 * qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.42.1 * qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.42.1 * qemu-arm-debuginfo-7.1.0-150500.49.42.1 * qemu-ui-spice-app-7.1.0-150500.49.42.1 * qemu-7.1.0-150500.49.42.1 * qemu-debuginfo-7.1.0-150500.49.42.1 * qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.42.1 * qemu-block-nfs-7.1.0-150500.49.42.1 * qemu-block-nfs-debuginfo-7.1.0-150500.49.42.1 * qemu-chardev-spice-7.1.0-150500.49.42.1 * qemu-x86-debuginfo-7.1.0-150500.49.42.1 * qemu-block-iscsi-debuginfo-7.1.0-150500.49.42.1 * qemu-linux-user-debuginfo-7.1.0-150500.49.42.1 * qemu-block-dmg-7.1.0-150500.49.42.1 * qemu-hw-display-qxl-7.1.0-150500.49.42.1 * qemu-audio-jack-debuginfo-7.1.0-150500.49.42.1 *qemu-hw-display-virtio-gpu-7.1.0-150500.49.42.1 * qemu-accel-qtest-7.1.0-150500.49.42.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-7.1.0-150500.49.42.1 * qemu-headless-7.1.0-150500.49.42.1 * qemu-ui-curses-7.1.0-150500.49.42.1 * qemu-audio-pa-7.1.0-150500.49.42.1 * qemu-block-ssh-debuginfo-7.1.0-150500.49.42.1 * qemu-arm-7.1.0-150500.49.42.1 * qemu-accel-tcg-x86-7.1.0-150500.49.42.1 * qemu-guest-agent-7.1.0-150500.49.42.1 * qemu-ui-spice-app-debuginfo-7.1.0-150500.49.42.1 * qemu-hw-usb-smartcard-7.1.0-150500.49.42.1 * qemu-ui-dbus-7.1.0-150500.49.42.1 * qemu-debugsource-7.1.0-150500.49.42.1 * qemu-tools-debuginfo-7.1.0-150500.49.42.1 * qemu-ivshmem-tools-debuginfo-7.1.0-150500.49.42.1 * qemu-block-dmg-debuginfo-7.1.0-150500.49.42.1 * qemu-vhost-user-gpu-debuginfo-7.1.0-150500.49.42.1 * qemu-ui-dbus-debuginfo-7.1.0-150500.49.42.1 * qemu-audio-spice-debuginfo-7.1.0-150500.49.42.1 * qemu-block-gluster-debuginfo-7.1.0-150500.49.42.1 * qemu-s390x-7.1.0-150500.49.42.1 * qemu-ppc-7.1.0-150500.49.42.1 * qemu-linux-user-debugsource-7.1.0-150500.49.42.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-7.1.0-150500.49.42.1 * qemu-ui-gtk-debuginfo-7.1.0-150500.49.42.1 * qemu-hw-usb-host-7.1.0-150500.49.42.1 * qemu-ui-curses-debuginfo-7.1.0-150500.49.42.1 * qemu-chardev-baum-debuginfo-7.1.0-150500.49.42.1 * qemu-vhost-user-gpu-7.1.0-150500.49.42.1 * qemu-accel-qtest-debuginfo-7.1.0-150500.49.42.1 * qemu-block-gluster-7.1.0-150500.49.42.1 * qemu-hw-display-virtio-vga-7.1.0-150500.49.42.1 * qemu-tools-7.1.0-150500.49.42.1 * qemu-audio-pa-debuginfo-7.1.0-150500.49.42.1 * qemu-ui-gtk-7.1.0-150500.49.42.1 * qemu-audio-oss-7.1.0-150500.49.42.1 * qemu-audio-oss-debuginfo-7.1.0-150500.49.42.1 * qemu-ksm-7.1.0-150500.49.42.1 * qemu-hw-usb-host-debuginfo-7.1.0-150500.49.42.1 * qemu-audio-spice-7.1.0-150500.49.42.1 * qemu-chardev-baum-7.1.0-150500.49.42.1 *qemu-block-curl-7.1.0-150500.49.42.1 * qemu-audio-dbus-7.1.0-150500.49.42.1 * qemu-hw-usb-redirect-7.1.0-150500.49.42.1 * qemu-linux-user-7.1.0-150500.49.42.1 * qemu-ui-opengl-7.1.0-150500.49.42.1 * qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.42.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * qemu-block-rbd-7.1.0-150500.49.42.1 * qemu-block-rbd-debuginfo-7.1.0-150500.49.42.1 * openSUSE Leap 15.5 (s390x x86_64 i586) * qemu-kvm-7.1.0-150500.49.42.1 * openSUSE Leap 15.5 (noarch) * qemu-vgabios-1.16.0_0_gd239552-150500.49.42.1 * qemu-sgabios-8-150500.49.42.1 * qemu-microvm-7.1.0-150500.49.42.1 * qemu-SLOF-7.1.0-150500.49.42.1 * qemu-seabios-1.16.0_0_gd239552-150500.49.42.1 * qemu-skiboot-7.1.0-150500.49.42.1 * qemu-ipxe-1.0.0+-150500.49.42.1 * qemu-lang-7.1.0-150500.49.42.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * qemu-7.1.0-150500.49.42.1 * qemu-chardev-spice-debuginfo-7.1.0-150500.49.42.1 * qemu-debuginfo-7.1.0-150500.49.42.1 * qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.42.1 * qemu-debugsource-7.1.0-150500.49.42.1 * qemu-tools-debuginfo-7.1.0-150500.49.42.1 * qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.42.1 * qemu-hw-display-virtio-vga-7.1.0-150500.49.42.1 * qemu-ui-spice-core-7.1.0-150500.49.42.1 * qemu-ui-opengl-debuginfo-7.1.0-150500.49.42.1 * qemu-guest-agent-debuginfo-7.1.0-150500.49.42.1 * qemu-chardev-spice-7.1.0-150500.49.42.1 * qemu-tools-7.1.0-150500.49.42.1 * qemu-ui-spice-core-debuginfo-7.1.0-150500.49.42.1 * qemu-hw-display-qxl-7.1.0-150500.49.42.1 * qemu-audio-spice-debuginfo-7.1.0-150500.49.42.1 * qemu-hw-display-virtio-gpu-7.1.0-150500.49.42.1 * qemu-audio-spice-7.1.0-150500.49.42.1 * qemu-block-curl-7.1.0-150500.49.42.1 * qemu-block-curl-debuginfo-7.1.0-150500.49.42.1 * qemu-hw-usb-redirect-7.1.0-150500.49.42.1 * qemu-ui-opengl-7.1.0-150500.49.42.1 *qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.42.1 * qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.42.1 * qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.42.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-7.1.0-150500.49.42.1 * qemu-guest-agent-7.1.0-150500.49.42.1 * SUSE Linux Enterprise Micro 5.5 (s390x) * qemu-s390x-7.1.0-150500.49.42.1 * qemu-s390x-debuginfo-7.1.0-150500.49.42.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * qemu-x86-debuginfo-7.1.0-150500.49.42.1 * qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.42.1 * qemu-x86-7.1.0-150500.49.42.1 * qemu-accel-tcg-x86-7.1.0-150500.49.42.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * qemu-vgabios-1.16.0_0_gd239552-150500.49.42.1 * qemu-sgabios-8-150500.49.42.1 * qemu-SLOF-7.1.0-150500.49.42.1 * qemu-seabios-1.16.0_0_gd239552-150500.49.42.1 * qemu-ipxe-1.0.0+-150500.49.42.1 * SUSE Linux Enterprise Micro 5.5 (aarch64) * qemu-arm-debuginfo-7.1.0-150500.49.42.1 * qemu-arm-7.1.0-150500.49.42.1 * SUSE Linux Enterprise Micro 5.5 (ppc64le) * qemu-ppc-debuginfo-7.1.0-150500.49.42.1 * qemu-ppc-7.1.0-150500.49.42.1 * Server Applications Module 15-SP7 (noarch) * qemu-sgabios-8-150500.49.42.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2243.html * https://www.suse.com/security/cve/CVE-2026-3842.html * https://bugzilla.suse.com/show_bug.cgi?id=1199023 * https://bugzilla.suse.com/show_bug.cgi?id=1258509 * https://bugzilla.suse.com/show_bug.cgi?id=1262089 . # Security update for qemu Announcement ID: SUSE-SU-2026:2388-1 Release Date: 2026-06-12T13:59:31Z R. security, update, solves, vulnerabilities, installed. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.