Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 1,390 articles for you...
202

openSUSE ImageMagick Important Fix for 15 Vulnerabilities 2026-3053-1

An update that solves 15 vulnerabilities and has one security fix can now be installed.. # Security update for ImageMagick Announcement ID: SUSE-SU-2026:3053-1 Release Date: 2026-07-15T13:18:11Z Rating: important References: * bsc#1268640 * bsc#1268645 * bsc#1268878 * bsc#1268879 * bsc#1268880 * bsc#1269063 * bsc#1269064 * bsc#1270001 * bsc#1270002 * bsc#1270003 * bsc#1270004 * bsc#1270073 * bsc#1270074 * bsc#1270077 * bsc#1270079 * bsc#1270080 Cross-References: * CVE-2026-53466 * CVE-2026-53467 * CVE-2026-55594 * CVE-2026-55595 * CVE-2026-55597 * CVE-2026-56361 * CVE-2026-56363 * CVE-2026-56364 * CVE-2026-56365 * CVE-2026-56367 * CVE-2026-56368 * CVE-2026-56370 * CVE-2026-56371 * CVE-2026-56376 * CVE-2026-56379 CVSS scores: * CVE-2026-53466 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-53466 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-53466 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-53467 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-53467 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-53467 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-55594 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-55594 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-55594 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-55595 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-55595 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-55595 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-55597 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-55597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H *CVE-2026-55597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-56361 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-56361 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-56361 ( NVD ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56361 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-56361 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-56363 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-56363 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-56363 ( NVD ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56363 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-56364 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56364 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56364 ( NVD ): 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56364 ( NVD ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56365 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-56365 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56365 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56365 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56365 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56367 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-56367 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56367 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-56367 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-56368 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-56368 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56368 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56368 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-56368 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56370 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-56370 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-56370 ( NVD ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56370 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-56370 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-56371 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-56371 ( SUSE ): 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56371 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56371 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56371 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56376 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-56376 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-56376 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56376 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56376 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-56379 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-56379 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-56379 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56379 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-56379 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-56379 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP7 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE LinuxEnterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 15 vulnerabilities and has one security fix can now be installed. ## Description: This update for ImageMagick fixes the following issues * CVE-2026-53466: integer overflow in the XCF decoder can result in an out-of- bounds read when a crafted image is read (bsc#1270073). * CVE-2026-53467: allocated memory left unchanged in the MNG decoder can lead to a heap information disclosure (bsc#1270074). * CVE-2026-55594: missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided (bsc#1270077). * CVE-2026-55595: providing invalid arguments to the `connected-components` option can lead to an infinite loop (bsc#1270079). * CVE-2026-55597: incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder (bsc#1270080). * CVE-2026-56361: off-by-one error in morphology validation can lead to an out-of-bounds read (bsc#1270001). * CVE-2026-56363: integer overflow leading to a division by zero in binomial kernel processing can cause an application crash (bsc#1270002). * CVE-2026-56364: memory leak in `LoadOpenCLDeviceBenchmark` function when parsing malformed OpenCL device profile XML files with unclosed device elements (bsc#1270003). * CVE-2026-56365: memory leak in PNG encoder when writing a MNG image (bsc#1270004). * CVE-2026-56367: integer overflow inthe PSB (PSD v2) RLE decoding path can lead to an heap out-of-bounds read (bsc#1268645). * CVE-2026-56368: improper memory management can lead to memory leak in multiple coders that write raw pixel data (bsc#1269064). * CVE-2026-56370: out-of-bounds access in `ConnectedComponentsImage()` when processing `connected-components:*` artifacts with invalid indices (bsc#1269063). * CVE-2026-56371: memory leak in `coders/txt.c` when processing TXT files with texture attributes (bsc#1268879). * CVE-2026-56376: heap use-after-free in the meta coder can lead to denial of service via specially crafted image files (bsc#1268880). * CVE-2026-56379: arbitrary MVG drawing command injection via the SVG decoder when processing specially crafted SVG files (bsc#1268878). * GHSA-3j4x-rwrx-xxj9: possible use-after-free write in PDB decoder (bsc#1268640). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-3053=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-3053=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-3053=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-3053=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-3053=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3053=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-3053=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-3053=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-3053=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3053=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-3053=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-3053=1 ## Package List: * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * ImageMagick-devel-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1 * ImageMagick-7.1.0.9-150400.6.96.1 * libMagick++-devel-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 * perl-PerlMagick-7.1.0.9-150400.6.96.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1 * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * ImageMagick-extra-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-devel-7.1.0.9-150400.6.96.1 * ImageMagick-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1 * libMagick++-devel-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-extra-7.1.0.9-150400.6.96.1 *libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 * perl-PerlMagick-7.1.0.9-150400.6.96.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libMagickCore-7_Q16HDRI10-64bit-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-64bit-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-64bit-7.1.0.9-150400.6.96.1 * ImageMagick-devel-64bit-7.1.0.9-150400.6.96.1 * libMagick++-devel-64bit-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.0.9-150400.6.96.1 * openSUSE Leap 15.4 (x86_64) * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.96.1 * libMagick++-devel-32bit-7.1.0.9-150400.6.96.1 * ImageMagick-devel-32bit-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.96.1 * openSUSE Leap 15.4 (noarch) * ImageMagick-doc-7.1.0.9-150400.6.96.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * ImageMagick-devel-7.1.0.9-150400.6.96.1 * ImageMagick-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1 * libMagick++-devel-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 *libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 * perl-PerlMagick-7.1.0.9-150400.6.96.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * ImageMagick-devel-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1 * ImageMagick-7.1.0.9-150400.6.96.1 * libMagick++-devel-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 * perl-PerlMagick-7.1.0.9-150400.6.96.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * ImageMagick-devel-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1 * ImageMagick-7.1.0.9-150400.6.96.1 * libMagick++-devel-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 *perl-PerlMagick-7.1.0.9-150400.6.96.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * ImageMagick-devel-7.1.0.9-150400.6.96.1 * ImageMagick-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1 * libMagick++-devel-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 * perl-PerlMagick-7.1.0.9-150400.6.96.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * ImageMagick-devel-7.1.0.9-150400.6.96.1 * ImageMagick-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1 * libMagick++-devel-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 * perl-PerlMagick-7.1.0.9-150400.6.96.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * ImageMagick-devel-7.1.0.9-150400.6.96.1 *ImageMagick-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1 * libMagick++-devel-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 * perl-PerlMagick-7.1.0.9-150400.6.96.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * ImageMagick-devel-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1 * ImageMagick-7.1.0.9-150400.6.96.1 * libMagick++-devel-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 * perl-PerlMagick-7.1.0.9-150400.6.96.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 * SUSE Linux EnterpriseServer for SAP Applications 15 SP6 (ppc64le x86_64) * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 ## References: * https://www.suse.com/security/cve/CVE-2026-53466.html * https://www.suse.com/security/cve/CVE-2026-53467.html * https://www.suse.com/security/cve/CVE-2026-55594.html * https://www.suse.com/security/cve/CVE-2026-55595.html * https://www.suse.com/security/cve/CVE-2026-55597.html * https://www.suse.com/security/cve/CVE-2026-56361.html * https://www.suse.com/security/cve/CVE-2026-56363.html * https://www.suse.com/security/cve/CVE-2026-56364.html * https://www.suse.com/security/cve/CVE-2026-56365.html * https://www.suse.com/security/cve/CVE-2026-56367.html * https://www.suse.com/security/cve/CVE-2026-56368.html * https://www.suse.com/security/cve/CVE-2026-56370.html * https://www.suse.com/security/cve/CVE-2026-56371.html * https://www.suse.com/security/cve/CVE-2026-56376.html * https://www.suse.com/security/cve/CVE-2026-56379.html * https://bugzilla.suse.com/show_bug.cgi?id=1268640 * https://bugzilla.suse.com/show_bug.cgi?id=1268645 * https://bugzilla.suse.com/show_bug.cgi?id=1268878 * https://bugzilla.suse.com/show_bug.cgi?id=1268879 * https://bugzilla.suse.com/show_bug.cgi?id=1268880 * https://bugzilla.suse.com/show_bug.cgi?id=1269063 * https://bugzilla.suse.com/show_bug.cgi?id=1269064 * https://bugzilla.suse.com/show_bug.cgi?id=1270001 * https://bugzilla.suse.com/show_bug.cgi?id=1270002 * https://bugzilla.suse.com/show_bug.cgi?id=1270003 * https://bugzilla.suse.com/show_bug.cgi?id=1270004 * https://bugzilla.suse.com/show_bug.cgi?id=1270073 * https://bugzilla.suse.com/show_bug.cgi?id=1270074 * https://bugzilla.suse.com/show_bug.cgi?id=1270077 * https://bugzilla.suse.com/show_bug.cgi?id=1270079 * https://bugzilla.suse.com/show_bug.cgi?id=1270080 . Update resolves 15 vulnerabilities in ImageMagick for openSUSE with importantsecurity fixes and installation instructions.. ImageMagick update, openSUSE security, vulnerability fix, memory management, software patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 15, 2026 Important OpenSUSE
202

openSUSE libslirp Moderate Memory Leak Integer Underflow CVE-2026-9539

An update that solves one vulnerability can now be installed.. # Security update for libslirp Announcement ID: SUSE-SU-2026:2886-1 Release Date: 2026-07-13T10:09:11Z Rating: moderate References: * bsc#1268903 Cross-References: * CVE-2026-9539 CVSS scores: * CVE-2026-9539 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2026-9539 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for libslirp fixes the following issues: * CVE-2026-9539: crafted TCP segment with manipulated URG flags and urgent pointers can cause an integer underflow and host-heap memory leak (bsc#1268903). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2886=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2886=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-2886=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2886=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2886=1 ## Package List: * openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64) * libslirp-debugsource-4.7.0+44-150300.18.1 * libslirp-devel-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 * libslirp0-debuginfo-4.7.0+44-150300.18.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libslirp-debugsource-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 *libslirp0-debuginfo-4.7.0+44-150300.18.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libslirp-debugsource-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 * libslirp0-debuginfo-4.7.0+44-150300.18.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libslirp0-debuginfo-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 * libslirp-debugsource-4.7.0+44-150300.18.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libslirp0-debuginfo-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 * libslirp-debugsource-4.7.0+44-150300.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-9539.html * https://bugzilla.suse.com/show_bug.cgi?id=1268903 . # Security update for libslirp Announcement ID: SUSE-SU-2026:2886-1 Release Date: 2026-07-13T10:09:1. update, solves, vulnerability, installed, security, libslirp, announc. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 moderate OpenSUSE
100

SUSE libslirp Moderate Memory Leak Threat Security Update 2026-2886-1

An update that solves one vulnerability can now be installed.. # Security update for libslirp Announcement ID: SUSE-SU-2026:2886-1 Release Date: 2026-07-13T10:09:11Z Rating: moderate References: * bsc#1268903 Cross-References: * CVE-2026-9539 CVSS scores: * CVE-2026-9539 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2026-9539 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for libslirp fixes the following issues: * CVE-2026-9539: crafted TCP segment with manipulated URG flags and urgent pointers can cause an integer underflow and host-heap memory leak (bsc#1268903). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2886=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2886=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-2886=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2886=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2886=1 ## Package List: * openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64) * libslirp-debugsource-4.7.0+44-150300.18.1 * libslirp-devel-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 * libslirp0-debuginfo-4.7.0+44-150300.18.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libslirp-debugsource-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 *libslirp0-debuginfo-4.7.0+44-150300.18.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libslirp-debugsource-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 * libslirp0-debuginfo-4.7.0+44-150300.18.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libslirp0-debuginfo-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 * libslirp-debugsource-4.7.0+44-150300.18.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libslirp0-debuginfo-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 * libslirp-debugsource-4.7.0+44-150300.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-9539.html * https://bugzilla.suse.com/show_bug.cgi?id=1268903 . SUSE releases a moderate security update for libslirp addressing CVE-2026-9539, improving system stability.. SUSE Linux, libslirp update, system security, openSUSE Leap. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 moderate SuSE
202

openSUSE python-maturin Important OpenSSL Issues Fix Advisory 2026-2811-1

An update that solves eight vulnerabilities can now be installed.. # Security update for python-maturin Announcement ID: SUSE-SU-2026:2811-1 Release Date: 2026-07-09T06:25:49Z Rating: important References: * bsc#1270208 * bsc#1270515 * bsc#1270620 * bsc#1270706 * bsc#1270772 * bsc#1270801 * bsc#1270936 * bsc#1270994 Cross-References: * CVE-2026-41676 * CVE-2026-41677 * CVE-2026-41678 * CVE-2026-41681 * CVE-2026-41898 * CVE-2026-42327 * CVE-2026-44662 * CVE-2026-45784 CVSS scores: * CVE-2026-41676 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-41676 ( NVD ): 7.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41676 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-41677 ( SUSE ): 1.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U * CVE-2026-41677 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-41677 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41677 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-41678 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-41678 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-41678 ( NVD ): 7.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41678 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-41681 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-41681 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-41681 ( NVD ): 8.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41681 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-41898 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-41898 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L * CVE-2026-41898 ( NVD ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41898 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-42327 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-42327 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-42327 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-44662 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-44662 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-44662 ( NVD ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-45784 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-45784 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: * openSUSE Leap 15.6 An update that solves eight vulnerabilities can now be installed. ## Description: This update for python-maturin fixesthe following issues * CVE-2026-41676: openssl: `Deriver:derive` and `PkeyCtxRef:derive` can overflow short buffers on OpenSSL 1.1.1 (bsc#1270208). * CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length (bsc#1270620). * CVE-2026-41678: openssl: out-of-bounds write due to incorrect bounds assertion in `aes::unwrap_key()` (bsc#1270706). * CVE-2026-41681: openssl: `MdCtxRef::digest_final()` writes past caller buffer with no length check (bsc#1270772). * CVE-2026-41898: openssl: unchecked callback-returned length in PSK and cookie generate trampolines can leak adjacent memory to the network (bsc#1270801). * CVE-2026-42327: openssl: undefined behavior in `X509Ref::ocsp_responders` for certificates with non-UTF-8 OCSP URLs (bsc#1270515). * CVE-2026-44662: openssl: heap buffer overflow when encrypting with AES key- wrap-with-padding due to incorrectly sized output buffers (bsc#1270936). * CVE-2026-45784: openssl: out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers due to incorrectly sized output buffer (bsc#1270994). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2811=1 ## Package List: * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * python311-maturin-1.4.0-150600.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41676.html * https://www.suse.com/security/cve/CVE-2026-41677.html * https://www.suse.com/security/cve/CVE-2026-41678.html * https://www.suse.com/security/cve/CVE-2026-41681.html * https://www.suse.com/security/cve/CVE-2026-41898.html * https://www.suse.com/security/cve/CVE-2026-42327.html * https://www.suse.com/security/cve/CVE-2026-44662.html * https://www.suse.com/security/cve/CVE-2026-45784.html *https://bugzilla.suse.com/show_bug.cgi?id=1270208 * https://bugzilla.suse.com/show_bug.cgi?id=1270515 * https://bugzilla.suse.com/show_bug.cgi?id=1270620 * https://bugzilla.suse.com/show_bug.cgi?id=1270706 * https://bugzilla.suse.com/show_bug.cgi?id=1270772 * https://bugzilla.suse.com/show_bug.cgi?id=1270801 * https://bugzilla.suse.com/show_bug.cgi?id=1270936 * https://bugzilla.suse.com/show_bug.cgi?id=1270994 . Find out how openSUSE addresses important vulnerabilities in python-maturin with this latest security advisory update.. openSUSE python-maturin security patch important vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 09, 2026 Important OpenSUSE
100

SUSE Important Security Update for netty Denial of Service 2026-2802-1

An update that solves 18 vulnerabilities can now be installed.. # Security update for netty, netty-tcnative Announcement ID: SUSE-SU-2026:2802-1 Release Date: 2026-07-08T19:06:45Z Rating: important References: * bsc#1268165 * bsc#1268169 * bsc#1268170 * bsc#1268244 * bsc#1268246 * bsc#1268247 * bsc#1268248 * bsc#1268249 * bsc#1268250 * bsc#1268251 * bsc#1268252 * bsc#1268255 * bsc#1268257 * bsc#1268258 * bsc#1268259 * bsc#1268260 * bsc#1268261 * bsc#1268262 Cross-References: * CVE-2026-44249 * CVE-2026-44250 * CVE-2026-44890 * CVE-2026-44893 * CVE-2026-45416 * CVE-2026-45536 * CVE-2026-45673 * CVE-2026-45674 * CVE-2026-46340 * CVE-2026-47244 * CVE-2026-47691 * CVE-2026-48006 * CVE-2026-48043 * CVE-2026-48059 * CVE-2026-50010 * CVE-2026-50011 * CVE-2026-50020 * CVE-2026-50560 CVSS scores: * CVE-2026-44249 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44249 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-44249 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-44249 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-44250 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44250 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44250 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44250 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44890 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44890 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44890 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44890 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44893 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44893 ( SUSE ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44893 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44893 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45416 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-45416 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-45536 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-45536 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-45673 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N * CVE-2026-45673 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2026-45673 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2026-45674 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N * CVE-2026-45674 ( SUSE ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-45674 ( NVD ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-45674 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-45674 ( NVD ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-46340 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46340 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46340 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-47244 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-47244 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-47244 ( NVD ): 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-47691 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N * CVE-2026-47691 ( SUSE ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-47691 ( NVD ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-47691 ( NVD ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-47691 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-48006 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48006 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48006 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-48006 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48006 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48043 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48043 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48043 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48043 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-48043 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48059 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48059 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48059 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-48059 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48059 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-50010 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-50010 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-50010 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-50010 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-50011 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-50011 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-50011 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-50011 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-50020 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-50020 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-50020 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-50560 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-50560 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-50560 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-50560 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux EnterpriseServer 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves 18 vulnerabilities can now be installed. ## Description: This update for netty, netty-tcnative fixes the following issue This update for netty, netty-tcnative fixes the following issues Upgrade netty to upstream version 4.1.135, netty-tcnative to upstream version 2.0.79: * CVE-2026-44249: IPv6 Subnet Filter Bypass via Incorrect Comparator Masking (bsc#1268165). * CVE-2026-44250: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays (bsc#1268169). * CVE-2026-44890: Unbounded Direct Memory Consumption in RedisDecoder (bsc#1268170). * CVE-2026-44893: netty-codec-haproxy: Denial of Service via malformed HAProxy message (bsc#1268244). * CVE-2026-45416: SNI handler pre-allocates up to 16 MiB from nine attacker bytes (bsc#1268246). * CVE-2026-45536: Unix-socket fd receive leaks descriptors when peer sends two at once (bsc#1268247). * CVE-2026-45673: netty-resolver-dns: DNS Cache Poisoning via predictable transaction IDs (bsc#1268248). * CVE-2026-45674: DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records (bsc#1268249). * CVE-2026-46340: netty-transport-sctp: Denial of Service due to unbounded memory growth from SctpMessage fragments (bsc#1268250). * CVE-2026-47244: HTTP/2: Advertised MAX_CONCURRENT_STREAMS not enforced (bsc#1268251). * CVE-2026-47691: Insufficient Bailiwick Validation for NS Records (bsc#1268252). * CVE-2026-48006: netty-codec-redis: Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator (bsc#1268255). * CVE-2026-48043:netty-codec-http2: Denial of Service due to resource leak (bsc#1268257). * CVE-2026-48059: netty-codec-haproxy: Denial of Service via memory leak from crafted PROXY protocol headers (bsc#1268258). * CVE-2026-50010: Wrapping plain trust manager silently disables hostname verification (bsc#1268259). * CVE-2026-50011: Unbounded pre-allocation in RedisArrayAggregator from RESP array length (bsc#1268260). * CVE-2026-50020: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted (bsc#1268261). * CVE-2026-50560: Netty susceptible to HTTP/2 Reset Attack with different on- the-wire signature (bsc#1268262). Changes: * MQTT: Allow MQTT 5 CONNECT with password only * ChannelInitializer: correct misleading comment on exceptionCaught route * HTTP/2: Parse request-target path like Vert.x (4.1 backport) * HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted * IpSubnetFilter: Correctly handle ipv6 * Configurable bound on RedisArrayAggregator * Redis: Limit decoded length * DNS: Ensure query id is not predictible * Wrapping plain trust manager silently disables hostname verification * MQTT: Reject malformed no-payload packets with non-zero Remaining Length * HAProxy: Reject HAProxyMessages with malformated TLV and not leak memory * SSL: Use sane defaults as limits for the client hello length and timeout * DNS: Only cache CNAME if part of the queried domain * HTTP/2: Enforce max concurrent streams for misbehaving clients * Dns: Insufficient Bailiwick Validation for NS Records * HTTP2: DelegatingDecompressorFrameListener must release memory in all cases * Pass maxAllocation to Brotli and Zstd decoders * HTTP/2: Treat clients MAX_HEADER_LIST_SIZE as advisory * Add maxWindowLog parameter to ZstdDecoder to bound memory allocation * HAProxy: Fix ByteBuf leak when parsing nested SSL TLVs * Epoll / Kqueue: Correctly handle receive of FD * SCTP:Limit the number of inflight incomplete SCTP messages and the number of fragments * Redis: Correctly release incomplete message on removal when using RedisArrayAggregator * Redis: Limit the maximum number of nested arrays * HTTP: Re-add constructor to HttpProxyHandler that was removed by mistake * Marshalling: Explicit document security requirements * Pin HTTP/RTSP version + method normalization to Locale.US * Adaptive: Fix concurrency issue in adaptive allocator * Pin multipart Content-Type / Content-Transfer-Encoding case folding to Locale.US * Remove dead native declarations * Avoid re-parsing openssl key material with non-cached provider * IpFilter: Fix ClassCastException caused by IpSubnetFilter if only ipv6 rules are configured but remote peer is using ipv4 * Resolve all localhost addresses without querying DNS servers * HTTP2: Use 100 as default max concurrent streams setting * Route synchronous onLookupComplete exceptions via fireExceptionCaught * Fix MQTT decoder size check after variable header replay ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2802=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2802=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2802=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2802=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-2802=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2802=1 * SUSE Linux Enterprise High PerformanceComputing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2802=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2802=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2802=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2802=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2802=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2802=1 ## Package List: * SUSE Package Hub 15 15-SP7 (noarch) * netty-javadoc-4.1.135-150200.4.50.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * netty-4.1.135-150200.4.50.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * netty-tcnative-debugsource-2.0.79-150200.3.45.1 * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise Server for SAP Applications15 SP4 (ppc64le x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * netty-tcnative-2.0.79-150200.3.45.1 ## References: * https://www.suse.com/security/cve/CVE-2026-44249.html * https://www.suse.com/security/cve/CVE-2026-44250.html * https://www.suse.com/security/cve/CVE-2026-44890.html * https://www.suse.com/security/cve/CVE-2026-44893.html * https://www.suse.com/security/cve/CVE-2026-45416.html * https://www.suse.com/security/cve/CVE-2026-45536.html * https://www.suse.com/security/cve/CVE-2026-45673.html * https://www.suse.com/security/cve/CVE-2026-45674.html * https://www.suse.com/security/cve/CVE-2026-46340.html * https://www.suse.com/security/cve/CVE-2026-47244.html * https://www.suse.com/security/cve/CVE-2026-47691.html * https://www.suse.com/security/cve/CVE-2026-48006.html * https://www.suse.com/security/cve/CVE-2026-48043.html * https://www.suse.com/security/cve/CVE-2026-48059.html * https://www.suse.com/security/cve/CVE-2026-50010.html * https://www.suse.com/security/cve/CVE-2026-50011.html * https://www.suse.com/security/cve/CVE-2026-50020.html * https://www.suse.com/security/cve/CVE-2026-50560.html * https://bugzilla.suse.com/show_bug.cgi?id=1268165 * https://bugzilla.suse.com/show_bug.cgi?id=1268169 * https://bugzilla.suse.com/show_bug.cgi?id=1268170 * https://bugzilla.suse.com/show_bug.cgi?id=1268244 * https://bugzilla.suse.com/show_bug.cgi?id=1268246 * https://bugzilla.suse.com/show_bug.cgi?id=1268247 * https://bugzilla.suse.com/show_bug.cgi?id=1268248 * https://bugzilla.suse.com/show_bug.cgi?id=1268249 * https://bugzilla.suse.com/show_bug.cgi?id=1268250 * https://bugzilla.suse.com/show_bug.cgi?id=1268251 * https://bugzilla.suse.com/show_bug.cgi?id=1268252 * https://bugzilla.suse.com/show_bug.cgi?id=1268255 *https://bugzilla.suse.com/show_bug.cgi?id=1268257 * https://bugzilla.suse.com/show_bug.cgi?id=1268258 * https://bugzilla.suse.com/show_bug.cgi?id=1268259 * https://bugzilla.suse.com/show_bug.cgi?id=1268260 * https://bugzilla.suse.com/show_bug.cgi?id=1268261 * https://bugzilla.suse.com/show_bug.cgi?id=1268262 . SUSE updates netty and netty-tcnative, addressing 18 security issues with important severity ratings.. SUSE updates, netty security, netty vulnerabilities, important advisory, denial of service vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 09, 2026 Important SuSE
89

Fedora 43 perl-CSS-Minifier-XS Critical Memory Leak Fix CVE-2026-13593

This package contains the Perl module CSS::Minifier::XS. Versions of the module before 0.14 have a memory leak when the entire document is minified away (CVE-2026-13593). This update brings version 0.15 which fixes this issue.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-abc468979d 2026-07-09 01:07:23.887028+00:00 -------------------------------------------------------------------------------- Name : perl-CSS-Minifier-XS Product : Fedora 43 Version : 0.15 Release : 1.fc43 URL : https://metacpan.org/release/CSS-Minifier-XS Summary : XS based CSS minifier Description : 'CSS::Minifier::XS' is a CSS "minifier". It's designed to remove unnecessary white-space and comments from CSS files, while also *not* breaking the CSS. 'CSS::Minifier::XS' is similar in function to 'CSS::Minifier', but is substantially faster as it's written in XS and not just pure Perl. -------------------------------------------------------------------------------- Update Information: This package contains the Perl module CSS::Minifier::XS. Versions of the module before 0.14 have a memory leak when the entire document is minified away (CVE-2026-13593). This update brings version 0.15 which fixes this issue. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 30 2026 Emmanuel Seyman - 0.15-1 - Update to 0.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494733 - CVE-2026-13593 perl-CSS-Minifier-XS: CSS::Minifier::XS: Memory leak via crafted input leading to Denial of Service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494733 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-abc468979d' at the command line. For more information,refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update for perl-CSS-Minifier-XS in Fedora 43 fixes memory leak issue, ensuring better performance and stability.. Fedora 43 Perl Module Update Memory Leak CSS Minifier. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 moderate Fedora
89

Fedora 44 perl-CSS-Minifier-XS Important Memory Leak Fix CVE-2026-13593

This package contains the Perl module CSS::Minifier::XS. Versions of the module before 0.14 have a memory leak when the entire document is minified away (CVE-2026-13593). This update brings version 0.15 which fixes this issue.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-9f14575d85 2026-07-09 00:54:37.609348+00:00 -------------------------------------------------------------------------------- Name : perl-CSS-Minifier-XS Product : Fedora 44 Version : 0.15 Release : 1.fc44 URL : https://metacpan.org/release/CSS-Minifier-XS Summary : XS based CSS minifier Description : 'CSS::Minifier::XS' is a CSS "minifier". It's designed to remove unnecessary white-space and comments from CSS files, while also *not* breaking the CSS. 'CSS::Minifier::XS' is similar in function to 'CSS::Minifier', but is substantially faster as it's written in XS and not just pure Perl. -------------------------------------------------------------------------------- Update Information: This package contains the Perl module CSS::Minifier::XS. Versions of the module before 0.14 have a memory leak when the entire document is minified away (CVE-2026-13593). This update brings version 0.15 which fixes this issue. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 30 2026 Emmanuel Seyman - 0.15-1 - Update to 0.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494733 - CVE-2026-13593 perl-CSS-Minifier-XS: CSS::Minifier::XS: Memory leak via crafted input leading to Denial of Service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494733 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9f14575d85' at the command line. For more information,refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . This update for Fedora 44 addresses a critical memory leak in perl-CSS-Minifier-XS, enhancing system security.. Fedora 44, perl CSS Minifier, security advisory, memory leak, Denial of Service. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 Critical Fedora
100

SUSE rpcbind Moderate Memory Leak Buffer Overflow Vuln 2026-22331-1

# Security update for rpcbind Announcement ID: SUSE-SU-2026:22331-1 Release Date: 2026-06-22T14:34:40Z Rating: moderate References:. # Security update for rpcbind Announcement ID: SUSE-SU-2026:22331-1 Release Date: 2026-06-22T14:34:40Z Rating: moderate References: * bsc#1117217 * bsc#1181400 * bsc#1267212 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has three fixes can now be installed. ## Description: This update for rpcbind fixes the following issues * Update to rpcbind 1.2.9 (bsc#1267212) https://lore.kernel.org/linux- nfs/This email address is being protected from spambots. You need JavaScript enabled to view it./ * rpcinfo: stack buffer overflow in rpcinfo rpcbaddrlist() * rpcbind: Stop unauthenticated oversized allocation in PMAPPROC_CALLIT decode * rpcbind: fix memory leak in read_warmstart() * rpcbind: fix memory leaks in network_init() * rpcbind: fix memory leak in init_transport() * Added -v (print version and compile flags) * rpcinfo: Removed a number of "old-style function definition" warnings * man/rpcbind: Update list of options * Comment out ListenStream=@/run/rpcbind.sock * [nfs/nfs-utils/rpcbind] rpcbind: avoid dereferencing NULL from realloc() * systemd/rpcbind.service.in: Add various hardenings options * man/rpcbind: Add Files section to manpage * Moved rpcbind.lock and default configs to /run instead of /var/run ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-1031=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-1031=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * rpcbind-debugsource-1.2.9-160000.1.1 * rpcbind-1.2.9-160000.1.1 *rpcbind-debuginfo-1.2.9-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * rpcbind-debugsource-1.2.9-160000.1.1 * rpcbind-1.2.9-160000.1.1 * rpcbind-debuginfo-1.2.9-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1117217 * https://bugzilla.suse.com/show_bug.cgi?id=1181400 * https://bugzilla.suse.com/show_bug.cgi?id=1267212 . Critical security updates for rpcbind in SUSE addressing memory leaks and buffer overflow issues. Install patches immediately.. rpcbind update SUSE patch memory leak buffer overflow. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 moderate SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200