Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves 15 vulnerabilities and has one security fix can now be installed.. # Security update for ImageMagick Announcement ID: SUSE-SU-2026:3053-1 Release Date: 2026-07-15T13:18:11Z Rating: important References: * bsc#1268640 * bsc#1268645 * bsc#1268878 * bsc#1268879 * bsc#1268880 * bsc#1269063 * bsc#1269064 * bsc#1270001 * bsc#1270002 * bsc#1270003 * bsc#1270004 * bsc#1270073 * bsc#1270074 * bsc#1270077 * bsc#1270079 * bsc#1270080 Cross-References: * CVE-2026-53466 * CVE-2026-53467 * CVE-2026-55594 * CVE-2026-55595 * CVE-2026-55597 * CVE-2026-56361 * CVE-2026-56363 * CVE-2026-56364 * CVE-2026-56365 * CVE-2026-56367 * CVE-2026-56368 * CVE-2026-56370 * CVE-2026-56371 * CVE-2026-56376 * CVE-2026-56379 CVSS scores: * CVE-2026-53466 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-53466 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-53466 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-53467 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-53467 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-53467 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-55594 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-55594 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-55594 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-55595 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-55595 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-55595 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-55597 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-55597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H *CVE-2026-55597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-56361 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-56361 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-56361 ( NVD ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56361 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-56361 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-56363 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-56363 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-56363 ( NVD ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56363 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-56364 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56364 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56364 ( NVD ): 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56364 ( NVD ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56365 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-56365 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56365 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56365 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56365 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56367 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-56367 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56367 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-56367 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-56368 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-56368 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56368 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56368 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-56368 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56370 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-56370 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-56370 ( NVD ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56370 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-56370 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-56371 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-56371 ( SUSE ): 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56371 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56371 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56371 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56376 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-56376 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-56376 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56376 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-56376 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-56379 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-56379 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-56379 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56379 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-56379 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-56379 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP7 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE LinuxEnterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 15 vulnerabilities and has one security fix can now be installed. ## Description: This update for ImageMagick fixes the following issues * CVE-2026-53466: integer overflow in the XCF decoder can result in an out-of- bounds read when a crafted image is read (bsc#1270073). * CVE-2026-53467: allocated memory left unchanged in the MNG decoder can lead to a heap information disclosure (bsc#1270074). * CVE-2026-55594: missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided (bsc#1270077). * CVE-2026-55595: providing invalid arguments to the `connected-components` option can lead to an infinite loop (bsc#1270079). * CVE-2026-55597: incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder (bsc#1270080). * CVE-2026-56361: off-by-one error in morphology validation can lead to an out-of-bounds read (bsc#1270001). * CVE-2026-56363: integer overflow leading to a division by zero in binomial kernel processing can cause an application crash (bsc#1270002). * CVE-2026-56364: memory leak in `LoadOpenCLDeviceBenchmark` function when parsing malformed OpenCL device profile XML files with unclosed device elements (bsc#1270003). * CVE-2026-56365: memory leak in PNG encoder when writing a MNG image (bsc#1270004). * CVE-2026-56367: integer overflow inthe PSB (PSD v2) RLE decoding path can lead to an heap out-of-bounds read (bsc#1268645). * CVE-2026-56368: improper memory management can lead to memory leak in multiple coders that write raw pixel data (bsc#1269064). * CVE-2026-56370: out-of-bounds access in `ConnectedComponentsImage()` when processing `connected-components:*` artifacts with invalid indices (bsc#1269063). * CVE-2026-56371: memory leak in `coders/txt.c` when processing TXT files with texture attributes (bsc#1268879). * CVE-2026-56376: heap use-after-free in the meta coder can lead to denial of service via specially crafted image files (bsc#1268880). * CVE-2026-56379: arbitrary MVG drawing command injection via the SVG decoder when processing specially crafted SVG files (bsc#1268878). * GHSA-3j4x-rwrx-xxj9: possible use-after-free write in PDB decoder (bsc#1268640). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-3053=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-3053=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-3053=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-3053=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-3053=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3053=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-3053=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-3053=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-3053=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3053=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-3053=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-3053=1 ## Package List: * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * ImageMagick-devel-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1 * ImageMagick-7.1.0.9-150400.6.96.1 * libMagick++-devel-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 * perl-PerlMagick-7.1.0.9-150400.6.96.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1 * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * ImageMagick-extra-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-devel-7.1.0.9-150400.6.96.1 * ImageMagick-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1 * libMagick++-devel-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-extra-7.1.0.9-150400.6.96.1 *libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 * perl-PerlMagick-7.1.0.9-150400.6.96.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libMagickCore-7_Q16HDRI10-64bit-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-64bit-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-64bit-7.1.0.9-150400.6.96.1 * ImageMagick-devel-64bit-7.1.0.9-150400.6.96.1 * libMagick++-devel-64bit-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.0.9-150400.6.96.1 * openSUSE Leap 15.4 (x86_64) * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.96.1 * libMagick++-devel-32bit-7.1.0.9-150400.6.96.1 * ImageMagick-devel-32bit-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.96.1 * openSUSE Leap 15.4 (noarch) * ImageMagick-doc-7.1.0.9-150400.6.96.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * ImageMagick-devel-7.1.0.9-150400.6.96.1 * ImageMagick-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1 * libMagick++-devel-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 *libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 * perl-PerlMagick-7.1.0.9-150400.6.96.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * ImageMagick-devel-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1 * ImageMagick-7.1.0.9-150400.6.96.1 * libMagick++-devel-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 * perl-PerlMagick-7.1.0.9-150400.6.96.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * ImageMagick-devel-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1 * ImageMagick-7.1.0.9-150400.6.96.1 * libMagick++-devel-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 *perl-PerlMagick-7.1.0.9-150400.6.96.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * ImageMagick-devel-7.1.0.9-150400.6.96.1 * ImageMagick-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1 * libMagick++-devel-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 * perl-PerlMagick-7.1.0.9-150400.6.96.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * ImageMagick-devel-7.1.0.9-150400.6.96.1 * ImageMagick-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1 * libMagick++-devel-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 * perl-PerlMagick-7.1.0.9-150400.6.96.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * ImageMagick-devel-7.1.0.9-150400.6.96.1 *ImageMagick-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1 * libMagick++-devel-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 * perl-PerlMagick-7.1.0.9-150400.6.96.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * ImageMagick-devel-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.96.1 * ImageMagick-7.1.0.9-150400.6.96.1 * libMagick++-devel-7.1.0.9-150400.6.96.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.96.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.96.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 * perl-PerlMagick-7.1.0.9-150400.6.96.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.96.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 * SUSE Linux EnterpriseServer for SAP Applications 15 SP6 (ppc64le x86_64) * ImageMagick-debuginfo-7.1.0.9-150400.6.96.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.96.1 * ImageMagick-debugsource-7.1.0.9-150400.6.96.1 ## References: * https://www.suse.com/security/cve/CVE-2026-53466.html * https://www.suse.com/security/cve/CVE-2026-53467.html * https://www.suse.com/security/cve/CVE-2026-55594.html * https://www.suse.com/security/cve/CVE-2026-55595.html * https://www.suse.com/security/cve/CVE-2026-55597.html * https://www.suse.com/security/cve/CVE-2026-56361.html * https://www.suse.com/security/cve/CVE-2026-56363.html * https://www.suse.com/security/cve/CVE-2026-56364.html * https://www.suse.com/security/cve/CVE-2026-56365.html * https://www.suse.com/security/cve/CVE-2026-56367.html * https://www.suse.com/security/cve/CVE-2026-56368.html * https://www.suse.com/security/cve/CVE-2026-56370.html * https://www.suse.com/security/cve/CVE-2026-56371.html * https://www.suse.com/security/cve/CVE-2026-56376.html * https://www.suse.com/security/cve/CVE-2026-56379.html * https://bugzilla.suse.com/show_bug.cgi?id=1268640 * https://bugzilla.suse.com/show_bug.cgi?id=1268645 * https://bugzilla.suse.com/show_bug.cgi?id=1268878 * https://bugzilla.suse.com/show_bug.cgi?id=1268879 * https://bugzilla.suse.com/show_bug.cgi?id=1268880 * https://bugzilla.suse.com/show_bug.cgi?id=1269063 * https://bugzilla.suse.com/show_bug.cgi?id=1269064 * https://bugzilla.suse.com/show_bug.cgi?id=1270001 * https://bugzilla.suse.com/show_bug.cgi?id=1270002 * https://bugzilla.suse.com/show_bug.cgi?id=1270003 * https://bugzilla.suse.com/show_bug.cgi?id=1270004 * https://bugzilla.suse.com/show_bug.cgi?id=1270073 * https://bugzilla.suse.com/show_bug.cgi?id=1270074 * https://bugzilla.suse.com/show_bug.cgi?id=1270077 * https://bugzilla.suse.com/show_bug.cgi?id=1270079 * https://bugzilla.suse.com/show_bug.cgi?id=1270080 . Update resolves 15 vulnerabilities in ImageMagick for openSUSE with importantsecurity fixes and installation instructions.. ImageMagick update, openSUSE security, vulnerability fix, memory management, software patch. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for libslirp Announcement ID: SUSE-SU-2026:2886-1 Release Date: 2026-07-13T10:09:11Z Rating: moderate References: * bsc#1268903 Cross-References: * CVE-2026-9539 CVSS scores: * CVE-2026-9539 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2026-9539 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for libslirp fixes the following issues: * CVE-2026-9539: crafted TCP segment with manipulated URG flags and urgent pointers can cause an integer underflow and host-heap memory leak (bsc#1268903). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2886=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2886=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-2886=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2886=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2886=1 ## Package List: * openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64) * libslirp-debugsource-4.7.0+44-150300.18.1 * libslirp-devel-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 * libslirp0-debuginfo-4.7.0+44-150300.18.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libslirp-debugsource-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 *libslirp0-debuginfo-4.7.0+44-150300.18.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libslirp-debugsource-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 * libslirp0-debuginfo-4.7.0+44-150300.18.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libslirp0-debuginfo-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 * libslirp-debugsource-4.7.0+44-150300.18.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libslirp0-debuginfo-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 * libslirp-debugsource-4.7.0+44-150300.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-9539.html * https://bugzilla.suse.com/show_bug.cgi?id=1268903 . # Security update for libslirp Announcement ID: SUSE-SU-2026:2886-1 Release Date: 2026-07-13T10:09:1. update, solves, vulnerability, installed, security, libslirp, announc. . Severity: moderate. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for libslirp Announcement ID: SUSE-SU-2026:2886-1 Release Date: 2026-07-13T10:09:11Z Rating: moderate References: * bsc#1268903 Cross-References: * CVE-2026-9539 CVSS scores: * CVE-2026-9539 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2026-9539 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for libslirp fixes the following issues: * CVE-2026-9539: crafted TCP segment with manipulated URG flags and urgent pointers can cause an integer underflow and host-heap memory leak (bsc#1268903). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2886=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2886=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-2886=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2886=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2886=1 ## Package List: * openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64) * libslirp-debugsource-4.7.0+44-150300.18.1 * libslirp-devel-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 * libslirp0-debuginfo-4.7.0+44-150300.18.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libslirp-debugsource-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 *libslirp0-debuginfo-4.7.0+44-150300.18.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libslirp-debugsource-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 * libslirp0-debuginfo-4.7.0+44-150300.18.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libslirp0-debuginfo-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 * libslirp-debugsource-4.7.0+44-150300.18.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libslirp0-debuginfo-4.7.0+44-150300.18.1 * libslirp0-4.7.0+44-150300.18.1 * libslirp-debugsource-4.7.0+44-150300.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-9539.html * https://bugzilla.suse.com/show_bug.cgi?id=1268903 . SUSE releases a moderate security update for libslirp addressing CVE-2026-9539, improving system stability.. SUSE Linux, libslirp update, system security, openSUSE Leap. . Severity: moderate. LinuxSecurity.com Team
An update that solves eight vulnerabilities can now be installed.. # Security update for python-maturin Announcement ID: SUSE-SU-2026:2811-1 Release Date: 2026-07-09T06:25:49Z Rating: important References: * bsc#1270208 * bsc#1270515 * bsc#1270620 * bsc#1270706 * bsc#1270772 * bsc#1270801 * bsc#1270936 * bsc#1270994 Cross-References: * CVE-2026-41676 * CVE-2026-41677 * CVE-2026-41678 * CVE-2026-41681 * CVE-2026-41898 * CVE-2026-42327 * CVE-2026-44662 * CVE-2026-45784 CVSS scores: * CVE-2026-41676 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-41676 ( NVD ): 7.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41676 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-41677 ( SUSE ): 1.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U * CVE-2026-41677 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-41677 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41677 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-41678 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-41678 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-41678 ( NVD ): 7.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41678 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-41681 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-41681 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-41681 ( NVD ): 8.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41681 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-41898 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-41898 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L * CVE-2026-41898 ( NVD ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41898 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-42327 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-42327 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-42327 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-44662 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-44662 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-44662 ( NVD ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-45784 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-45784 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: * openSUSE Leap 15.6 An update that solves eight vulnerabilities can now be installed. ## Description: This update for python-maturin fixesthe following issues * CVE-2026-41676: openssl: `Deriver:derive` and `PkeyCtxRef:derive` can overflow short buffers on OpenSSL 1.1.1 (bsc#1270208). * CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length (bsc#1270620). * CVE-2026-41678: openssl: out-of-bounds write due to incorrect bounds assertion in `aes::unwrap_key()` (bsc#1270706). * CVE-2026-41681: openssl: `MdCtxRef::digest_final()` writes past caller buffer with no length check (bsc#1270772). * CVE-2026-41898: openssl: unchecked callback-returned length in PSK and cookie generate trampolines can leak adjacent memory to the network (bsc#1270801). * CVE-2026-42327: openssl: undefined behavior in `X509Ref::ocsp_responders` for certificates with non-UTF-8 OCSP URLs (bsc#1270515). * CVE-2026-44662: openssl: heap buffer overflow when encrypting with AES key- wrap-with-padding due to incorrectly sized output buffers (bsc#1270936). * CVE-2026-45784: openssl: out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers due to incorrectly sized output buffer (bsc#1270994). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2811=1 ## Package List: * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * python311-maturin-1.4.0-150600.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41676.html * https://www.suse.com/security/cve/CVE-2026-41677.html * https://www.suse.com/security/cve/CVE-2026-41678.html * https://www.suse.com/security/cve/CVE-2026-41681.html * https://www.suse.com/security/cve/CVE-2026-41898.html * https://www.suse.com/security/cve/CVE-2026-42327.html * https://www.suse.com/security/cve/CVE-2026-44662.html * https://www.suse.com/security/cve/CVE-2026-45784.html *https://bugzilla.suse.com/show_bug.cgi?id=1270208 * https://bugzilla.suse.com/show_bug.cgi?id=1270515 * https://bugzilla.suse.com/show_bug.cgi?id=1270620 * https://bugzilla.suse.com/show_bug.cgi?id=1270706 * https://bugzilla.suse.com/show_bug.cgi?id=1270772 * https://bugzilla.suse.com/show_bug.cgi?id=1270801 * https://bugzilla.suse.com/show_bug.cgi?id=1270936 * https://bugzilla.suse.com/show_bug.cgi?id=1270994 . Find out how openSUSE addresses important vulnerabilities in python-maturin with this latest security advisory update.. openSUSE python-maturin security patch important vulnerabilities. . Severity: Important. LinuxSecurity.com Team
An update that solves 18 vulnerabilities can now be installed.. # Security update for netty, netty-tcnative Announcement ID: SUSE-SU-2026:2802-1 Release Date: 2026-07-08T19:06:45Z Rating: important References: * bsc#1268165 * bsc#1268169 * bsc#1268170 * bsc#1268244 * bsc#1268246 * bsc#1268247 * bsc#1268248 * bsc#1268249 * bsc#1268250 * bsc#1268251 * bsc#1268252 * bsc#1268255 * bsc#1268257 * bsc#1268258 * bsc#1268259 * bsc#1268260 * bsc#1268261 * bsc#1268262 Cross-References: * CVE-2026-44249 * CVE-2026-44250 * CVE-2026-44890 * CVE-2026-44893 * CVE-2026-45416 * CVE-2026-45536 * CVE-2026-45673 * CVE-2026-45674 * CVE-2026-46340 * CVE-2026-47244 * CVE-2026-47691 * CVE-2026-48006 * CVE-2026-48043 * CVE-2026-48059 * CVE-2026-50010 * CVE-2026-50011 * CVE-2026-50020 * CVE-2026-50560 CVSS scores: * CVE-2026-44249 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44249 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-44249 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-44249 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-44250 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44250 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44250 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44250 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44890 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44890 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44890 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44890 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44893 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44893 ( SUSE ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44893 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44893 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45416 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-45416 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-45536 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-45536 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-45673 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N * CVE-2026-45673 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2026-45673 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2026-45674 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N * CVE-2026-45674 ( SUSE ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-45674 ( NVD ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-45674 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-45674 ( NVD ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-46340 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46340 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46340 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-47244 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-47244 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-47244 ( NVD ): 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-47691 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N * CVE-2026-47691 ( SUSE ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-47691 ( NVD ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-47691 ( NVD ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-47691 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-48006 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48006 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48006 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-48006 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48006 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48043 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48043 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48043 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48043 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-48043 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48059 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48059 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48059 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-48059 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48059 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-50010 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-50010 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-50010 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-50010 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-50011 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-50011 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-50011 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-50011 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-50020 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-50020 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-50020 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-50560 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-50560 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-50560 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-50560 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux EnterpriseServer 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves 18 vulnerabilities can now be installed. ## Description: This update for netty, netty-tcnative fixes the following issue This update for netty, netty-tcnative fixes the following issues Upgrade netty to upstream version 4.1.135, netty-tcnative to upstream version 2.0.79: * CVE-2026-44249: IPv6 Subnet Filter Bypass via Incorrect Comparator Masking (bsc#1268165). * CVE-2026-44250: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays (bsc#1268169). * CVE-2026-44890: Unbounded Direct Memory Consumption in RedisDecoder (bsc#1268170). * CVE-2026-44893: netty-codec-haproxy: Denial of Service via malformed HAProxy message (bsc#1268244). * CVE-2026-45416: SNI handler pre-allocates up to 16 MiB from nine attacker bytes (bsc#1268246). * CVE-2026-45536: Unix-socket fd receive leaks descriptors when peer sends two at once (bsc#1268247). * CVE-2026-45673: netty-resolver-dns: DNS Cache Poisoning via predictable transaction IDs (bsc#1268248). * CVE-2026-45674: DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records (bsc#1268249). * CVE-2026-46340: netty-transport-sctp: Denial of Service due to unbounded memory growth from SctpMessage fragments (bsc#1268250). * CVE-2026-47244: HTTP/2: Advertised MAX_CONCURRENT_STREAMS not enforced (bsc#1268251). * CVE-2026-47691: Insufficient Bailiwick Validation for NS Records (bsc#1268252). * CVE-2026-48006: netty-codec-redis: Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator (bsc#1268255). * CVE-2026-48043:netty-codec-http2: Denial of Service due to resource leak (bsc#1268257). * CVE-2026-48059: netty-codec-haproxy: Denial of Service via memory leak from crafted PROXY protocol headers (bsc#1268258). * CVE-2026-50010: Wrapping plain trust manager silently disables hostname verification (bsc#1268259). * CVE-2026-50011: Unbounded pre-allocation in RedisArrayAggregator from RESP array length (bsc#1268260). * CVE-2026-50020: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted (bsc#1268261). * CVE-2026-50560: Netty susceptible to HTTP/2 Reset Attack with different on- the-wire signature (bsc#1268262). Changes: * MQTT: Allow MQTT 5 CONNECT with password only * ChannelInitializer: correct misleading comment on exceptionCaught route * HTTP/2: Parse request-target path like Vert.x (4.1 backport) * HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted * IpSubnetFilter: Correctly handle ipv6 * Configurable bound on RedisArrayAggregator * Redis: Limit decoded length * DNS: Ensure query id is not predictible * Wrapping plain trust manager silently disables hostname verification * MQTT: Reject malformed no-payload packets with non-zero Remaining Length * HAProxy: Reject HAProxyMessages with malformated TLV and not leak memory * SSL: Use sane defaults as limits for the client hello length and timeout * DNS: Only cache CNAME if part of the queried domain * HTTP/2: Enforce max concurrent streams for misbehaving clients * Dns: Insufficient Bailiwick Validation for NS Records * HTTP2: DelegatingDecompressorFrameListener must release memory in all cases * Pass maxAllocation to Brotli and Zstd decoders * HTTP/2: Treat clients MAX_HEADER_LIST_SIZE as advisory * Add maxWindowLog parameter to ZstdDecoder to bound memory allocation * HAProxy: Fix ByteBuf leak when parsing nested SSL TLVs * Epoll / Kqueue: Correctly handle receive of FD * SCTP:Limit the number of inflight incomplete SCTP messages and the number of fragments * Redis: Correctly release incomplete message on removal when using RedisArrayAggregator * Redis: Limit the maximum number of nested arrays * HTTP: Re-add constructor to HttpProxyHandler that was removed by mistake * Marshalling: Explicit document security requirements * Pin HTTP/RTSP version + method normalization to Locale.US * Adaptive: Fix concurrency issue in adaptive allocator * Pin multipart Content-Type / Content-Transfer-Encoding case folding to Locale.US * Remove dead native declarations * Avoid re-parsing openssl key material with non-cached provider * IpFilter: Fix ClassCastException caused by IpSubnetFilter if only ipv6 rules are configured but remote peer is using ipv4 * Resolve all localhost addresses without querying DNS servers * HTTP2: Use 100 as default max concurrent streams setting * Route synchronous onLookupComplete exceptions via fireExceptionCaught * Fix MQTT decoder size check after variable header replay ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2802=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2802=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2802=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2802=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-2802=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2802=1 * SUSE Linux Enterprise High PerformanceComputing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2802=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2802=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2802=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2802=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2802=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2802=1 ## Package List: * SUSE Package Hub 15 15-SP7 (noarch) * netty-javadoc-4.1.135-150200.4.50.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * netty-4.1.135-150200.4.50.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * netty-tcnative-debugsource-2.0.79-150200.3.45.1 * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise Server for SAP Applications15 SP4 (ppc64le x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * netty-tcnative-2.0.79-150200.3.45.1 ## References: * https://www.suse.com/security/cve/CVE-2026-44249.html * https://www.suse.com/security/cve/CVE-2026-44250.html * https://www.suse.com/security/cve/CVE-2026-44890.html * https://www.suse.com/security/cve/CVE-2026-44893.html * https://www.suse.com/security/cve/CVE-2026-45416.html * https://www.suse.com/security/cve/CVE-2026-45536.html * https://www.suse.com/security/cve/CVE-2026-45673.html * https://www.suse.com/security/cve/CVE-2026-45674.html * https://www.suse.com/security/cve/CVE-2026-46340.html * https://www.suse.com/security/cve/CVE-2026-47244.html * https://www.suse.com/security/cve/CVE-2026-47691.html * https://www.suse.com/security/cve/CVE-2026-48006.html * https://www.suse.com/security/cve/CVE-2026-48043.html * https://www.suse.com/security/cve/CVE-2026-48059.html * https://www.suse.com/security/cve/CVE-2026-50010.html * https://www.suse.com/security/cve/CVE-2026-50011.html * https://www.suse.com/security/cve/CVE-2026-50020.html * https://www.suse.com/security/cve/CVE-2026-50560.html * https://bugzilla.suse.com/show_bug.cgi?id=1268165 * https://bugzilla.suse.com/show_bug.cgi?id=1268169 * https://bugzilla.suse.com/show_bug.cgi?id=1268170 * https://bugzilla.suse.com/show_bug.cgi?id=1268244 * https://bugzilla.suse.com/show_bug.cgi?id=1268246 * https://bugzilla.suse.com/show_bug.cgi?id=1268247 * https://bugzilla.suse.com/show_bug.cgi?id=1268248 * https://bugzilla.suse.com/show_bug.cgi?id=1268249 * https://bugzilla.suse.com/show_bug.cgi?id=1268250 * https://bugzilla.suse.com/show_bug.cgi?id=1268251 * https://bugzilla.suse.com/show_bug.cgi?id=1268252 * https://bugzilla.suse.com/show_bug.cgi?id=1268255 *https://bugzilla.suse.com/show_bug.cgi?id=1268257 * https://bugzilla.suse.com/show_bug.cgi?id=1268258 * https://bugzilla.suse.com/show_bug.cgi?id=1268259 * https://bugzilla.suse.com/show_bug.cgi?id=1268260 * https://bugzilla.suse.com/show_bug.cgi?id=1268261 * https://bugzilla.suse.com/show_bug.cgi?id=1268262 . SUSE updates netty and netty-tcnative, addressing 18 security issues with important severity ratings.. SUSE updates, netty security, netty vulnerabilities, important advisory, denial of service vulnerabilities. . Severity: Important. LinuxSecurity.com Team
This package contains the Perl module CSS::Minifier::XS. Versions of the module before 0.14 have a memory leak when the entire document is minified away (CVE-2026-13593). This update brings version 0.15 which fixes this issue.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-abc468979d 2026-07-09 01:07:23.887028+00:00 -------------------------------------------------------------------------------- Name : perl-CSS-Minifier-XS Product : Fedora 43 Version : 0.15 Release : 1.fc43 URL : https://metacpan.org/release/CSS-Minifier-XS Summary : XS based CSS minifier Description : 'CSS::Minifier::XS' is a CSS "minifier". It's designed to remove unnecessary white-space and comments from CSS files, while also *not* breaking the CSS. 'CSS::Minifier::XS' is similar in function to 'CSS::Minifier', but is substantially faster as it's written in XS and not just pure Perl. -------------------------------------------------------------------------------- Update Information: This package contains the Perl module CSS::Minifier::XS. Versions of the module before 0.14 have a memory leak when the entire document is minified away (CVE-2026-13593). This update brings version 0.15 which fixes this issue. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 30 2026 Emmanuel Seyman - 0.15-1 - Update to 0.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494733 - CVE-2026-13593 perl-CSS-Minifier-XS: CSS::Minifier::XS: Memory leak via crafted input leading to Denial of Service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494733 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-abc468979d' at the command line. For more information,refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
This package contains the Perl module CSS::Minifier::XS. Versions of the module before 0.14 have a memory leak when the entire document is minified away (CVE-2026-13593). This update brings version 0.15 which fixes this issue.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-9f14575d85 2026-07-09 00:54:37.609348+00:00 -------------------------------------------------------------------------------- Name : perl-CSS-Minifier-XS Product : Fedora 44 Version : 0.15 Release : 1.fc44 URL : https://metacpan.org/release/CSS-Minifier-XS Summary : XS based CSS minifier Description : 'CSS::Minifier::XS' is a CSS "minifier". It's designed to remove unnecessary white-space and comments from CSS files, while also *not* breaking the CSS. 'CSS::Minifier::XS' is similar in function to 'CSS::Minifier', but is substantially faster as it's written in XS and not just pure Perl. -------------------------------------------------------------------------------- Update Information: This package contains the Perl module CSS::Minifier::XS. Versions of the module before 0.14 have a memory leak when the entire document is minified away (CVE-2026-13593). This update brings version 0.15 which fixes this issue. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 30 2026 Emmanuel Seyman - 0.15-1 - Update to 0.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494733 - CVE-2026-13593 perl-CSS-Minifier-XS: CSS::Minifier::XS: Memory leak via crafted input leading to Denial of Service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494733 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9f14575d85' at the command line. For more information,refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
# Security update for rpcbind Announcement ID: SUSE-SU-2026:22331-1 Release Date: 2026-06-22T14:34:40Z Rating: moderate References:. # Security update for rpcbind Announcement ID: SUSE-SU-2026:22331-1 Release Date: 2026-06-22T14:34:40Z Rating: moderate References: * bsc#1117217 * bsc#1181400 * bsc#1267212 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has three fixes can now be installed. ## Description: This update for rpcbind fixes the following issues * Update to rpcbind 1.2.9 (bsc#1267212) https://lore.kernel.org/linux- nfs/
Get the latest Linux and open source security news straight to your inbox.