An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for micropython ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0050-1 Rating: low References: #1257803 Cross-References: CVE-2025-59438 CVE-2026-1998 CVSS scores: CVE-2025-59438 (SUSE): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for micropython fixes the following issues: - CVE-2026-1998: Fixed a segmentation fault in 'mp_map_lookup' via 'mp_import_all' (boo#1257803) - Version 1.26.1 * esp32: update esp_tinyusb component to v1.7.6 * tools: add an environment variable MICROPY_MAINTAINER_BUILD * esp32: add IDF Component Lockfiles to git repo * shared/tinyusb: fix hang from new tx_overwritabe_if_not_connected flag * shared/tinyusb/mp_usbd_cdc: rewrite USB CDC TX loop * tools/mpremote: don't apply Espressif DTR/RTS quirk to TinyUSB CDC dev - Fix building on single core systems * Skip tests/thread/stress_schedule.py when single core system detected - Build with mbedtls-3.6.5 instead of bundled 3.6.2 to fix CVE-2025-59438 - Version 1.26.0 * Added machine.I2CTarget for creating I2C target devices on multiple ports. * New MCU support: STM32N6xx (800 MHz, ML accel) and ESP32-C2 (WiFi + BLE). * Major float accuracy boost (~28% ~98%), constant folding in compiler. * Optimized native/Viper emitters; reduced heap use for slices. * Time functions standardized (1970 2099); new boards across ESP32, SAMD, STM32, Zephyr. * ESP32: ESP-IDF 5.4.2, flash auto-detect, PCNT class, LAN8670 PHY. * RP2: compressed errors, better lightsleep, hardIRQ timers. * Zephyr v4.0.0: PWM, SoftI2C/SPI, BLE runtime services, boot.py/main.py support. * mpremote adds fs tree, improved df, portable config paths. * Updated lwIP, LittleFS, libhydrogen, stm32lib; expanded hardware/CI tests. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-50=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 x86_64): micropython-1.26.1-bp157.5.1 mpy-tools-1.26.1-bp157.5.1 - openSUSE Backports SLE-15-SP7 (noarch): mpremote-1.26.1-bp157.5.1 References: https://www.suse.com/security/cve/CVE-2025-59438.html https://www.suse.com/security/cve/CVE-2026-1998.html https://bugzilla.suse.com/1257803 . Update for micropython resolves two identified issues in openSUSE 15, advising installation of security patches.. openSUSE micropython update low severity security patch CVE-2025-59438. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.