Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves three vulnerabilities can now be installed.. # Security update for glibc Announcement ID: SUSE-SU-2026:2231-1 Release Date: 2026-06-03T10:57:32Z Rating: important References: * bsc#1261206 * bsc#1262464 * bsc#1262465 Cross-References: * CVE-2026-4046 * CVE-2026-5450 * CVE-2026-5928 CVSS scores: * CVE-2026-4046 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4046 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4046 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5450 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-5450 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-5450 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5928 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-5928 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-5928 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for glibc fixes the following issues * CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261206). * CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width > 1024 (bsc#1262465). * CVE-2026-5928: libio: ungetwc could be used to leak data on special conditions (bsc#1262464). ##Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2231=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2231=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2231=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-2231=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2231=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586 i686) * glibc-debuginfo-2.38-150600.14.49.1 * glibc-profile-2.38-150600.14.49.1 * glibc-2.38-150600.14.49.1 * glibc-locale-base-debuginfo-2.38-150600.14.49.1 * glibc-debugsource-2.38-150600.14.49.1 * glibc-devel-2.38-150600.14.49.1 * glibc-locale-base-2.38-150600.14.49.1 * libnsl1-2.38-150600.14.49.1 * glibc-devel-static-2.38-150600.14.49.1 * glibc-locale-2.38-150600.14.49.1 * libnsl1-debuginfo-2.38-150600.14.49.1 * glibc-devel-debuginfo-2.38-150600.14.49.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * glibc-extra-debuginfo-2.38-150600.14.49.1 * glibc-utils-src-debugsource-2.38-150600.14.49.1 * glibc-utils-debuginfo-2.38-150600.14.49.1 * glibc-utils-2.38-150600.14.49.1 * glibc-extra-2.38-150600.14.49.1 * nscd-debuginfo-2.38-150600.14.49.1 * nscd-2.38-150600.14.49.1 * openSUSE Leap 15.6 (noarch) * glibc-lang-2.38-150600.14.49.1 * glibc-html-2.38-150600.14.49.1 * glibc-i18ndata-2.38-150600.14.49.1 * glibc-info-2.38-150600.14.49.1 * openSUSE Leap 15.6 (x86_64) * glibc-devel-32bit-debuginfo-2.38-150600.14.49.1 * glibc-32bit-debuginfo-2.38-150600.14.49.1 *glibc-locale-base-32bit-debuginfo-2.38-150600.14.49.1 * glibc-devel-static-32bit-2.38-150600.14.49.1 * glibc-utils-32bit-2.38-150600.14.49.1 * glibc-locale-base-32bit-2.38-150600.14.49.1 * glibc-devel-32bit-2.38-150600.14.49.1 * libnsl1-32bit-2.38-150600.14.49.1 * glibc-profile-32bit-2.38-150600.14.49.1 * glibc-utils-32bit-debuginfo-2.38-150600.14.49.1 * libnsl1-32bit-debuginfo-2.38-150600.14.49.1 * glibc-32bit-2.38-150600.14.49.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libnsl1-64bit-debuginfo-2.38-150600.14.49.1 * libnsl1-64bit-2.38-150600.14.49.1 * glibc-utils-64bit-debuginfo-2.38-150600.14.49.1 * glibc-devel-64bit-debuginfo-2.38-150600.14.49.1 * glibc-locale-base-64bit-debuginfo-2.38-150600.14.49.1 * glibc-locale-base-64bit-2.38-150600.14.49.1 * glibc-utils-64bit-2.38-150600.14.49.1 * glibc-devel-static-64bit-2.38-150600.14.49.1 * glibc-64bit-2.38-150600.14.49.1 * glibc-devel-64bit-2.38-150600.14.49.1 * glibc-64bit-debuginfo-2.38-150600.14.49.1 * glibc-profile-64bit-2.38-150600.14.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * glibc-2.38-150600.14.49.1 * glibc-locale-base-2.38-150600.14.49.1 * nscd-debuginfo-2.38-150600.14.49.1 * libnsl1-debuginfo-2.38-150600.14.49.1 * nscd-2.38-150600.14.49.1 * glibc-extra-debuginfo-2.38-150600.14.49.1 * glibc-utils-src-debugsource-2.38-150600.14.49.1 * glibc-locale-base-debuginfo-2.38-150600.14.49.1 * libnsl1-2.38-150600.14.49.1 * glibc-debugsource-2.38-150600.14.49.1 * glibc-devel-static-2.38-150600.14.49.1 * glibc-utils-2.38-150600.14.49.1 * glibc-locale-2.38-150600.14.49.1 * glibc-debuginfo-2.38-150600.14.49.1 * glibc-profile-2.38-150600.14.49.1 * glibc-extra-2.38-150600.14.49.1 * glibc-utils-debuginfo-2.38-150600.14.49.1 * glibc-devel-2.38-150600.14.49.1 * glibc-devel-debuginfo-2.38-150600.14.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) *glibc-lang-2.38-150600.14.49.1 * glibc-i18ndata-2.38-150600.14.49.1 * glibc-info-2.38-150600.14.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * glibc-devel-32bit-debuginfo-2.38-150600.14.49.1 * glibc-32bit-debuginfo-2.38-150600.14.49.1 * glibc-locale-base-32bit-debuginfo-2.38-150600.14.49.1 * glibc-locale-base-32bit-2.38-150600.14.49.1 * glibc-devel-32bit-2.38-150600.14.49.1 * libnsl1-32bit-2.38-150600.14.49.1 * libnsl1-32bit-debuginfo-2.38-150600.14.49.1 * glibc-32bit-2.38-150600.14.49.1 * Basesystem Module 15-SP7 (noarch) * glibc-lang-2.38-150600.14.49.1 * glibc-i18ndata-2.38-150600.14.49.1 * glibc-info-2.38-150600.14.49.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * glibc-debuginfo-2.38-150600.14.49.1 * glibc-profile-2.38-150600.14.49.1 * glibc-extra-debuginfo-2.38-150600.14.49.1 * glibc-2.38-150600.14.49.1 * glibc-locale-base-debuginfo-2.38-150600.14.49.1 * libnsl1-2.38-150600.14.49.1 * glibc-debugsource-2.38-150600.14.49.1 * glibc-locale-base-2.38-150600.14.49.1 * glibc-devel-2.38-150600.14.49.1 * glibc-devel-debuginfo-2.38-150600.14.49.1 * glibc-locale-2.38-150600.14.49.1 * glibc-extra-2.38-150600.14.49.1 * nscd-debuginfo-2.38-150600.14.49.1 * libnsl1-debuginfo-2.38-150600.14.49.1 * nscd-2.38-150600.14.49.1 * Basesystem Module 15-SP7 (x86_64) * glibc-32bit-debuginfo-2.38-150600.14.49.1 * glibc-locale-base-32bit-2.38-150600.14.49.1 * libnsl1-32bit-2.38-150600.14.49.1 * libnsl1-32bit-debuginfo-2.38-150600.14.49.1 * glibc-32bit-2.38-150600.14.49.1 * glibc-locale-base-32bit-debuginfo-2.38-150600.14.49.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * glibc-debuginfo-2.38-150600.14.49.1 * glibc-utils-src-debugsource-2.38-150600.14.49.1 * glibc-utils-debuginfo-2.38-150600.14.49.1 * glibc-debugsource-2.38-150600.14.49.1 * glibc-devel-static-2.38-150600.14.49.1 *glibc-utils-2.38-150600.14.49.1 * Development Tools Module 15-SP7 (x86_64) * glibc-devel-32bit-2.38-150600.14.49.1 * glibc-32bit-debuginfo-2.38-150600.14.49.1 * glibc-devel-32bit-debuginfo-2.38-150600.14.49.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * glibc-2.38-150600.14.49.1 * glibc-locale-base-2.38-150600.14.49.1 * nscd-debuginfo-2.38-150600.14.49.1 * libnsl1-debuginfo-2.38-150600.14.49.1 * nscd-2.38-150600.14.49.1 * glibc-extra-debuginfo-2.38-150600.14.49.1 * glibc-utils-src-debugsource-2.38-150600.14.49.1 * glibc-locale-base-debuginfo-2.38-150600.14.49.1 * glibc-debugsource-2.38-150600.14.49.1 * libnsl1-2.38-150600.14.49.1 * glibc-devel-static-2.38-150600.14.49.1 * glibc-utils-2.38-150600.14.49.1 * glibc-locale-2.38-150600.14.49.1 * glibc-debuginfo-2.38-150600.14.49.1 * glibc-profile-2.38-150600.14.49.1 * glibc-extra-2.38-150600.14.49.1 * glibc-utils-debuginfo-2.38-150600.14.49.1 * glibc-devel-2.38-150600.14.49.1 * glibc-devel-debuginfo-2.38-150600.14.49.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * glibc-lang-2.38-150600.14.49.1 * glibc-i18ndata-2.38-150600.14.49.1 * glibc-info-2.38-150600.14.49.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * glibc-devel-32bit-debuginfo-2.38-150600.14.49.1 * glibc-32bit-debuginfo-2.38-150600.14.49.1 * glibc-locale-base-32bit-debuginfo-2.38-150600.14.49.1 * glibc-locale-base-32bit-2.38-150600.14.49.1 * glibc-devel-32bit-2.38-150600.14.49.1 * libnsl1-32bit-2.38-150600.14.49.1 * libnsl1-32bit-debuginfo-2.38-150600.14.49.1 * glibc-32bit-2.38-150600.14.49.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4046.html * https://www.suse.com/security/cve/CVE-2026-5450.html * https://www.suse.com/security/cve/CVE-2026-5928.html * https://bugzilla.suse.com/show_bug.cgi?id=1261206 * https://bugzilla.suse.com/show_bug.cgi?id=1262464 *https://bugzilla.suse.com/show_bug.cgi?id=1262465 . OpenSUSE glibc update addresses critical heap overflow and remote crash issues with important security risk mitigations included.. glibc heap overflow remote crash openSUSE update important security. . Severity: Important. LinuxSecurity.com Team
An update that solves three vulnerabilities can now be installed.. # Security update for glibc Announcement ID: SUSE-SU-2026:2231-1 Release Date: 2026-06-03T10:57:32Z Rating: important References: * bsc#1261206 * bsc#1262464 * bsc#1262465 Cross-References: * CVE-2026-4046 * CVE-2026-5450 * CVE-2026-5928 CVSS scores: * CVE-2026-4046 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4046 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4046 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5450 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-5450 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-5450 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5928 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-5928 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-5928 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for glibc fixes the following issues * CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261206). * CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width > 1024 (bsc#1262465). * CVE-2026-5928: libio: ungetwc could be used to leak data on special conditions (bsc#1262464). ##Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2231=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2231=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2231=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-2231=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2231=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586 i686) * glibc-debuginfo-2.38-150600.14.49.1 * glibc-profile-2.38-150600.14.49.1 * glibc-2.38-150600.14.49.1 * glibc-locale-base-debuginfo-2.38-150600.14.49.1 * glibc-debugsource-2.38-150600.14.49.1 * glibc-devel-2.38-150600.14.49.1 * glibc-locale-base-2.38-150600.14.49.1 * libnsl1-2.38-150600.14.49.1 * glibc-devel-static-2.38-150600.14.49.1 * glibc-locale-2.38-150600.14.49.1 * libnsl1-debuginfo-2.38-150600.14.49.1 * glibc-devel-debuginfo-2.38-150600.14.49.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * glibc-extra-debuginfo-2.38-150600.14.49.1 * glibc-utils-src-debugsource-2.38-150600.14.49.1 * glibc-utils-debuginfo-2.38-150600.14.49.1 * glibc-utils-2.38-150600.14.49.1 * glibc-extra-2.38-150600.14.49.1 * nscd-debuginfo-2.38-150600.14.49.1 * nscd-2.38-150600.14.49.1 * openSUSE Leap 15.6 (noarch) * glibc-lang-2.38-150600.14.49.1 * glibc-html-2.38-150600.14.49.1 * glibc-i18ndata-2.38-150600.14.49.1 * glibc-info-2.38-150600.14.49.1 * openSUSE Leap 15.6 (x86_64) * glibc-devel-32bit-debuginfo-2.38-150600.14.49.1 * glibc-32bit-debuginfo-2.38-150600.14.49.1 *glibc-locale-base-32bit-debuginfo-2.38-150600.14.49.1 * glibc-devel-static-32bit-2.38-150600.14.49.1 * glibc-utils-32bit-2.38-150600.14.49.1 * glibc-locale-base-32bit-2.38-150600.14.49.1 * glibc-devel-32bit-2.38-150600.14.49.1 * libnsl1-32bit-2.38-150600.14.49.1 * glibc-profile-32bit-2.38-150600.14.49.1 * glibc-utils-32bit-debuginfo-2.38-150600.14.49.1 * libnsl1-32bit-debuginfo-2.38-150600.14.49.1 * glibc-32bit-2.38-150600.14.49.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libnsl1-64bit-debuginfo-2.38-150600.14.49.1 * libnsl1-64bit-2.38-150600.14.49.1 * glibc-utils-64bit-debuginfo-2.38-150600.14.49.1 * glibc-devel-64bit-debuginfo-2.38-150600.14.49.1 * glibc-locale-base-64bit-debuginfo-2.38-150600.14.49.1 * glibc-locale-base-64bit-2.38-150600.14.49.1 * glibc-utils-64bit-2.38-150600.14.49.1 * glibc-devel-static-64bit-2.38-150600.14.49.1 * glibc-64bit-2.38-150600.14.49.1 * glibc-devel-64bit-2.38-150600.14.49.1 * glibc-64bit-debuginfo-2.38-150600.14.49.1 * glibc-profile-64bit-2.38-150600.14.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * glibc-2.38-150600.14.49.1 * glibc-locale-base-2.38-150600.14.49.1 * nscd-debuginfo-2.38-150600.14.49.1 * libnsl1-debuginfo-2.38-150600.14.49.1 * nscd-2.38-150600.14.49.1 * glibc-extra-debuginfo-2.38-150600.14.49.1 * glibc-utils-src-debugsource-2.38-150600.14.49.1 * glibc-locale-base-debuginfo-2.38-150600.14.49.1 * libnsl1-2.38-150600.14.49.1 * glibc-debugsource-2.38-150600.14.49.1 * glibc-devel-static-2.38-150600.14.49.1 * glibc-utils-2.38-150600.14.49.1 * glibc-locale-2.38-150600.14.49.1 * glibc-debuginfo-2.38-150600.14.49.1 * glibc-profile-2.38-150600.14.49.1 * glibc-extra-2.38-150600.14.49.1 * glibc-utils-debuginfo-2.38-150600.14.49.1 * glibc-devel-2.38-150600.14.49.1 * glibc-devel-debuginfo-2.38-150600.14.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) *glibc-lang-2.38-150600.14.49.1 * glibc-i18ndata-2.38-150600.14.49.1 * glibc-info-2.38-150600.14.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * glibc-devel-32bit-debuginfo-2.38-150600.14.49.1 * glibc-32bit-debuginfo-2.38-150600.14.49.1 * glibc-locale-base-32bit-debuginfo-2.38-150600.14.49.1 * glibc-locale-base-32bit-2.38-150600.14.49.1 * glibc-devel-32bit-2.38-150600.14.49.1 * libnsl1-32bit-2.38-150600.14.49.1 * libnsl1-32bit-debuginfo-2.38-150600.14.49.1 * glibc-32bit-2.38-150600.14.49.1 * Basesystem Module 15-SP7 (noarch) * glibc-lang-2.38-150600.14.49.1 * glibc-i18ndata-2.38-150600.14.49.1 * glibc-info-2.38-150600.14.49.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * glibc-debuginfo-2.38-150600.14.49.1 * glibc-profile-2.38-150600.14.49.1 * glibc-extra-debuginfo-2.38-150600.14.49.1 * glibc-2.38-150600.14.49.1 * glibc-locale-base-debuginfo-2.38-150600.14.49.1 * libnsl1-2.38-150600.14.49.1 * glibc-debugsource-2.38-150600.14.49.1 * glibc-locale-base-2.38-150600.14.49.1 * glibc-devel-2.38-150600.14.49.1 * glibc-devel-debuginfo-2.38-150600.14.49.1 * glibc-locale-2.38-150600.14.49.1 * glibc-extra-2.38-150600.14.49.1 * nscd-debuginfo-2.38-150600.14.49.1 * libnsl1-debuginfo-2.38-150600.14.49.1 * nscd-2.38-150600.14.49.1 * Basesystem Module 15-SP7 (x86_64) * glibc-32bit-debuginfo-2.38-150600.14.49.1 * glibc-locale-base-32bit-2.38-150600.14.49.1 * libnsl1-32bit-2.38-150600.14.49.1 * libnsl1-32bit-debuginfo-2.38-150600.14.49.1 * glibc-32bit-2.38-150600.14.49.1 * glibc-locale-base-32bit-debuginfo-2.38-150600.14.49.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * glibc-debuginfo-2.38-150600.14.49.1 * glibc-utils-src-debugsource-2.38-150600.14.49.1 * glibc-utils-debuginfo-2.38-150600.14.49.1 * glibc-debugsource-2.38-150600.14.49.1 * glibc-devel-static-2.38-150600.14.49.1 *glibc-utils-2.38-150600.14.49.1 * Development Tools Module 15-SP7 (x86_64) * glibc-devel-32bit-2.38-150600.14.49.1 * glibc-32bit-debuginfo-2.38-150600.14.49.1 * glibc-devel-32bit-debuginfo-2.38-150600.14.49.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * glibc-2.38-150600.14.49.1 * glibc-locale-base-2.38-150600.14.49.1 * nscd-debuginfo-2.38-150600.14.49.1 * libnsl1-debuginfo-2.38-150600.14.49.1 * nscd-2.38-150600.14.49.1 * glibc-extra-debuginfo-2.38-150600.14.49.1 * glibc-utils-src-debugsource-2.38-150600.14.49.1 * glibc-locale-base-debuginfo-2.38-150600.14.49.1 * glibc-debugsource-2.38-150600.14.49.1 * libnsl1-2.38-150600.14.49.1 * glibc-devel-static-2.38-150600.14.49.1 * glibc-utils-2.38-150600.14.49.1 * glibc-locale-2.38-150600.14.49.1 * glibc-debuginfo-2.38-150600.14.49.1 * glibc-profile-2.38-150600.14.49.1 * glibc-extra-2.38-150600.14.49.1 * glibc-utils-debuginfo-2.38-150600.14.49.1 * glibc-devel-2.38-150600.14.49.1 * glibc-devel-debuginfo-2.38-150600.14.49.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * glibc-lang-2.38-150600.14.49.1 * glibc-i18ndata-2.38-150600.14.49.1 * glibc-info-2.38-150600.14.49.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * glibc-devel-32bit-debuginfo-2.38-150600.14.49.1 * glibc-32bit-debuginfo-2.38-150600.14.49.1 * glibc-locale-base-32bit-debuginfo-2.38-150600.14.49.1 * glibc-locale-base-32bit-2.38-150600.14.49.1 * glibc-devel-32bit-2.38-150600.14.49.1 * libnsl1-32bit-2.38-150600.14.49.1 * libnsl1-32bit-debuginfo-2.38-150600.14.49.1 * glibc-32bit-2.38-150600.14.49.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4046.html * https://www.suse.com/security/cve/CVE-2026-5450.html * https://www.suse.com/security/cve/CVE-2026-5928.html * https://bugzilla.suse.com/show_bug.cgi?id=1261206 * https://bugzilla.suse.com/show_bug.cgi?id=1262464 *https://bugzilla.suse.com/show_bug.cgi?id=1262465 . SUSE releases important glibc security update addressing multiple vulnerabilities with significant risks and attack vectors.. SUSE Linux, glibc security, important update, security vulnerabilities, openSUSE advisory. . Severity: Important. LinuxSecurity.com Team
An update that solves three vulnerabilities can now be installed.. # Security update for glibc Announcement ID: SUSE-SU-2026:21688-1 Release Date: 2026-05-15T10:38:30Z Rating: important References: * bsc#1261206 * bsc#1262464 * bsc#1262465 Cross-References: * CVE-2026-4046 * CVE-2026-5450 * CVE-2026-5928 CVSS scores: * CVE-2026-4046 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4046 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4046 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5450 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-5450 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-5450 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5928 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-5928 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-5928 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves three vulnerabilities can now be installed. ## Description: This update for glibc fixes the following issues * CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261206). * CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width > 1024 (bsc#1262465). * CVE-2026-5928: libio: ungetwc could be used to leak data on special conditions (bsc#1262464). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-528=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * glibc-2.38-slfo.1.1_8.1 *glibc-devel-2.38-slfo.1.1_8.1 * glibc-locale-base-2.38-slfo.1.1_8.1 * glibc-locale-2.38-slfo.1.1_8.1 * glibc-locale-base-debuginfo-2.38-slfo.1.1_8.1 * glibc-devel-debuginfo-2.38-slfo.1.1_8.1 * glibc-debugsource-2.38-slfo.1.1_8.1 * glibc-debuginfo-2.38-slfo.1.1_8.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4046.html * https://www.suse.com/security/cve/CVE-2026-5450.html * https://www.suse.com/security/cve/CVE-2026-5928.html * https://bugzilla.suse.com/show_bug.cgi?id=1261206 * https://bugzilla.suse.com/show_bug.cgi?id=1262464 * https://bugzilla.suse.com/show_bug.cgi?id=1262465 . Critical update for glibc in SUSE addresses important security issues including buffer overflows. Get fixes now.. SUSE glibc important errors, security patches, Linux update. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for glibc-livepatches Announcement ID: SUSE-SU-2026:21424-1 Release Date: 2026-04-28T16:23:13Z Rating: important References: * bsc#1261209 Cross-References: * CVE-2026-4046 CVSS scores: * CVE-2026-4046 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4046 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4046 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for glibc-livepatches fixes the following issue: * CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261209). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-651=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-651=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * glibc-livepatches-debugsource-0.4-160000.1.1 * glibc-livepatches-0.4-160000.1.1 * glibc-livepatches-debuginfo-0.4-160000.1.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * glibc-livepatches-debugsource-0.4-160000.1.1 * glibc-livepatches-0.4-160000.1.1 * glibc-livepatches-debuginfo-0.4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4046.html * https://bugzilla.suse.com/show_bug.cgi?id=1261209 . Vital update for SUSE glibc-livepatches resolving CVE-2026-4046 cracks and improving system stability. Install now.. SUSE update glibc-livepatches CVE-2026-4046important. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability and has one security fix can now be installed.. # Security update for glibc-livepatches Announcement ID: SUSE-SU-2026:1662-1 Release Date: 2026-04-30T13:16:21Z Rating: important References: * bsc#1261209 * bsc#1263035 Cross-References: * CVE-2026-4046 CVSS scores: * CVE-2026-4046 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4046 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4046 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for glibc-livepatches fixes the following issue: Security fixes: * CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261209). Other fixes: * Fix problems with livepatches targeting libc-2.31.so instead of libc.so.6 in 15.4 (bsc#1263035). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run thecommand listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1662=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1662=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1662=1 * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1662=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * glibc-livepatches-debugsource-0.4-150400.3.16.1 * glibc-livepatches-0.4-150400.3.16.1 * glibc-livepatches-debuginfo-0.4-150400.3.16.1 * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * glibc-livepatches-0.4-150400.3.16.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * glibc-livepatches-0.4-150400.3.16.1 * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * glibc-livepatches-debugsource-0.4-150400.3.16.1 * glibc-livepatches-0.4-150400.3.16.1 * glibc-livepatches-debuginfo-0.4-150400.3.16.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4046.html * https://bugzilla.suse.com/show_bug.cgi?id=1261209 * https://bugzilla.suse.com/show_bug.cgi?id=1263035 . Explore an important SUSE security advisory on glibc-livepatches addressing a crucial security issue.. SUSE glibc-livepatches important security patch remote crash. . Severity: Important. LinuxSecurity.com Team
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for freeciv ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0155-1 Rating: moderate References: #1260036 Cross-References: CVE-2026-33250 Affected Products: openSUSE Backports SLE-15-SP6 openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for freeciv fixes the following issues: - CVE-2026-33250: Fix a vulnerability allowing remote crashing of the server (boo#1260036). - update to version 3.0.10: * Generic bugfix release* Generic bugfix release * Fixed nation color selection assert failures when moving from pre-game to turn 1 * Fixed a crash when city removal left a unit stranded * Fixed growing of the internal string handling buffer, fixing, e.g., issues with very long lines in the savegame * Fixed fc_vsnprintf() return value on Windows, fixing, e.g., issues on loading the tutorial scenario * Various internal changes which should only affect developers * Fixed bad memory access while loading freeciv-2.6 format ruleset * Miscellaneous improvements to in-game text and user documentation * Miscellaneous changes to developer/install/ruleset docs * Updated translations * see https://freeciv.fandom.com/wiki/NEWS-3.0.10 - update to version 3.0.9: * Generic bugfix release * Set diplomatic relations state correctly between team members osdn#48295 * Fixed assert failures when city grows to freeciv's internal max city size (255) * Sammarinese city name Borgo Maggiore corrected osdn#48316 * Cargo gets bounced when transport is lost due to terrain change * Fixed crash with recursive autoattacks in case ofoccupychance setting being > 0 * Fixed memory corruption when transport is not bounced, but cargo is * Corrected amount treasury gets increased by a city in some situations * Cities stop working tiles turned unworkable at turn change * Fixed clearing city border claims when player gets removed from the game osdn#48837 * see https://freeciv.fandom.com/wiki/NEWS-3.0.9 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-155=1 - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2026-155=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64): freeciv-3.1.6-bp157.2.3.1 freeciv-debuginfo-3.1.6-bp157.2.3.1 freeciv-debugsource-3.1.6-bp157.2.3.1 freeciv-gtk3-3.1.6-bp157.2.3.1 freeciv-gtk3-debuginfo-3.1.6-bp157.2.3.1 freeciv-gtk4-3.1.6-bp157.2.3.1 freeciv-gtk4-debuginfo-3.1.6-bp157.2.3.1 freeciv-qt-3.1.6-bp157.2.3.1 freeciv-qt-debuginfo-3.1.6-bp157.2.3.1 - openSUSE Backports SLE-15-SP7 (noarch): freeciv-lang-3.1.6-bp157.2.3.1 - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): freeciv-3.0.10-bp156.2.3.1 freeciv-gtk3-3.0.10-bp156.2.3.1 freeciv-qt-3.0.10-bp156.2.3.1 - openSUSE Backports SLE-15-SP6 (noarch): freeciv-lang-3.0.10-bp156.2.3.1 References: https://www.suse.com/security/cve/CVE-2026-33250.html https://bugzilla.suse.com/1260036 . Update for openSUSE freeciv addresses a moderate issue allowing remote server crashes. Installation instructions included.. openSUSE security, freeciv patch, software update. . LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for glibc-livepatches Announcement ID: SUSE-SU-2026:21317-1 Release Date: 2026-04-23T12:23:23Z Rating: moderate References: * bsc#1261209 Cross-References: * CVE-2026-4046 CVSS scores: * CVE-2026-4046 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4046 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4046 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for glibc-livepatches fixes the following issues: * CVE-2026-4046: Fixed assertion failure when converting inputs may be used to remotely crash an application (bsc#1261209) * Add support for live-patching the gconv modules sitting in glibc-locale-base or glibc-gconv-modules-extra packages. * Update json files for current glibc variants that support livepatching. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-507=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * glibc-livepatches-debugsource-0.4-slfo.1.1_1.1 * glibc-livepatches-0.4-slfo.1.1_1.1 * glibc-livepatches-debuginfo-0.4-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4046.html * https://bugzilla.suse.com/show_bug.cgi?id=1261209 . SUSE releases security advisory for glibc-livepatches fixing moderate issues. Update recommended to prevent remote crashes.. glibc livepatches SUSE security patch remote crash advisory. . LinuxSecurity.com Team
An update that contains security fixes can now be installed.. openSUSE Security Update: Security update for tor ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0147-1 Rating: moderate References: #1262301 #1262302 Affected Products: openSUSE Backports SLE-15-SP6 openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for tor fixes the following issues: - update to 0.4.8.23: * Fix a memory compare using the wrong length. This could lead to a remote crash when using the conflux subsystem (TROVE-2026-004, boo#1262302) * Fix a series of defense in depth security issues found across the codebase * Regenerate fallback directories generated on March 25, 2026. * Update the geoip files to match the IPFire Location Database, as retrieved on 2026/03/25. - includes changes from 0.4.8.22: * Avoid an out-of-bounds read error that could occur with V1-formatted EXTEND cells (TROVE-2025-016, boo#1262301) * Allow old clients to fetch the consensus even if they use version 0 of the SENDME protocol * Do not check for compression bombs for buffers smaller than 5MB (increased from 64 KB) * Improvements to directory server statistics - update to 0.4.8.21: * This release is a continuation of the previous one and addresses additional Conflux-related issues identified through further testing and feedback from relay operators. We strongly recommend upgrading as soon as possible. * Major bugfixes (conflux, exit): - When dequeuing out-of-order conflux cells, the circuit could be close in between two dequeue which could lead to a mishandling of a NULL pointer. Fixes bug 41162; * Add-mbranch-protection=standard for arm64. * Regenerate fallback directories generated on November * Update the geoip files to match the IPFire Location Database, as retrieved on 2025/11/17. * Fix a bug causing the initial tor process to hang intead of exiting with RunAsDaemon, when pluggable transports are used. - 0.4.8.20 * Add a new hardening compiler flag -fcf-protection=full * Fix the root cause of some conflux fragile asserts * Fix a series of conflux edge cases - 0.4.8.19 * Fix some clients not being able to connect to LibreSSL relays * Improve stream flow control performance Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-147=1 - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2026-147=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64): tor-0.4.8.23-bp157.2.6.1 tor-debuginfo-0.4.8.23-bp157.2.6.1 tor-debugsource-0.4.8.23-bp157.2.6.1 - openSUSE Backports SLE-15-SP6 (aarch64 ppc64le s390x x86_64): tor-0.4.8.23-bp156.2.6.1 References: https://bugzilla.suse.com/1262301 https://bugzilla.suse.com/1262302 . Update for openSUSE Backports fixes moderate security issues, including remote crashes and other improvements for tor.. openSUSE Backports, tor security, remote crash fix, security update, SLE-15. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.