Explore top 10 tips to secure your open-source projects now. Read More
×
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-19158 http://linux.oracle.com/errata/ELSA-2026-19158.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: dnsmasq-2.90-7.el10_2.x86_64.rpm dnsmasq-utils-2.90-7.el10_2.x86_64.rpm aarch64: dnsmasq-2.90-7.el10_2.aarch64.rpm dnsmasq-utils-2.90-7.el10_2.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/dnsmasq-2.90-7.el10_2.src.rpm Related CVEs: CVE-2026-2291 CVE-2026-4890 CVE-2026-4891 CVE-2026-4892 CVE-2026-4893 CVE-2026-5172 Description of changes: [2.90-7] - Prevent overflow in extract_name function (CVE-2026-2291) - Prevent DoS in DNSSEC validation (CVE-2026-4890) - Prevent out-of-bounds read in DNSSEC validation (CVE-2026-4891) - Prevent out-of-bounds write in DHCPv6 server (CVE-2026-4892) - Prevent source check avoidance by RFC 7871 client-subnet (CVE-2026-4893) - Prevent out-of-bounds read in extract_addresses (CVE-2026-5172) [2.90-6] - Prevent heap buffer overflow in cache via NAME_ESCAPE expansion (CVE-2026-2291) _______________________________________________ El-errata mailing list
Update quick-xml to 0.41 (RUSTSEC-2026-0194, RUSTSEC-2026-0195). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-5e3ab17662 2026-07-17 01:08:58.262249+00:00 -------------------------------------------------------------------------------- Name : rust-opendal Product : Fedora 43 Version : 0.55.0 Release : 2.fc43 URL : https://crates.io/crates/opendal Summary : Apache OpenDAL: One Layer, All Storage Description : OpenDAL is an Open Data Access Layer that enables seamless interaction with diverse storage services. -------------------------------------------------------------------------------- Update Information: Update quick-xml to 0.41 (RUSTSEC-2026-0194, RUSTSEC-2026-0195) -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 8 2026 Benjamin A. Beasley - 0.55.0-2 - Update quick-xml to 0.41 (RUSTSEC-2026-0194, RUSTSEC-2026-0195) -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-5e3ab17662' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Important: maven:3.8 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:40841", "synopsis": "Important: maven:3.8 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for module.maven, module.apache-commons-lang3, apache-commons-io, slf4j, apache-commons-codec, jsr-305, module.cdi-api, plexus-containers, guava, httpcomponents-client, cdi-api, module.sisu, module.plexus-classworlds, plexus-interpolation, module.httpcomponents-core, module.apache-commons-io, atinject, google-guice, module.plexus-cipher, plexus-sec-dispatcher, module.guava, module.jsr-305, module.maven-shared-utils, jakarta-annotations, module.plexus-interpolation, plexus-classworlds, maven-wagon, apache-commons-cli, apache-commons-lang3, module.jansi, module.apache-commons-codec, module.plexus-containers, jansi, maven, module.plexus-utils, sisu, module.atinject, maven-shared-utils, module.google-guice, module.maven-resolver, module.apache-commons-cli, module.slf4j, httpcomponents-core, module.httpcomponents-client, maven-resolver, module.maven-wagon, plexus-cipher, plexus-utils, module.plexus-sec-dispatcher, module.jakarta-annotations.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting and documentation from a central piece of information.\n\nSecurity Fix(es):\n\n* org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method (CVE-2025-67030)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2451409", "sourceBy": "Red Hat","sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2451409", "description": ""}], "cves": [{"name": "CVE-2025-67030", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67030", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "cvss3BaseScore": "8.3", "cwe": "CWE-22"}], "references": [], "publishedAt": "2026-07-16T12:03:21.348182Z", "rpms": {"Rocky Linux 8": {"nvras": ["apache-commons-cli-0:1.5.0-5.module+el8.10.0+1811+d28a527b.noarch.rpm", "apache-commons-cli-0:1.5.0-5.module+el8.10.0+1811+d28a527b.src.rpm", "apache-commons-codec-0:1.15-8.module+el8.10.0+1811+d28a527b.noarch.rpm", "apache-commons-codec-0:1.15-8.module+el8.10.0+1811+d28a527b.src.rpm", "apache-commons-io-1:2.11.0-3.module+el8.10.0+1811+d28a527b.noarch.rpm", "apache-commons-io-1:2.11.0-3.module+el8.10.0+1811+d28a527b.src.rpm", "apache-commons-lang3-0:3.12.0-8.module+el8.10.0+1811+d28a527b.noarch.rpm", "apache-commons-lang3-0:3.12.0-8.module+el8.10.0+1811+d28a527b.src.rpm", "atinject-0:1.0.5-5.module+el8.10.0+1811+d28a527b.noarch.rpm", "atinject-0:1.0.5-5.module+el8.10.0+1811+d28a527b.src.rpm", "cdi-api-0:2.0.2-7.module+el8.10.0+1811+d28a527b.noarch.rpm", "cdi-api-0:2.0.2-7.module+el8.10.0+1811+d28a527b.src.rpm", "google-guice-0:4.2.3-10.module+el8.10.0+1811+d28a527b.noarch.rpm", "google-guice-0:4.2.3-10.module+el8.10.0+1811+d28a527b.src.rpm", "guava-0:31.0.1-5.module+el8.10.0+1811+d28a527b.noarch.rpm", "guava-0:31.0.1-5.module+el8.10.0+1811+d28a527b.src.rpm", "httpcomponents-client-0:4.5.13-6.module+el8.10.0+1811+d28a527b.noarch.rpm", "httpcomponents-client-0:4.5.13-6.module+el8.10.0+1811+d28a527b.src.rpm", "httpcomponents-core-0:4.4.13-8.module+el8.10.0+1811+d28a527b.noarch.rpm", "httpcomponents-core-0:4.4.13-8.module+el8.10.0+1811+d28a527b.src.rpm", "jakarta-annotations-0:1.3.5-15.module+el8.10.0+1811+d28a527b.noarch.rpm", "jakarta-annotations-0:1.3.5-15.module+el8.10.0+1811+d28a527b.src.rpm", "jansi-0:2.4.0-7.module+el8.10.0+1811+d28a527b.aarch64.rpm","jansi-0:2.4.0-7.module+el8.10.0+1811+d28a527b.src.rpm", "jansi-debuginfo-0:2.4.0-7.module+el8.10.0+1811+d28a527b.aarch64.rpm", "jansi-debugsource-0:2.4.0-7.module+el8.10.0+1811+d28a527b.aarch64.rpm", "jcl-over-slf4j-0:1.7.32-5.module+el8.10.0+1811+d28a527b.noarch.rpm", "jsr-305-0:3.0.2-7.module+el8.10.0+1811+d28a527b.noarch.rpm", "jsr-305-0:3.0.2-7.module+el8.10.0+1811+d28a527b.src.rpm", "maven-1:3.8.5-6.module+el8.10.0+1811+d28a527b.noarch.rpm", "maven-1:3.8.5-6.module+el8.10.0+1811+d28a527b.src.rpm", "maven-lib-1:3.8.5-6.module+el8.10.0+1811+d28a527b.noarch.rpm", "maven-openjdk11-1:3.8.5-6.module+el8.10.0+1811+d28a527b.noarch.rpm", "maven-openjdk17-1:3.8.5-6.module+el8.10.0+1811+d28a527b.noarch.rpm", "maven-openjdk21-1:3.8.5-6.module+el8.10.0+1811+d28a527b.noarch.rpm", "maven-openjdk8-1:3.8.5-6.module+el8.10.0+1811+d28a527b.noarch.rpm", "maven-resolver-1:1.7.3-6.module+el8.10.0+1811+d28a527b.noarch.rpm", "maven-resolver-1:1.7.3-6.module+el8.10.0+1811+d28a527b.src.rpm", "maven-shared-utils-0:3.3.4-6.module+el8.10.0+1811+d28a527b.noarch.rpm", "maven-shared-utils-0:3.3.4-6.module+el8.10.0+1811+d28a527b.src.rpm", "maven-wagon-0:3.5.1-3.module+el8.10.0+1811+d28a527b.noarch.rpm", "maven-wagon-0:3.5.1-3.module+el8.10.0+1811+d28a527b.src.rpm", "plexus-cipher-0:2.0-3.module+el8.10.0+1811+d28a527b.noarch.rpm", "plexus-cipher-0:2.0-3.module+el8.10.0+1811+d28a527b.src.rpm", "plexus-classworlds-0:2.6.0-13.module+el8.10.0+1811+d28a527b.noarch.rpm", "plexus-classworlds-0:2.6.0-13.module+el8.10.0+1811+d28a527b.src.rpm", "plexus-containers-0:2.1.1-3.module+el8.10.0+1811+d28a527b.src.rpm", "plexus-containers-component-annotations-0:2.1.1-3.module+el8.10.0+1811+d28a527b.noarch.rpm", "plexus-interpolation-0:1.26-13.module+el8.10.0+1811+d28a527b.noarch.rpm", "plexus-interpolation-0:1.26-13.module+el8.10.0+1811+d28a527b.src.rpm", "plexus-sec-dispatcher-0:2.0-5.module+el8.10.0+1811+d28a527b.noarch.rpm", "plexus-sec-dispatcher-0:2.0-5.module+el8.10.0+1811+d28a527b.src.rpm","plexus-utils-0:3.3.0-11.module+el8.10.0+1811+d28a527b.noarch.rpm", "plexus-utils-0:3.3.0-11.module+el8.10.0+1811+d28a527b.src.rpm", "sisu-1:0.3.5-3.module+el8.10.0+1811+d28a527b.noarch.rpm", "sisu-1:0.3.5-3.module+el8.10.0+1811+d28a527b.src.rpm", "slf4j-0:1.7.32-5.module+el8.10.0+1811+d28a527b.noarch.rpm", "slf4j-0:1.7.32-5.module+el8.10.0+1811+d28a527b.src.rpm", "jansi-0:2.4.0-7.module+el8.10.0+1811+d28a527b.x86_64.rpm", "jansi-debuginfo-0:2.4.0-7.module+el8.10.0+1811+d28a527b.x86_64.rpm", "jansi-debugsource-0:2.4.0-7.module+el8.10.0+1811+d28a527b.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Critical maven security updates are available for Rocky Linux 8, addressing important vulnerabilities like directory traversal.. Rocky Linux,maven,directory traversal,security updates. . Severity: Important. LinuxSecurity.com Team
An update that can now be installed.. # Security update for buildah Announcement ID: SUSE-SU-2026:2964-1 Release Date: 2026-07-14T11:09:44Z Rating: important References: Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that can now be installed. ## Description: This update for buildah rebuilds it against the current go security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2964=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2964=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2964=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2964=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2964=1 ## Package List: * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * buildah-1.35.5-150400.3.70.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * buildah-1.35.5-150400.3.70.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * buildah-1.35.5-150400.3.70.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * buildah-1.35.5-150400.3.70.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * buildah-1.35.5-150400.3.70.1 . This update for buildah applies important security fixes for openSUSE Leap 15.4 and other SUSE Linux distributions.. openSUSE security, buildah update, Linux security patch. . Severity: Important. LinuxSecurity.com Team
The 7.1.3-101/201 builds contain an important fix for XFS filesystem users.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-085c9e92a4 2026-07-14 18:18:56.519144+00:00 -------------------------------------------------------------------------------- Name : kernel Product : Fedora 43 Version : 7.1.3 Release : 101.fc43 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package -------------------------------------------------------------------------------- Update Information: The 7.1.3-101/201 builds contain an important fix for XFS filesystem users. -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 14 2026 Justin M. Forbes [7.1.3-1] - xfs: resample the data fork mapping after cycling ILOCK (Darrick J. Wong) - redhat: configs: fedora: Enable Sony IMX471 image sensor (Kate Hsuan) - media: i2c: imx471: Add Sony IMX471 image sensor driver (Kate Hsuan) - platform: int3472: discrete: con_id vana for Sony IMX471 as power enable (Kate Hsuan) - media: ipu-bridge: Add Sony IMX471 for Lenovo X1 Carbon G14 (Kate Hsuan) - media: ipu-bridge: Add DMI information of Lenovo X9 to the image upside-down list (Kate Hsuan) - redhat: move ynltool debuginfo to kernel-tools-debuginfo (Augusto Caringi) -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-085c9e92a4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that solves 25 vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:2902-1 Release Date: 2026-07-13T15:45:10Z Rating: important References: * bsc#1256615 * bsc#1260524 * bsc#1262759 * bsc#1263094 * bsc#1263118 * bsc#1263177 * bsc#1263670 * bsc#1264094 * bsc#1264252 * bsc#1264253 * bsc#1264567 * bsc#1264849 * bsc#1265117 * bsc#1265127 * bsc#1265197 * bsc#1265945 * bsc#1266015 * bsc#1266265 * bsc#1267206 * bsc#1267698 * bsc#1267723 * bsc#1267893 * bsc#1268662 * bsc#1269023 * bsc#1269495 Cross-References: * CVE-2025-71089 * CVE-2026-23393 * CVE-2026-31505 * CVE-2026-31533 * CVE-2026-31570 * CVE-2026-31586 * CVE-2026-31685 * CVE-2026-31758 * CVE-2026-43025 * CVE-2026-43027 * CVE-2026-43037 * CVE-2026-43120 * CVE-2026-43190 * CVE-2026-43366 * CVE-2026-43437 * CVE-2026-43494 * CVE-2026-43501 * CVE-2026-45970 * CVE-2026-46120 * CVE-2026-46173 * CVE-2026-46227 * CVE-2026-46243 * CVE-2026-52909 * CVE-2026-52943 * CVE-2026-53362 CVSS scores: * CVE-2025-71089 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-71089 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-23393 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31505 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31505 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31505 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H *CVE-2026-31533 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31570 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N * CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31586 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31685 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H * CVE-2026-31758 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H * CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43037 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43120 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N *CVE-2026-43120 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-43120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43190 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-43366 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43366 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43366 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43437 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43494 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43494 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43501 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-45970 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46173 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46227 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46243 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52909 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52943 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-53362 ( SUSE ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-53362 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux EnterpriseReal Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 25 vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.28 fixes various security issues The following security issues were fixed: * CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256615). * CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion (bsc#1260524). * CVE-2026-31505: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats() (bsc#1263094). * CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (bsc#1262759). * CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel() (bsc#1263118). * CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn() (bsc#1263177). * CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all packets (bsc#1263670). * CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release (bsc#1264094). * CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new expectations (bsc#1264253). * CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect cleanup (bsc#1264252). * CVE-2026-43037: ip6_tunnel: clear skb2-> cb[] in ip4ip6_err() (bsc#1265197). * CVE-2026-43120: RDMA/irdma: Fix double free related to rereg_user_mr (bsc#1264567). * CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading optlen (bsc#1264849). * CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy on recycle (bsc#1265117). * CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (bsc#1265127). * CVE-2026-43494: RDS zerocopy attack aka PinTheft (bsc#1265945). * CVE-2026-43501: ipv6: rpl: reserve mac_len headroom whenrecompressed SRH grows (bsc#1266015). * CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down (bsc#1267206). * CVE-2026-46120: ip6_gre: Use cached t-> net in ip6erspan_changelink() (bsc#1267893). * CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task (bsc#1267723). * CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL (bsc#1267698). * CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions (CIFSwitch) (bsc#1266265). * CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device (bsc#1268662). * CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve helpers (bsc#1269023). * CVE-2026-53362: ipv6: account for fraggap on the paged allocation path (bsc#1269495). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2911=1 SUSE-2026-2913=1 SUSE-2026-2912=1 SUSE-2026-2917=1 SUSE-2026-2908=1 * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-2916=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-2915=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-2902=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-2906=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-2904=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-2898=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-2903=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-2905=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-2901=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-2907=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-2908=1 SUSE-SLE- Module-Live-Patching-15-SP6-2026-2911=1 SUSE-SLE-Module-Live- Patching-15-SP6-2026-2913=1SUSE-SLE-Module-Live-Patching-15-SP6-2026-2912=1 SUSE-SLE-Module-Live-Patching-15-SP6-2026-2917=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-6_4_0-150700_7_22-rt-10-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_2-debugsource-18-150700.2.1 * kernel-livepatch-6_4_0-150700_7_13-rt-14-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_1-debugsource-19-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_5-debugsource-11-150700.2.1 * kernel-livepatch-6_4_0-150700_5-rt-19-150700.3.1 * kernel-livepatch-6_4_0-150700_7_25-rt-debuginfo-9-150700.2.1 * kernel-livepatch-6_4_0-150700_7_22-rt-debuginfo-10-150700.2.1 * kernel-livepatch-6_4_0-150700_7_19-rt-debuginfo-11-150700.2.1 * kernel-livepatch-6_4_0-150700_7_8-rt-18-150700.2.1 * kernel-livepatch-6_4_0-150700_5-rt-debuginfo-19-150700.3.1 * kernel-livepatch-SLE15-SP7-RT_Update_3-debugsource-14-150700.2.1 * kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo-14-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_0-debugsource-19-150700.3.1 * kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource-14-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_6-debugsource-10-150700.2.1 * kernel-livepatch-6_4_0-150700_7_13-rt-debuginfo-14-150700.2.1 * kernel-livepatch-6_4_0-150700_7_8-rt-debuginfo-18-150700.2.1 * kernel-livepatch-6_4_0-150700_7_25-rt-9-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_7-debugsource-9-150700.2.1 * kernel-livepatch-6_4_0-150700_7_16-rt-14-150700.2.1 * kernel-livepatch-6_4_0-150700_7_3-rt-debuginfo-19-150700.2.1 * kernel-livepatch-6_4_0-150700_7_19-rt-11-150700.2.1 * kernel-livepatch-6_4_0-150700_7_3-rt-19-150700.2.1 * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_28-default-debuginfo-9-150700.2.2 * kernel-livepatch-SLE15-SP7_Update_8-debugsource-9-150700.2.2 * kernel-livepatch-6_4_0-150700_53_25-default-9-150700.2.2 *kernel-livepatch-SLE15-SP7_Update_7-debugsource-9-150700.2.2 * kernel-livepatch-6_4_0-150700_53_25-default-debuginfo-9-150700.2.2 * kernel-livepatch-6_4_0-150700_53_28-default-9-150700.2.2 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_17-debugsource-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-14-150600.2.2 * kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-11-150600.2.2 * kernel-livepatch-6_4_0-150600_23_73-default-11-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_16-debugsource-11-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_14-debugsource-14-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_13-debugsource-18-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_19-debugsource-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_65-default-14-150600.2.2 * kernel-livepatch-6_4_0-150600_23_78-default-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-18-150600.2.2 * kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_84-default-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_60-default-18-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_17-debugsource-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-14-150600.2.2 * kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-11-150600.2.2 * kernel-livepatch-6_4_0-150600_23_73-default-11-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_16-debugsource-11-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_14-debugsource-14-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_19-debugsource-9-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_13-debugsource-18-150600.2.2 * kernel-livepatch-6_4_0-150600_23_65-default-14-150600.2.2 *kernel-livepatch-6_4_0-150600_23_78-default-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-18-150600.2.2 * kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_84-default-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_60-default-18-150600.2.2 ## References: * https://www.suse.com/security/cve/CVE-2025-71089.html * https://www.suse.com/security/cve/CVE-2026-23393.html * https://www.suse.com/security/cve/CVE-2026-31505.html * https://www.suse.com/security/cve/CVE-2026-31533.html * https://www.suse.com/security/cve/CVE-2026-31570.html * https://www.suse.com/security/cve/CVE-2026-31586.html * https://www.suse.com/security/cve/CVE-2026-31685.html * https://www.suse.com/security/cve/CVE-2026-31758.html * https://www.suse.com/security/cve/CVE-2026-43025.html * https://www.suse.com/security/cve/CVE-2026-43027.html * https://www.suse.com/security/cve/CVE-2026-43037.html * https://www.suse.com/security/cve/CVE-2026-43120.html * https://www.suse.com/security/cve/CVE-2026-43190.html * https://www.suse.com/security/cve/CVE-2026-43366.html * https://www.suse.com/security/cve/CVE-2026-43437.html * https://www.suse.com/security/cve/CVE-2026-43494.html * https://www.suse.com/security/cve/CVE-2026-43501.html * https://www.suse.com/security/cve/CVE-2026-45970.html * https://www.suse.com/security/cve/CVE-2026-46120.html * https://www.suse.com/security/cve/CVE-2026-46173.html * https://www.suse.com/security/cve/CVE-2026-46227.html * https://www.suse.com/security/cve/CVE-2026-46243.html * https://www.suse.com/security/cve/CVE-2026-52909.html * https://www.suse.com/security/cve/CVE-2026-52943.html * https://www.suse.com/security/cve/CVE-2026-53362.html * https://bugzilla.suse.com/show_bug.cgi?id=1256615 * https://bugzilla.suse.com/show_bug.cgi?id=1260524 * https://bugzilla.suse.com/show_bug.cgi?id=1262759 * https://bugzilla.suse.com/show_bug.cgi?id=1263094 *https://bugzilla.suse.com/show_bug.cgi?id=1263118 * https://bugzilla.suse.com/show_bug.cgi?id=1263177 * https://bugzilla.suse.com/show_bug.cgi?id=1263670 * https://bugzilla.suse.com/show_bug.cgi?id=1264094 * https://bugzilla.suse.com/show_bug.cgi?id=1264252 * https://bugzilla.suse.com/show_bug.cgi?id=1264253 * https://bugzilla.suse.com/show_bug.cgi?id=1264567 * https://bugzilla.suse.com/show_bug.cgi?id=1264849 * https://bugzilla.suse.com/show_bug.cgi?id=1265117 * https://bugzilla.suse.com/show_bug.cgi?id=1265127 * https://bugzilla.suse.com/show_bug.cgi?id=1265197 * https://bugzilla.suse.com/show_bug.cgi?id=1265945 * https://bugzilla.suse.com/show_bug.cgi?id=1266015 * https://bugzilla.suse.com/show_bug.cgi?id=1266265 * https://bugzilla.suse.com/show_bug.cgi?id=1267206 * https://bugzilla.suse.com/show_bug.cgi?id=1267698 * https://bugzilla.suse.com/show_bug.cgi?id=1267723 * https://bugzilla.suse.com/show_bug.cgi?id=1267893 * https://bugzilla.suse.com/show_bug.cgi?id=1268662 * https://bugzilla.suse.com/show_bug.cgi?id=1269023 * https://bugzilla.suse.com/show_bug.cgi?id=1269495 . SUSE Linux Enterprise 15 SP7 issues critical kernel security update to address 25 vulnerabilities efficiently and securely.. SUSE Linux, kernel security, threat mitigation, important updates, vulnerability patching. . Severity: Important. LinuxSecurity.com Team
It was discovered that there were two issues in Redis, the in-memory key/value database: CVE-2026-23631 An authenticated attacker could have exploited the master-replica synchronization mechanism to trigger a use-after-free on replicas. Debian LTS Advisory DLA-4682-1
An update that solves one vulnerability can now be installed.. # Security update for libpng15 Announcement ID: SUSE-SU-2026:2878-1 Release Date: 2026-07-13T09:27:39Z Rating: important References: * bsc#1258020 Cross-References: * CVE-2026-25646 CVSS scores: * CVE-2026-25646 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-25646 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-25646 ( NVD ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25646 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-25646 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libpng15 fixes the following issue * CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-2878=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2878=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libpng15-15-debuginfo-1.5.30-10.16.1 * libpng15-debugsource-1.5.30-10.16.1 *libpng15-15-1.5.30-10.16.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libpng15-15-debuginfo-1.5.30-10.16.1 * libpng15-debugsource-1.5.30-10.16.1 * libpng15-15-1.5.30-10.16.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25646.html * https://bugzilla.suse.com/show_bug.cgi?id=1258020 . Critical update for libpng15 addresses a buffer overflow issue, enhancing security for SUSE users. Install promptly to mitigate risks.. libpng buffer overflow SUSE security. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.