Kernel, Frr, Python, and more updates for SUSE Linux

SUSE 5601 Published 2026-03-27 07:53 by Philipp Esselbach

News

SUSE-SU-2026:1046-1: important: Security update for the Linux Kernel (Live Patch 36 for SUSE Linux Enterprise 15 SP4)

# Security update for the Linux Kernel (Live Patch 36 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:1046-1
Release Date: 2026-03-25T19:34:10Z
Rating: important
References:

* bsc#1247240
* bsc#1254755
* bsc#1255053
* bsc#1255378
* bsc#1255402
* bsc#1255595
* bsc#1256624
* bsc#1256644
* bsc#1257118
* bsc#1257629

Cross-References:

* CVE-2022-50697
* CVE-2023-53781
* CVE-2025-21738
* CVE-2025-38159
* CVE-2025-38488
* CVE-2025-40258
* CVE-2025-68284
* CVE-2025-68285
* CVE-2025-68813
* CVE-2025-71085

CVSS scores:

* CVE-2022-50697 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50697 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-53781 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53781 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21738 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21738 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21738 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38159 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38159 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-38488 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38488 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38488 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40258 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40258 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68284 ( SUSE ): 7.0
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68284 ( SUSE ): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-68285 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68285 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68813 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68813 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71085 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71085 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves 10 vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.150 fixes
various security issues

The following security issues were fixed:

* CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant
uninit (bsc#1255595).
* CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler()
(bsc#1254755).
* CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the
allocated buffer (bsc#1257118).
* CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out
of bounds (bsc#1257629).
* CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using
async crypto (bsc#1247240).
* CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work()
(bsc#1255053).
* CVE-2025-68284: libceph: prevent potential out-of-bounds writes in
handle_auth_session_key() (bsc#1255378).
* CVE-2025-68285: libceph: fix potential use-after-free in
have_mon_and_osd_map() (bsc#1255402).
* CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path
(bsc#1256644).
* CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of
calipso_skbuff_setattr() (bsc#1256624).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1046=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1046=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_150-default-debuginfo-16-150400.2.2
* kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2
* kernel-livepatch-SLE15-SP4_Update_36-debugsource-16-150400.2.2
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_150-default-debuginfo-16-150400.2.2
* kernel-livepatch-5_14_21-150400_24_150-default-16-150400.2.2
* kernel-livepatch-SLE15-SP4_Update_36-debugsource-16-150400.2.2

## References:

* https://www.suse.com/security/cve/CVE-2022-50697.html
* https://www.suse.com/security/cve/CVE-2023-53781.html
* https://www.suse.com/security/cve/CVE-2025-21738.html
* https://www.suse.com/security/cve/CVE-2025-38159.html
* https://www.suse.com/security/cve/CVE-2025-38488.html
* https://www.suse.com/security/cve/CVE-2025-40258.html
* https://www.suse.com/security/cve/CVE-2025-68284.html
* https://www.suse.com/security/cve/CVE-2025-68285.html
* https://www.suse.com/security/cve/CVE-2025-68813.html
* https://www.suse.com/security/cve/CVE-2025-71085.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247240
* https://bugzilla.suse.com/show_bug.cgi?id=1254755
* https://bugzilla.suse.com/show_bug.cgi?id=1255053
* https://bugzilla.suse.com/show_bug.cgi?id=1255378
* https://bugzilla.suse.com/show_bug.cgi?id=1255402
* https://bugzilla.suse.com/show_bug.cgi?id=1255595
* https://bugzilla.suse.com/show_bug.cgi?id=1256624
* https://bugzilla.suse.com/show_bug.cgi?id=1256644
* https://bugzilla.suse.com/show_bug.cgi?id=1257118
* https://bugzilla.suse.com/show_bug.cgi?id=1257629

SUSE-SU-2026:1063-1: moderate: Security update for frr

# Security update for frr

Announcement ID: SUSE-SU-2026:1063-1
Release Date: 2026-03-26T10:36:53Z
Rating: moderate
References:

* bsc#1252761
* bsc#1252810
* bsc#1252811
* bsc#1252812
* bsc#1252813
* bsc#1252829
* bsc#1252833
* bsc#1252835
* bsc#1252838
* jsc#PED-14796

Cross-References:

* CVE-2025-61099
* CVE-2025-61100
* CVE-2025-61101
* CVE-2025-61102
* CVE-2025-61103
* CVE-2025-61104
* CVE-2025-61105
* CVE-2025-61106
* CVE-2025-61107

CVSS scores:

* CVE-2025-61099 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61099 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61099 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61100 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61100 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61100 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61101 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61101 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61101 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61102 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61102 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61102 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61103 ( SUSE ): 6.0
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61103 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61103 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61104 ( SUSE ): 6.0
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61104 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61104 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61105 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61105 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61105 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61106 ( SUSE ): 6.0
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61106 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61106 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61107 ( SUSE ): 6.0
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61107 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61107 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* openSUSE Leap 15.6
* Server Applications Module 15-SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves nine vulnerabilities and contains one feature can now be
installed.

## Description:

This update for frr fixes the following issues:

Security issues:

* CVE-2025-61099: NULL Pointer Dereference in FRRouting (bsc#1252838).
* CVE-2025-61100: NULL Pointer Dereference in FRRouting (bsc#1252829).
* CVE-2025-61101: NULL Pointer Dereference in FRRouting (bsc#1252833).
* CVE-2025-61102: NULL Pointer Dereference in FRRouting (bsc#1252835).
* CVE-2025-61103: NULL pointer dereference in show_vty_ext_link_lan_adj_sid()
in ospf_ext.c (bsc#1252810).
* CVE-2025-61104: NULL pointer dereference in show_vty_unknown_tlv() in
ospf_ext.c (bsc#1252811).
* CVE-2025-61105: NULL pointer dereference in show_vty_link_info() in
ospf_ext.c (bsc#1252761).
* CVE-2025-61106: NULL pointer dereference in show_vty_ext_pref_pref_sid() in
ospf_ext.c (bsc#1252812).

Non-security issues:

* Fix /var/run leftovers in logrotate config file, create /var/log and
/var/lib via tmpfiles.d (jsc#PED-14796).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1063=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1063=1

* Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1063=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* libfrr0-8.5.6-150500.4.36.1
* libfrr_pb0-debuginfo-8.5.6-150500.4.36.1
* frr-devel-8.5.6-150500.4.36.1
* frr-debuginfo-8.5.6-150500.4.36.1
* frr-debugsource-8.5.6-150500.4.36.1
* libmlag_pb0-8.5.6-150500.4.36.1
* libfrrcares0-debuginfo-8.5.6-150500.4.36.1
* libfrr0-debuginfo-8.5.6-150500.4.36.1
* libfrrospfapiclient0-8.5.6-150500.4.36.1
* libfrr_pb0-8.5.6-150500.4.36.1
* libfrrsnmp0-8.5.6-150500.4.36.1
* libfrrospfapiclient0-debuginfo-8.5.6-150500.4.36.1
* libmlag_pb0-debuginfo-8.5.6-150500.4.36.1
* libfrrfpm_pb0-debuginfo-8.5.6-150500.4.36.1
* libfrrzmq0-debuginfo-8.5.6-150500.4.36.1
* libfrrfpm_pb0-8.5.6-150500.4.36.1
* libfrrcares0-8.5.6-150500.4.36.1
* frr-8.5.6-150500.4.36.1
* libfrrzmq0-8.5.6-150500.4.36.1
* libfrrsnmp0-debuginfo-8.5.6-150500.4.36.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* libfrr0-8.5.6-150500.4.36.1
* libfrr_pb0-debuginfo-8.5.6-150500.4.36.1
* frr-devel-8.5.6-150500.4.36.1
* frr-debuginfo-8.5.6-150500.4.36.1
* frr-debugsource-8.5.6-150500.4.36.1
* libmlag_pb0-8.5.6-150500.4.36.1
* libfrrcares0-debuginfo-8.5.6-150500.4.36.1
* libfrr0-debuginfo-8.5.6-150500.4.36.1
* libfrrospfapiclient0-8.5.6-150500.4.36.1
* libfrr_pb0-8.5.6-150500.4.36.1
* libfrrsnmp0-8.5.6-150500.4.36.1
* libfrrospfapiclient0-debuginfo-8.5.6-150500.4.36.1
* libmlag_pb0-debuginfo-8.5.6-150500.4.36.1
* libfrrfpm_pb0-debuginfo-8.5.6-150500.4.36.1
* libfrrzmq0-debuginfo-8.5.6-150500.4.36.1
* libfrrfpm_pb0-8.5.6-150500.4.36.1
* libfrrcares0-8.5.6-150500.4.36.1
* frr-8.5.6-150500.4.36.1
* libfrrzmq0-8.5.6-150500.4.36.1
* libfrrsnmp0-debuginfo-8.5.6-150500.4.36.1
* Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libmlag_pb0-8.5.6-150500.4.36.1
* frr-debuginfo-8.5.6-150500.4.36.1
* frr-debugsource-8.5.6-150500.4.36.1
* libmlag_pb0-debuginfo-8.5.6-150500.4.36.1

## References:

* https://www.suse.com/security/cve/CVE-2025-61099.html
* https://www.suse.com/security/cve/CVE-2025-61100.html
* https://www.suse.com/security/cve/CVE-2025-61101.html
* https://www.suse.com/security/cve/CVE-2025-61102.html
* https://www.suse.com/security/cve/CVE-2025-61103.html
* https://www.suse.com/security/cve/CVE-2025-61104.html
* https://www.suse.com/security/cve/CVE-2025-61105.html
* https://www.suse.com/security/cve/CVE-2025-61106.html
* https://www.suse.com/security/cve/CVE-2025-61107.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252761
* https://bugzilla.suse.com/show_bug.cgi?id=1252810
* https://bugzilla.suse.com/show_bug.cgi?id=1252811
* https://bugzilla.suse.com/show_bug.cgi?id=1252812
* https://bugzilla.suse.com/show_bug.cgi?id=1252813
* https://bugzilla.suse.com/show_bug.cgi?id=1252829
* https://bugzilla.suse.com/show_bug.cgi?id=1252833
* https://bugzilla.suse.com/show_bug.cgi?id=1252835
* https://bugzilla.suse.com/show_bug.cgi?id=1252838
* https://jira.suse.com/browse/PED-14796

SUSE-SU-2026:1062-1: important: Security update for python310

# Security update for python310

Announcement ID: SUSE-SU-2026:1062-1
Release Date: 2026-03-26T10:36:41Z
Rating: important
References:

* bsc#1252974
* bsc#1254400
* bsc#1254401
* bsc#1254997
* bsc#1257029
* bsc#1257031
* bsc#1257042
* bsc#1257181
* bsc#1259240

Cross-References:

* CVE-2025-11468
* CVE-2025-12084
* CVE-2025-13836
* CVE-2025-13837
* CVE-2025-6075
* CVE-2026-0672
* CVE-2026-0865
* CVE-2026-1299
* CVE-2026-2297

CVSS scores:

* CVE-2025-11468 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-11468 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-11468 ( NVD ): 5.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-12084 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-12084 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-12084 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-12084 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-13836 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13836 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-13836 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13836 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-13837 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13837 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-13837 ( NVD ): 2.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13837 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-6075 ( SUSE ): 1.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-6075 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-6075 ( NVD ): 1.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-6075 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-0672 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-0672 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-0672 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-0865 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-0865 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-0865 ( NVD ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-1299 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
* CVE-2026-1299 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-2297 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-2297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-2297 ( NVD ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves nine vulnerabilities can now be installed.

## Description:

This update for python310 fixes the following issues:

Update to Python 3.10.20:

* CVE-2025-6075: quadratic complexity in os.path.expandvars() (bsc#1252974).
* CVE-2025-11468: header injection with carefully crafted inputs
(bsc#1257029).
* CVE-2025-12084: quadratic complexity in xml.minidom node ID cache clearing
(bsc#1254997).
* CVE-2025-13836: potential memory denial of service in the http.client module
(bsc#1254400).
* CVE-2025-13837: potential memory denial of service in the plistlib module
(bsc#1254401).
* CVE-2026-0672: control characters in http.cookies.Morsel fields and values
(bsc#1257031).
* CVE-2026-0865: C0 control characters within wsgiref.headers.Headers fields,
values, and parameters (bsc#1257042).
* CVE-2026-1299: header injection when an email is serialized due to improper
newline quoting (bsc#1257181).
* CVE-2026-2297: validation bypass via incorrectly handled hook in FileLoader
(bsc#1259240).

Changelog:

* Update to 3.10.20:
* gh-144125: BytesGenerator will now refuse to serialize (write) headers that
are unsafely folded or delimited; see verify_generated_headers. (Contributed
by Bas Bloemsaat and Petr Viktorin in gh-121650) (bsc#1257181,
CVE-2026-1299).
* gh-143935: Fixed a bug in the folding of comments when flattening an email
message using a modern email policy. Comments consisting of a very long
sequence of non-foldable characters could trigger a forced line wrap that
omitted the required leading space on the continuation line, causing the
remainder of the comment to be interpreted as a new header field. This
enabled header injection with carefully crafted inputs (bsc#1257029
CVE-2025-11468).
* gh-143925: Reject control characters in data: URL media types.
* gh-143919: Reject control characters in http.cookies.Morsel fields and
values (bsc#1257031, CVE-2026-0672).
* gh-143916: Reject C0 control characters within wsgiref.headers.Headers
fields, values, and parameters (bsc#1257042, CVE-2026-0865).
* gh-142145: Remove quadratic behavior in xml.minidom node ID cache clearing.
In order to do this without breaking existing users, we also add the
ownerDocument attribute to xml.dom.minidom elements and attributes created
by directly instantiating the Element or Attr class. Note that this way of
creating nodes is not supported; creator functions like
xml.dom.Document.documentElement() should be used instead (bsc#1254997,
CVE-2025-12084).
* gh-137836: Add support of the "plaintext" element, RAWTEXT elements "xmp",
"iframe", "noembed" and "noframes", and optionally RAWTEXT element
"noscript" in html.parser.HTMLParser.
* gh-136063: email.message: ensure linear complexity for legacy HTTP
parameters parsing. Patch by Bénédikt Tran.
* gh-136065: Fix quadratic complexity in os.path.expandvars() (bsc#1252974,
CVE-2025-6075).
* gh-119451: Fix a potential memory denial of service in the http.client
module. When connecting to a malicious server, it could cause an arbitrary
amount of memory to be allocated. This could have led to symptoms including
a MemoryError, swapping, out of memory (OOM) killed processes or containers,
or even system crashes (CVE-2025-13836, bsc#1254400).
* gh-119452: Fix a potential memory denial of service in the http.server
module. When a malicious user is connected to the CGI server on Windows, it
could cause an arbitrary amount of memory to be allocated. This could have
led to symptoms including a MemoryError, swapping, out of memory (OOM)
killed processes or containers, or even system crashes.
* gh-119342: Fix a potential memory denial of service in the plistlib module.
When reading a Plist file received from untrusted source, it could cause an
arbitrary amount of memory to be allocated. This could have led to symptoms
including a MemoryError, swapping, out of memory (OOM) killed processes or
containers, or even system crashes (bsc#1254401, CVE-2025-13837).
* Library
* gh-144833: Fixed a use-after-free in ssl when SSL_new() returns NULL in
newPySSLSocket(). The error was reported via a dangling pointer after the
object had already been freed.
* gh-144363: Update bundled libexpat to 2.7.4
* gh-90949: Add SetAllocTrackerActivationThreshold() and
SetAllocTrackerMaximumAmplification() to xmlparser objects to prevent use of
disproportional amounts of dynamic memory from within an Expat parser. Patch
by Bénédikt Tran.
* Core and Builtins
* gh-120384: Fix an array out of bounds crash in list_ass_subscript, which
could be invoked via some specificly tailored input: including concurrent
modification of a list object, where one thread assigns a slice and another
clears it.
* gh-120298: Fix use-after free in list_richcompare_impl which can be invoked
via some specificly tailored evil input.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1062=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1062=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1062=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1062=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1062=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1062=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* python310-core-debugsource-3.10.20-150400.4.102.1
* python310-curses-debuginfo-3.10.20-150400.4.102.1
* python310-base-debuginfo-3.10.20-150400.4.102.1
* python310-3.10.20-150400.4.102.1
* python310-tools-3.10.20-150400.4.102.1
* python310-dbm-3.10.20-150400.4.102.1
* python310-idle-3.10.20-150400.4.102.1
* python310-debuginfo-3.10.20-150400.4.102.1
* python310-devel-3.10.20-150400.4.102.1
* python310-tk-debuginfo-3.10.20-150400.4.102.1
* python310-debugsource-3.10.20-150400.4.102.1
* python310-base-3.10.20-150400.4.102.1
* libpython3_10-1_0-3.10.20-150400.4.102.1
* python310-tk-3.10.20-150400.4.102.1
* python310-curses-3.10.20-150400.4.102.1
* python310-dbm-debuginfo-3.10.20-150400.4.102.1
* libpython3_10-1_0-debuginfo-3.10.20-150400.4.102.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python310-devel-3.10.20-150400.4.102.1
* libpython3_10-1_0-3.10.20-150400.4.102.1
* python310-curses-3.10.20-150400.4.102.1
* python310-curses-debuginfo-3.10.20-150400.4.102.1
* python310-testsuite-3.10.20-150400.4.102.1
* python310-doc-devhelp-3.10.20-150400.4.102.1
* python310-3.10.20-150400.4.102.1
* libpython3_10-1_0-debuginfo-3.10.20-150400.4.102.1
* python310-core-debugsource-3.10.20-150400.4.102.1
* python310-base-debuginfo-3.10.20-150400.4.102.1
* python310-dbm-3.10.20-150400.4.102.1
* python310-idle-3.10.20-150400.4.102.1
* python310-debugsource-3.10.20-150400.4.102.1
* python310-base-3.10.20-150400.4.102.1
* python310-tk-3.10.20-150400.4.102.1
* python310-testsuite-debuginfo-3.10.20-150400.4.102.1
* python310-doc-3.10.20-150400.4.102.1
* python310-debuginfo-3.10.20-150400.4.102.1
* python310-tk-debuginfo-3.10.20-150400.4.102.1
* python310-tools-3.10.20-150400.4.102.1
* python310-dbm-debuginfo-3.10.20-150400.4.102.1
* openSUSE Leap 15.4 (x86_64)
* python310-base-32bit-debuginfo-3.10.20-150400.4.102.1
* python310-32bit-3.10.20-150400.4.102.1
* libpython3_10-1_0-32bit-debuginfo-3.10.20-150400.4.102.1
* libpython3_10-1_0-32bit-3.10.20-150400.4.102.1
* python310-32bit-debuginfo-3.10.20-150400.4.102.1
* python310-base-32bit-3.10.20-150400.4.102.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* python310-base-64bit-debuginfo-3.10.20-150400.4.102.1
* python310-64bit-3.10.20-150400.4.102.1
* python310-base-64bit-3.10.20-150400.4.102.1
* libpython3_10-1_0-64bit-debuginfo-3.10.20-150400.4.102.1
* python310-64bit-debuginfo-3.10.20-150400.4.102.1
* libpython3_10-1_0-64bit-3.10.20-150400.4.102.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python310-devel-3.10.20-150400.4.102.1
* libpython3_10-1_0-3.10.20-150400.4.102.1
* python310-curses-3.10.20-150400.4.102.1
* python310-curses-debuginfo-3.10.20-150400.4.102.1
* python310-testsuite-3.10.20-150400.4.102.1
* python310-doc-devhelp-3.10.20-150400.4.102.1
* python310-3.10.20-150400.4.102.1
* libpython3_10-1_0-debuginfo-3.10.20-150400.4.102.1
* python310-core-debugsource-3.10.20-150400.4.102.1
* python310-base-debuginfo-3.10.20-150400.4.102.1
* python310-dbm-3.10.20-150400.4.102.1
* python310-idle-3.10.20-150400.4.102.1
* python310-debugsource-3.10.20-150400.4.102.1
* python310-base-3.10.20-150400.4.102.1
* python310-tk-3.10.20-150400.4.102.1
* python310-testsuite-debuginfo-3.10.20-150400.4.102.1
* python310-doc-3.10.20-150400.4.102.1
* python310-debuginfo-3.10.20-150400.4.102.1
* python310-tk-debuginfo-3.10.20-150400.4.102.1
* python310-tools-3.10.20-150400.4.102.1
* python310-dbm-debuginfo-3.10.20-150400.4.102.1
* openSUSE Leap 15.6 (x86_64)
* python310-base-32bit-debuginfo-3.10.20-150400.4.102.1
* python310-32bit-3.10.20-150400.4.102.1
* libpython3_10-1_0-32bit-debuginfo-3.10.20-150400.4.102.1
* libpython3_10-1_0-32bit-3.10.20-150400.4.102.1
* python310-32bit-debuginfo-3.10.20-150400.4.102.1
* python310-base-32bit-3.10.20-150400.4.102.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* python310-core-debugsource-3.10.20-150400.4.102.1
* python310-curses-debuginfo-3.10.20-150400.4.102.1
* python310-base-debuginfo-3.10.20-150400.4.102.1
* python310-3.10.20-150400.4.102.1
* python310-tools-3.10.20-150400.4.102.1
* python310-dbm-3.10.20-150400.4.102.1
* python310-idle-3.10.20-150400.4.102.1
* python310-debuginfo-3.10.20-150400.4.102.1
* python310-devel-3.10.20-150400.4.102.1
* python310-tk-debuginfo-3.10.20-150400.4.102.1
* python310-debugsource-3.10.20-150400.4.102.1
* python310-base-3.10.20-150400.4.102.1
* libpython3_10-1_0-3.10.20-150400.4.102.1
* python310-tk-3.10.20-150400.4.102.1
* python310-curses-3.10.20-150400.4.102.1
* python310-dbm-debuginfo-3.10.20-150400.4.102.1
* libpython3_10-1_0-debuginfo-3.10.20-150400.4.102.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* python310-core-debugsource-3.10.20-150400.4.102.1
* python310-curses-debuginfo-3.10.20-150400.4.102.1
* python310-base-debuginfo-3.10.20-150400.4.102.1
* python310-3.10.20-150400.4.102.1
* python310-tools-3.10.20-150400.4.102.1
* python310-dbm-3.10.20-150400.4.102.1
* python310-idle-3.10.20-150400.4.102.1
* python310-debuginfo-3.10.20-150400.4.102.1
* python310-devel-3.10.20-150400.4.102.1
* python310-tk-debuginfo-3.10.20-150400.4.102.1
* python310-debugsource-3.10.20-150400.4.102.1
* python310-base-3.10.20-150400.4.102.1
* libpython3_10-1_0-3.10.20-150400.4.102.1
* python310-tk-3.10.20-150400.4.102.1
* python310-curses-3.10.20-150400.4.102.1
* python310-dbm-debuginfo-3.10.20-150400.4.102.1
* libpython3_10-1_0-debuginfo-3.10.20-150400.4.102.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* python310-core-debugsource-3.10.20-150400.4.102.1
* python310-curses-debuginfo-3.10.20-150400.4.102.1
* python310-base-debuginfo-3.10.20-150400.4.102.1
* python310-3.10.20-150400.4.102.1
* python310-tools-3.10.20-150400.4.102.1
* python310-dbm-3.10.20-150400.4.102.1
* python310-idle-3.10.20-150400.4.102.1
* python310-debuginfo-3.10.20-150400.4.102.1
* python310-devel-3.10.20-150400.4.102.1
* python310-tk-debuginfo-3.10.20-150400.4.102.1
* python310-debugsource-3.10.20-150400.4.102.1
* python310-base-3.10.20-150400.4.102.1
* libpython3_10-1_0-3.10.20-150400.4.102.1
* python310-tk-3.10.20-150400.4.102.1
* python310-curses-3.10.20-150400.4.102.1
* python310-dbm-debuginfo-3.10.20-150400.4.102.1
* libpython3_10-1_0-debuginfo-3.10.20-150400.4.102.1

## References:

* https://www.suse.com/security/cve/CVE-2025-11468.html
* https://www.suse.com/security/cve/CVE-2025-12084.html
* https://www.suse.com/security/cve/CVE-2025-13836.html
* https://www.suse.com/security/cve/CVE-2025-13837.html
* https://www.suse.com/security/cve/CVE-2025-6075.html
* https://www.suse.com/security/cve/CVE-2026-0672.html
* https://www.suse.com/security/cve/CVE-2026-0865.html
* https://www.suse.com/security/cve/CVE-2026-1299.html
* https://www.suse.com/security/cve/CVE-2026-2297.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252974
* https://bugzilla.suse.com/show_bug.cgi?id=1254400
* https://bugzilla.suse.com/show_bug.cgi?id=1254401
* https://bugzilla.suse.com/show_bug.cgi?id=1254997
* https://bugzilla.suse.com/show_bug.cgi?id=1257029
* https://bugzilla.suse.com/show_bug.cgi?id=1257031
* https://bugzilla.suse.com/show_bug.cgi?id=1257042
* https://bugzilla.suse.com/show_bug.cgi?id=1257181
* https://bugzilla.suse.com/show_bug.cgi?id=1259240

SUSE-SU-2026:1064-1: important: Security update for python-tornado6

# Security update for python-tornado6

Announcement ID: SUSE-SU-2026:1064-1
Release Date: 2026-03-26T10:37:52Z
Rating: important
References:

* bsc#1259553
* bsc#1259630

Cross-References:

* CVE-2026-31958

CVSS scores:

* CVE-2026-31958 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31958 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for python-tornado6 fixes the following issues:

* CVE-2026-31958: parsing large multipart bodies with many parts can cause a
denial of service (bsc#1259553).
* incomplete validation of cookie attributes allows for injection of user-
controlled values in other cookie attributes (bsc#1259630).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1064=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1064=1

* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1064=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1064=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1064=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1064=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1064=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1064=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1064=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1064=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1064=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1064=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1064=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python-tornado6-debugsource-6.3.2-150400.9.15.1
* python311-tornado6-6.3.2-150400.9.15.1
* python311-tornado6-debuginfo-6.3.2-150400.9.15.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python-tornado6-debugsource-6.3.2-150400.9.15.1
* python311-tornado6-6.3.2-150400.9.15.1
* python311-tornado6-debuginfo-6.3.2-150400.9.15.1
* Python 3 Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* python-tornado6-debugsource-6.3.2-150400.9.15.1
* python311-tornado6-6.3.2-150400.9.15.1
* python311-tornado6-debuginfo-6.3.2-150400.9.15.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* python-tornado6-debugsource-6.3.2-150400.9.15.1
* python311-tornado6-6.3.2-150400.9.15.1
* python311-tornado6-debuginfo-6.3.2-150400.9.15.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* python-tornado6-debugsource-6.3.2-150400.9.15.1
* python311-tornado6-6.3.2-150400.9.15.1
* python311-tornado6-debuginfo-6.3.2-150400.9.15.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* python-tornado6-debugsource-6.3.2-150400.9.15.1
* python311-tornado6-6.3.2-150400.9.15.1
* python311-tornado6-debuginfo-6.3.2-150400.9.15.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* python-tornado6-debugsource-6.3.2-150400.9.15.1
* python311-tornado6-6.3.2-150400.9.15.1
* python311-tornado6-debuginfo-6.3.2-150400.9.15.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* python-tornado6-debugsource-6.3.2-150400.9.15.1
* python311-tornado6-6.3.2-150400.9.15.1
* python311-tornado6-debuginfo-6.3.2-150400.9.15.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* python-tornado6-debugsource-6.3.2-150400.9.15.1
* python311-tornado6-6.3.2-150400.9.15.1
* python311-tornado6-debuginfo-6.3.2-150400.9.15.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* python-tornado6-debugsource-6.3.2-150400.9.15.1
* python311-tornado6-6.3.2-150400.9.15.1
* python311-tornado6-debuginfo-6.3.2-150400.9.15.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* python-tornado6-debugsource-6.3.2-150400.9.15.1
* python311-tornado6-6.3.2-150400.9.15.1
* python311-tornado6-debuginfo-6.3.2-150400.9.15.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* python-tornado6-debugsource-6.3.2-150400.9.15.1
* python311-tornado6-6.3.2-150400.9.15.1
* python311-tornado6-debuginfo-6.3.2-150400.9.15.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* python-tornado6-debugsource-6.3.2-150400.9.15.1
* python311-tornado6-6.3.2-150400.9.15.1
* python311-tornado6-debuginfo-6.3.2-150400.9.15.1

## References:

* https://www.suse.com/security/cve/CVE-2026-31958.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259553
* https://bugzilla.suse.com/show_bug.cgi?id=1259630

SUSE-SU-2026:1065-1: moderate: Security update for sqlite3

# Security update for sqlite3

Announcement ID: SUSE-SU-2026:1065-1
Release Date: 2026-03-26T10:38:35Z
Rating: moderate
References:

* bsc#1254670
* bsc#1259619

Cross-References:

* CVE-2025-70873
* CVE-2025-7709

CVSS scores:

* CVE-2025-70873 ( SUSE ): 5.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-70873 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2025-70873 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-7709 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-7709 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2025-7709 ( NVD ): 6.9
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves two vulnerabilities can now be installed.

## Description:

This update for sqlite3 fixes the following issues:

Update sqlite3 to 3.51.3:

* CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670).
* CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap
memory during inflation (bsc#1259619).

Changelog:

* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1065=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1065=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1065=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1065=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1065=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-1065=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1065=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1065=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1065=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* sqlite3-debugsource-3.51.3-150000.3.39.1
* sqlite3-3.51.3-150000.3.39.1
* sqlite3-tcl-3.51.3-150000.3.39.1
* libsqlite3-0-debuginfo-3.51.3-150000.3.39.1
* libsqlite3-0-3.51.3-150000.3.39.1
* sqlite3-debuginfo-3.51.3-150000.3.39.1
* sqlite3-tcl-debuginfo-3.51.3-150000.3.39.1
* sqlite3-devel-3.51.3-150000.3.39.1
* openSUSE Leap 15.6 (x86_64)
* libsqlite3-0-32bit-debuginfo-3.51.3-150000.3.39.1
* libsqlite3-0-32bit-3.51.3-150000.3.39.1
* openSUSE Leap 15.6 (noarch)
* sqlite3-doc-3.51.3-150000.3.39.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* sqlite3-debugsource-3.51.3-150000.3.39.1
* sqlite3-tcl-3.51.3-150000.3.39.1
* libsqlite3-0-debuginfo-3.51.3-150000.3.39.1
* libsqlite3-0-3.51.3-150000.3.39.1
* sqlite3-debuginfo-3.51.3-150000.3.39.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* sqlite3-debugsource-3.51.3-150000.3.39.1
* sqlite3-tcl-3.51.3-150000.3.39.1
* libsqlite3-0-debuginfo-3.51.3-150000.3.39.1
* libsqlite3-0-3.51.3-150000.3.39.1
* sqlite3-debuginfo-3.51.3-150000.3.39.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* sqlite3-debugsource-3.51.3-150000.3.39.1
* sqlite3-tcl-3.51.3-150000.3.39.1
* libsqlite3-0-debuginfo-3.51.3-150000.3.39.1
* libsqlite3-0-3.51.3-150000.3.39.1
* sqlite3-debuginfo-3.51.3-150000.3.39.1
* sqlite3-tcl-debuginfo-3.51.3-150000.3.39.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* sqlite3-debugsource-3.51.3-150000.3.39.1
* sqlite3-tcl-3.51.3-150000.3.39.1
* libsqlite3-0-debuginfo-3.51.3-150000.3.39.1
* libsqlite3-0-3.51.3-150000.3.39.1
* sqlite3-debuginfo-3.51.3-150000.3.39.1
* sqlite3-tcl-debuginfo-3.51.3-150000.3.39.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* sqlite3-debugsource-3.51.3-150000.3.39.1
* sqlite3-tcl-3.51.3-150000.3.39.1
* libsqlite3-0-debuginfo-3.51.3-150000.3.39.1
* libsqlite3-0-3.51.3-150000.3.39.1
* sqlite3-debuginfo-3.51.3-150000.3.39.1
* sqlite3-tcl-debuginfo-3.51.3-150000.3.39.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* sqlite3-debugsource-3.51.3-150000.3.39.1
* sqlite3-3.51.3-150000.3.39.1
* sqlite3-tcl-3.51.3-150000.3.39.1
* libsqlite3-0-debuginfo-3.51.3-150000.3.39.1
* libsqlite3-0-3.51.3-150000.3.39.1
* sqlite3-debuginfo-3.51.3-150000.3.39.1
* sqlite3-tcl-debuginfo-3.51.3-150000.3.39.1
* sqlite3-devel-3.51.3-150000.3.39.1
* Basesystem Module 15-SP7 (x86_64)
* libsqlite3-0-32bit-debuginfo-3.51.3-150000.3.39.1
* libsqlite3-0-32bit-3.51.3-150000.3.39.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* sqlite3-debuginfo-3.51.3-150000.3.39.1
* libsqlite3-0-debuginfo-3.51.3-150000.3.39.1
* libsqlite3-0-3.51.3-150000.3.39.1
* sqlite3-debugsource-3.51.3-150000.3.39.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* sqlite3-debuginfo-3.51.3-150000.3.39.1
* libsqlite3-0-debuginfo-3.51.3-150000.3.39.1
* libsqlite3-0-3.51.3-150000.3.39.1
* sqlite3-debugsource-3.51.3-150000.3.39.1

## References:

* https://www.suse.com/security/cve/CVE-2025-70873.html
* https://www.suse.com/security/cve/CVE-2025-7709.html
* https://bugzilla.suse.com/show_bug.cgi?id=1254670
* https://bugzilla.suse.com/show_bug.cgi?id=1259619

SUSE-SU-2026:1068-1: important: Security update for pgvector

# Security update for pgvector

Announcement ID: SUSE-SU-2026:1068-1
Release Date: 2026-03-26T10:39:43Z
Rating: important
References:

* bsc#1258945

Cross-References:

* CVE-2026-3172

CVSS scores:

* CVE-2026-3172 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-3172 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* Server Applications Module 15-SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for pgvector fixes the following issue:

Update to pgvector 0.8.2:

* CVE-2026-3172: Buffer overflow in parallel HNSW index build (bsc#1258945).

Changelog:

* Fixed Index Searches in EXPLAIN output for Postgres 18

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1068=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1068=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1068=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-1068=1 openSUSE-SLE-15.6-2026-1068=1

## Package List:

* Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* postgresql17-pgvector-debugsource-0.8.2-150600.13.9.1
* postgresql18-pgvector-debuginfo-0.8.2-150600.13.9.1
* postgresql17-pgvector-debuginfo-0.8.2-150600.13.9.1
* postgresql18-pgvector-0.8.2-150600.13.9.1
* pgvector-devel-0.8.2-150600.13.9.1
* postgresql16-pgvector-debugsource-0.8.2-150600.13.9.1
* postgresql16-pgvector-0.8.2-150600.13.9.1
* postgresql17-pgvector-0.8.2-150600.13.9.1
* postgresql16-pgvector-debuginfo-0.8.2-150600.13.9.1
* postgresql18-pgvector-debugsource-0.8.2-150600.13.9.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* postgresql17-pgvector-debugsource-0.8.2-150600.13.9.1
* postgresql18-pgvector-debuginfo-0.8.2-150600.13.9.1
* postgresql17-pgvector-debuginfo-0.8.2-150600.13.9.1
* postgresql18-pgvector-0.8.2-150600.13.9.1
* pgvector-devel-0.8.2-150600.13.9.1
* postgresql16-pgvector-debugsource-0.8.2-150600.13.9.1
* postgresql16-pgvector-0.8.2-150600.13.9.1
* postgresql17-pgvector-0.8.2-150600.13.9.1
* postgresql16-pgvector-debuginfo-0.8.2-150600.13.9.1
* postgresql18-pgvector-debugsource-0.8.2-150600.13.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* postgresql17-pgvector-debugsource-0.8.2-150600.13.9.1
* postgresql18-pgvector-debuginfo-0.8.2-150600.13.9.1
* postgresql17-pgvector-debuginfo-0.8.2-150600.13.9.1
* postgresql18-pgvector-0.8.2-150600.13.9.1
* pgvector-devel-0.8.2-150600.13.9.1
* postgresql16-pgvector-debugsource-0.8.2-150600.13.9.1
* postgresql16-pgvector-0.8.2-150600.13.9.1
* postgresql17-pgvector-0.8.2-150600.13.9.1
* postgresql16-pgvector-debuginfo-0.8.2-150600.13.9.1
* postgresql18-pgvector-debugsource-0.8.2-150600.13.9.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* postgresql15-pgvector-debuginfo-0.8.2-150600.13.9.1
* postgresql15-pgvector-debugsource-0.8.2-150600.13.9.1
* postgresql16-pgvector-debuginfo-0.8.2-150600.13.9.1
* postgresql17-pgvector-debugsource-0.8.2-150600.13.9.1
* postgresql18-pgvector-debuginfo-0.8.2-150600.13.9.1
* postgresql17-pgvector-debuginfo-0.8.2-150600.13.9.1
* postgresql18-pgvector-0.8.2-150600.13.9.1
* postgresql13-pgvector-debugsource-0.8.2-150600.13.9.1
* pgvector-devel-0.8.2-150600.13.9.1
* postgresql14-pgvector-debuginfo-0.8.2-150600.13.9.1
* postgresql16-pgvector-0.8.2-150600.13.9.1
* postgresql16-pgvector-debugsource-0.8.2-150600.13.9.1
* postgresql14-pgvector-debugsource-0.8.2-150600.13.9.1
* postgresql15-pgvector-0.8.2-150600.13.9.1
* postgresql17-pgvector-0.8.2-150600.13.9.1
* postgresql13-pgvector-debuginfo-0.8.2-150600.13.9.1
* postgresql18-pgvector-debugsource-0.8.2-150600.13.9.1
* postgresql14-pgvector-0.8.2-150600.13.9.1
* postgresql13-pgvector-0.8.2-150600.13.9.1

## References:

* https://www.suse.com/security/cve/CVE-2026-3172.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258945

SUSE-SU-2026:1067-1: moderate: Security update for python-urllib3

# Security update for python-urllib3

Announcement ID: SUSE-SU-2026:1067-1
Release Date: 2026-03-26T10:39:19Z
Rating: moderate
References:

* bsc#1254867
* bsc#1259829

Cross-References:

* CVE-2025-66471

CVSS scores:

* CVE-2025-66471 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-66471 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-66471 ( NVD ): 8.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-66471 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.3
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for python-urllib3 fixes the following issue:

* CVE-2025-66471: excessive resource consumption via decompression of highly
compressed data in Streaming API (bsc#1254867).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-1067=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1067=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1067=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1067=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1067=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-1067=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1067=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1067=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1067=1

## Package List:

* openSUSE Leap 15.3 (noarch)
* python3-urllib3-1.25.10-150300.4.24.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
* python3-urllib3-1.25.10-150300.4.24.1
* SUSE Linux Enterprise Micro 5.3 (noarch)
* python3-urllib3-1.25.10-150300.4.24.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
* python3-urllib3-1.25.10-150300.4.24.1
* SUSE Linux Enterprise Micro 5.4 (noarch)
* python3-urllib3-1.25.10-150300.4.24.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* python3-urllib3-1.25.10-150300.4.24.1
* Basesystem Module 15-SP7 (noarch)
* python3-urllib3-1.25.10-150300.4.24.1
* SUSE Linux Enterprise Micro 5.2 (noarch)
* python3-urllib3-1.25.10-150300.4.24.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (noarch)
* python3-urllib3-1.25.10-150300.4.24.1

## References:

* https://www.suse.com/security/cve/CVE-2025-66471.html
* https://bugzilla.suse.com/show_bug.cgi?id=1254867
* https://bugzilla.suse.com/show_bug.cgi?id=1259829

SUSE-SU-2026:1060-1: important: Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise 15 SP5)

# Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:1060-1
Release Date: 2026-03-26T10:04:45Z
Rating: important
References:

* bsc#1257118

Cross-References:

* CVE-2025-21738

CVSS scores:

* CVE-2025-21738 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21738 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21738 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.136 fixes one
security issue

The following security issue was fixed:

* CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the
allocated buffer (bsc#1257118).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1060=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1060=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_35-debugsource-2-150500.2.1
* kernel-livepatch-5_14_21-150500_55_136-default-debuginfo-2-150500.2.1
* kernel-livepatch-5_14_21-150500_55_136-default-2-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_35-debugsource-2-150500.2.1
* kernel-livepatch-5_14_21-150500_55_136-default-debuginfo-2-150500.2.1
* kernel-livepatch-5_14_21-150500_55_136-default-2-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21738.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257118

SUSE-SU-2026:1059-1: important: Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5)

# Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:1059-1
Release Date: 2026-03-26T10:04:28Z
Rating: important
References:

* bsc#1255378
* bsc#1255402
* bsc#1255595
* bsc#1256624
* bsc#1256644
* bsc#1257118
* bsc#1257629

Cross-References:

* CVE-2022-50697
* CVE-2025-21738
* CVE-2025-38159
* CVE-2025-68284
* CVE-2025-68285
* CVE-2025-68813
* CVE-2025-71085

CVSS scores:

* CVE-2022-50697 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50697 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21738 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21738 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21738 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38159 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38159 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-68284 ( SUSE ): 7.0
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68284 ( SUSE ): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-68285 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68285 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68813 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68813 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71085 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71085 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.133 fixes
various security issues

The following security issues were fixed:

* CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant
uninit (bsc#1255595).
* CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the
allocated buffer (bsc#1257118).
* CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out
of bounds (bsc#1257629).
* CVE-2025-68284: libceph: prevent potential out-of-bounds writes in
handle_auth_session_key() (bsc#1255378).
* CVE-2025-68285: libceph: fix potential use-after-free in
have_mon_and_osd_map() (bsc#1255402).
* CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path
(bsc#1256644).
* CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of
calipso_skbuff_setattr() (bsc#1256624).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1059=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1059=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_34-debugsource-3-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_133-default-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_34-debugsource-3-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-50697.html
* https://www.suse.com/security/cve/CVE-2025-21738.html
* https://www.suse.com/security/cve/CVE-2025-38159.html
* https://www.suse.com/security/cve/CVE-2025-68284.html
* https://www.suse.com/security/cve/CVE-2025-68285.html
* https://www.suse.com/security/cve/CVE-2025-68813.html
* https://www.suse.com/security/cve/CVE-2025-71085.html
* https://bugzilla.suse.com/show_bug.cgi?id=1255378
* https://bugzilla.suse.com/show_bug.cgi?id=1255402
* https://bugzilla.suse.com/show_bug.cgi?id=1255595
* https://bugzilla.suse.com/show_bug.cgi?id=1256624
* https://bugzilla.suse.com/show_bug.cgi?id=1256644
* https://bugzilla.suse.com/show_bug.cgi?id=1257118
* https://bugzilla.suse.com/show_bug.cgi?id=1257629

openSUSE-SU-2026:0097-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2026:0097-1
Rating: important
References: #1260376
Cross-References: CVE-2026-4673 CVE-2026-4674 CVE-2026-4675
CVE-2026-4676 CVE-2026-4677 CVE-2026-4678
CVE-2026-4679 CVE-2026-4680
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes 8 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

- Chromium 146.0.7680.164 (boo#1260376)
* CVE-2026-4673: Heap buffer overflow in WebAudio
* CVE-2026-4674: Out of bounds read in CSS
* CVE-2026-4675: Heap buffer overflow in WebGL
* CVE-2026-4676: Use after free in Dawn
* CVE-2026-4677: Out of bounds read in WebAudio
* CVE-2026-4678: Use after free in WebGPU
* CVE-2026-4679: Integer overflow in Fonts
* CVE-2026-4680: Use after free in FedCM

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-97=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le x86_64):

chromedriver-146.0.7680.164-bp157.2.139.1
chromium-146.0.7680.164-bp157.2.139.1

References:

https://www.suse.com/security/cve/CVE-2026-4673.html
https://www.suse.com/security/cve/CVE-2026-4674.html
https://www.suse.com/security/cve/CVE-2026-4675.html
https://www.suse.com/security/cve/CVE-2026-4676.html
https://www.suse.com/security/cve/CVE-2026-4677.html
https://www.suse.com/security/cve/CVE-2026-4678.html
https://www.suse.com/security/cve/CVE-2026-4679.html
https://www.suse.com/security/cve/CVE-2026-4680.html
https://bugzilla.suse.com/1260376

openSUSE-SU-2026:0096-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2026:0096-1
Rating: important
References: #1260376
Cross-References: CVE-2026-4673 CVE-2026-4674 CVE-2026-4675
CVE-2026-4676 CVE-2026-4677 CVE-2026-4678
CVE-2026-4679 CVE-2026-4680
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes 8 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

- Chromium 146.0.7680.164 (boo#1260376)
* CVE-2026-4673: Heap buffer overflow in WebAudio
* CVE-2026-4674: Out of bounds read in CSS
* CVE-2026-4675: Heap buffer overflow in WebGL
* CVE-2026-4676: Use after free in Dawn
* CVE-2026-4677: Out of bounds read in WebAudio
* CVE-2026-4678: Use after free in WebGPU
* CVE-2026-4679: Integer overflow in Fonts
* CVE-2026-4680: Use after free in FedCM

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2026-96=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le x86_64):

chromedriver-146.0.7680.164-bp156.2.254.1
chromium-146.0.7680.164-bp156.2.254.1

References:

https://www.suse.com/security/cve/CVE-2026-4673.html
https://www.suse.com/security/cve/CVE-2026-4674.html
https://www.suse.com/security/cve/CVE-2026-4675.html
https://www.suse.com/security/cve/CVE-2026-4676.html
https://www.suse.com/security/cve/CVE-2026-4677.html
https://www.suse.com/security/cve/CVE-2026-4678.html
https://www.suse.com/security/cve/CVE-2026-4679.html
https://www.suse.com/security/cve/CVE-2026-4680.html
https://bugzilla.suse.com/1260376

SUSE-SU-2026:1048-1: important: Security update for the Linux Kernel (Live Patch 33 for SUSE Linux Enterprise 15 SP5)

# Security update for the Linux Kernel (Live Patch 33 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:1048-1
Release Date: 2026-03-26T07:34:36Z
Rating: important
References:

* bsc#1254755
* bsc#1255053
* bsc#1255378
* bsc#1255402
* bsc#1255595
* bsc#1256624
* bsc#1256644
* bsc#1257118
* bsc#1257629

Cross-References:

* CVE-2022-50697
* CVE-2023-53781
* CVE-2025-21738
* CVE-2025-38159
* CVE-2025-40258
* CVE-2025-68284
* CVE-2025-68285
* CVE-2025-68813
* CVE-2025-71085

CVSS scores:

* CVE-2022-50697 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50697 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-53781 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53781 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21738 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21738 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21738 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38159 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38159 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-40258 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40258 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68284 ( SUSE ): 7.0
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68284 ( SUSE ): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-68285 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68285 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68813 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68813 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71085 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71085 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves nine vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.130 fixes
various security issues

The following security issues were fixed:

* CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant
uninit (bsc#1255595).
* CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler()
(bsc#1254755).
* CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the
allocated buffer (bsc#1257118).
* CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out
of bounds (bsc#1257629).
* CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work()
(bsc#1255053).
* CVE-2025-68284: libceph: prevent potential out-of-bounds writes in
handle_auth_session_key() (bsc#1255378).
* CVE-2025-68285: libceph: fix potential use-after-free in
have_mon_and_osd_map() (bsc#1255402).
* CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path
(bsc#1256644).
* CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of
calipso_skbuff_setattr() (bsc#1256624).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1047=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2026-1048=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1050=1 SUSE-2026-1054=1 SUSE-2026-1055=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1050=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2026-1054=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2026-1055=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1048=1 SUSE-2026-1047=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_184-default-3-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_46-debugsource-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_187-default-debuginfo-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_184-default-debuginfo-3-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_47-debugsource-3-150400.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_130-default-debuginfo-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_124-default-debuginfo-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_127-default-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_32-debugsource-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_130-default-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_31-debugsource-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_33-debugsource-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_127-default-debuginfo-3-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_130-default-debuginfo-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_124-default-debuginfo-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_127-default-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_32-debugsource-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_130-default-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_31-debugsource-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_124-default-6-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_33-debugsource-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_127-default-debuginfo-3-150500.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_184-default-3-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_46-debugsource-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_187-default-debuginfo-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_184-default-debuginfo-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_187-default-3-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_47-debugsource-3-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-50697.html
* https://www.suse.com/security/cve/CVE-2023-53781.html
* https://www.suse.com/security/cve/CVE-2025-21738.html
* https://www.suse.com/security/cve/CVE-2025-38159.html
* https://www.suse.com/security/cve/CVE-2025-40258.html
* https://www.suse.com/security/cve/CVE-2025-68284.html
* https://www.suse.com/security/cve/CVE-2025-68285.html
* https://www.suse.com/security/cve/CVE-2025-68813.html
* https://www.suse.com/security/cve/CVE-2025-71085.html
* https://bugzilla.suse.com/show_bug.cgi?id=1254755
* https://bugzilla.suse.com/show_bug.cgi?id=1255053
* https://bugzilla.suse.com/show_bug.cgi?id=1255378
* https://bugzilla.suse.com/show_bug.cgi?id=1255402
* https://bugzilla.suse.com/show_bug.cgi?id=1255595
* https://bugzilla.suse.com/show_bug.cgi?id=1256624
* https://bugzilla.suse.com/show_bug.cgi?id=1256644
* https://bugzilla.suse.com/show_bug.cgi?id=1257118
* https://bugzilla.suse.com/show_bug.cgi?id=1257629

SUSE-SU-2026:1049-1: important: Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise 15 SP5)

# Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:1049-1
Release Date: 2026-03-26T05:04:44Z
Rating: important
References:

* bsc#1247240
* bsc#1250730
* bsc#1254755
* bsc#1255053
* bsc#1255378
* bsc#1255402
* bsc#1255595
* bsc#1256624
* bsc#1256644
* bsc#1257118
* bsc#1257629

Cross-References:

* CVE-2022-50697
* CVE-2023-53257
* CVE-2023-53781
* CVE-2025-21738
* CVE-2025-38159
* CVE-2025-38488
* CVE-2025-40258
* CVE-2025-68284
* CVE-2025-68285
* CVE-2025-68813
* CVE-2025-71085

CVSS scores:

* CVE-2022-50697 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50697 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-53257 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53257 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53257 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-53257 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-53781 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53781 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21738 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21738 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21738 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38159 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38159 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-38488 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38488 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38488 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40258 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40258 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68284 ( SUSE ): 7.0
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68284 ( SUSE ): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-68285 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68285 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68813 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68813 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71085 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71085 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves 11 vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.121 fixes
various security issues

The following security issues were fixed:

* CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant
uninit (bsc#1255595).
* CVE-2023-53257: wifi: mac80211: check S1G action frame size (bsc#1250730).
* CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler()
(bsc#1254755).
* CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the
allocated buffer (bsc#1257118).
* CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out
of bounds (bsc#1257629).
* CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using
async crypto (bsc#1247240).
* CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work()
(bsc#1255053).
* CVE-2025-68284: libceph: prevent potential out-of-bounds writes in
handle_auth_session_key() (bsc#1255378).
* CVE-2025-68285: libceph: fix potential use-after-free in
have_mon_and_osd_map() (bsc#1255402).
* CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path
(bsc#1256644).
* CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of
calipso_skbuff_setattr() (bsc#1256624).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1049=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2026-1052=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1052=1 SUSE-2026-1049=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2
* kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-15-150500.2.2
* kernel-livepatch-5_14_21-150500_55_121-default-debuginfo-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_121-default-8-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_25-debugsource-15-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_30-debugsource-8-150500.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_100-default-15-150500.2.2
* kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-15-150500.2.2
* kernel-livepatch-5_14_21-150500_55_121-default-debuginfo-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_121-default-8-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_25-debugsource-15-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_30-debugsource-8-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-50697.html
* https://www.suse.com/security/cve/CVE-2023-53257.html
* https://www.suse.com/security/cve/CVE-2023-53781.html
* https://www.suse.com/security/cve/CVE-2025-21738.html
* https://www.suse.com/security/cve/CVE-2025-38159.html
* https://www.suse.com/security/cve/CVE-2025-38488.html
* https://www.suse.com/security/cve/CVE-2025-40258.html
* https://www.suse.com/security/cve/CVE-2025-68284.html
* https://www.suse.com/security/cve/CVE-2025-68285.html
* https://www.suse.com/security/cve/CVE-2025-68813.html
* https://www.suse.com/security/cve/CVE-2025-71085.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247240
* https://bugzilla.suse.com/show_bug.cgi?id=1250730
* https://bugzilla.suse.com/show_bug.cgi?id=1254755
* https://bugzilla.suse.com/show_bug.cgi?id=1255053
* https://bugzilla.suse.com/show_bug.cgi?id=1255378
* https://bugzilla.suse.com/show_bug.cgi?id=1255402
* https://bugzilla.suse.com/show_bug.cgi?id=1255595
* https://bugzilla.suse.com/show_bug.cgi?id=1256624
* https://bugzilla.suse.com/show_bug.cgi?id=1256644
* https://bugzilla.suse.com/show_bug.cgi?id=1257118
* https://bugzilla.suse.com/show_bug.cgi?id=1257629

SUSE-SU-2026:1075-1: important: Security update for python-pyasn1

# Security update for python-pyasn1

Announcement ID: SUSE-SU-2026:1075-1
Release Date: 2026-03-26T12:41:56Z
Rating: important
References:

* bsc#1259803

Cross-References:

* CVE-2026-30922

CVSS scores:

* CVE-2026-30922 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-30922 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-30922 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6
* Public Cloud Module 15-SP4
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for python-pyasn1 fixes the following issues:

* CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1075=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-1075=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1075=1

* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1075=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1075=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1075=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1075=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1075=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1075=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1075=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1075=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1075=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1075=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1075=1

## Package List:

* openSUSE Leap 15.4 (noarch)
* python311-pyasn1-0.5.0-150400.12.13.1
* openSUSE Leap 15.6 (noarch)
* python311-pyasn1-0.5.0-150400.12.13.1
* Public Cloud Module 15-SP4 (noarch)
* python311-pyasn1-0.5.0-150400.12.13.1
* Python 3 Module 15-SP7 (noarch)
* python311-pyasn1-0.5.0-150400.12.13.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* python311-pyasn1-0.5.0-150400.12.13.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* python311-pyasn1-0.5.0-150400.12.13.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* python311-pyasn1-0.5.0-150400.12.13.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* python311-pyasn1-0.5.0-150400.12.13.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* python311-pyasn1-0.5.0-150400.12.13.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* python311-pyasn1-0.5.0-150400.12.13.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* python311-pyasn1-0.5.0-150400.12.13.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* python311-pyasn1-0.5.0-150400.12.13.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* python311-pyasn1-0.5.0-150400.12.13.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* python311-pyasn1-0.5.0-150400.12.13.1

## References:

* https://www.suse.com/security/cve/CVE-2026-30922.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259803

SUSE-SU-2026:1077-1: important: Security update for the Linux Kernel

# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2026:1077-1
Release Date: 2026-03-26T12:42:31Z
Rating: important
References:

* bsc#1238917
* bsc#1255075
* bsc#1256645
* bsc#1257231
* bsc#1257473
* bsc#1257732
* bsc#1257735
* bsc#1257749
* bsc#1257790
* bsc#1258340
* bsc#1258395
* bsc#1258518
* bsc#1258849
* bsc#1258850
* bsc#1259857
* jsc#PED-12836

Cross-References:

* CVE-2025-21738
* CVE-2025-40242
* CVE-2025-71066
* CVE-2026-23004
* CVE-2026-23054
* CVE-2026-23060
* CVE-2026-23074
* CVE-2026-23089
* CVE-2026-23191
* CVE-2026-23204
* CVE-2026-23209
* CVE-2026-23268
* CVE-2026-23269

CVSS scores:

* CVE-2025-21738 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21738 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21738 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40242 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40242 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23004 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23054 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23054 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23060 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23060 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23060 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23074 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23089 ( SUSE ): 5.2
CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23089 ( SUSE ): 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23191 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23204 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23269 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23269 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise Micro 5.5

An update that solves 13 vulnerabilities, contains one feature and has two
security fixes can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security
issues

The following security issues were fixed:

* CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the
allocated buffer (bsc#1238917).
* CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
* CVE-2025-71066: net/sched: ets: Always remove class from active list before
deleting in ets_qdisc_change (bsc#1256645).
* CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and
rt_del_uncached_list() (bsc#1257231).
* CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen

TigerVNC and LibPNG updates for AlmaLinux

CryptX update for Ubuntu

Kernel, Frr, Python, and more updates for SUSE Linux

SUSE-SU-2026:1046-1: important: Security update for the Linux Kernel (Live Patch 36 for SUSE Linux Enterprise 15 SP4)

SUSE-SU-2026:1063-1: moderate: Security update for frr

SUSE-SU-2026:1062-1: important: Security update for python310

SUSE-SU-2026:1064-1: important: Security update for python-tornado6

SUSE-SU-2026:1065-1: moderate: Security update for sqlite3

SUSE-SU-2026:1068-1: important: Security update for pgvector

SUSE-SU-2026:1067-1: moderate: Security update for python-urllib3

SUSE-SU-2026:1060-1: important: Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise 15 SP5)

SUSE-SU-2026:1059-1: important: Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5)

openSUSE-SU-2026:0097-1: important: Security update for chromium

openSUSE-SU-2026:0096-1: important: Security update for chromium

SUSE-SU-2026:1048-1: important: Security update for the Linux Kernel (Live Patch 33 for SUSE Linux Enterprise 15 SP5)

SUSE-SU-2026:1049-1: important: Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise 15 SP5)

SUSE-SU-2026:1075-1: important: Security update for python-pyasn1

SUSE-SU-2026:1077-1: important: Security update for the Linux Kernel

Windows

Linux

macOS

Community