Threats Tagged 'suse-product-security-team'

A security update for csync2 addresses CVE-2026-41051, which involves the use of insecure temporary directories when the software is compiled with C99 or later standards. This vulnerability affects specific SUSE versions of csync2 on aarch64 and i586 architectures. The issue could potentially lead to security risks related to temporary file handling. The severity is assessed as medium. No known exploits are reported in the wild. A patch or update has been issued by the SUSE Product Security Team to fix this vulnerability.

A security update for PostgreSQL 14 (version 14. 23) addresses multiple vulnerabilities including privilege enforcement, integer overflows, malicious time zone name handling, path traversal, unsafe function usage, timing attacks in authentication, unbounded recursion, and SQL injection with buffer overruns. These issues affect SUSE distributions of PostgreSQL 14 and are fixed in this update. No known exploits in the wild have been reported. The update also includes non-security fixes related to system compatibility and tooling.

A high severity buffer overflow vulnerability (CVE-2026-34743) exists in the lzma_index_append() function of the xz compression utility as used in SUSE products. This issue is addressed by a security update from the SUSE Product Security Team. The vulnerability affects specific SUSE versions and packages including liblzma5 and xz on aarch64 architectures. No known exploits are reported in the wild at this time. Patch availability is implied by the security update advisory, though explicit patch links are not provided in the input data.

Multiple vulnerabilities in perl-Net-CIDR-Lite can lead to IP ACL bypass due to improper validation of IP address formats and CIDR mask values. These include issues with trailing newlines or non-ASCII digits, extraneous leading zeros in CIDR masks, missing validation of IPv6 group counts, and mishandling of IPv4 mapped IPv6 addresses. The vulnerabilities affect SUSE Linux Enterprise Module for Development Tools 15 SP7 and related versions. No known exploits are reported in the wild. A security update addressing these issues has been released by the SUSE Product Security Team.

An integer overflow vulnerability (CVE-2026-41142) exists in the ImageChannel resize function of the openexr library, which can lead to a heap out-of-bounds write via the OpenEXRUtil public API. This issue affects specific SUSE package versions of openexr on the aarch64 architecture. The vulnerability is classified as high severity. No known exploits are reported in the wild at this time. A security update has been issued by the SUSE Product Security Team to address this vulnerability.

A security update for the gnutls library addresses multiple vulnerabilities affecting various components such as x509 name constraints, PKCS#7 unpadding, DTLS reassembly, and PKCS#11 token handling. These issues include potential overreading, use-after-free, information leakage, and improper validation of certificate constraints. The update is provided by the SUSE Product Security Team for affected SUSE versions and related packages. No known exploits are reported in the wild at this time.

A security update for python-urllib3 addresses CVE-2026-44431, which involves sensitive information disclosure caused by sensitive headers being forwarded across origins during proxied low-level redirects. This vulnerability affects certain SUSE Linux Enterprise versions and python3-urllib3 package versions. The issue could lead to unintended exposure of sensitive headers when redirects occur through a proxy. The severity is rated as high by the vendor. No CVSS score is provided for this vulnerability.