Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-41676 (GCVE-0-2026-41676)
Vulnerability from cvelistv5 – Published: 2026-04-24 17:16 – Updated: 2026-04-24 17:43| URL | Tags |
|---|---|
| https://github.com/rust-openssl/rust-openssl/secu… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| rust-openssl | rust-openssl |
Affected:
>= 0.9.27, < 0.10.78
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41676",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T17:43:14.622885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T17:43:20.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rust-openssl",
"vendor": "rust-openssl",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.9.27, \u003c 0.10.78"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming *keylen, unconditionally writing the full shared secret (32/56/prime-size bytes). A caller passing a short slice gets a heap/stack overflow from safe code. OpenSSL 3.x providers do check, so this only impacts older OpenSSL. This vulnerability is fixed in 0.10.78."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131: Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T17:16:20.539Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5"
}
],
"source": {
"advisory": "GHSA-pqf5-4pqq-29f5",
"discovery": "UNKNOWN"
},
"title": "rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41676",
"datePublished": "2026-04-24T17:16:20.539Z",
"dateReserved": "2026-04-22T03:53:24.406Z",
"dateUpdated": "2026-04-24T17:43:20.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-41676",
"date": "2026-07-12",
"epss": "0.00298",
"percentile": "0.2167"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-41676\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-04-24T18:16:29.120\",\"lastModified\":\"2026-06-17T10:46:59.113\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming *keylen, unconditionally writing the full shared secret (32/56/prime-size bytes). A caller passing a short slice gets a heap/stack overflow from safe code. OpenSSL 3.x providers do check, so this only impacts older OpenSSL. This vulnerability is fixed in 0.10.78.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"rust-openssl\",\"product\":\"rust-openssl\",\"versions\":[{\"version\":\"\u003e= 0.9.27, \u003c 0.10.78\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"UNREPORTED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-04-24T17:43:14.622885Z\",\"id\":\"CVE-2026-41676\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-131\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rust-openssl_project:rust-openssl:*:*:*:*:*:rust:*:*\",\"versionStartIncluding\":\"0.9.27\",\"versionEndExcluding\":\"0.10.78\",\"matchCriteriaId\":\"24CB7C43-B5C0-45BE-83E3-18C5E4B09F8C\"}]}]}],\"references\":[{\"url\":\"https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"redhat_vex": {
"current_release_date": "2026-04-25T12:14:02+00:00",
"cve": "CVE-2026-41676",
"id": "CVE-2026-41676",
"initial_release_date": "2026-04-24T17:16:20.539000+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "rust-openssl: rust-openssl: Memory overflow allows arbitrary code execution or denial of service",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41676.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-41676\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-24T17:43:14.622885Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-24T17:43:17.252Z\"}}], \"cna\": {\"title\": \"rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1\", \"source\": {\"advisory\": \"GHSA-pqf5-4pqq-29f5\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"rust-openssl\", \"product\": \"rust-openssl\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 0.9.27, \u003c 0.10.78\"}]}], \"references\": [{\"url\": \"https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5\", \"name\": \"https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming *keylen, unconditionally writing the full shared secret (32/56/prime-size bytes). A caller passing a short slice gets a heap/stack overflow from safe code. OpenSSL 3.x providers do check, so this only impacts older OpenSSL. This vulnerability is fixed in 0.10.78.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787: Out-of-bounds Write\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-131\", \"description\": \"CWE-131: Incorrect Calculation of Buffer Size\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-04-24T17:16:20.539Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-41676\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-24T17:43:20.693Z\", \"dateReserved\": \"2026-04-22T03:53:24.406Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-04-24T17:16:20.539Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0641
Vulnerability from certfr_avis - Published: 2026-05-22 - Updated: 2026-05-22
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | AIX | Open SDK pour Rust sur AIX versions 1.92.x sans le correctif de sécurité Fix Pack 2 | ||
| IBM | WebSphere | WebSphere Automation versions 1.1x antérieures à 1.12.1 | ||
| IBM | Db2 | Db2 versions 12.1.x antérieures à 12.1.4 sans le correctif Special Build #83501 | ||
| IBM | Db2 | Db2 Big SQL versions 7.6.x à 8.3.x antérieures à 8.3.1 patch 4 | ||
| IBM | Db2 | Db2 sur Cloud Pak for Data et Db2 Warehouse sur Cloud Pak for Data versions 4.8.x à 5.3.x antérieures à 5.3.1 | ||
| IBM | AIX | Open SDK pour Rust sur AIX versions 1.90.x sans le correctif de sécurité Fix Pack 2 | ||
| IBM | Sterling | Sterling Transformation Extender versions 11.0.1.1 et 11.0.2.0 sans le correctif de sécurité PH71227 | ||
| IBM | Db2 | Db2 versions 11.5.x antérieures à 11.5.9 sans le correctif Special Build #81937 |
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Open SDK pour Rust sur AIX versions 1.92.x sans le correctif de s\u00e9curit\u00e9 Fix Pack 2",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Automation versions 1.1x ant\u00e9rieures \u00e0 1.12.1",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 12.1.x ant\u00e9rieures \u00e0 12.1.4 sans le correctif Special Build #83501",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL versions 7.6.x \u00e0 8.3.x ant\u00e9rieures \u00e0 8.3.1 patch 4",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 sur Cloud Pak for Data et Db2 Warehouse sur Cloud Pak for Data versions 4.8.x \u00e0 5.3.x ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Open SDK pour Rust sur AIX versions 1.90.x sans le correctif de s\u00e9curit\u00e9 Fix Pack 2",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender versions 11.0.1.1 et 11.0.2.0 sans le correctif de s\u00e9curit\u00e9 PH71227",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.9 sans le correctif Special Build #81937",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"name": "CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"name": "CVE-2025-36353",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36353"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"name": "CVE-2026-32597",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32597"
},
{
"name": "CVE-2026-31958",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31958"
},
{
"name": "CVE-2025-67726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67726"
},
{
"name": "CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"name": "CVE-2025-13867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13867"
},
{
"name": "CVE-2025-2668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2668"
},
{
"name": "CVE-2025-36427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36427"
},
{
"name": "CVE-2025-39761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39761"
},
{
"name": "CVE-2026-35611",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35611"
},
{
"name": "CVE-2024-45310",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45310"
},
{
"name": "CVE-2025-36384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36384"
},
{
"name": "CVE-2025-36098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36098"
},
{
"name": "CVE-2025-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
},
{
"name": "CVE-2026-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2391"
},
{
"name": "CVE-2026-22013",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22013"
},
{
"name": "CVE-2026-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22018"
},
{
"name": "CVE-2025-36247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36247"
},
{
"name": "CVE-2025-58767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
},
{
"name": "CVE-2025-36009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36009"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2025-36070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36070"
},
{
"name": "CVE-2025-36428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36428"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2026-34282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34282"
},
{
"name": "CVE-2025-36424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36424"
},
{
"name": "CVE-2025-36387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36387"
},
{
"name": "CVE-2025-33042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33042"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"name": "CVE-2023-47038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"name": "CVE-2026-23865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23865"
},
{
"name": "CVE-2026-33671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
},
{
"name": "CVE-2025-67721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67721"
},
{
"name": "CVE-2026-33750",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
},
{
"name": "CVE-2026-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6918"
},
{
"name": "CVE-2025-47911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47911"
},
{
"name": "CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"name": "CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"name": "CVE-2026-29045",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29045"
},
{
"name": "CVE-2021-43784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43784"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2025-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12801"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2026-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
},
{
"name": "CVE-2026-41681",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41681"
},
{
"name": "CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2026-41677",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41677"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2025-36425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36425"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-61594",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61594"
},
{
"name": "CVE-2026-22016",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22016"
},
{
"name": "CVE-2026-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22021"
},
{
"name": "CVE-2026-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22007"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"name": "CVE-2026-34268",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34268"
},
{
"name": "CVE-2026-3713",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3713"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"name": "CVE-2025-36001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36001"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2026-33672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2025-36365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36365"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2025-36442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36442"
},
{
"name": "CVE-2025-38351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38351"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2025-59059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59059"
},
{
"name": "CVE-2026-41676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41676"
},
{
"name": "CVE-2025-14689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14689"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2024-47072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
},
{
"name": "CVE-2025-36366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36366"
},
{
"name": "CVE-2025-36123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36123"
},
{
"name": "CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"name": "CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2025-67724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67724"
},
{
"name": "CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"name": "CVE-2026-29087",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29087"
},
{
"name": "CVE-2025-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21614"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"name": "CVE-2026-35554",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35554"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2025-36407",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36407"
},
{
"name": "CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"name": "CVE-2026-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22008"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2026-1718",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1718"
},
{
"name": "CVE-2025-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"name": "CVE-2026-24281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24281"
},
{
"name": "CVE-2026-41678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41678"
},
{
"name": "CVE-2025-14831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
}
],
"initial_release_date": "2026-05-22T00:00:00",
"last_revision_date": "2026-05-22T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0641",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273152",
"url": "https://www.ibm.com/support/pages/node/7273152"
},
{
"published_at": "2026-05-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273312",
"url": "https://www.ibm.com/support/pages/node/7273312"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273153",
"url": "https://www.ibm.com/support/pages/node/7273153"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273155",
"url": "https://www.ibm.com/support/pages/node/7273155"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7271877",
"url": "https://www.ibm.com/support/pages/node/7271877"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273156",
"url": "https://www.ibm.com/support/pages/node/7273156"
},
{
"published_at": "2026-05-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273269",
"url": "https://www.ibm.com/support/pages/node/7273269"
},
{
"published_at": "2026-05-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273281",
"url": "https://www.ibm.com/support/pages/node/7273281"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273150",
"url": "https://www.ibm.com/support/pages/node/7273150"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273151",
"url": "https://www.ibm.com/support/pages/node/7273151"
},
{
"published_at": "2026-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273555",
"url": "https://www.ibm.com/support/pages/node/7273555"
}
]
}
CERTFR-2026-AVI-0824
Vulnerability from certfr_avis - Published: 2026-07-02 - Updated: 2026-07-02
De multiples vulnérabilités ont été découvertes dans ClamAV. Elles permettent à un attaquant de provoquer un déni de service et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ClamAV versions ant\u00e9rieures \u00e0 1.4.5",
"product": {
"name": "ClamAV",
"vendor": {
"name": "ClamAV",
"scada": false
}
}
},
{
"description": "ClamAV versions 1.5.x ant\u00e9rieures \u00e0 1.5.3",
"product": {
"name": "ClamAV",
"vendor": {
"name": "ClamAV",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-20216",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20216"
},
{
"name": "CVE-2026-20243",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20243"
},
{
"name": "CVE-2026-20215",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20215"
},
{
"name": "CVE-2026-20213",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20213"
},
{
"name": "CVE-2026-20214",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20214"
},
{
"name": "CVE-2026-20217",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20217"
},
{
"name": "CVE-2026-20244",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20244"
},
{
"name": "CVE-2026-41676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41676"
}
],
"initial_release_date": "2026-07-02T00:00:00",
"last_revision_date": "2026-07-02T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0824",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-07-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans ClamAV. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans ClamAV",
"vendor_advisories": [
{
"published_at": "2026-07-01",
"title": "Bulletin de s\u00e9curit\u00e9 ClamAV clamav-153-and-145-security-patch",
"url": "https://blog.clamav.net/2026/07/clamav-153-and-145-security-patch.html"
}
]
}
FKIE_CVE-2026-41676
Vulnerability from fkie_nvd - Published: 2026-04-24 18:16 - Updated: 2026-06-17 10:46| Vendor | Product | Version | |
|---|---|---|---|
| rust-openssl_project | rust-openssl | * |
{
"affected": [
{
"affectedData": [
{
"product": "rust-openssl",
"vendor": "rust-openssl",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.9.27, \u003c 0.10.78"
}
]
}
],
"source": "security-advisories@github.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rust-openssl_project:rust-openssl:*:*:*:*:*:rust:*:*",
"matchCriteriaId": "24CB7C43-B5C0-45BE-83E3-18C5E4B09F8C",
"versionEndExcluding": "0.10.78",
"versionStartIncluding": "0.9.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming *keylen, unconditionally writing the full shared secret (32/56/prime-size bytes). A caller passing a short slice gets a heap/stack overflow from safe code. OpenSSL 3.x providers do check, so this only impacts older OpenSSL. This vulnerability is fixed in 0.10.78."
}
],
"id": "CVE-2026-41676",
"lastModified": "2026-06-17T10:46:59.113",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "UNREPORTED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-41676",
"options": [
{
"exploitation": "none"
},
{
"automatable": "yes"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T17:43:14.622885Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-04-24T18:16:29.120",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-131"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-PQF5-4PQQ-29F5
Vulnerability from github – Published: 2026-04-22 21:22 – Updated: 2026-04-27 16:42Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming *keylen, unconditionally writing the full shared secret (32/56/prime-size bytes). A caller passing a short slice gets a heap/stack overflow from safe code. OpenSSL 3.x providers do check, so this only impacts older OpenSSL.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "openssl"
},
"ranges": [
{
"events": [
{
"introduced": "0.9.27"
},
{
"fixed": "0.10.78"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41676"
],
"database_specific": {
"cwe_ids": [
"CWE-131",
"CWE-787"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-22T21:22:00Z",
"nvd_published_at": "2026-04-24T18:16:29Z",
"severity": "HIGH"
},
"details": "`Deriver::derive` (and `PkeyCtxRef::derive`) sets `len = buf.len()` and passes it as the in/out length to `EVP_PKEY_derive`, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming `*keylen`, unconditionally writing the full shared secret (32/56/prime-size bytes). A caller passing a short slice gets a heap/stack overflow from safe code. OpenSSL 3.x providers do check, so this only impacts older OpenSSL.",
"id": "GHSA-pqf5-4pqq-29f5",
"modified": "2026-04-27T16:42:03Z",
"published": "2026-04-22T21:22:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41676"
},
{
"type": "WEB",
"url": "https://github.com/rust-openssl/rust-openssl/pull/2606"
},
{
"type": "WEB",
"url": "https://github.com/rust-openssl/rust-openssl/commit/09b425e5f59a2466d806e71a83a9a449c914c596"
},
{
"type": "PACKAGE",
"url": "https://github.com/rust-openssl/rust-openssl"
},
{
"type": "WEB",
"url": "https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1"
}
MSRC_CVE-2026-41676
Vulnerability from csaf_microsoft - Published: 2026-04-02 00:00 - Updated: 2026-04-30 01:48| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17086-13 | — |
None Available
|
|
| Unresolved product id: 17086-12 | — |
None Available
|
|
| Unresolved product id: 17084-9 | — |
None Available
|
|
| Unresolved product id: 17084-7 | — |
None Available
|
|
| Unresolved product id: 17084-11 | — |
None Available
|
|
| Unresolved product id: 17084-10 | — |
None Available
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-8 | — | ||
| Unresolved product id: 17084-6 | — | ||
| Unresolved product id: 17084-3 | — | ||
| Unresolved product id: 17084-4 | — | ||
| Unresolved product id: 17084-5 | — | ||
| Unresolved product id: 17084-1 | — | ||
| Unresolved product id: 17084-2 | — |
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-41676 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1 - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-41676.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1",
"tracking": {
"current_release_date": "2026-04-30T01:48:29.000Z",
"generator": {
"date": "2026-04-30T08:42:48.163Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-41676",
"initial_release_date": "2026-04-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-04-26T01:06:07.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-04-27T14:44:27.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2026-04-29T14:48:46.000Z",
"legacy_version": "3",
"number": "3",
"summary": "Information published."
},
{
"date": "2026-04-30T01:12:12.000Z",
"legacy_version": "4",
"number": "4",
"summary": "Information published."
},
{
"date": "2026-04-30T01:48:29.000Z",
"legacy_version": "5",
"number": "5",
"summary": "Information published."
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "cbl2 rpm-ostree 0:2022.1-8.cbl2",
"product": {
"name": "cbl2 rpm-ostree 0:2022.1-8.cbl2",
"product_id": "13"
}
},
{
"category": "product_version_range",
"name": "azl3 rpm-ostree 0:2024.4-8.azl3",
"product": {
"name": "azl3 rpm-ostree 0:2024.4-8.azl3",
"product_id": "9"
}
}
],
"category": "product_name",
"name": "rpm-ostree"
},
{
"branches": [
{
"category": "product_version_range",
"name": "cbl2 rust 0:1.72.0-15.cbl2",
"product": {
"name": "cbl2 rust 0:1.72.0-15.cbl2",
"product_id": "12"
}
},
{
"category": "product_version_range",
"name": "azl3 rust 0:1.75.0-27.azl3",
"product": {
"name": "azl3 rust 0:1.75.0-27.azl3",
"product_id": "11"
}
},
{
"category": "product_version_range",
"name": "azl3 rust 0:1.90.0-6.azl3",
"product": {
"name": "azl3 rust 0:1.90.0-6.azl3",
"product_id": "10"
}
}
],
"category": "product_name",
"name": "rust"
},
{
"branches": [
{
"category": "product_version_range",
"name": "azl3 clamav 0:1.5.2-1.azl3",
"product": {
"name": "azl3 clamav 0:1.5.2-1.azl3",
"product_id": "7"
}
}
],
"category": "product_name",
"name": "clamav"
},
{
"category": "product_name",
"name": "azl3 python-cryptography 0:42.0.5-4.azl3",
"product": {
"name": "azl3 python-cryptography 0:42.0.5-4.azl3",
"product_id": "8"
}
},
{
"category": "product_name",
"name": "azl3 trident 0:0.22.0-1.azl3",
"product": {
"name": "azl3 trident 0:0.22.0-1.azl3",
"product_id": "6"
}
},
{
"category": "product_name",
"name": "azl3 clamav 0:1.5.2-2.azl3",
"product": {
"name": "azl3 clamav 0:1.5.2-2.azl3",
"product_id": "3"
}
},
{
"category": "product_name",
"name": "azl3 rpm-ostree 0:2024.4-10.azl3",
"product": {
"name": "azl3 rpm-ostree 0:2024.4-10.azl3",
"product_id": "4"
}
},
{
"category": "product_name",
"name": "azl3 rust 0:1.75.0-28.azl3",
"product": {
"name": "azl3 rust 0:1.75.0-28.azl3",
"product_id": "5"
}
},
{
"category": "product_name",
"name": "azl3 rust-afterburn 0:5.8.2-1.azl3",
"product": {
"name": "azl3 rust-afterburn 0:5.8.2-1.azl3",
"product_id": "1"
}
},
{
"category": "product_name",
"name": "azl3 rust 0:1.90.0-7.azl3",
"product": {
"name": "azl3 rust 0:1.90.0-7.azl3",
"product_id": "2"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 rpm-ostree 0:2022.1-8.cbl2 as a component of CBL Mariner 2.0",
"product_id": "17086-13"
},
"product_reference": "13",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 rust 0:1.72.0-15.cbl2 as a component of CBL Mariner 2.0",
"product_id": "17086-12"
},
"product_reference": "12",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-cryptography 0:42.0.5-4.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-8"
},
"product_reference": "8",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rpm-ostree 0:2024.4-8.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-9"
},
"product_reference": "9",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 trident 0:0.22.0-1.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-6"
},
"product_reference": "6",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 clamav 0:1.5.2-2.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rpm-ostree 0:2024.4-10.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-4"
},
"product_reference": "4",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rust 0:1.75.0-28.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-5"
},
"product_reference": "5",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rust-afterburn 0:5.8.2-1.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 clamav 0:1.5.2-1.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-7"
},
"product_reference": "7",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rust 0:1.75.0-27.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-11"
},
"product_reference": "11",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rust 0:1.90.0-6.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-10"
},
"product_reference": "10",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rust 0:1.90.0-7.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41676",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"flags": [
{
"label": "vulnerable_code_not_in_execute_path",
"product_ids": [
"17084-8",
"17084-6",
"17084-3",
"17084-4",
"17084-5",
"17084-1",
"17084-2"
]
}
],
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"known_affected": [
"17086-13",
"17086-12",
"17084-9",
"17084-7",
"17084-11",
"17084-10"
],
"known_not_affected": [
"17084-8",
"17084-6",
"17084-3",
"17084-4",
"17084-5",
"17084-1",
"17084-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-41676 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1 - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-41676.json"
}
],
"remediations": [
{
"category": "none_available",
"date": "2026-04-26T01:06:07.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-13"
]
},
{
"category": "none_available",
"date": "2026-04-26T01:06:07.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-12"
]
},
{
"category": "none_available",
"date": "2026-04-26T01:06:07.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-9"
]
},
{
"category": "none_available",
"date": "2026-04-26T01:06:07.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-7"
]
},
{
"category": "none_available",
"date": "2026-04-26T01:06:07.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-11"
]
},
{
"category": "none_available",
"date": "2026-04-26T01:06:07.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-10"
]
}
],
"title": "rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1"
}
]
}
OPENSUSE-SU-2026:11182-1
Vulnerability from csaf_opensuse - Published: 2026-07-04 00:00 - Updated: 2026-07-04 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "clamav-1.5.3-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the clamav-1.5.3-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-11182",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11182-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-20213 page",
"url": "https://www.suse.com/security/cve/CVE-2026-20213/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-20214 page",
"url": "https://www.suse.com/security/cve/CVE-2026-20214/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-20215 page",
"url": "https://www.suse.com/security/cve/CVE-2026-20215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-20216 page",
"url": "https://www.suse.com/security/cve/CVE-2026-20216/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-20217 page",
"url": "https://www.suse.com/security/cve/CVE-2026-20217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-20243 page",
"url": "https://www.suse.com/security/cve/CVE-2026-20243/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-20244 page",
"url": "https://www.suse.com/security/cve/CVE-2026-20244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41676 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41676/"
}
],
"title": "clamav-1.5.3-1.1 on GA media",
"tracking": {
"current_release_date": "2026-07-04T00:00:00Z",
"generator": {
"date": "2026-07-04T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:11182-1",
"initial_release_date": "2026-07-04T00:00:00Z",
"revision_history": [
{
"date": "2026-07-04T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "clamav-1.5.3-1.1.aarch64",
"product": {
"name": "clamav-1.5.3-1.1.aarch64",
"product_id": "clamav-1.5.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "clamav-devel-1.5.3-1.1.aarch64",
"product": {
"name": "clamav-devel-1.5.3-1.1.aarch64",
"product_id": "clamav-devel-1.5.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "clamav-docs-html-1.5.3-1.1.aarch64",
"product": {
"name": "clamav-docs-html-1.5.3-1.1.aarch64",
"product_id": "clamav-docs-html-1.5.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "clamav-milter-1.5.3-1.1.aarch64",
"product": {
"name": "clamav-milter-1.5.3-1.1.aarch64",
"product_id": "clamav-milter-1.5.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libclamav12-1.5.3-1.1.aarch64",
"product": {
"name": "libclamav12-1.5.3-1.1.aarch64",
"product_id": "libclamav12-1.5.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libclammspack0-1.5.3-1.1.aarch64",
"product": {
"name": "libclammspack0-1.5.3-1.1.aarch64",
"product_id": "libclammspack0-1.5.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfreshclam4-1.5.3-1.1.aarch64",
"product": {
"name": "libfreshclam4-1.5.3-1.1.aarch64",
"product_id": "libfreshclam4-1.5.3-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "clamav-1.5.3-1.1.ppc64le",
"product": {
"name": "clamav-1.5.3-1.1.ppc64le",
"product_id": "clamav-1.5.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "clamav-devel-1.5.3-1.1.ppc64le",
"product": {
"name": "clamav-devel-1.5.3-1.1.ppc64le",
"product_id": "clamav-devel-1.5.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "clamav-docs-html-1.5.3-1.1.ppc64le",
"product": {
"name": "clamav-docs-html-1.5.3-1.1.ppc64le",
"product_id": "clamav-docs-html-1.5.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "clamav-milter-1.5.3-1.1.ppc64le",
"product": {
"name": "clamav-milter-1.5.3-1.1.ppc64le",
"product_id": "clamav-milter-1.5.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libclamav12-1.5.3-1.1.ppc64le",
"product": {
"name": "libclamav12-1.5.3-1.1.ppc64le",
"product_id": "libclamav12-1.5.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libclammspack0-1.5.3-1.1.ppc64le",
"product": {
"name": "libclammspack0-1.5.3-1.1.ppc64le",
"product_id": "libclammspack0-1.5.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfreshclam4-1.5.3-1.1.ppc64le",
"product": {
"name": "libfreshclam4-1.5.3-1.1.ppc64le",
"product_id": "libfreshclam4-1.5.3-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "clamav-1.5.3-1.1.s390x",
"product": {
"name": "clamav-1.5.3-1.1.s390x",
"product_id": "clamav-1.5.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "clamav-devel-1.5.3-1.1.s390x",
"product": {
"name": "clamav-devel-1.5.3-1.1.s390x",
"product_id": "clamav-devel-1.5.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "clamav-docs-html-1.5.3-1.1.s390x",
"product": {
"name": "clamav-docs-html-1.5.3-1.1.s390x",
"product_id": "clamav-docs-html-1.5.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "clamav-milter-1.5.3-1.1.s390x",
"product": {
"name": "clamav-milter-1.5.3-1.1.s390x",
"product_id": "clamav-milter-1.5.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libclamav12-1.5.3-1.1.s390x",
"product": {
"name": "libclamav12-1.5.3-1.1.s390x",
"product_id": "libclamav12-1.5.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libclammspack0-1.5.3-1.1.s390x",
"product": {
"name": "libclammspack0-1.5.3-1.1.s390x",
"product_id": "libclammspack0-1.5.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libfreshclam4-1.5.3-1.1.s390x",
"product": {
"name": "libfreshclam4-1.5.3-1.1.s390x",
"product_id": "libfreshclam4-1.5.3-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "clamav-1.5.3-1.1.x86_64",
"product": {
"name": "clamav-1.5.3-1.1.x86_64",
"product_id": "clamav-1.5.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "clamav-devel-1.5.3-1.1.x86_64",
"product": {
"name": "clamav-devel-1.5.3-1.1.x86_64",
"product_id": "clamav-devel-1.5.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "clamav-docs-html-1.5.3-1.1.x86_64",
"product": {
"name": "clamav-docs-html-1.5.3-1.1.x86_64",
"product_id": "clamav-docs-html-1.5.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "clamav-milter-1.5.3-1.1.x86_64",
"product": {
"name": "clamav-milter-1.5.3-1.1.x86_64",
"product_id": "clamav-milter-1.5.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libclamav12-1.5.3-1.1.x86_64",
"product": {
"name": "libclamav12-1.5.3-1.1.x86_64",
"product_id": "libclamav12-1.5.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libclammspack0-1.5.3-1.1.x86_64",
"product": {
"name": "libclammspack0-1.5.3-1.1.x86_64",
"product_id": "libclammspack0-1.5.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreshclam4-1.5.3-1.1.x86_64",
"product": {
"name": "libfreshclam4-1.5.3-1.1.x86_64",
"product_id": "libfreshclam4-1.5.3-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-1.5.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64"
},
"product_reference": "clamav-1.5.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-1.5.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le"
},
"product_reference": "clamav-1.5.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-1.5.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x"
},
"product_reference": "clamav-1.5.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-1.5.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64"
},
"product_reference": "clamav-1.5.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-devel-1.5.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64"
},
"product_reference": "clamav-devel-1.5.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-devel-1.5.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le"
},
"product_reference": "clamav-devel-1.5.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-devel-1.5.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x"
},
"product_reference": "clamav-devel-1.5.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-devel-1.5.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64"
},
"product_reference": "clamav-devel-1.5.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-docs-html-1.5.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64"
},
"product_reference": "clamav-docs-html-1.5.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-docs-html-1.5.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le"
},
"product_reference": "clamav-docs-html-1.5.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-docs-html-1.5.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x"
},
"product_reference": "clamav-docs-html-1.5.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-docs-html-1.5.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64"
},
"product_reference": "clamav-docs-html-1.5.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-milter-1.5.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64"
},
"product_reference": "clamav-milter-1.5.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-milter-1.5.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le"
},
"product_reference": "clamav-milter-1.5.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-milter-1.5.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x"
},
"product_reference": "clamav-milter-1.5.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-milter-1.5.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64"
},
"product_reference": "clamav-milter-1.5.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclamav12-1.5.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64"
},
"product_reference": "libclamav12-1.5.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclamav12-1.5.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le"
},
"product_reference": "libclamav12-1.5.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclamav12-1.5.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x"
},
"product_reference": "libclamav12-1.5.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclamav12-1.5.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64"
},
"product_reference": "libclamav12-1.5.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclammspack0-1.5.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64"
},
"product_reference": "libclammspack0-1.5.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclammspack0-1.5.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le"
},
"product_reference": "libclammspack0-1.5.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclammspack0-1.5.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x"
},
"product_reference": "libclammspack0-1.5.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclammspack0-1.5.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64"
},
"product_reference": "libclammspack0-1.5.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreshclam4-1.5.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64"
},
"product_reference": "libfreshclam4-1.5.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreshclam4-1.5.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le"
},
"product_reference": "libfreshclam4-1.5.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreshclam4-1.5.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x"
},
"product_reference": "libfreshclam4-1.5.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreshclam4-1.5.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
},
"product_reference": "libfreshclam4-1.5.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-20213",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-20213"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in PE files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PE content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-20213",
"url": "https://www.suse.com/security/cve/CVE-2026-20213"
},
{
"category": "external",
"summary": "SUSE Bug 1270107 for CVE-2026-20213",
"url": "https://bugzilla.suse.com/1270107"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-04T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-20213"
},
{
"cve": "CVE-2026-20214",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-20214"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in FSG files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains portable executable content compressed with FSG to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-20214",
"url": "https://www.suse.com/security/cve/CVE-2026-20214"
},
{
"category": "external",
"summary": "SUSE Bug 1270085 for CVE-2026-20214",
"url": "https://bugzilla.suse.com/1270085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-04T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-20214"
},
{
"cve": "CVE-2026-20215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-20215"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in 7z files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains 7z\u0026nbsp;content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-20215",
"url": "https://www.suse.com/security/cve/CVE-2026-20215"
},
{
"category": "external",
"summary": "SUSE Bug 1270088 for CVE-2026-20215",
"url": "https://bugzilla.suse.com/1270088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-04T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-20215"
},
{
"cve": "CVE-2026-20216",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-20216"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.\r\n\r\nThis vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerability by submitting a crafted InstallShield file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process and temporarily consume available system resources, resulting in a DoS condition on the affected software.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-20216",
"url": "https://www.suse.com/security/cve/CVE-2026-20216"
},
{
"category": "external",
"summary": "SUSE Bug 1270089 for CVE-2026-20216",
"url": "https://bugzilla.suse.com/1270089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-04T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-20216"
},
{
"cve": "CVE-2026-20217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-20217"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in PESpin files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PESpin content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-20217",
"url": "https://www.suse.com/security/cve/CVE-2026-20217"
},
{
"category": "external",
"summary": "SUSE Bug 1270091 for CVE-2026-20217",
"url": "https://bugzilla.suse.com/1270091"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-04T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-20217"
},
{
"cve": "CVE-2026-20243",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-20243"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in ALZ files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains ALZ content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-20243",
"url": "https://www.suse.com/security/cve/CVE-2026-20243"
},
{
"category": "external",
"summary": "SUSE Bug 1270092 for CVE-2026-20243",
"url": "https://bugzilla.suse.com/1270092"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-04T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-20243"
},
{
"cve": "CVE-2026-20244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-20244"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in DMG files during scanning, which may result in an integer overflow on 32-bit platforms only. An attacker could exploit this vulnerability by submitting a crafted file that contains DMG content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-20244",
"url": "https://www.suse.com/security/cve/CVE-2026-20244"
},
{
"category": "external",
"summary": "SUSE Bug 1270106 for CVE-2026-20244",
"url": "https://bugzilla.suse.com/1270106"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-04T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-20244"
},
{
"cve": "CVE-2026-41676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41676"
}
],
"notes": [
{
"category": "general",
"text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming *keylen, unconditionally writing the full shared secret (32/56/prime-size bytes). A caller passing a short slice gets a heap/stack overflow from safe code. OpenSSL 3.x providers do check, so this only impacts older OpenSSL. This vulnerability is fixed in 0.10.78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41676",
"url": "https://www.suse.com/security/cve/CVE-2026-41676"
},
{
"category": "external",
"summary": "SUSE Bug 1270137 for CVE-2026-41676",
"url": "https://bugzilla.suse.com/1270137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:clamav-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-devel-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-docs-html-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:clamav-milter-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclamav12-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libclammspack0-1.5.3-1.1.x86_64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.aarch64",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.ppc64le",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.s390x",
"openSUSE Tumbleweed:libfreshclam4-1.5.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-04T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-41676"
}
]
}
OPENSUSE-SU-2026:11194-1
Vulnerability from csaf_opensuse - Published: 2026-07-06 00:00 - Updated: 2026-07-06 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-1+git20260706.f9f4faf-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-1+git20260706.f9f4faf-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-1+git20260706.f9f4faf-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-1+git20260706.f9f4faf-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-enroll-1+git20260706.f9f4faf-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-enroll-1+git20260706.f9f4faf-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-enroll-1+git20260706.f9f4faf-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-enroll-1+git20260706.f9f4faf-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-snapper-1+git20260706.f9f4faf-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-snapper-1+git20260706.f9f4faf-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-snapper-1+git20260706.f9f4faf-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-snapper-1+git20260706.f9f4faf-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-tukit-1+git20260706.f9f4faf-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-tukit-1+git20260706.f9f4faf-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-tukit-1+git20260706.f9f4faf-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sdbootutil-tukit-1+git20260706.f9f4faf-1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "sdbootutil-1+git20260706.f9f4faf-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the sdbootutil-1+git20260706.f9f4faf-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-11194",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11194-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41676 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41676/"
}
],
"title": "sdbootutil-1+git20260706.f9f4faf-1.1 on GA media",
"tracking": {
"current_release_date": "2026-07-06T00:00:00Z",
"generator": {
"date": "2026-07-06T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:11194-1",
"initial_release_date": "2026-07-06T00:00:00Z",
"revision_history": [
{
"date": "2026-07-06T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sdbootutil-1+git20260706.f9f4faf-1.1.aarch64",
"product": {
"name": "sdbootutil-1+git20260706.f9f4faf-1.1.aarch64",
"product_id": "sdbootutil-1+git20260706.f9f4faf-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.aarch64",
"product": {
"name": "sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.aarch64",
"product_id": "sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.aarch64",
"product": {
"name": "sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.aarch64",
"product_id": "sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "sdbootutil-enroll-1+git20260706.f9f4faf-1.1.aarch64",
"product": {
"name": "sdbootutil-enroll-1+git20260706.f9f4faf-1.1.aarch64",
"product_id": "sdbootutil-enroll-1+git20260706.f9f4faf-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.aarch64",
"product": {
"name": "sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.aarch64",
"product_id": "sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.aarch64",
"product": {
"name": "sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.aarch64",
"product_id": "sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "sdbootutil-snapper-1+git20260706.f9f4faf-1.1.aarch64",
"product": {
"name": "sdbootutil-snapper-1+git20260706.f9f4faf-1.1.aarch64",
"product_id": "sdbootutil-snapper-1+git20260706.f9f4faf-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "sdbootutil-tukit-1+git20260706.f9f4faf-1.1.aarch64",
"product": {
"name": "sdbootutil-tukit-1+git20260706.f9f4faf-1.1.aarch64",
"product_id": "sdbootutil-tukit-1+git20260706.f9f4faf-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "sdbootutil-1+git20260706.f9f4faf-1.1.ppc64le",
"product": {
"name": "sdbootutil-1+git20260706.f9f4faf-1.1.ppc64le",
"product_id": "sdbootutil-1+git20260706.f9f4faf-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.ppc64le",
"product": {
"name": "sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.ppc64le",
"product_id": "sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.ppc64le",
"product": {
"name": "sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.ppc64le",
"product_id": "sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "sdbootutil-enroll-1+git20260706.f9f4faf-1.1.ppc64le",
"product": {
"name": "sdbootutil-enroll-1+git20260706.f9f4faf-1.1.ppc64le",
"product_id": "sdbootutil-enroll-1+git20260706.f9f4faf-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.ppc64le",
"product": {
"name": "sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.ppc64le",
"product_id": "sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.ppc64le",
"product": {
"name": "sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.ppc64le",
"product_id": "sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "sdbootutil-snapper-1+git20260706.f9f4faf-1.1.ppc64le",
"product": {
"name": "sdbootutil-snapper-1+git20260706.f9f4faf-1.1.ppc64le",
"product_id": "sdbootutil-snapper-1+git20260706.f9f4faf-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "sdbootutil-tukit-1+git20260706.f9f4faf-1.1.ppc64le",
"product": {
"name": "sdbootutil-tukit-1+git20260706.f9f4faf-1.1.ppc64le",
"product_id": "sdbootutil-tukit-1+git20260706.f9f4faf-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "sdbootutil-1+git20260706.f9f4faf-1.1.s390x",
"product": {
"name": "sdbootutil-1+git20260706.f9f4faf-1.1.s390x",
"product_id": "sdbootutil-1+git20260706.f9f4faf-1.1.s390x"
}
},
{
"category": "product_version",
"name": "sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.s390x",
"product": {
"name": "sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.s390x",
"product_id": "sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.s390x"
}
},
{
"category": "product_version",
"name": "sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.s390x",
"product": {
"name": "sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.s390x",
"product_id": "sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.s390x"
}
},
{
"category": "product_version",
"name": "sdbootutil-enroll-1+git20260706.f9f4faf-1.1.s390x",
"product": {
"name": "sdbootutil-enroll-1+git20260706.f9f4faf-1.1.s390x",
"product_id": "sdbootutil-enroll-1+git20260706.f9f4faf-1.1.s390x"
}
},
{
"category": "product_version",
"name": "sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.s390x",
"product": {
"name": "sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.s390x",
"product_id": "sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.s390x"
}
},
{
"category": "product_version",
"name": "sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.s390x",
"product": {
"name": "sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.s390x",
"product_id": "sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.s390x"
}
},
{
"category": "product_version",
"name": "sdbootutil-snapper-1+git20260706.f9f4faf-1.1.s390x",
"product": {
"name": "sdbootutil-snapper-1+git20260706.f9f4faf-1.1.s390x",
"product_id": "sdbootutil-snapper-1+git20260706.f9f4faf-1.1.s390x"
}
},
{
"category": "product_version",
"name": "sdbootutil-tukit-1+git20260706.f9f4faf-1.1.s390x",
"product": {
"name": "sdbootutil-tukit-1+git20260706.f9f4faf-1.1.s390x",
"product_id": "sdbootutil-tukit-1+git20260706.f9f4faf-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sdbootutil-1+git20260706.f9f4faf-1.1.x86_64",
"product": {
"name": "sdbootutil-1+git20260706.f9f4faf-1.1.x86_64",
"product_id": "sdbootutil-1+git20260706.f9f4faf-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.x86_64",
"product": {
"name": "sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.x86_64",
"product_id": "sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.x86_64",
"product": {
"name": "sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.x86_64",
"product_id": "sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "sdbootutil-enroll-1+git20260706.f9f4faf-1.1.x86_64",
"product": {
"name": "sdbootutil-enroll-1+git20260706.f9f4faf-1.1.x86_64",
"product_id": "sdbootutil-enroll-1+git20260706.f9f4faf-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.x86_64",
"product": {
"name": "sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.x86_64",
"product_id": "sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.x86_64",
"product": {
"name": "sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.x86_64",
"product_id": "sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "sdbootutil-snapper-1+git20260706.f9f4faf-1.1.x86_64",
"product": {
"name": "sdbootutil-snapper-1+git20260706.f9f4faf-1.1.x86_64",
"product_id": "sdbootutil-snapper-1+git20260706.f9f4faf-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "sdbootutil-tukit-1+git20260706.f9f4faf-1.1.x86_64",
"product": {
"name": "sdbootutil-tukit-1+git20260706.f9f4faf-1.1.x86_64",
"product_id": "sdbootutil-tukit-1+git20260706.f9f4faf-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-1+git20260706.f9f4faf-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-1+git20260706.f9f4faf-1.1.aarch64"
},
"product_reference": "sdbootutil-1+git20260706.f9f4faf-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-1+git20260706.f9f4faf-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-1+git20260706.f9f4faf-1.1.ppc64le"
},
"product_reference": "sdbootutil-1+git20260706.f9f4faf-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-1+git20260706.f9f4faf-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-1+git20260706.f9f4faf-1.1.s390x"
},
"product_reference": "sdbootutil-1+git20260706.f9f4faf-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-1+git20260706.f9f4faf-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-1+git20260706.f9f4faf-1.1.x86_64"
},
"product_reference": "sdbootutil-1+git20260706.f9f4faf-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.aarch64"
},
"product_reference": "sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.ppc64le"
},
"product_reference": "sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.s390x"
},
"product_reference": "sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.x86_64"
},
"product_reference": "sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.aarch64"
},
"product_reference": "sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.ppc64le"
},
"product_reference": "sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.s390x"
},
"product_reference": "sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.x86_64"
},
"product_reference": "sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-enroll-1+git20260706.f9f4faf-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-enroll-1+git20260706.f9f4faf-1.1.aarch64"
},
"product_reference": "sdbootutil-enroll-1+git20260706.f9f4faf-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-enroll-1+git20260706.f9f4faf-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-enroll-1+git20260706.f9f4faf-1.1.ppc64le"
},
"product_reference": "sdbootutil-enroll-1+git20260706.f9f4faf-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-enroll-1+git20260706.f9f4faf-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-enroll-1+git20260706.f9f4faf-1.1.s390x"
},
"product_reference": "sdbootutil-enroll-1+git20260706.f9f4faf-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-enroll-1+git20260706.f9f4faf-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-enroll-1+git20260706.f9f4faf-1.1.x86_64"
},
"product_reference": "sdbootutil-enroll-1+git20260706.f9f4faf-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.aarch64"
},
"product_reference": "sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.ppc64le"
},
"product_reference": "sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.s390x"
},
"product_reference": "sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.x86_64"
},
"product_reference": "sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.aarch64"
},
"product_reference": "sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.ppc64le"
},
"product_reference": "sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.s390x"
},
"product_reference": "sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.x86_64"
},
"product_reference": "sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-snapper-1+git20260706.f9f4faf-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-snapper-1+git20260706.f9f4faf-1.1.aarch64"
},
"product_reference": "sdbootutil-snapper-1+git20260706.f9f4faf-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-snapper-1+git20260706.f9f4faf-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-snapper-1+git20260706.f9f4faf-1.1.ppc64le"
},
"product_reference": "sdbootutil-snapper-1+git20260706.f9f4faf-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-snapper-1+git20260706.f9f4faf-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-snapper-1+git20260706.f9f4faf-1.1.s390x"
},
"product_reference": "sdbootutil-snapper-1+git20260706.f9f4faf-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-snapper-1+git20260706.f9f4faf-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-snapper-1+git20260706.f9f4faf-1.1.x86_64"
},
"product_reference": "sdbootutil-snapper-1+git20260706.f9f4faf-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-tukit-1+git20260706.f9f4faf-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-tukit-1+git20260706.f9f4faf-1.1.aarch64"
},
"product_reference": "sdbootutil-tukit-1+git20260706.f9f4faf-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-tukit-1+git20260706.f9f4faf-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-tukit-1+git20260706.f9f4faf-1.1.ppc64le"
},
"product_reference": "sdbootutil-tukit-1+git20260706.f9f4faf-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-tukit-1+git20260706.f9f4faf-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-tukit-1+git20260706.f9f4faf-1.1.s390x"
},
"product_reference": "sdbootutil-tukit-1+git20260706.f9f4faf-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sdbootutil-tukit-1+git20260706.f9f4faf-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sdbootutil-tukit-1+git20260706.f9f4faf-1.1.x86_64"
},
"product_reference": "sdbootutil-tukit-1+git20260706.f9f4faf-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41676"
}
],
"notes": [
{
"category": "general",
"text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming *keylen, unconditionally writing the full shared secret (32/56/prime-size bytes). A caller passing a short slice gets a heap/stack overflow from safe code. OpenSSL 3.x providers do check, so this only impacts older OpenSSL. This vulnerability is fixed in 0.10.78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:sdbootutil-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-1+git20260706.f9f4faf-1.1.x86_64",
"openSUSE Tumbleweed:sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.x86_64",
"openSUSE Tumbleweed:sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.x86_64",
"openSUSE Tumbleweed:sdbootutil-enroll-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-enroll-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-enroll-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-enroll-1+git20260706.f9f4faf-1.1.x86_64",
"openSUSE Tumbleweed:sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.x86_64",
"openSUSE Tumbleweed:sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.x86_64",
"openSUSE Tumbleweed:sdbootutil-snapper-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-snapper-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-snapper-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-snapper-1+git20260706.f9f4faf-1.1.x86_64",
"openSUSE Tumbleweed:sdbootutil-tukit-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-tukit-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-tukit-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-tukit-1+git20260706.f9f4faf-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41676",
"url": "https://www.suse.com/security/cve/CVE-2026-41676"
},
{
"category": "external",
"summary": "SUSE Bug 1270137 for CVE-2026-41676",
"url": "https://bugzilla.suse.com/1270137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:sdbootutil-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-1+git20260706.f9f4faf-1.1.x86_64",
"openSUSE Tumbleweed:sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.x86_64",
"openSUSE Tumbleweed:sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.x86_64",
"openSUSE Tumbleweed:sdbootutil-enroll-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-enroll-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-enroll-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-enroll-1+git20260706.f9f4faf-1.1.x86_64",
"openSUSE Tumbleweed:sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.x86_64",
"openSUSE Tumbleweed:sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.x86_64",
"openSUSE Tumbleweed:sdbootutil-snapper-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-snapper-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-snapper-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-snapper-1+git20260706.f9f4faf-1.1.x86_64",
"openSUSE Tumbleweed:sdbootutil-tukit-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-tukit-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-tukit-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-tukit-1+git20260706.f9f4faf-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:sdbootutil-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-1+git20260706.f9f4faf-1.1.x86_64",
"openSUSE Tumbleweed:sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-bash-completion-1+git20260706.f9f4faf-1.1.x86_64",
"openSUSE Tumbleweed:sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-dracut-measure-pcr-1+git20260706.f9f4faf-1.1.x86_64",
"openSUSE Tumbleweed:sdbootutil-enroll-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-enroll-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-enroll-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-enroll-1+git20260706.f9f4faf-1.1.x86_64",
"openSUSE Tumbleweed:sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-jeos-firstboot-enroll-1+git20260706.f9f4faf-1.1.x86_64",
"openSUSE Tumbleweed:sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-kernel-install-1+git20260706.f9f4faf-1.1.x86_64",
"openSUSE Tumbleweed:sdbootutil-snapper-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-snapper-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-snapper-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-snapper-1+git20260706.f9f4faf-1.1.x86_64",
"openSUSE Tumbleweed:sdbootutil-tukit-1+git20260706.f9f4faf-1.1.aarch64",
"openSUSE Tumbleweed:sdbootutil-tukit-1+git20260706.f9f4faf-1.1.ppc64le",
"openSUSE Tumbleweed:sdbootutil-tukit-1+git20260706.f9f4faf-1.1.s390x",
"openSUSE Tumbleweed:sdbootutil-tukit-1+git20260706.f9f4faf-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-41676"
}
]
}
OPENSUSE-SU-2026:11210-1
Vulnerability from csaf_opensuse - Published: 2026-07-08 00:00 - Updated: 2026-07-08 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cargo-c-0.10.23-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cargo-c-0.10.23-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-11210",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11210-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41676 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41677 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41678 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41681 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41898 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42327 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42327/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44662 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-45784 page",
"url": "https://www.suse.com/security/cve/CVE-2026-45784/"
}
],
"title": "cargo-c-0.10.23-1.1 on GA media",
"tracking": {
"current_release_date": "2026-07-08T00:00:00Z",
"generator": {
"date": "2026-07-08T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:11210-1",
"initial_release_date": "2026-07-08T00:00:00Z",
"revision_history": [
{
"date": "2026-07-08T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cargo-c-0.10.23-1.1.aarch64",
"product": {
"name": "cargo-c-0.10.23-1.1.aarch64",
"product_id": "cargo-c-0.10.23-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-c-0.10.23-1.1.ppc64le",
"product": {
"name": "cargo-c-0.10.23-1.1.ppc64le",
"product_id": "cargo-c-0.10.23-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-c-0.10.23-1.1.s390x",
"product": {
"name": "cargo-c-0.10.23-1.1.s390x",
"product_id": "cargo-c-0.10.23-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-c-0.10.23-1.1.x86_64",
"product": {
"name": "cargo-c-0.10.23-1.1.x86_64",
"product_id": "cargo-c-0.10.23-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-c-0.10.23-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64"
},
"product_reference": "cargo-c-0.10.23-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-c-0.10.23-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le"
},
"product_reference": "cargo-c-0.10.23-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-c-0.10.23-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x"
},
"product_reference": "cargo-c-0.10.23-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-c-0.10.23-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
},
"product_reference": "cargo-c-0.10.23-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41676"
}
],
"notes": [
{
"category": "general",
"text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming *keylen, unconditionally writing the full shared secret (32/56/prime-size bytes). A caller passing a short slice gets a heap/stack overflow from safe code. OpenSSL 3.x providers do check, so this only impacts older OpenSSL. This vulnerability is fixed in 0.10.78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41676",
"url": "https://www.suse.com/security/cve/CVE-2026-41676"
},
{
"category": "external",
"summary": "SUSE Bug 1270137 for CVE-2026-41676",
"url": "https://bugzilla.suse.com/1270137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-41676"
},
{
"cve": "CVE-2026-41677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41677"
}
],
"notes": [
{
"category": "general",
"text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user\u0027s callback. A password callback that returns a value larger than the buffer it was given can cause some versions of OpenSSL to over-read this buffer. OpenSSL 3.x is not affected by this. This vulnerability is fixed in 0.10.78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41677",
"url": "https://www.suse.com/security/cve/CVE-2026-41677"
},
{
"category": "external",
"summary": "SUSE Bug 1270540 for CVE-2026-41677",
"url": "https://bugzilla.suse.com/1270540"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-41677"
},
{
"cve": "CVE-2026-41678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41678"
}
],
"notes": [
{
"category": "general",
"text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 \u003c= in_.len(), but this condition is reversed. The intended invariant is out.len() \u003e= in_.len() - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers at or below the minimum required size and rejects larger ones. If a smaller buffer is provided the function will write past the end of out by in_.len() - 8 - out.len() bytes, causing an out-of-bounds write from a safe public function. This vulnerability is fixed in 0.10.78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41678",
"url": "https://www.suse.com/security/cve/CVE-2026-41678"
},
{
"category": "external",
"summary": "SUSE Bug 1270641 for CVE-2026-41678",
"url": "https://bugzilla.suse.com/1270641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-41678"
},
{
"cve": "CVE-2026-41681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41681"
}
],
"notes": [
{
"category": "general",
"text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past its end, usually corrupting the stack. This is reachable from safe Rust. This vulnerability is fixed in 0.10.78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41681",
"url": "https://www.suse.com/security/cve/CVE-2026-41681"
},
{
"category": "external",
"summary": "SUSE Bug 1270719 for CVE-2026-41681",
"url": "https://bugzilla.suse.com/1270719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-41681"
},
{
"cve": "CVE-2026-41898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41898"
}
],
"notes": [
{
"category": "general",
"text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the user closure\u0027s returned usize directly to OpenSSL without checking it against the \u0026mut [u8] that was handed to the closure. This can lead to buffer overflows and other unintended consequences. This vulnerability is fixed in 0.10.78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41898",
"url": "https://www.suse.com/security/cve/CVE-2026-41898"
},
{
"category": "external",
"summary": "SUSE Bug 1270798 for CVE-2026-41898",
"url": "https://bugzilla.suse.com/1270798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-41898"
},
{
"cve": "CVE-2026-42327",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42327"
}
],
"notes": [
{
"category": "general",
"text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate\u0027s AIA extension as OpensslString, whose Deref\u003cTarget = str\u003e wraps the raw bytes with str::from_utf8_unchecked. OpenSSL does not enforce that the underlying IA5String is ASCII, so a certificate with non-UTF-8 bytes in its OCSP accessLocation causes safe Rust code to construct a \u0026str that violates the UTF-8 invariant - resulting in undefined behavior. This vulnerability is fixed in 0.10.79.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42327",
"url": "https://www.suse.com/security/cve/CVE-2026-42327"
},
{
"category": "external",
"summary": "SUSE Bug 1270454 for CVE-2026-42327",
"url": "https://bugzilla.suse.com/1270454"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42327"
},
{
"cve": "CVE-2026-44662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44662"
}
],
"notes": [
{
"category": "general",
"text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller\u0027s buffer or Vec, producing attacker-controllable heap corruption when the plaintext length is attacker-influenced. This only impacts users using AES key-wrap-with-padding ciphers. This vulnerability is fixed in 0.10.79.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44662",
"url": "https://www.suse.com/security/cve/CVE-2026-44662"
},
{
"category": "external",
"summary": "SUSE Bug 1270872 for CVE-2026-44662",
"url": "https://bugzilla.suse.com/1270872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-44662"
},
{
"cve": "CVE-2026-45784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-45784"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-45784",
"url": "https://www.suse.com/security/cve/CVE-2026-45784"
},
{
"category": "external",
"summary": "SUSE Bug 1270946 for CVE-2026-45784",
"url": "https://bugzilla.suse.com/1270946"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-45784"
}
]
}
OPENSUSE-SU-2026:11222-1
Vulnerability from csaf_opensuse - Published: 2026-07-08 00:00 - Updated: 2026-07-08 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "keylime-ima-policy-0.2.9+49-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the keylime-ima-policy-0.2.9+49-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-11222",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11222-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41676 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41677 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41678 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41681 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41898 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42327 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42327/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44662 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-45784 page",
"url": "https://www.suse.com/security/cve/CVE-2026-45784/"
}
],
"title": "keylime-ima-policy-0.2.9+49-1.1 on GA media",
"tracking": {
"current_release_date": "2026-07-08T00:00:00Z",
"generator": {
"date": "2026-07-08T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:11222-1",
"initial_release_date": "2026-07-08T00:00:00Z",
"revision_history": [
{
"date": "2026-07-08T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.9+49-1.1.aarch64",
"product": {
"name": "keylime-ima-policy-0.2.9+49-1.1.aarch64",
"product_id": "keylime-ima-policy-0.2.9+49-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.9+49-1.1.aarch64",
"product": {
"name": "rust-keylime-0.2.9+49-1.1.aarch64",
"product_id": "rust-keylime-0.2.9+49-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"product": {
"name": "keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"product_id": "keylime-ima-policy-0.2.9+49-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.9+49-1.1.ppc64le",
"product": {
"name": "rust-keylime-0.2.9+49-1.1.ppc64le",
"product_id": "rust-keylime-0.2.9+49-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.9+49-1.1.s390x",
"product": {
"name": "keylime-ima-policy-0.2.9+49-1.1.s390x",
"product_id": "keylime-ima-policy-0.2.9+49-1.1.s390x"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.9+49-1.1.s390x",
"product": {
"name": "rust-keylime-0.2.9+49-1.1.s390x",
"product_id": "rust-keylime-0.2.9+49-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.9+49-1.1.x86_64",
"product": {
"name": "keylime-ima-policy-0.2.9+49-1.1.x86_64",
"product_id": "keylime-ima-policy-0.2.9+49-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.9+49-1.1.x86_64",
"product": {
"name": "rust-keylime-0.2.9+49-1.1.x86_64",
"product_id": "rust-keylime-0.2.9+49-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-ima-policy-0.2.9+49-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64"
},
"product_reference": "keylime-ima-policy-0.2.9+49-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-ima-policy-0.2.9+49-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le"
},
"product_reference": "keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-ima-policy-0.2.9+49-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x"
},
"product_reference": "keylime-ima-policy-0.2.9+49-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-ima-policy-0.2.9+49-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64"
},
"product_reference": "keylime-ima-policy-0.2.9+49-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.9+49-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64"
},
"product_reference": "rust-keylime-0.2.9+49-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.9+49-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le"
},
"product_reference": "rust-keylime-0.2.9+49-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.9+49-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x"
},
"product_reference": "rust-keylime-0.2.9+49-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.9+49-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
},
"product_reference": "rust-keylime-0.2.9+49-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41676"
}
],
"notes": [
{
"category": "general",
"text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming *keylen, unconditionally writing the full shared secret (32/56/prime-size bytes). A caller passing a short slice gets a heap/stack overflow from safe code. OpenSSL 3.x providers do check, so this only impacts older OpenSSL. This vulnerability is fixed in 0.10.78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41676",
"url": "https://www.suse.com/security/cve/CVE-2026-41676"
},
{
"category": "external",
"summary": "SUSE Bug 1270137 for CVE-2026-41676",
"url": "https://bugzilla.suse.com/1270137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-41676"
},
{
"cve": "CVE-2026-41677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41677"
}
],
"notes": [
{
"category": "general",
"text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user\u0027s callback. A password callback that returns a value larger than the buffer it was given can cause some versions of OpenSSL to over-read this buffer. OpenSSL 3.x is not affected by this. This vulnerability is fixed in 0.10.78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41677",
"url": "https://www.suse.com/security/cve/CVE-2026-41677"
},
{
"category": "external",
"summary": "SUSE Bug 1270540 for CVE-2026-41677",
"url": "https://bugzilla.suse.com/1270540"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-41677"
},
{
"cve": "CVE-2026-41678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41678"
}
],
"notes": [
{
"category": "general",
"text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 \u003c= in_.len(), but this condition is reversed. The intended invariant is out.len() \u003e= in_.len() - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers at or below the minimum required size and rejects larger ones. If a smaller buffer is provided the function will write past the end of out by in_.len() - 8 - out.len() bytes, causing an out-of-bounds write from a safe public function. This vulnerability is fixed in 0.10.78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41678",
"url": "https://www.suse.com/security/cve/CVE-2026-41678"
},
{
"category": "external",
"summary": "SUSE Bug 1270641 for CVE-2026-41678",
"url": "https://bugzilla.suse.com/1270641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-41678"
},
{
"cve": "CVE-2026-41681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41681"
}
],
"notes": [
{
"category": "general",
"text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past its end, usually corrupting the stack. This is reachable from safe Rust. This vulnerability is fixed in 0.10.78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41681",
"url": "https://www.suse.com/security/cve/CVE-2026-41681"
},
{
"category": "external",
"summary": "SUSE Bug 1270719 for CVE-2026-41681",
"url": "https://bugzilla.suse.com/1270719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-41681"
},
{
"cve": "CVE-2026-41898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41898"
}
],
"notes": [
{
"category": "general",
"text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the user closure\u0027s returned usize directly to OpenSSL without checking it against the \u0026mut [u8] that was handed to the closure. This can lead to buffer overflows and other unintended consequences. This vulnerability is fixed in 0.10.78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41898",
"url": "https://www.suse.com/security/cve/CVE-2026-41898"
},
{
"category": "external",
"summary": "SUSE Bug 1270798 for CVE-2026-41898",
"url": "https://bugzilla.suse.com/1270798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-41898"
},
{
"cve": "CVE-2026-42327",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42327"
}
],
"notes": [
{
"category": "general",
"text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate\u0027s AIA extension as OpensslString, whose Deref\u003cTarget = str\u003e wraps the raw bytes with str::from_utf8_unchecked. OpenSSL does not enforce that the underlying IA5String is ASCII, so a certificate with non-UTF-8 bytes in its OCSP accessLocation causes safe Rust code to construct a \u0026str that violates the UTF-8 invariant - resulting in undefined behavior. This vulnerability is fixed in 0.10.79.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42327",
"url": "https://www.suse.com/security/cve/CVE-2026-42327"
},
{
"category": "external",
"summary": "SUSE Bug 1270454 for CVE-2026-42327",
"url": "https://bugzilla.suse.com/1270454"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42327"
},
{
"cve": "CVE-2026-44662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44662"
}
],
"notes": [
{
"category": "general",
"text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller\u0027s buffer or Vec, producing attacker-controllable heap corruption when the plaintext length is attacker-influenced. This only impacts users using AES key-wrap-with-padding ciphers. This vulnerability is fixed in 0.10.79.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44662",
"url": "https://www.suse.com/security/cve/CVE-2026-44662"
},
{
"category": "external",
"summary": "SUSE Bug 1270872 for CVE-2026-44662",
"url": "https://bugzilla.suse.com/1270872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-44662"
},
{
"cve": "CVE-2026-45784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-45784"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-45784",
"url": "https://www.suse.com/security/cve/CVE-2026-45784"
},
{
"category": "external",
"summary": "SUSE Bug 1270946 for CVE-2026-45784",
"url": "https://bugzilla.suse.com/1270946"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-45784"
}
]
}
OPENSUSE-SU-2026:21252-1
Vulnerability from csaf_opensuse - Published: 2026-07-07 16:59 - Updated: 2026-07-07 16:59| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for clamav",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for clamav fixes the following issues:\n\nUpdate to version 1.5.3.\n\nSecurity issues fixed:\n\n- CVE-2026-20213: out-of-bounds write due to improper boundary checks for content in PE files during scanning\n (bsc#1270107).\n- CVE-2026-20214: out-of-bounds write due to improper boundary checks for content in FSG files during scanning\n (bsc#1270085).\n- CVE-2026-20215: out-of-bounds write due to improper boundary checks for content in 7z files during scanning\n (bsc#1270088).\n- CVE-2026-20216: denial of service due to improper handling of temporary resources during InstallShield file scanning\n (bsc#1270089).\n- CVE-2026-20217: out-of-bounds write due to improper boundary checks for content in PESpin files during scanning\n (bsc#1270091).\n- CVE-2026-20243: out-of-bounds write due to improper boundary checks for content in ALZ files during scanning\n (bsc#1270092).\n- CVE-2026-20244: integer overflow and DoS due to improper boundary checks for content in DMG files during scanning\n (bsc#1270106).\n- CVE-2026-41676: buffer overflow due to missing checks via `Deriver:derive`, `PkeyCtxRef:derive` and OpenSSL 1.1.1\n (bsc#1270138).\n\nOther updates and bugfixes:\n\n- Version 1.5.3:\n * Fixed a bug in the PESpin unpacker cleanup path that could free pointers into the scanned file buffer and crash the\n scanner.\n * Fixed an integer overflow in PE rebuild size calculations that could be reached through a malformed Aspack-packed PE\n file and lead to a heap buffer overflow write.\n * Fixed an InstallShield archive extraction limit bypass that could write far more temporary data than intended and\n exhaust temporary storage.\n * Fixed an FSG unpacker loop underflow that could write past the section array while scanning a malformed PE file.\n * Fixed ALZ parser size handling bugs that could cause malformed ALZ archives to panic, abort the scanner, or skip\n expected scan-limit handling.\n * Fixed a 7z parser substream count overflow that could under-allocate parser metadata arrays and write past them\n while reading a malformed archive.\n * Fixed 32-bit DMG parser size checks that could let a short mish stripe table pass validation and crash 32-bit\n scanner builds.\n * Hardened clamscan, clamdscan, and clamonacc quarantine actions against time-of-check/time-of-use races that could\n redirect copied, moved, or removed files under unsafe quarantine directory configurations.\n * Upgraded the Rust tar dependency to resolve the RUSTSEC-2026-0067 and RUSTSEC-2026-0068 advisories, and upgraded the\n Rust openssl dependency to resolve CVE-2026-41676.\n * Raised the minimum required CMake version to 3.17 to fix Linux builds with libcurl v8.21.0 when linking static\n library dependencies.\n * Metadata preclass scans now run before the final scan verdict.\n * ClamOnAcc: Fixed errors when recursively excluded paths are children of an included path.\n * ClamOnAcc: Fixed hash bucket list corruption when two watched paths collide in the same bucket.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-1173",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_21252-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1270085",
"url": "https://bugzilla.suse.com/1270085"
},
{
"category": "self",
"summary": "SUSE Bug 1270088",
"url": "https://bugzilla.suse.com/1270088"
},
{
"category": "self",
"summary": "SUSE Bug 1270089",
"url": "https://bugzilla.suse.com/1270089"
},
{
"category": "self",
"summary": "SUSE Bug 1270091",
"url": "https://bugzilla.suse.com/1270091"
},
{
"category": "self",
"summary": "SUSE Bug 1270092",
"url": "https://bugzilla.suse.com/1270092"
},
{
"category": "self",
"summary": "SUSE Bug 1270106",
"url": "https://bugzilla.suse.com/1270106"
},
{
"category": "self",
"summary": "SUSE Bug 1270107",
"url": "https://bugzilla.suse.com/1270107"
},
{
"category": "self",
"summary": "SUSE Bug 1270138",
"url": "https://bugzilla.suse.com/1270138"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-20213 page",
"url": "https://www.suse.com/security/cve/CVE-2026-20213/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-20214 page",
"url": "https://www.suse.com/security/cve/CVE-2026-20214/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-20215 page",
"url": "https://www.suse.com/security/cve/CVE-2026-20215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-20216 page",
"url": "https://www.suse.com/security/cve/CVE-2026-20216/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-20217 page",
"url": "https://www.suse.com/security/cve/CVE-2026-20217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-20243 page",
"url": "https://www.suse.com/security/cve/CVE-2026-20243/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-20244 page",
"url": "https://www.suse.com/security/cve/CVE-2026-20244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41676 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41676/"
}
],
"title": "Security update for clamav",
"tracking": {
"current_release_date": "2026-07-07T16:59:27Z",
"generator": {
"date": "2026-07-07T16:59:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:21252-1",
"initial_release_date": "2026-07-07T16:59:27Z",
"revision_history": [
{
"date": "2026-07-07T16:59:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "clamav-1.5.3-160000.1.1.aarch64",
"product": {
"name": "clamav-1.5.3-160000.1.1.aarch64",
"product_id": "clamav-1.5.3-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "clamav-devel-1.5.3-160000.1.1.aarch64",
"product": {
"name": "clamav-devel-1.5.3-160000.1.1.aarch64",
"product_id": "clamav-devel-1.5.3-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "clamav-milter-1.5.3-160000.1.1.aarch64",
"product": {
"name": "clamav-milter-1.5.3-160000.1.1.aarch64",
"product_id": "clamav-milter-1.5.3-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libclamav12-1.5.3-160000.1.1.aarch64",
"product": {
"name": "libclamav12-1.5.3-160000.1.1.aarch64",
"product_id": "libclamav12-1.5.3-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libclammspack0-1.5.3-160000.1.1.aarch64",
"product": {
"name": "libclammspack0-1.5.3-160000.1.1.aarch64",
"product_id": "libclammspack0-1.5.3-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfreshclam4-1.5.3-160000.1.1.aarch64",
"product": {
"name": "libfreshclam4-1.5.3-160000.1.1.aarch64",
"product_id": "libfreshclam4-1.5.3-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "clamav-docs-html-1.5.3-160000.1.1.noarch",
"product": {
"name": "clamav-docs-html-1.5.3-160000.1.1.noarch",
"product_id": "clamav-docs-html-1.5.3-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "clamav-1.5.3-160000.1.1.ppc64le",
"product": {
"name": "clamav-1.5.3-160000.1.1.ppc64le",
"product_id": "clamav-1.5.3-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "clamav-devel-1.5.3-160000.1.1.ppc64le",
"product": {
"name": "clamav-devel-1.5.3-160000.1.1.ppc64le",
"product_id": "clamav-devel-1.5.3-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "clamav-milter-1.5.3-160000.1.1.ppc64le",
"product": {
"name": "clamav-milter-1.5.3-160000.1.1.ppc64le",
"product_id": "clamav-milter-1.5.3-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libclamav12-1.5.3-160000.1.1.ppc64le",
"product": {
"name": "libclamav12-1.5.3-160000.1.1.ppc64le",
"product_id": "libclamav12-1.5.3-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libclammspack0-1.5.3-160000.1.1.ppc64le",
"product": {
"name": "libclammspack0-1.5.3-160000.1.1.ppc64le",
"product_id": "libclammspack0-1.5.3-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfreshclam4-1.5.3-160000.1.1.ppc64le",
"product": {
"name": "libfreshclam4-1.5.3-160000.1.1.ppc64le",
"product_id": "libfreshclam4-1.5.3-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "clamav-1.5.3-160000.1.1.s390x",
"product": {
"name": "clamav-1.5.3-160000.1.1.s390x",
"product_id": "clamav-1.5.3-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "clamav-devel-1.5.3-160000.1.1.s390x",
"product": {
"name": "clamav-devel-1.5.3-160000.1.1.s390x",
"product_id": "clamav-devel-1.5.3-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "clamav-milter-1.5.3-160000.1.1.s390x",
"product": {
"name": "clamav-milter-1.5.3-160000.1.1.s390x",
"product_id": "clamav-milter-1.5.3-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "libclamav12-1.5.3-160000.1.1.s390x",
"product": {
"name": "libclamav12-1.5.3-160000.1.1.s390x",
"product_id": "libclamav12-1.5.3-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "libclammspack0-1.5.3-160000.1.1.s390x",
"product": {
"name": "libclammspack0-1.5.3-160000.1.1.s390x",
"product_id": "libclammspack0-1.5.3-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "libfreshclam4-1.5.3-160000.1.1.s390x",
"product": {
"name": "libfreshclam4-1.5.3-160000.1.1.s390x",
"product_id": "libfreshclam4-1.5.3-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "clamav-1.5.3-160000.1.1.x86_64",
"product": {
"name": "clamav-1.5.3-160000.1.1.x86_64",
"product_id": "clamav-1.5.3-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "clamav-devel-1.5.3-160000.1.1.x86_64",
"product": {
"name": "clamav-devel-1.5.3-160000.1.1.x86_64",
"product_id": "clamav-devel-1.5.3-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "clamav-milter-1.5.3-160000.1.1.x86_64",
"product": {
"name": "clamav-milter-1.5.3-160000.1.1.x86_64",
"product_id": "clamav-milter-1.5.3-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libclamav12-1.5.3-160000.1.1.x86_64",
"product": {
"name": "libclamav12-1.5.3-160000.1.1.x86_64",
"product_id": "libclamav12-1.5.3-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libclammspack0-1.5.3-160000.1.1.x86_64",
"product": {
"name": "libclammspack0-1.5.3-160000.1.1.x86_64",
"product_id": "libclammspack0-1.5.3-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreshclam4-1.5.3-160000.1.1.x86_64",
"product": {
"name": "libfreshclam4-1.5.3-160000.1.1.x86_64",
"product_id": "libfreshclam4-1.5.3-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-1.5.3-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64"
},
"product_reference": "clamav-1.5.3-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-1.5.3-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le"
},
"product_reference": "clamav-1.5.3-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-1.5.3-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x"
},
"product_reference": "clamav-1.5.3-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-1.5.3-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64"
},
"product_reference": "clamav-1.5.3-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-devel-1.5.3-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64"
},
"product_reference": "clamav-devel-1.5.3-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-devel-1.5.3-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le"
},
"product_reference": "clamav-devel-1.5.3-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-devel-1.5.3-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x"
},
"product_reference": "clamav-devel-1.5.3-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-devel-1.5.3-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64"
},
"product_reference": "clamav-devel-1.5.3-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-docs-html-1.5.3-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch"
},
"product_reference": "clamav-docs-html-1.5.3-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-milter-1.5.3-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64"
},
"product_reference": "clamav-milter-1.5.3-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-milter-1.5.3-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le"
},
"product_reference": "clamav-milter-1.5.3-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-milter-1.5.3-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x"
},
"product_reference": "clamav-milter-1.5.3-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-milter-1.5.3-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64"
},
"product_reference": "clamav-milter-1.5.3-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclamav12-1.5.3-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64"
},
"product_reference": "libclamav12-1.5.3-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclamav12-1.5.3-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le"
},
"product_reference": "libclamav12-1.5.3-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclamav12-1.5.3-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x"
},
"product_reference": "libclamav12-1.5.3-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclamav12-1.5.3-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64"
},
"product_reference": "libclamav12-1.5.3-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclammspack0-1.5.3-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64"
},
"product_reference": "libclammspack0-1.5.3-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclammspack0-1.5.3-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le"
},
"product_reference": "libclammspack0-1.5.3-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclammspack0-1.5.3-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x"
},
"product_reference": "libclammspack0-1.5.3-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclammspack0-1.5.3-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64"
},
"product_reference": "libclammspack0-1.5.3-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreshclam4-1.5.3-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64"
},
"product_reference": "libfreshclam4-1.5.3-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreshclam4-1.5.3-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le"
},
"product_reference": "libfreshclam4-1.5.3-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreshclam4-1.5.3-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x"
},
"product_reference": "libfreshclam4-1.5.3-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreshclam4-1.5.3-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
},
"product_reference": "libfreshclam4-1.5.3-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-20213",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-20213"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in PE files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PE content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-20213",
"url": "https://www.suse.com/security/cve/CVE-2026-20213"
},
{
"category": "external",
"summary": "SUSE Bug 1270107 for CVE-2026-20213",
"url": "https://bugzilla.suse.com/1270107"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T16:59:27Z",
"details": "important"
}
],
"title": "CVE-2026-20213"
},
{
"cve": "CVE-2026-20214",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-20214"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in FSG files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains portable executable content compressed with FSG to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-20214",
"url": "https://www.suse.com/security/cve/CVE-2026-20214"
},
{
"category": "external",
"summary": "SUSE Bug 1270085 for CVE-2026-20214",
"url": "https://bugzilla.suse.com/1270085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T16:59:27Z",
"details": "important"
}
],
"title": "CVE-2026-20214"
},
{
"cve": "CVE-2026-20215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-20215"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in 7z files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains 7z\u0026nbsp;content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-20215",
"url": "https://www.suse.com/security/cve/CVE-2026-20215"
},
{
"category": "external",
"summary": "SUSE Bug 1270088 for CVE-2026-20215",
"url": "https://bugzilla.suse.com/1270088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T16:59:27Z",
"details": "important"
}
],
"title": "CVE-2026-20215"
},
{
"cve": "CVE-2026-20216",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-20216"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.\r\n\r\nThis vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerability by submitting a crafted InstallShield file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process and temporarily consume available system resources, resulting in a DoS condition on the affected software.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-20216",
"url": "https://www.suse.com/security/cve/CVE-2026-20216"
},
{
"category": "external",
"summary": "SUSE Bug 1270089 for CVE-2026-20216",
"url": "https://bugzilla.suse.com/1270089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T16:59:27Z",
"details": "important"
}
],
"title": "CVE-2026-20216"
},
{
"cve": "CVE-2026-20217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-20217"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in PESpin files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PESpin content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-20217",
"url": "https://www.suse.com/security/cve/CVE-2026-20217"
},
{
"category": "external",
"summary": "SUSE Bug 1270091 for CVE-2026-20217",
"url": "https://bugzilla.suse.com/1270091"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T16:59:27Z",
"details": "important"
}
],
"title": "CVE-2026-20217"
},
{
"cve": "CVE-2026-20243",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-20243"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in ALZ files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains ALZ content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-20243",
"url": "https://www.suse.com/security/cve/CVE-2026-20243"
},
{
"category": "external",
"summary": "SUSE Bug 1270092 for CVE-2026-20243",
"url": "https://bugzilla.suse.com/1270092"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T16:59:27Z",
"details": "important"
}
],
"title": "CVE-2026-20243"
},
{
"cve": "CVE-2026-20244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-20244"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in DMG files during scanning, which may result in an integer overflow on 32-bit platforms only. An attacker could exploit this vulnerability by submitting a crafted file that contains DMG content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-20244",
"url": "https://www.suse.com/security/cve/CVE-2026-20244"
},
{
"category": "external",
"summary": "SUSE Bug 1270106 for CVE-2026-20244",
"url": "https://bugzilla.suse.com/1270106"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T16:59:27Z",
"details": "important"
}
],
"title": "CVE-2026-20244"
},
{
"cve": "CVE-2026-41676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41676"
}
],
"notes": [
{
"category": "general",
"text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming *keylen, unconditionally writing the full shared secret (32/56/prime-size bytes). A caller passing a short slice gets a heap/stack overflow from safe code. OpenSSL 3.x providers do check, so this only impacts older OpenSSL. This vulnerability is fixed in 0.10.78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41676",
"url": "https://www.suse.com/security/cve/CVE-2026-41676"
},
{
"category": "external",
"summary": "SUSE Bug 1270137 for CVE-2026-41676",
"url": "https://bugzilla.suse.com/1270137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-devel-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:clamav-docs-html-1.5.3-160000.1.1.noarch",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:clamav-milter-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclamav12-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libclammspack0-1.5.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.s390x",
"openSUSE Leap 16.0:libfreshclam4-1.5.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-07T16:59:27Z",
"details": "moderate"
}
],
"title": "CVE-2026-41676"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.