Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-44740 (GCVE-0-2026-44740)
Vulnerability from cvelistv5 – Published: 2026-06-01 16:04 – Updated: 2026-06-01 18:14
VLAI
EPSS
Title
go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion
Summary
Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures. This issue has been patched in versions 5.9.0 and 6.0.0-alpha.1.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/go-git/go-billy/security/advis… | x_refsource_CONFIRM |
| https://github.com/go-git/go-billy/releases/tag/v5.9.0 | x_refsource_MISC |
| https://github.com/go-git/go-billy/releases/tag/v… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44740",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T18:13:54.236447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T18:14:04.315Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "go-billy",
"vendor": "go-git",
"versions": [
{
"status": "affected",
"version": "\u003c 5.9.0"
},
{
"status": "affected",
"version": "\u003c 6.0.0-alpha.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures. This issue has been patched in versions 5.9.0 and 6.0.0-alpha.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T16:04:50.358Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/go-git/go-billy/security/advisories/GHSA-m3xc-h892-ggx6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/go-git/go-billy/security/advisories/GHSA-m3xc-h892-ggx6"
},
{
"name": "https://github.com/go-git/go-billy/releases/tag/v5.9.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/go-git/go-billy/releases/tag/v5.9.0"
},
{
"name": "https://github.com/go-git/go-billy/releases/tag/v6.0.0-alpha.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/go-git/go-billy/releases/tag/v6.0.0-alpha.1"
}
],
"source": {
"advisory": "GHSA-m3xc-h892-ggx6",
"discovery": "UNKNOWN"
},
"title": "go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44740",
"datePublished": "2026-06-01T16:04:50.358Z",
"dateReserved": "2026-05-07T18:04:17.310Z",
"dateUpdated": "2026-06-01T18:14:04.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-44740",
"date": "2026-06-27",
"epss": "0.00295",
"percentile": "0.21223"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-44740\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-06-01T17:17:08.277\",\"lastModified\":\"2026-06-01T18:53:33.870\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures. This issue has been patched in versions 5.9.0 and 6.0.0-alpha.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"},{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"references\":[{\"url\":\"https://github.com/go-git/go-billy/releases/tag/v5.9.0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/go-git/go-billy/releases/tag/v6.0.0-alpha.1\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/go-git/go-billy/security/advisories/GHSA-m3xc-h892-ggx6\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-44740\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-01T18:13:54.236447Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-01T18:14:00.446Z\"}}], \"cna\": {\"title\": \"go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion\", \"source\": {\"advisory\": \"GHSA-m3xc-h892-ggx6\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"go-git\", \"product\": \"go-billy\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 5.9.0\"}, {\"status\": \"affected\", \"version\": \"\u003c 6.0.0-alpha.1\"}]}], \"references\": [{\"url\": \"https://github.com/go-git/go-billy/security/advisories/GHSA-m3xc-h892-ggx6\", \"name\": \"https://github.com/go-git/go-billy/security/advisories/GHSA-m3xc-h892-ggx6\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/go-git/go-billy/releases/tag/v5.9.0\", \"name\": \"https://github.com/go-git/go-billy/releases/tag/v5.9.0\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/go-git/go-billy/releases/tag/v6.0.0-alpha.1\", \"name\": \"https://github.com/go-git/go-billy/releases/tag/v6.0.0-alpha.1\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures. This issue has been patched in versions 5.9.0 and 6.0.0-alpha.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-674\", \"description\": \"CWE-674: Uncontrolled Recursion\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-835\", \"description\": \"CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-06-01T16:04:50.358Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-44740\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-01T18:14:04.315Z\", \"dateReserved\": \"2026-05-07T18:04:17.310Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-06-01T16:04:50.358Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-44740
Vulnerability from fkie_nvd - Published: 2026-06-01 17:17 - Updated: 2026-06-17 10:51
Severity
Summary
Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures. This issue has been patched in versions 5.9.0 and 6.0.0-alpha.1.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"product": "go-billy",
"vendor": "go-git",
"versions": [
{
"status": "affected",
"version": "\u003c 5.9.0"
},
{
"status": "affected",
"version": "\u003c 6.0.0-alpha.1"
}
]
}
],
"source": "security-advisories@github.com"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures. This issue has been patched in versions 5.9.0 and 6.0.0-alpha.1."
}
],
"id": "CVE-2026-44740",
"lastModified": "2026-06-17T10:51:17.450",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-44740",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T18:13:54.236447Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-01T17:17:08.277",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/go-git/go-billy/releases/tag/v5.9.0"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/go-git/go-billy/releases/tag/v6.0.0-alpha.1"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/go-git/go-billy/security/advisories/GHSA-m3xc-h892-ggx6"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
},
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-M3XC-H892-GGX6
Vulnerability from github – Published: 2026-05-13 15:29 – Updated: 2026-06-09 10:50
VLAI
Summary
go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion
Details
Impact
Multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption.
These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures.
Patches
Users should upgrade to a patched version in order to mitigate this vulnerability. Versions prior to v5 are likely to be affected, users are recommended to upgrade to a supported go-billy version.
Credits
Thanks to @faran66 for finding and reporting this issue privately to the go-git project. 🙇
Severity
6.5 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/go-git/go-billy/v5"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.9.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/go-git/go-billy/v6"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.0-alpha.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44740"
],
"database_specific": {
"cwe_ids": [
"CWE-674",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-13T15:29:47Z",
"nvd_published_at": "2026-06-01T17:17:08Z",
"severity": "MODERATE"
},
"details": "### Impact\nMultiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption.\n\nThese issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures.\n\n### Patches\nUsers should upgrade to a patched version in order to mitigate this vulnerability. Versions prior to `v5` are likely to be affected, users are recommended to upgrade to a supported `go-billy` version.\n\n### Credits\nThanks to @faran66 for finding and reporting this issue privately to the go-git project. \ud83d\ude47",
"id": "GHSA-m3xc-h892-ggx6",
"modified": "2026-06-09T10:50:07Z",
"published": "2026-05-13T15:29:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/go-git/go-billy/security/advisories/GHSA-m3xc-h892-ggx6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44740"
},
{
"type": "PACKAGE",
"url": "https://github.com/go-git/go-billy"
},
{
"type": "WEB",
"url": "https://github.com/go-git/go-billy/releases/tag/v5.9.0"
},
{
"type": "WEB",
"url": "https://github.com/go-git/go-billy/releases/tag/v6.0.0-alpha.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion"
}
OPENSUSE-SU-2026:10856-1
Vulnerability from csaf_opensuse - Published: 2026-05-24 00:00 - Updated: 2026-05-24 00:00Summary
rclone-1.74.2-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: rclone-1.74.2-1.1 on GA media
Description of the patch: These are all security issues fixed in the rclone-1.74.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10856
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.7 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
62 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "rclone-1.74.2-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the rclone-1.74.2-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10856",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10856-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25680 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25681 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27136 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33809 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39824 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42500 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42502 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44740 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "rclone-1.74.2-1.1 on GA media",
"tracking": {
"current_release_date": "2026-05-24T00:00:00Z",
"generator": {
"date": "2026-05-24T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10856-1",
"initial_release_date": "2026-05-24T00:00:00Z",
"revision_history": [
{
"date": "2026-05-24T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.74.2-1.1.aarch64",
"product": {
"name": "rclone-1.74.2-1.1.aarch64",
"product_id": "rclone-1.74.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "rclone-bash-completion-1.74.2-1.1.aarch64",
"product": {
"name": "rclone-bash-completion-1.74.2-1.1.aarch64",
"product_id": "rclone-bash-completion-1.74.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "rclone-zsh-completion-1.74.2-1.1.aarch64",
"product": {
"name": "rclone-zsh-completion-1.74.2-1.1.aarch64",
"product_id": "rclone-zsh-completion-1.74.2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.74.2-1.1.ppc64le",
"product": {
"name": "rclone-1.74.2-1.1.ppc64le",
"product_id": "rclone-1.74.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rclone-bash-completion-1.74.2-1.1.ppc64le",
"product": {
"name": "rclone-bash-completion-1.74.2-1.1.ppc64le",
"product_id": "rclone-bash-completion-1.74.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rclone-zsh-completion-1.74.2-1.1.ppc64le",
"product": {
"name": "rclone-zsh-completion-1.74.2-1.1.ppc64le",
"product_id": "rclone-zsh-completion-1.74.2-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.74.2-1.1.s390x",
"product": {
"name": "rclone-1.74.2-1.1.s390x",
"product_id": "rclone-1.74.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "rclone-bash-completion-1.74.2-1.1.s390x",
"product": {
"name": "rclone-bash-completion-1.74.2-1.1.s390x",
"product_id": "rclone-bash-completion-1.74.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "rclone-zsh-completion-1.74.2-1.1.s390x",
"product": {
"name": "rclone-zsh-completion-1.74.2-1.1.s390x",
"product_id": "rclone-zsh-completion-1.74.2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.74.2-1.1.x86_64",
"product": {
"name": "rclone-1.74.2-1.1.x86_64",
"product_id": "rclone-1.74.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "rclone-bash-completion-1.74.2-1.1.x86_64",
"product": {
"name": "rclone-bash-completion-1.74.2-1.1.x86_64",
"product_id": "rclone-bash-completion-1.74.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "rclone-zsh-completion-1.74.2-1.1.x86_64",
"product": {
"name": "rclone-zsh-completion-1.74.2-1.1.x86_64",
"product_id": "rclone-zsh-completion-1.74.2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.74.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64"
},
"product_reference": "rclone-1.74.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.74.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le"
},
"product_reference": "rclone-1.74.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.74.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x"
},
"product_reference": "rclone-1.74.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.74.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64"
},
"product_reference": "rclone-1.74.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-bash-completion-1.74.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64"
},
"product_reference": "rclone-bash-completion-1.74.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-bash-completion-1.74.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le"
},
"product_reference": "rclone-bash-completion-1.74.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-bash-completion-1.74.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x"
},
"product_reference": "rclone-bash-completion-1.74.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-bash-completion-1.74.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64"
},
"product_reference": "rclone-bash-completion-1.74.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-zsh-completion-1.74.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64"
},
"product_reference": "rclone-zsh-completion-1.74.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-zsh-completion-1.74.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le"
},
"product_reference": "rclone-zsh-completion-1.74.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-zsh-completion-1.74.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x"
},
"product_reference": "rclone-zsh-completion-1.74.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-zsh-completion-1.74.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
},
"product_reference": "rclone-zsh-completion-1.74.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25680"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25680",
"url": "https://www.suse.com/security/cve/CVE-2026-25680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-25680"
},
{
"cve": "CVE-2026-25681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25681"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25681",
"url": "https://www.suse.com/security/cve/CVE-2026-25681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-25681"
},
{
"cve": "CVE-2026-27136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27136"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27136",
"url": "https://www.suse.com/security/cve/CVE-2026-27136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-27136"
},
{
"cve": "CVE-2026-33809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33809"
}
],
"notes": [
{
"category": "general",
"text": "A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33809",
"url": "https://www.suse.com/security/cve/CVE-2026-33809"
},
{
"category": "external",
"summary": "SUSE Bug 1260692 for CVE-2026-33809",
"url": "https://bugzilla.suse.com/1260692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-33809"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39824"
}
],
"notes": [
{
"category": "general",
"text": "NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated string rather than an error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39824",
"url": "https://www.suse.com/security/cve/CVE-2026-39824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-39824"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-42500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42500"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42500",
"url": "https://www.suse.com/security/cve/CVE-2026-42500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-42500"
},
{
"cve": "CVE-2026-42502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42502"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42502",
"url": "https://www.suse.com/security/cve/CVE-2026-42502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-42502"
},
{
"cve": "CVE-2026-42506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42506"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42506",
"url": "https://www.suse.com/security/cve/CVE-2026-42506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-42506"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-44740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44740"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44740",
"url": "https://www.suse.com/security/cve/CVE-2026-44740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-44740"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
OPENSUSE-SU-2026:10941-1
Vulnerability from csaf_opensuse - Published: 2026-06-02 00:00 - Updated: 2026-06-02 00:00Summary
trivy-0.71.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: trivy-0.71.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the trivy-0.71.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10941
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "trivy-0.71.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the trivy-0.71.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10941",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10941-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25680 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25681 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27136 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42502 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44740 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44740/"
}
],
"title": "trivy-0.71.0-1.1 on GA media",
"tracking": {
"current_release_date": "2026-06-02T00:00:00Z",
"generator": {
"date": "2026-06-02T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10941-1",
"initial_release_date": "2026-06-02T00:00:00Z",
"revision_history": [
{
"date": "2026-06-02T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.71.0-1.1.aarch64",
"product": {
"name": "trivy-0.71.0-1.1.aarch64",
"product_id": "trivy-0.71.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.71.0-1.1.ppc64le",
"product": {
"name": "trivy-0.71.0-1.1.ppc64le",
"product_id": "trivy-0.71.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.71.0-1.1.s390x",
"product": {
"name": "trivy-0.71.0-1.1.s390x",
"product_id": "trivy-0.71.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.71.0-1.1.x86_64",
"product": {
"name": "trivy-0.71.0-1.1.x86_64",
"product_id": "trivy-0.71.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.71.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64"
},
"product_reference": "trivy-0.71.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.71.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le"
},
"product_reference": "trivy-0.71.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.71.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x"
},
"product_reference": "trivy-0.71.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.71.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
},
"product_reference": "trivy-0.71.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25680"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25680",
"url": "https://www.suse.com/security/cve/CVE-2026-25680"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25680",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25680"
},
{
"cve": "CVE-2026-25681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25681"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25681",
"url": "https://www.suse.com/security/cve/CVE-2026-25681"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25681",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25681"
},
{
"cve": "CVE-2026-27136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27136"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27136",
"url": "https://www.suse.com/security/cve/CVE-2026-27136"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-27136",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-27136"
},
{
"cve": "CVE-2026-42502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42502"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42502",
"url": "https://www.suse.com/security/cve/CVE-2026-42502"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42502",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42502"
},
{
"cve": "CVE-2026-42506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42506"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42506",
"url": "https://www.suse.com/security/cve/CVE-2026-42506"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42506",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42506"
},
{
"cve": "CVE-2026-44740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44740"
}
],
"notes": [
{
"category": "general",
"text": "Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures. This issue has been patched in versions 5.9.0 and 6.0.0-alpha.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44740",
"url": "https://www.suse.com/security/cve/CVE-2026-44740"
},
{
"category": "external",
"summary": "SUSE Bug 1267264 for CVE-2026-44740",
"url": "https://bugzilla.suse.com/1267264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-44740"
}
]
}
OPENSUSE-SU-2026:10967-1
Vulnerability from csaf_opensuse - Published: 2026-06-08 00:00 - Updated: 2026-06-08 00:00Summary
cheat-5.1.0-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: cheat-5.1.0-2.1 on GA media
Description of the patch: These are all security issues fixed in the cheat-5.1.0-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10967
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cheat-5.1.0-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cheat-5.1.0-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10967",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10967-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-1229 page",
"url": "https://www.suse.com/security/cve/CVE-2026-1229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44740 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "cheat-5.1.0-2.1 on GA media",
"tracking": {
"current_release_date": "2026-06-08T00:00:00Z",
"generator": {
"date": "2026-06-08T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10967-1",
"initial_release_date": "2026-06-08T00:00:00Z",
"revision_history": [
{
"date": "2026-06-08T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cheat-5.1.0-2.1.aarch64",
"product": {
"name": "cheat-5.1.0-2.1.aarch64",
"product_id": "cheat-5.1.0-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cheat-5.1.0-2.1.ppc64le",
"product": {
"name": "cheat-5.1.0-2.1.ppc64le",
"product_id": "cheat-5.1.0-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cheat-5.1.0-2.1.s390x",
"product": {
"name": "cheat-5.1.0-2.1.s390x",
"product_id": "cheat-5.1.0-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cheat-5.1.0-2.1.x86_64",
"product": {
"name": "cheat-5.1.0-2.1.x86_64",
"product_id": "cheat-5.1.0-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cheat-5.1.0-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64"
},
"product_reference": "cheat-5.1.0-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cheat-5.1.0-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le"
},
"product_reference": "cheat-5.1.0-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cheat-5.1.0-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x"
},
"product_reference": "cheat-5.1.0-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cheat-5.1.0-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64"
},
"product_reference": "cheat-5.1.0-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-1229"
}
],
"notes": [
{
"category": "general",
"text": "The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\nECDH and ECDSA signing relying on this curve are not affected.\n\nThe bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-1229",
"url": "https://www.suse.com/security/cve/CVE-2026-1229"
},
{
"category": "external",
"summary": "SUSE Bug 1265416 for CVE-2026-1229",
"url": "https://bugzilla.suse.com/1265416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-1229"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-41506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41506"
}
],
"notes": [
{
"category": "general",
"text": "go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41506",
"url": "https://www.suse.com/security/cve/CVE-2026-41506"
},
{
"category": "external",
"summary": "SUSE Bug 1264854 for CVE-2026-41506",
"url": "https://bugzilla.suse.com/1264854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-41506"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-44740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44740"
}
],
"notes": [
{
"category": "general",
"text": "Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures. This issue has been patched in versions 5.9.0 and 6.0.0-alpha.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44740",
"url": "https://www.suse.com/security/cve/CVE-2026-44740"
},
{
"category": "external",
"summary": "SUSE Bug 1267264 for CVE-2026-44740",
"url": "https://bugzilla.suse.com/1267264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-44740"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cheat-5.1.0-2.1.aarch64",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.s390x",
"openSUSE Tumbleweed:cheat-5.1.0-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
OPENSUSE-SU-2026:10996-1
Vulnerability from csaf_opensuse - Published: 2026-06-11 00:00 - Updated: 2026-06-11 00:00Summary
git-bug-0.10.1-6.1 on GA media
Severity
Moderate
Notes
Title of the patch: git-bug-0.10.1-6.1 on GA media
Description of the patch: These are all security issues fixed in the git-bug-0.10.1-6.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10996
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:git-bug-0.10.1-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-0.10.1-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-0.10.1-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-0.10.1-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "git-bug-0.10.1-6.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the git-bug-0.10.1-6.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10996",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10996-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44740 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44740/"
}
],
"title": "git-bug-0.10.1-6.1 on GA media",
"tracking": {
"current_release_date": "2026-06-11T00:00:00Z",
"generator": {
"date": "2026-06-11T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10996-1",
"initial_release_date": "2026-06-11T00:00:00Z",
"revision_history": [
{
"date": "2026-06-11T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "git-bug-0.10.1-6.1.aarch64",
"product": {
"name": "git-bug-0.10.1-6.1.aarch64",
"product_id": "git-bug-0.10.1-6.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-bug-bash-completion-0.10.1-6.1.aarch64",
"product": {
"name": "git-bug-bash-completion-0.10.1-6.1.aarch64",
"product_id": "git-bug-bash-completion-0.10.1-6.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-bug-fish-completion-0.10.1-6.1.aarch64",
"product": {
"name": "git-bug-fish-completion-0.10.1-6.1.aarch64",
"product_id": "git-bug-fish-completion-0.10.1-6.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-bug-zsh-completion-0.10.1-6.1.aarch64",
"product": {
"name": "git-bug-zsh-completion-0.10.1-6.1.aarch64",
"product_id": "git-bug-zsh-completion-0.10.1-6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-bug-0.10.1-6.1.ppc64le",
"product": {
"name": "git-bug-0.10.1-6.1.ppc64le",
"product_id": "git-bug-0.10.1-6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-bug-bash-completion-0.10.1-6.1.ppc64le",
"product": {
"name": "git-bug-bash-completion-0.10.1-6.1.ppc64le",
"product_id": "git-bug-bash-completion-0.10.1-6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-bug-fish-completion-0.10.1-6.1.ppc64le",
"product": {
"name": "git-bug-fish-completion-0.10.1-6.1.ppc64le",
"product_id": "git-bug-fish-completion-0.10.1-6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-bug-zsh-completion-0.10.1-6.1.ppc64le",
"product": {
"name": "git-bug-zsh-completion-0.10.1-6.1.ppc64le",
"product_id": "git-bug-zsh-completion-0.10.1-6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "git-bug-0.10.1-6.1.s390x",
"product": {
"name": "git-bug-0.10.1-6.1.s390x",
"product_id": "git-bug-0.10.1-6.1.s390x"
}
},
{
"category": "product_version",
"name": "git-bug-bash-completion-0.10.1-6.1.s390x",
"product": {
"name": "git-bug-bash-completion-0.10.1-6.1.s390x",
"product_id": "git-bug-bash-completion-0.10.1-6.1.s390x"
}
},
{
"category": "product_version",
"name": "git-bug-fish-completion-0.10.1-6.1.s390x",
"product": {
"name": "git-bug-fish-completion-0.10.1-6.1.s390x",
"product_id": "git-bug-fish-completion-0.10.1-6.1.s390x"
}
},
{
"category": "product_version",
"name": "git-bug-zsh-completion-0.10.1-6.1.s390x",
"product": {
"name": "git-bug-zsh-completion-0.10.1-6.1.s390x",
"product_id": "git-bug-zsh-completion-0.10.1-6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "git-bug-0.10.1-6.1.x86_64",
"product": {
"name": "git-bug-0.10.1-6.1.x86_64",
"product_id": "git-bug-0.10.1-6.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-bug-bash-completion-0.10.1-6.1.x86_64",
"product": {
"name": "git-bug-bash-completion-0.10.1-6.1.x86_64",
"product_id": "git-bug-bash-completion-0.10.1-6.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-bug-fish-completion-0.10.1-6.1.x86_64",
"product": {
"name": "git-bug-fish-completion-0.10.1-6.1.x86_64",
"product_id": "git-bug-fish-completion-0.10.1-6.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-bug-zsh-completion-0.10.1-6.1.x86_64",
"product": {
"name": "git-bug-zsh-completion-0.10.1-6.1.x86_64",
"product_id": "git-bug-zsh-completion-0.10.1-6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-0.10.1-6.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-0.10.1-6.1.aarch64"
},
"product_reference": "git-bug-0.10.1-6.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-0.10.1-6.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-0.10.1-6.1.ppc64le"
},
"product_reference": "git-bug-0.10.1-6.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-0.10.1-6.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-0.10.1-6.1.s390x"
},
"product_reference": "git-bug-0.10.1-6.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-0.10.1-6.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-0.10.1-6.1.x86_64"
},
"product_reference": "git-bug-0.10.1-6.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-bash-completion-0.10.1-6.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-6.1.aarch64"
},
"product_reference": "git-bug-bash-completion-0.10.1-6.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-bash-completion-0.10.1-6.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-6.1.ppc64le"
},
"product_reference": "git-bug-bash-completion-0.10.1-6.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-bash-completion-0.10.1-6.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-6.1.s390x"
},
"product_reference": "git-bug-bash-completion-0.10.1-6.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-bash-completion-0.10.1-6.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-6.1.x86_64"
},
"product_reference": "git-bug-bash-completion-0.10.1-6.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-fish-completion-0.10.1-6.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-6.1.aarch64"
},
"product_reference": "git-bug-fish-completion-0.10.1-6.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-fish-completion-0.10.1-6.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-6.1.ppc64le"
},
"product_reference": "git-bug-fish-completion-0.10.1-6.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-fish-completion-0.10.1-6.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-6.1.s390x"
},
"product_reference": "git-bug-fish-completion-0.10.1-6.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-fish-completion-0.10.1-6.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-6.1.x86_64"
},
"product_reference": "git-bug-fish-completion-0.10.1-6.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-zsh-completion-0.10.1-6.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-6.1.aarch64"
},
"product_reference": "git-bug-zsh-completion-0.10.1-6.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-zsh-completion-0.10.1-6.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-6.1.ppc64le"
},
"product_reference": "git-bug-zsh-completion-0.10.1-6.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-zsh-completion-0.10.1-6.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-6.1.s390x"
},
"product_reference": "git-bug-zsh-completion-0.10.1-6.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-zsh-completion-0.10.1-6.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-6.1.x86_64"
},
"product_reference": "git-bug-zsh-completion-0.10.1-6.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44740"
}
],
"notes": [
{
"category": "general",
"text": "Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures. This issue has been patched in versions 5.9.0 and 6.0.0-alpha.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-bug-0.10.1-6.1.aarch64",
"openSUSE Tumbleweed:git-bug-0.10.1-6.1.ppc64le",
"openSUSE Tumbleweed:git-bug-0.10.1-6.1.s390x",
"openSUSE Tumbleweed:git-bug-0.10.1-6.1.x86_64",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-6.1.aarch64",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-6.1.ppc64le",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-6.1.s390x",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-6.1.x86_64",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-6.1.aarch64",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-6.1.ppc64le",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-6.1.s390x",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-6.1.x86_64",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-6.1.aarch64",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-6.1.ppc64le",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-6.1.s390x",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44740",
"url": "https://www.suse.com/security/cve/CVE-2026-44740"
},
{
"category": "external",
"summary": "SUSE Bug 1267264 for CVE-2026-44740",
"url": "https://bugzilla.suse.com/1267264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-bug-0.10.1-6.1.aarch64",
"openSUSE Tumbleweed:git-bug-0.10.1-6.1.ppc64le",
"openSUSE Tumbleweed:git-bug-0.10.1-6.1.s390x",
"openSUSE Tumbleweed:git-bug-0.10.1-6.1.x86_64",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-6.1.aarch64",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-6.1.ppc64le",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-6.1.s390x",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-6.1.x86_64",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-6.1.aarch64",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-6.1.ppc64le",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-6.1.s390x",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-6.1.x86_64",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-6.1.aarch64",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-6.1.ppc64le",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-6.1.s390x",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:git-bug-0.10.1-6.1.aarch64",
"openSUSE Tumbleweed:git-bug-0.10.1-6.1.ppc64le",
"openSUSE Tumbleweed:git-bug-0.10.1-6.1.s390x",
"openSUSE Tumbleweed:git-bug-0.10.1-6.1.x86_64",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-6.1.aarch64",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-6.1.ppc64le",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-6.1.s390x",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-6.1.x86_64",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-6.1.aarch64",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-6.1.ppc64le",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-6.1.s390x",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-6.1.x86_64",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-6.1.aarch64",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-6.1.ppc64le",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-6.1.s390x",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-11T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-44740"
}
]
}
SUSE-SU-2026:22157-1
Vulnerability from csaf_suse - Published: 2026-06-17 16:31 - Updated: 2026-06-17 16:31Summary
Security update for amazon-ssm-agent
Severity
Important
Notes
Title of the patch: Security update for amazon-ssm-agent
Description of the patch: This update for amazon-ssm-agent fixes the following issues
Update to version 3.3.4624.0:
- CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh
(bsc#1239342).
- CVE-2025-22870: golang.org/x/net/proxy: proxy bypass using IPv6 zone IDs (bsc#1238702).
- CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in
response to a key listing or signing request (bsc#1253611).
- CVE-2026-1229: the CombinedMult function in the ecc/p384 package produces an incorrect value for specific inputs
(bsc#1265474).
- CVE-2026-25934: github.com/go-git/go-git/v5: improper verification of data integrity values for .pack and .idx files
can lead to the consumption of corrupted files (bsc#1258095).
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation
bypass and privilege esca (bsc#1266781).
- CVE-2026-41506: github.com/go-git/go-git/v5: HTTP authentication credential leak when following redirects during
smart-HTTP clone and fetch operations (bsc#1264952).
- CVE-2026-44740: github.com/go-git/go-billy/v5: improper input handling in many components can lead to DoS via infinite
loops, panics or resource consumption (bsc#1267332).
- CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266200).
- CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266200).
- CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266200).
- CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
(bsc#1266200).
- CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
(bsc#1266200).
- CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
(bsc#1266200).
- CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266200).
- CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266200).
- CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266200).
- CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
(bsc#1266200).
- CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
(bsc#1266200).
- CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266200).
- CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266200).
Changes:
* Bump golang.org/x/crypto from v0.51.0 to v0.52.0
* Bump golang.org/x/net from v0.54.0 to v0.55.0
* Enforce directory boundary in BuildSafePath
* Fix visibility issue with Bottlerocket OS in document output
* Update go-git from v5.17.1 to v5.19.1 (bsc#1264952, CVE-2026-41506), this
also updates go-billy from v5.8.0 to v5.9.0 (bsc#1267332, CVE-2026-44740)
* Bump golang.org/x/net from v0.48.0 to v0.53.0 (bsc#1266781, CVE-2026-39821)
* Quit if sysprep failed and log its current state
* Remove attached legacy cloudwatch plugin packages
* Upgrade Go version to 1.25.10
* Use BuildSafePath wherever it is applicable
* Add OOM killer protection to systemd service files
* Apply more sanitation to file and registry inventory gatherers
* Bump go-git to v5.17.1
* Deprecate legacy cloudwatch plugin
* Preserve network error details in credential refresher SSM API failures
* Upgrade Go version to 1.25.9
* Add SSM Distributor support for Bottlerocket OS
* Implement flush credentials command in ssm-cli
* Log ec2messages access denied as debug instead of error to reduce log noise
* Make credential refresher refresh cache quickly in case of credential flush
* Make Greengrass component registration resilient with retry
* Add EnforceWorkspaceRootOwnership configuration to support disable
hardening of agent workspace
* Add reboot comment to Windows shutdown command for SSM Agent traceability
* Update privilege access check to verify ownership and permissions
of document state files
* Add read-only version check prior to install and uninstall
in case of occupied package manager locks
* Add ANSI processing for CloudWatch and S3 log
* Upgrade go-git to v5.17.0 and cloudflare/circl to v1.6.3
to fix CVE-2026-1229
- Switch to systemd-tmpfiles to store runtime data (jsc#PED-14843)
* Disable Go 1.25 container-aware GOMAXPROCS to prevent holding
cgroup file descriptors open
* Upgrade Go version to 1.25.8
* Document CommandWorkerBufferLimit config
* Include package update in Dockerfile
* Reduce CloudWatch event message length threshold
* Upgrade Go version to 1.25.7
* Update github.com/go-git/go-git/v5 to 5.16.5 (bsc#1258095, CVE-2026-25934)
* Update greengrass version
* Update Golang version to 1.24.12
* Updating golang.org/x/crypto from v0.37.0 to v0.47.0, golang.org/x/net
from v0.39.0 to v0.48.0 and golang.org/x/sys from v0.32.0 to v0.40.0
(bsc#1253611, CVE-2025-47913)
* Categorize integration tests by adding new tags to split fast and slow ones
* Fix bug where IP field being empty string and causing UII API failure
* Allow Patch execution to persist across reboots not registered to SSM Agent
* Fix ENV_VAR interpolation to work correctly with parameter store value
* Implement immediate retries for failed reply messages to MGS for RunCommand documents
* Improve ssm-cli get-diagnostics command log output
* Support DomainJoin endpoint for EU sovereign cloud
* Support dualstack S3 endpoint for distributor packages
* Upgrade Go version to 1.24.11
* Add initial IPv6 support with UseDualStackEndpoint configuration option
* Fix CPU utilization issue for instances with thousands of network interfaces
* Add IMDS retry count to account for EC2 droplet refresh
* Fix duplicate uid error logging in MDS module
* Update aws:Domainjoin plugin logging from Log4Net to NLog
* Upgrade Go version to 1.24.7
* Update github.com/go-git/go-git/v5 to 5.15.0
* Update golang.org/x/crypto to v0.37.0 (bsc#1238702, CVE-2025-22870)
* Update golang.org/x/net to v0.39.0
* Update golang.org/x/sys to v0.32.0
* Add EU sovereign cloud S3 endpoint for DownloadContent plugin
* Add configurable credential rotation max backoff interval
* Migrate from twinj/uuid to google/uuid library
* Allow newer agent versions to be installed when deploying on Greengrass
* Harden function to remove non-admin run command documents in execution path
* Fix macOS credential refresher test issue due to missing Debugf from serialport skip file
* Enhance testability of custom certificate usage in debug SSM Agent builds
* Decouple serial port from startup and add credential refresher serialport logging
* Add GlobalEnhancedTelemetryEnabled config to README
* Add cloudwatch logs endpoint configuration to optional config for agent
* Update Greengrass component version
* Add file privilege check before processing document state file
* Storing AWS document interpolation ENV_VAR types as environment variables
* Throw explicit error when running local cli as non-priviledged user
* Harden telemetry dynamic config folder permissions
* Add configuration option for HandshakeTimeout
* Improve unit tests
* Add setup for emitting telemetry logs and metrics
* Add initial selection of error logs to emit to telemetry
* Simplify checkstyle and import organization in build scripts
* Update golang.org/x/net from v0.37.0 to v0.38.0
* Agent hibernation reason is logged to EC2 system logs
* Add metrics for the EC2Detector and IMDS EC2 status findings
* Change Linux DomainJoin plugin parameter KeepHostName to accept
both boolean and string
* Upgrade GoLang to version 1.23.8
* Update golang.org/x/crypto from v0.32.0 to v0.36.0 (bsc#1239342, CVE-2025-22869)
Patchnames: SUSE-SLES-16.0-943
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.7 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
77 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for amazon-ssm-agent",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for amazon-ssm-agent fixes the following issues\n\nUpdate to version 3.3.4624.0:\n\n- CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh\n (bsc#1239342).\n- CVE-2025-22870: golang.org/x/net/proxy: proxy bypass using IPv6 zone IDs (bsc#1238702).\n- CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in\n response to a key listing or signing request (bsc#1253611).\n- CVE-2026-1229: the CombinedMult function in the ecc/p384 package produces an incorrect value for specific inputs\n (bsc#1265474).\n- CVE-2026-25934: github.com/go-git/go-git/v5: improper verification of data integrity values for .pack and .idx files\n can lead to the consumption of corrupted files (bsc#1258095).\n- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation\n bypass and privilege esca (bsc#1266781).\n- CVE-2026-41506: github.com/go-git/go-git/v5: HTTP authentication credential leak when following redirects during\n smart-HTTP clone and fetch operations (bsc#1264952).\n- CVE-2026-44740: github.com/go-git/go-billy/v5: improper input handling in many components can lead to DoS via infinite\n loops, panics or resource consumption (bsc#1267332).\n- CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266200).\n- CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266200).\n- CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266200).\n- CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh\n (bsc#1266200).\n- CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh\n (bsc#1266200).\n- CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent\n (bsc#1266200).\n- CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266200).\n- CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266200).\n- CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266200).\n- CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts\n (bsc#1266200).\n- CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh\n (bsc#1266200).\n- CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266200).\n- CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266200).\n\nChanges:\n\n * Bump golang.org/x/crypto from v0.51.0 to v0.52.0\n * Bump golang.org/x/net from v0.54.0 to v0.55.0\n * Enforce directory boundary in BuildSafePath\n * Fix visibility issue with Bottlerocket OS in document output\n * Update go-git from v5.17.1 to v5.19.1 (bsc#1264952, CVE-2026-41506), this\n also updates go-billy from v5.8.0 to v5.9.0 (bsc#1267332, CVE-2026-44740)\n * Bump golang.org/x/net from v0.48.0 to v0.53.0 (bsc#1266781, CVE-2026-39821)\n * Quit if sysprep failed and log its current state\n * Remove attached legacy cloudwatch plugin packages\n * Upgrade Go version to 1.25.10\n * Use BuildSafePath wherever it is applicable\n * Add OOM killer protection to systemd service files\n * Apply more sanitation to file and registry inventory gatherers\n * Bump go-git to v5.17.1\n * Deprecate legacy cloudwatch plugin\n * Preserve network error details in credential refresher SSM API failures\n * Upgrade Go version to 1.25.9\n * Add SSM Distributor support for Bottlerocket OS\n * Implement flush credentials command in ssm-cli\n * Log ec2messages access denied as debug instead of error to reduce log noise\n * Make credential refresher refresh cache quickly in case of credential flush\n * Make Greengrass component registration resilient with retry\n * Add EnforceWorkspaceRootOwnership configuration to support disable\n hardening of agent workspace\n * Add reboot comment to Windows shutdown command for SSM Agent traceability\n * Update privilege access check to verify ownership and permissions\n of document state files\n * Add read-only version check prior to install and uninstall\n in case of occupied package manager locks\n * Add ANSI processing for CloudWatch and S3 log\n * Upgrade go-git to v5.17.0 and cloudflare/circl to v1.6.3\n to fix CVE-2026-1229\n- Switch to systemd-tmpfiles to store runtime data (jsc#PED-14843)\n * Disable Go 1.25 container-aware GOMAXPROCS to prevent holding\n cgroup file descriptors open\n * Upgrade Go version to 1.25.8\n * Document CommandWorkerBufferLimit config\n * Include package update in Dockerfile\n * Reduce CloudWatch event message length threshold\n * Upgrade Go version to 1.25.7\n * Update github.com/go-git/go-git/v5 to 5.16.5 (bsc#1258095, CVE-2026-25934)\n * Update greengrass version\n * Update Golang version to 1.24.12\n * Updating golang.org/x/crypto from v0.37.0 to v0.47.0, golang.org/x/net\n from v0.39.0 to v0.48.0 and golang.org/x/sys from v0.32.0 to v0.40.0\n (bsc#1253611, CVE-2025-47913)\n * Categorize integration tests by adding new tags to split fast and slow ones\n * Fix bug where IP field being empty string and causing UII API failure\n * Allow Patch execution to persist across reboots not registered to SSM Agent\n * Fix ENV_VAR interpolation to work correctly with parameter store value\n * Implement immediate retries for failed reply messages to MGS for RunCommand documents\n * Improve ssm-cli get-diagnostics command log output\n * Support DomainJoin endpoint for EU sovereign cloud\n * Support dualstack S3 endpoint for distributor packages\n * Upgrade Go version to 1.24.11\n * Add initial IPv6 support with UseDualStackEndpoint configuration option\n * Fix CPU utilization issue for instances with thousands of network interfaces\n * Add IMDS retry count to account for EC2 droplet refresh\n * Fix duplicate uid error logging in MDS module\n * Update aws:Domainjoin plugin logging from Log4Net to NLog\n * Upgrade Go version to 1.24.7\n * Update github.com/go-git/go-git/v5 to 5.15.0\n * Update golang.org/x/crypto to v0.37.0 (bsc#1238702, CVE-2025-22870)\n * Update golang.org/x/net to v0.39.0\n * Update golang.org/x/sys to v0.32.0\n * Add EU sovereign cloud S3 endpoint for DownloadContent plugin\n * Add configurable credential rotation max backoff interval\n * Migrate from twinj/uuid to google/uuid library\n * Allow newer agent versions to be installed when deploying on Greengrass\n * Harden function to remove non-admin run command documents in execution path\n * Fix macOS credential refresher test issue due to missing Debugf from serialport skip file\n * Enhance testability of custom certificate usage in debug SSM Agent builds\n * Decouple serial port from startup and add credential refresher serialport logging\n * Add GlobalEnhancedTelemetryEnabled config to README\n * Add cloudwatch logs endpoint configuration to optional config for agent\n * Update Greengrass component version\n * Add file privilege check before processing document state file\n * Storing AWS document interpolation ENV_VAR types as environment variables\n * Throw explicit error when running local cli as non-priviledged user\n * Harden telemetry dynamic config folder permissions\n * Add configuration option for HandshakeTimeout\n * Improve unit tests\n * Add setup for emitting telemetry logs and metrics\n * Add initial selection of error logs to emit to telemetry\n * Simplify checkstyle and import organization in build scripts\n * Update golang.org/x/net from v0.37.0 to v0.38.0\n * Agent hibernation reason is logged to EC2 system logs\n * Add metrics for the EC2Detector and IMDS EC2 status findings\n * Change Linux DomainJoin plugin parameter KeepHostName to accept\n both boolean and string\n * Upgrade GoLang to version 1.23.8\n * Update golang.org/x/crypto from v0.32.0 to v0.36.0 (bsc#1239342, CVE-2025-22869)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-943",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22157-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22157-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622157-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22157-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026930.html"
},
{
"category": "self",
"summary": "SUSE Bug 1238702",
"url": "https://bugzilla.suse.com/1238702"
},
{
"category": "self",
"summary": "SUSE Bug 1239342",
"url": "https://bugzilla.suse.com/1239342"
},
{
"category": "self",
"summary": "SUSE Bug 1253611",
"url": "https://bugzilla.suse.com/1253611"
},
{
"category": "self",
"summary": "SUSE Bug 1258095",
"url": "https://bugzilla.suse.com/1258095"
},
{
"category": "self",
"summary": "SUSE Bug 1264952",
"url": "https://bugzilla.suse.com/1264952"
},
{
"category": "self",
"summary": "SUSE Bug 1265474",
"url": "https://bugzilla.suse.com/1265474"
},
{
"category": "self",
"summary": "SUSE Bug 1266200",
"url": "https://bugzilla.suse.com/1266200"
},
{
"category": "self",
"summary": "SUSE Bug 1266781",
"url": "https://bugzilla.suse.com/1266781"
},
{
"category": "self",
"summary": "SUSE Bug 1267332",
"url": "https://bugzilla.suse.com/1267332"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-1229 page",
"url": "https://www.suse.com/security/cve/CVE-2026-1229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25934 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44740 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "Security update for amazon-ssm-agent",
"tracking": {
"current_release_date": "2026-06-17T16:31:19Z",
"generator": {
"date": "2026-06-17T16:31:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22157-1",
"initial_release_date": "2026-06-17T16:31:19Z",
"revision_history": [
{
"date": "2026-06-17T16:31:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"product": {
"name": "amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"product_id": "amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"product": {
"name": "amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"product_id": "amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2026-1229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-1229"
}
],
"notes": [
{
"category": "general",
"text": "The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\nECDH and ECDSA signing relying on this curve are not affected.\n\nThe bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-1229",
"url": "https://www.suse.com/security/cve/CVE-2026-1229"
},
{
"category": "external",
"summary": "SUSE Bug 1265416 for CVE-2026-1229",
"url": "https://bugzilla.suse.com/1265416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-1229"
},
{
"cve": "CVE-2026-25934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25934"
}
],
"notes": [
{
"category": "general",
"text": "go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found. For context, clients fetch packfiles from upstream Git servers. Those files contain a checksum of their contents, so that clients can perform integrity checks before consuming it. The pack indexes (.idx) are generated locally by go-git, or the git cli, when new .pack files are received and processed. The integrity checks for both files were not being verified correctly. This vulnerability is fixed in 5.16.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25934",
"url": "https://www.suse.com/security/cve/CVE-2026-25934"
},
{
"category": "external",
"summary": "SUSE Bug 1258093 for CVE-2026-25934",
"url": "https://bugzilla.suse.com/1258093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "moderate"
}
],
"title": "CVE-2026-25934"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-41506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41506"
}
],
"notes": [
{
"category": "general",
"text": "go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41506",
"url": "https://www.suse.com/security/cve/CVE-2026-41506"
},
{
"category": "external",
"summary": "SUSE Bug 1264854 for CVE-2026-41506",
"url": "https://bugzilla.suse.com/1264854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "moderate"
}
],
"title": "CVE-2026-41506"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-44740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44740"
}
],
"notes": [
{
"category": "general",
"text": "Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures. This issue has been patched in versions 5.9.0 and 6.0.0-alpha.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44740",
"url": "https://www.suse.com/security/cve/CVE-2026-44740"
},
{
"category": "external",
"summary": "SUSE Bug 1267264 for CVE-2026-44740",
"url": "https://bugzilla.suse.com/1267264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-44740"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ssm-agent-3.3.4624.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T16:31:19Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
SUSE-SU-2026:2468-1
Vulnerability from csaf_suse - Published: 2026-06-19 11:03 - Updated: 2026-06-19 11:03Summary
Security update for amazon-ssm-agent
Severity
Important
Notes
Title of the patch: Security update for amazon-ssm-agent
Description of the patch: This update for amazon-ssm-agent fixes the following issues
Update to version 3.3.4624.0:
- CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh
(bsc#1239342).
- CVE-2025-22870: golang.org/x/net/proxy: proxy bypass using IPv6 zone IDs (bsc#1238702).
- CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in
response to a key listing or signing request (bsc#1253611).
- CVE-2026-1229: the CombinedMult function in the ecc/p384 package produces an incorrect value for specific inputs
(bsc#1265474).
- CVE-2026-25934: github.com/go-git/go-git/v5: improper verification of data integrity values for .pack and .idx files
can lead to the consumption of corrupted files (bsc#1258095).
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation
bypass and privilege esca (bsc#1266781).
- CVE-2026-41506: github.com/go-git/go-git/v5: HTTP authentication credential leak when following redirects during
smart-HTTP clone and fetch operations (bsc#1264952).
- CVE-2026-44740: github.com/go-git/go-billy/v5: improper input handling in many components can lead to DoS via infinite
loops, panics or resource consumption (bsc#1267332).
- CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266200).
- CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266200).
- CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266200).
- CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
(bsc#1266200).
- CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
(bsc#1266200).
- CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
(bsc#1266200).
- CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266200).
- CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266200).
- CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266200).
- CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
(bsc#1266200).
- CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
(bsc#1266200).
- CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266200).
- CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266200).
Changes:
* Bump golang.org/x/crypto from v0.51.0 to v0.52.0
* Bump golang.org/x/net from v0.54.0 to v0.55.0
* Enforce directory boundary in BuildSafePath
* Fix visibility issue with Bottlerocket OS in document output
* Update go-git from v5.17.1 to v5.19.1 (bsc#1264952, CVE-2026-41506), this
also updates go-billy from v5.8.0 to v5.9.0 (bsc#1267332, CVE-2026-44740)
* Bump golang.org/x/net from v0.48.0 to v0.53.0 (bsc#1266781, CVE-2026-39821)
* Quit if sysprep failed and log its current state
* Remove attached legacy cloudwatch plugin packages
* Upgrade Go version to 1.25.10
* Use BuildSafePath wherever it is applicable
* Add OOM killer protection to systemd service files
* Apply more sanitation to file and registry inventory gatherers
* Bump go-git to v5.17.1
* Deprecate legacy cloudwatch plugin
* Preserve network error details in credential refresher SSM API failures
* Upgrade Go version to 1.25.9
* Add SSM Distributor support for Bottlerocket OS
* Implement flush credentials command in ssm-cli
* Log ec2messages access denied as debug instead of error to reduce log noise
* Make credential refresher refresh cache quickly in case of credential flush
* Make Greengrass component registration resilient with retry
* Add EnforceWorkspaceRootOwnership configuration to support disable
hardening of agent workspace
* Add reboot comment to Windows shutdown command for SSM Agent traceability
* Update privilege access check to verify ownership and permissions
of document state files
* Add read-only version check prior to install and uninstall
in case of occupied package manager locks
* Add ANSI processing for CloudWatch and S3 log
* Upgrade go-git to v5.17.0 and cloudflare/circl to v1.6.3
to fix CVE-2026-1229
- Switch to systemd-tmpfiles to store runtime data (jsc#PED-14843)
* Disable Go 1.25 container-aware GOMAXPROCS to prevent holding
cgroup file descriptors open
* Upgrade Go version to 1.25.8
* Document CommandWorkerBufferLimit config
* Include package update in Dockerfile
* Reduce CloudWatch event message length threshold
* Upgrade Go version to 1.25.7
* Update github.com/go-git/go-git/v5 to 5.16.5 (bsc#1258095, CVE-2026-25934)
* Update greengrass version
* Update Golang version to 1.24.12
* Updating golang.org/x/crypto from v0.37.0 to v0.47.0, golang.org/x/net
from v0.39.0 to v0.48.0 and golang.org/x/sys from v0.32.0 to v0.40.0
(bsc#1253611, CVE-2025-47913)
* Categorize integration tests by adding new tags to split fast and slow ones
* Fix bug where IP field being empty string and causing UII API failure
* Allow Patch execution to persist across reboots not registered to SSM Agent
* Fix ENV_VAR interpolation to work correctly with parameter store value
* Implement immediate retries for failed reply messages to MGS for RunCommand documents
* Improve ssm-cli get-diagnostics command log output
* Support DomainJoin endpoint for EU sovereign cloud
* Support dualstack S3 endpoint for distributor packages
* Upgrade Go version to 1.24.11
* Add initial IPv6 support with UseDualStackEndpoint configuration option
* Fix CPU utilization issue for instances with thousands of network interfaces
* Add IMDS retry count to account for EC2 droplet refresh
* Fix duplicate uid error logging in MDS module
* Update aws:Domainjoin plugin logging from Log4Net to NLog
* Upgrade Go version to 1.24.7
* Update github.com/go-git/go-git/v5 to 5.15.0
* Update golang.org/x/crypto to v0.37.0 (bsc#1238702, CVE-2025-22870)
* Update golang.org/x/net to v0.39.0
* Update golang.org/x/sys to v0.32.0
* Add EU sovereign cloud S3 endpoint for DownloadContent plugin
* Add configurable credential rotation max backoff interval
* Migrate from twinj/uuid to google/uuid library
* Allow newer agent versions to be installed when deploying on Greengrass
* Harden function to remove non-admin run command documents in execution path
* Fix macOS credential refresher test issue due to missing Debugf from serialport skip file
* Enhance testability of custom certificate usage in debug SSM Agent builds
* Decouple serial port from startup and add credential refresher serialport logging
* Add GlobalEnhancedTelemetryEnabled config to README
* Add cloudwatch logs endpoint configuration to optional config for agent
* Update Greengrass component version
* Add file privilege check before processing document state file
* Storing AWS document interpolation ENV_VAR types as environment variables
* Throw explicit error when running local cli as non-priviledged user
* Harden telemetry dynamic config folder permissions
* Add configuration option for HandshakeTimeout
* Improve unit tests
* Add setup for emitting telemetry logs and metrics
* Add initial selection of error logs to emit to telemetry
* Simplify checkstyle and import organization in build scripts
* Update golang.org/x/net from v0.37.0 to v0.38.0
* Agent hibernation reason is logged to EC2 system logs
* Add metrics for the EC2Detector and IMDS EC2 status findings
* Change Linux DomainJoin plugin parameter KeepHostName to accept
both boolean and string
* Upgrade GoLang to version 1.23.8
* Update golang.org/x/crypto from v0.32.0 to v0.36.0 (bsc#1239342, CVE-2025-22869)
Patchnames: SUSE-2026-2468,SUSE-SLE-Module-Public-Cloud-12-2026-2468
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.7 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
77 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for amazon-ssm-agent",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for amazon-ssm-agent fixes the following issues\n\nUpdate to version 3.3.4624.0:\n\t\n- CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh\n (bsc#1239342).\n- CVE-2025-22870: golang.org/x/net/proxy: proxy bypass using IPv6 zone IDs (bsc#1238702).\n- CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in\n response to a key listing or signing request (bsc#1253611).\n- CVE-2026-1229: the CombinedMult function in the ecc/p384 package produces an incorrect value for specific inputs\n (bsc#1265474).\n- CVE-2026-25934: github.com/go-git/go-git/v5: improper verification of data integrity values for .pack and .idx files\n can lead to the consumption of corrupted files (bsc#1258095).\n- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation\n bypass and privilege esca (bsc#1266781).\n- CVE-2026-41506: github.com/go-git/go-git/v5: HTTP authentication credential leak when following redirects during\n smart-HTTP clone and fetch operations (bsc#1264952).\n- CVE-2026-44740: github.com/go-git/go-billy/v5: improper input handling in many components can lead to DoS via infinite\n loops, panics or resource consumption (bsc#1267332).\n- CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266200).\n- CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266200).\n- CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266200).\n- CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh\n (bsc#1266200).\n- CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh\n (bsc#1266200).\n- CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent\n (bsc#1266200).\n- CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266200).\n- CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266200).\n- CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266200).\n- CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts\n (bsc#1266200).\n- CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh\n (bsc#1266200).\n- CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266200).\n- CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266200).\n\nChanges:\n\n * Bump golang.org/x/crypto from v0.51.0 to v0.52.0\n * Bump golang.org/x/net from v0.54.0 to v0.55.0\n * Enforce directory boundary in BuildSafePath\n * Fix visibility issue with Bottlerocket OS in document output\n * Update go-git from v5.17.1 to v5.19.1 (bsc#1264952, CVE-2026-41506), this\n also updates go-billy from v5.8.0 to v5.9.0 (bsc#1267332, CVE-2026-44740)\n * Bump golang.org/x/net from v0.48.0 to v0.53.0 (bsc#1266781, CVE-2026-39821)\n * Quit if sysprep failed and log its current state\n * Remove attached legacy cloudwatch plugin packages\n * Upgrade Go version to 1.25.10\n * Use BuildSafePath wherever it is applicable\n * Add OOM killer protection to systemd service files\n * Apply more sanitation to file and registry inventory gatherers\n * Bump go-git to v5.17.1\n * Deprecate legacy cloudwatch plugin\n * Preserve network error details in credential refresher SSM API failures\n * Upgrade Go version to 1.25.9\n * Add SSM Distributor support for Bottlerocket OS\n * Implement flush credentials command in ssm-cli\n * Log ec2messages access denied as debug instead of error to reduce log noise\n * Make credential refresher refresh cache quickly in case of credential flush\n * Make Greengrass component registration resilient with retry\n * Add EnforceWorkspaceRootOwnership configuration to support disable\n hardening of agent workspace\n * Add reboot comment to Windows shutdown command for SSM Agent traceability\n * Update privilege access check to verify ownership and permissions\n of document state files\n * Add read-only version check prior to install and uninstall\n in case of occupied package manager locks\n * Add ANSI processing for CloudWatch and S3 log\n * Upgrade go-git to v5.17.0 and cloudflare/circl to v1.6.3\n to fix CVE-2026-1229\n- Switch to systemd-tmpfiles to store runtime data (jsc#PED-14843)\n * Disable Go 1.25 container-aware GOMAXPROCS to prevent holding\n cgroup file descriptors open\n * Upgrade Go version to 1.25.8\n * Document CommandWorkerBufferLimit config\n * Include package update in Dockerfile\n * Reduce CloudWatch event message length threshold\n * Upgrade Go version to 1.25.7\n * Update github.com/go-git/go-git/v5 to 5.16.5 (bsc#1258095, CVE-2026-25934)\n * Update greengrass version\n * Update Golang version to 1.24.12\n * Updating golang.org/x/crypto from v0.37.0 to v0.47.0, golang.org/x/net\n from v0.39.0 to v0.48.0 and golang.org/x/sys from v0.32.0 to v0.40.0\n (bsc#1253611, CVE-2025-47913)\n * Categorize integration tests by adding new tags to split fast and slow ones\n * Fix bug where IP field being empty string and causing UII API failure\n * Allow Patch execution to persist across reboots not registered to SSM Agent\n * Fix ENV_VAR interpolation to work correctly with parameter store value\n * Implement immediate retries for failed reply messages to MGS for RunCommand documents\n * Improve ssm-cli get-diagnostics command log output\n * Support DomainJoin endpoint for EU sovereign cloud\n * Support dualstack S3 endpoint for distributor packages\n * Upgrade Go version to 1.24.11\n * Add initial IPv6 support with UseDualStackEndpoint configuration option\n * Fix CPU utilization issue for instances with thousands of network interfaces\n * Add IMDS retry count to account for EC2 droplet refresh\n * Fix duplicate uid error logging in MDS module\n * Update aws:Domainjoin plugin logging from Log4Net to NLog\n * Upgrade Go version to 1.24.7\n * Update github.com/go-git/go-git/v5 to 5.15.0\n * Update golang.org/x/crypto to v0.37.0 (bsc#1238702, CVE-2025-22870)\n * Update golang.org/x/net to v0.39.0\n * Update golang.org/x/sys to v0.32.0\n * Add EU sovereign cloud S3 endpoint for DownloadContent plugin\n * Add configurable credential rotation max backoff interval\n * Migrate from twinj/uuid to google/uuid library\n * Allow newer agent versions to be installed when deploying on Greengrass\n * Harden function to remove non-admin run command documents in execution path\n * Fix macOS credential refresher test issue due to missing Debugf from serialport skip file\n * Enhance testability of custom certificate usage in debug SSM Agent builds\n * Decouple serial port from startup and add credential refresher serialport logging\n * Add GlobalEnhancedTelemetryEnabled config to README\n * Add cloudwatch logs endpoint configuration to optional config for agent\n * Update Greengrass component version\n * Add file privilege check before processing document state file\n * Storing AWS document interpolation ENV_VAR types as environment variables\n * Throw explicit error when running local cli as non-priviledged user\n * Harden telemetry dynamic config folder permissions\n * Add configuration option for HandshakeTimeout\n * Improve unit tests\n * Add setup for emitting telemetry logs and metrics\n * Add initial selection of error logs to emit to telemetry\n * Simplify checkstyle and import organization in build scripts\n * Update golang.org/x/net from v0.37.0 to v0.38.0\n * Agent hibernation reason is logged to EC2 system logs\n * Add metrics for the EC2Detector and IMDS EC2 status findings\n * Change Linux DomainJoin plugin parameter KeepHostName to accept\n both boolean and string\n * Upgrade GoLang to version 1.23.8\n * Update golang.org/x/crypto from v0.32.0 to v0.36.0 (bsc#1239342, CVE-2025-22869)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2468,SUSE-SLE-Module-Public-Cloud-12-2026-2468",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2468-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2468-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262468-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2468-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047438.html"
},
{
"category": "self",
"summary": "SUSE Bug 1238702",
"url": "https://bugzilla.suse.com/1238702"
},
{
"category": "self",
"summary": "SUSE Bug 1239342",
"url": "https://bugzilla.suse.com/1239342"
},
{
"category": "self",
"summary": "SUSE Bug 1253611",
"url": "https://bugzilla.suse.com/1253611"
},
{
"category": "self",
"summary": "SUSE Bug 1258095",
"url": "https://bugzilla.suse.com/1258095"
},
{
"category": "self",
"summary": "SUSE Bug 1264952",
"url": "https://bugzilla.suse.com/1264952"
},
{
"category": "self",
"summary": "SUSE Bug 1265474",
"url": "https://bugzilla.suse.com/1265474"
},
{
"category": "self",
"summary": "SUSE Bug 1266200",
"url": "https://bugzilla.suse.com/1266200"
},
{
"category": "self",
"summary": "SUSE Bug 1266781",
"url": "https://bugzilla.suse.com/1266781"
},
{
"category": "self",
"summary": "SUSE Bug 1267332",
"url": "https://bugzilla.suse.com/1267332"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-1229 page",
"url": "https://www.suse.com/security/cve/CVE-2026-1229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25934 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44740 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "Security update for amazon-ssm-agent",
"tracking": {
"current_release_date": "2026-06-19T11:03:24Z",
"generator": {
"date": "2026-06-19T11:03:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2468-1",
"initial_release_date": "2026-06-19T11:03:24Z",
"revision_history": [
{
"date": "2026-06-19T11:03:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"product": {
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"product_id": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"product": {
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"product_id": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 12",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12",
"product": {
"name": "SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 12",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 12",
"product_id": "SUSE Linux Enterprise High Performance Computing 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
},
"product_reference": "amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-19T11:03:24Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-19T11:03:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-19T11:03:24Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2026-1229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-1229"
}
],
"notes": [
{
"category": "general",
"text": "The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\nECDH and ECDSA signing relying on this curve are not affected.\n\nThe bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-1229",
"url": "https://www.suse.com/security/cve/CVE-2026-1229"
},
{
"category": "external",
"summary": "SUSE Bug 1265416 for CVE-2026-1229",
"url": "https://bugzilla.suse.com/1265416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-19T11:03:24Z",
"details": "important"
}
],
"title": "CVE-2026-1229"
},
{
"cve": "CVE-2026-25934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25934"
}
],
"notes": [
{
"category": "general",
"text": "go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found. For context, clients fetch packfiles from upstream Git servers. Those files contain a checksum of their contents, so that clients can perform integrity checks before consuming it. The pack indexes (.idx) are generated locally by go-git, or the git cli, when new .pack files are received and processed. The integrity checks for both files were not being verified correctly. This vulnerability is fixed in 5.16.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25934",
"url": "https://www.suse.com/security/cve/CVE-2026-25934"
},
{
"category": "external",
"summary": "SUSE Bug 1258093 for CVE-2026-25934",
"url": "https://bugzilla.suse.com/1258093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-19T11:03:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-25934"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-19T11:03:24Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-19T11:03:24Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-19T11:03:24Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-19T11:03:24Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-19T11:03:24Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-19T11:03:24Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-19T11:03:24Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-19T11:03:24Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-19T11:03:24Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-19T11:03:24Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-41506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41506"
}
],
"notes": [
{
"category": "general",
"text": "go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41506",
"url": "https://www.suse.com/security/cve/CVE-2026-41506"
},
{
"category": "external",
"summary": "SUSE Bug 1264854 for CVE-2026-41506",
"url": "https://bugzilla.suse.com/1264854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-19T11:03:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-41506"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-19T11:03:24Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-44740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44740"
}
],
"notes": [
{
"category": "general",
"text": "Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures. This issue has been patched in versions 5.9.0 and 6.0.0-alpha.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44740",
"url": "https://www.suse.com/security/cve/CVE-2026-44740"
},
{
"category": "external",
"summary": "SUSE Bug 1267264 for CVE-2026-44740",
"url": "https://bugzilla.suse.com/1267264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-19T11:03:24Z",
"details": "important"
}
],
"title": "CVE-2026-44740"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-19T11:03:24Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-19T11:03:24Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12:amazon-ssm-agent-3.3.4624.0-4.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-19T11:03:24Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…