SUSE alert openSUSE-SU-2026:20657-1 (freerdp)
| From: | null@suse.de | |
| To: | security-announce@lists.opensuse.org | |
| Subject: | openSUSE-SU-2026:20657-1: important: Security update for freerdp | |
| Date: | Mon, 04 May 2026 15:29:28 +0200 | |
| Message-ID: | <20260504132928.7ACC7FCE1@maintenance.suse.de> | |
| Archive-link: | Article |
openSUSE security update: security update for freerdp ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20657-1 Rating: important References: * bsc#1258919 * bsc#1258920 * bsc#1258921 * bsc#1258923 * bsc#1258924 * bsc#1258973 * bsc#1258976 * bsc#1258977 * bsc#1258979 * bsc#1258982 * bsc#1258985 * bsc#1259653 * bsc#1259679 * bsc#1259680 * bsc#1259684 * bsc#1259686 * bsc#1259689 * bsc#1259692 * bsc#1259693 * bsc#1261196 * bsc#1261198 * bsc#1261200 * bsc#1261211 * bsc#1261217 * bsc#1261222 * bsc#1261223 * bsc#1261226 * bsc#1261227 Cross-References: * CVE-2026-25941 * CVE-2026-25942 * CVE-2026-25952 * CVE-2026-25953 * CVE-2026-25954 * CVE-2026-25955 * CVE-2026-25959 * CVE-2026-25997 * CVE-2026-26271 * CVE-2026-26955 * CVE-2026-26965 * CVE-2026-29774 * CVE-2026-29775 * CVE-2026-29776 * CVE-2026-31806 * CVE-2026-31883 * CVE-2026-31884 * CVE-2026-31885 * CVE-2026-31897 * CVE-2026-33952 * CVE-2026-33977 * CVE-2026-33982 * CVE-2026-33983 * CVE-2026-33984 * CVE-2026-33985 * CVE-2026-33986 * CVE-2026-33987 * CVE-2026-33995 CVSS scores: * CVE-2026-25941 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-25941 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-25942 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25942 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25952 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25952 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25953 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25953 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25954 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25954 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25955 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-25955 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25959 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-25959 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25997 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-25997 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-26955 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26955 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-26965 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26965 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-29774 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29774 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-29775 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29775 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-29776 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-29776 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31806 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-31806 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31883 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31883 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-31884 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31884 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31885 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L * CVE-2026-31885 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31897 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-31897 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-33952 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33952 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33977 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33977 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-33983 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33983 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33984 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-33984 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33985 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L * CVE-2026-33985 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-33986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-33987 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-33995 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 28 vulnerabilities and has 28 bug fixes can now be installed. Description: This update for freerdp fixes the following issues: Update to version 3.24.2. Security issues fixed: - CVE-2026-25941: out-of-bounds read in the FreeRDP client RDPGFX channel (bsc#1258919). - CVE-2026-25942: buffer overflow of global array in `xf_rail_server_execute_result` (bsc#1258920). - CVE-2026-25952: heap use-after-free in `xf_SetWindowMinMaxInfo` (bsc#1258921). - CVE-2026-25953: heap use-after-free in `xf_AppUpdateWindowFromSurface` (bsc#1258923). - CVE-2026-25954: heap use-after-free in `xf_rail_server_local_move_size` (bsc#1258924). - CVE-2026-25955: heap use-after-free in `xf_AppUpdateWindowFromSurface` (bsc#1258973). - CVE-2026-25959: heap use-after-free in `xf_cliprdr_provide_data_` (bsc#1258976). - CVE-2026-25997: heap use-after-free in `xf_clipboard_format_equal` (bsc#1258977). - CVE-2026-26271: buffer overread in FreeRDP icon processing (bsc#1258979). - CVE-2026-26955: out-of-bounds write in FreeRDP clients using the GDI surface pipeline (bsc#1258982). - CVE-2026-26965: out-of-bounds write in FreeRDP client RLE planar decode path (bsc#1258985). - CVE-2026-29774: heap buffer overflow in the FreeRDP client's AVC420/AVC444 YUV-to-RGB conversion path (bsc#1259689). - CVE-2026-29775: out-of-bounds access in the FreeRDP client bitmap cache subsystem (bsc#1259684). - CVE-2026-29776: integer underflow in `update_read_cache_bitmap_order` (bsc#1259692). - CVE-2026-31806: heap buffer overflow in `nsc_process_message` (bsc#1259653). - CVE-2026-31883: heap buffer overwrite due to a `size_t` underflow in the IMA-ADPCM and MS-ADPCM audio decoders (bsc#1259679). - CVE-2026-31884: division by zero in MS-ADPCM and IMA-ADPCM decoders (bsc#1259680). - CVE-2026-31885: out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders (bsc#1259686). - CVE-2026-31897: out-of-bounds read in `freerdp_bitmap_decompress_planar` (bsc#1259693). - CVE-2026-33952: client-side crash due to `WINPR_ASSERT()` failure in `rts_read_auth_verifier_no_checks()` (bsc#1261196). - CVE-2026-33977: client-side crash due to `WINPR_ASSERT()` failure in IMA ADPCM audio decoder (bsc#1261198). - CVE-2026-33982: heap buffer overread in in `winpr_aligned_offset_recalloc` (bsc#1261222). - CVE-2026-33983: undefined behavior and resource exhaustion via 80 billion iteration loop in `progressive_decompress_tile_upgrade` (bsc#1261200). - CVE-2026-33984: heap buffer overflow in ClearCodec `resize_vbar_entry` (bsc#1261211). - CVE-2026-33985: heap out-of-bounds read in `clear_decompress_glyph_data` (bsc#1261217). - CVE-2026-33986: heap out-of-bounds write due to H.264 YUV buffer dimension desync (bsc#1261223). - CVE-2026-33987: heap out-of-bounds write due to persistent cache bmpSize desync (bsc#1261226). - CVE-2026-33995: double-free vulnerability in `kerberos_AcceptSecurityContext` and `kerberos_InitializeSecurityContextA` (bsc#1261227). Other updates and bugfixes: - Version 3.24.2: * [channels,video] fix wrong cast (#12511) * [codec,openh264] reject encoder ABI mismatch on runtime-loaded library (#12510) * [client,sdl] create a copy of rdpPointer (#12512) * [codec,video] properly pass intermediate format (#12518) * [utils, signal] lazily initialize Windows CRITICAL_SECTION to match POSIX static mutex behavior (#12520) winpr: improve libunwind backtraces (#12530) * [server,shadow] remember selected caps (#12528) * Zero credential data before free in NLA and NTLM context (#12532) * [server,proxy] ignore missing client in input channel (#12536) * [server,proxy] ignore rdpdr messages (#12537) * [winpr,sspi] improve kerberos logging (#12538) * Codec fixes (#12542) - Version 3.24.1: * [warnings] fix various sign and cast warnings (#12480) * [client,x11] start with xfc->remote_app = TRUE; (#12491) * Sam file read regression fix (#12484) * [ncrypt,smartcardlogon] support ECC keys in PKCS#11 smartcard enumeration (#12490) * Fix: memory leak in rdp_client_establish_keys() (#12494) * Fix memory leak in freerdp_settings_int_buffer_copy() on error paths (libfreerdp/core/settings.c) (#12486) * Code Cleanups (#12493) * Fix: memory leak in PCSC_SCardListReadersW() (#12495) * [channels,telemetry] use dynamic logging (#12496) * [channel,gfx] use generic plugin log (@12498, #12499) * [channels,audin] set error when audio_format_read fails (#12500) * [channels,video] unify error handling (#12502) * Fastpath fine grained lock (#12503) * [core,update] make the PlaySound callback non-mandatory (#12504) * Refinements: RPM build updates, FIPS improvements (#12506) - Version 3.24.0: * Completed the [[nodiscard]] marking of the API to warn about problematic * unchecked use of functions * Added full C23 support (default stays at C11) to allow new compilers * to do stricter checking * Improved X11 and SDL3 clients * Improved smartcard support * proxy now supports RFX graphics mode * Attribute nodiscard related chanes (#12325, #12360, #12395, #12406, #12421, #12426, #12177, #12403, #12405, #12407, #12409, #12408, #12412, #12413) * c23 related improvements (#12368, #12371, #12379, #12381, #12383, #12385, #12386, #12387, #12384) * Generic code cleanups (#12382, #12439, #12455, #12462, #12399, #12473) [core,utils] ignore NULL values in remove_rdpdr_type (#12372) * [codec,fdk] revert use of WinPR types (#12373) * [core,gateway] ignore incomplete rpc header (#12375, #12376) * [warnings] make function declaration names consistent (#12377) * [libfreerdp] Add new define for logon error info (#12380) * [client,x11] improve rails window locking (#12392) * Reload fix missing null checks (#12396) * Bounds checks (#12400) * [server,proxy] check for nullptr before using scard_call_context (#12404) * [uwac] fix rectangular glitch around surface damage regions (#12410) * Address various error handling inconsistencies (#12411) * [core,server] Improve WTS API locking (#12414) * Address some GCC compile issues (#12415, #12420) * Winpr atexit (#12416) * [winpr,smartcard] fix function pointer casts (#12422) * Xf timer fix (#12423) * [client,sdl] workaround for wlroots compositors (#12425) * [client,sdl] fix SdlWindow::query (#12378) * [winpr,smartcard] fix PCSC_ReleaseCardContext (#12427) * [client,x11] eliminate obsolete compile flags (#12428) * [client,common] skip sending input events when not connected (#12429) * Input connected checks (#12430) * Floatbar and display channel improvements (#12431) * [winpr,platform] fix WINPR_ATTR_NODISCARD definition (#12432) * [client] Fix writing of gatewayusagemethod to .rdp files (#12433) * Nodiscard finetune (#12435) * [core] fix missing gateway credential sync (#12436) * [client,sdl3] limit FREERDP_WLROOTS_HACK (#12441) * [core,settings] Allow FreeRDP_instance in setter (#12442) * [codec,h264] make log message trace (#12444) * X11 rails improve (#12440) * [codec,nsc] limit copy area in nsc_process_message (#12448) * Proxy support RFX and NSC settings (#12449) * [client,common] display a shortened help on parsing issues (#12450) * [winpr,smartcard] refine locking for pcsc layer (#12451) * [codec,swscale] allow runtime loading of swscale (#12452) * Swscale fallback (#12454) * Sdl multi scaling support (#12456) * [packaging,flatpak] update runtime and dependencies (#12457) * [codec,video] add doxygen version details (#12458) * [github,templates] update templates (#12460) * [client,sdl] allow FREERDP_WLROOTS_HACK for all sessions (#12461) * [warnings,nodiscard] add log messages for failures (#12463) * [gdi,gdi] ignore empty rectangles (#12467) * Smartcard fix smartcard-login, pass rdpContext for abort (#12466) * [winpr,smartcard] fix compiler warnings (#12469) * [winpr,timezone] fix search for transition dates (#12468) * [client,common] improve /p help (#12471) * Scard logging refactored (#12472) * [emu,scard] fix smartcard emulation (#12475) * Sdl null cursor (#12474) - Version 3.23.0: * Sdl cleanup (#12202) * [client,sdl] do not apply window offset (#12205) * [client,sdl] add SDL_Error to exceptions (#12214) * Rdp monitor log (#12215) * [winpr,smartcard] implement some attributes (#12213) * [client,windows] Fix return value checks for mouse event functions (#12279) * [channels,rdpecam] fix sws context checks (#12272) * [client,windows] Enhance error handling and context validation (#12264) * [client,windows] Add window handle validation in RDP_EVENT_TYPE_WINDOW_NEW (#12261) * [client,sdl] fix multimon/fullscreen on wayland (#12248) * Vendor by app (#12207) * [core,gateway] relax TSG parsing (#12283) * [winpr,smartcard] simplify PCSC_ReadDeviceSystemName (#12273) * [client,windows] Implement complete keyboard indicator synchronization (#12268) * Fixes more more more (#12286) * Use application details for names (#12285) * warning cleanups (#12289) * Warning cleanup (#12291) * [client,windows] Enhance memory safety with NULL checks and resource protection (#12271) * [client,x11] apply /size:xx% only once (#12293) * Freerdp config test (#12295) * [winpr,smartcard] fix returned attribute length (#12296) * [client,SDL3] Fix properly handle smart-sizing with fullscreen (#12298) * [core,test] fix use after free (#12299) * Sign warnings (#12300) * [cmake,compiler] disable -Wjump-misses-init (#12301) * [codec,color] fix input length checks (#12302) * [client,sdl] improve cursor updates, fix surface sizes (#12303) * Sdl fullscreen (#12217) * [client,sdl] fix move constructor of SdlWindow (#12305) * [utils,smartcard] check stream length on padding (#12306) * [android] Fix invert scrolling default value mismatch (#12309) * Clear fix bounds checks (#12310) * Winpr attr nodiscard fkt ptr (#12311) * [codec,planar] fix missing destination bounds checks (#12312) * [codec,clear] fix destination checks (#12315) * NSC Codec fixes (#12317) * Freerdp api nodiscard (#12313) * [allocations] fix growth of preallocated buffers (#12319) * Rdpdr simplify (#12320) * Resource fix (#12323) * [winpr,utils] ensure message queue capacity (#12322) * [server,shadow] fix return and parameter checks (#12330) * Shadow fixes (#12331) * [rdtk,nodiscard] mark rdtk API nodiscard (#12329) * [client,x11] fix XGetWindowProperty return handling (#12334) * Win32 signal (#12335) * [channel,usb] fix message parsing and creation (#12336) * [cmake] Define WINPR_DEFINE_ATTR_NODISCARD (#12338) * Proxy config fix (#12345) * [codec,progressive] refine progressive decoding (#12347) * [client,sdl] fix sdl_Pointer_New (#12350) * [core,gateway] parse [MS-TSGU] 2.2.10.5 HTTP_CHANNEL_RESPONSE_OPTIONAL (#12353) * X11 kbd sym (#12354) * Windows compile warning fixes (#12357,#12358,#12359) Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-663=1 Package List: - openSUSE Leap 16.0: freerdp-3.24.2-160000.1.1 freerdp-devel-3.24.2-160000.1.1 freerdp-proxy-3.24.2-160000.1.1 freerdp-proxy-plugins-3.24.2-160000.1.1 freerdp-sdl-3.24.2-160000.1.1 freerdp-server-3.24.2-160000.1.1 freerdp-wayland-3.24.2-160000.1.1 libfreerdp-server-proxy3-3-3.24.2-160000.1.1 libfreerdp3-3-3.24.2-160000.1.1 librdtk0-0-3.24.2-160000.1.1 libuwac0-0-3.24.2-160000.1.1 libwinpr3-3-3.24.2-160000.1.1 rdtk0-devel-3.24.2-160000.1.1 uwac0-devel-3.24.2-160000.1.1 winpr-devel-3.24.2-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2026-25941.html * https://www.suse.com/security/cve/CVE-2026-25942.html * https://www.suse.com/security/cve/CVE-2026-25952.html * https://www.suse.com/security/cve/CVE-2026-25953.html * https://www.suse.com/security/cve/CVE-2026-25954.html * https://www.suse.com/security/cve/CVE-2026-25955.html * https://www.suse.com/security/cve/CVE-2026-25959.html * https://www.suse.com/security/cve/CVE-2026-25997.html * https://www.suse.com/security/cve/CVE-2026-26271.html * https://www.suse.com/security/cve/CVE-2026-26955.html * https://www.suse.com/security/cve/CVE-2026-26965.html * https://www.suse.com/security/cve/CVE-2026-29774.html * https://www.suse.com/security/cve/CVE-2026-29775.html * https://www.suse.com/security/cve/CVE-2026-29776.html * https://www.suse.com/security/cve/CVE-2026-31806.html * https://www.suse.com/security/cve/CVE-2026-31883.html * https://www.suse.com/security/cve/CVE-2026-31884.html * https://www.suse.com/security/cve/CVE-2026-31885.html * https://www.suse.com/security/cve/CVE-2026-31897.html * https://www.suse.com/security/cve/CVE-2026-33952.html * https://www.suse.com/security/cve/CVE-2026-33977.html * https://www.suse.com/security/cve/CVE-2026-33982.html * https://www.suse.com/security/cve/CVE-2026-33983.html * https://www.suse.com/security/cve/CVE-2026-33984.html * https://www.suse.com/security/cve/CVE-2026-33985.html * https://www.suse.com/security/cve/CVE-2026-33986.html * https://www.suse.com/security/cve/CVE-2026-33987.html * https://www.suse.com/security/cve/CVE-2026-33995.html