Security update for google-cloud-sap-agent

Announcement ID:	SUSE-SU-2026:1195-1
Release Date:	2026-04-07T09:25:22Z
Rating:	important
References:	bsc#1259816 bsc#1260265
Cross-References:	CVE-2026-33186
CVSS scores:	CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:	Public Cloud Module 12 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves one vulnerability and has one security fix can now be installed.

Description:

This update for google-cloud-sap-agent fixes the following issue:

Update to google-cloud-sap-agent 3.12 (bsc#1259816):

• CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260265).

Changelog:

• Collect WLM metric saphanasr_angi_installed for all OS types.
• Failure handling: Remove attached disks from CG
• OTE Status checks for Parameter Manager (SAP Agent)
• Log command-line arguments in configureinstance.
• Minor multiple reliability checks and fixes
• Support custom names for restored disks in hanadiskrestore
• Add newAttachedDisks to Restorer and detach them on restore failure.
• Improve unit test coverage for hanadiskbackup and hanadiskrestore
• Add support for refresh point tests.
• Refactor HANA disk backup user validation and physical path parsing.
• Auto updated compiled protocol buffers
• Parameter Manager integration to SAP Agent
• Modify collection logic for SAP HANA configuration files.
• Update workloadagentplatform version and hash.
• Update WLM Validation metrics to support SAPHanaSR-angi setups.
• Increment agent version to 3.12.
• SAP HANA Pacemaker failover settings can come from SAPHanaController.
• Update collection for WLM metric ha_sr_hook_configured.
• Refactor CheckTopology to accept instance number.
• Use constant backoff with max retries for snapshot group operations.
• Update workloadagentplatform dependency

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Public Cloud Module 12
  zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2026-1195=1

Package List:

• Public Cloud Module 12 (aarch64 ppc64le s390x x86_64)
  • google-cloud-sap-agent-3.12-6.60.1

References:

• https://www.suse.com/security/cve/CVE-2026-33186.html
• https://bugzilla.suse.com/show_bug.cgi?id=1259816
• https://bugzilla.suse.com/show_bug.cgi?id=1260265