Security update for himmelblau

Announcement ID:	SUSE-SU-2026:1361-1
Release Date:	2026-04-15T14:14:01Z
Rating:	important
References:	bsc#1233949 bsc#1245437 bsc#1247735 bsc#1249013 bsc#1257904 bsc#1258236 bsc#1259548 bsc#1261324 jsc#PED-14511
Cross-References:	CVE-2024-11738 CVE-2025-53013 CVE-2025-54882 CVE-2025-58160 CVE-2026-25727 CVE-2026-31979 CVE-2026-34397
CVSS scores:	CVE-2024-11738 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2024-11738 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-11738 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2024-11738 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-53013 ( SUSE ): 4.3 CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N CVE-2025-53013 ( SUSE ): 5.2 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2025-53013 ( NVD ): 5.2 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N CVE-2025-54882 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2025-54882 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2025-54882 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2025-58160 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVE-2025-58160 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2025-58160 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2026-25727 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-25727 ( NVD ): 6.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2026-25727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2026-31979 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2026-31979 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-34397 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2026-34397 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2026-34397 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2026-34397 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	Basesystem Module 15-SP7 SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise Real Time 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves seven vulnerabilities, contains one feature and has one security fix can now be installed.

Description:

This update for himmelblau fixes the following issues:

Update to version 2.3.9+git0.a9fd29b; (jsc#PED-14511):

CVE-2026-34397: Fix LPE due to name collision during NSS fake-primary group lookup (bsc#1261324).
CVE-2026-31979: Fix race condition when accessiung /tmp/krb5cc_uid (bsc#1259548).
CVE-2026-25727: deps(rust): Bump the all-cargo-updates group with 8 updates (bsc#1257904).
CVE-2025-58160: deps(rust): Bump tracing-subscriber in the cargo group (bsc#1249013).
CVE-2025-54882: Fix Kerberos credential cache permissions (bsc#1247735).
CVE-2025-53013: Fix permitted authentication with invalid Hello PIN (bsc#1245437).
CVE-2024-11738: Fix rustls network-reachable panic in Acceptor::accept (bsc#1233949).

Other bug fixes:

Fix SELinux module packaging to use standard policy macros (bsc#1258236).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1361=1

Package List:

Basesystem Module 15-SP7 (aarch64 x86_64)
- himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1
- himmelblau-debuginfo-2.3.9+git0.a9fd29b-150700.3.15.1
- libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1
- pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1
Basesystem Module 15-SP7 (noarch)
- himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1

Security update for himmelblau

Description:

Patch Instructions:

Package List:

References: