SUSE-SU-2026:21241-1
- Source
- https://www.suse.com/support/update/announcement/2026/suse-su-202621241-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:21241-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2026:21241-1
- Upstream
- Related
- Published
- 2026-04-16T13:09:49Z
- Modified
- 2026-04-24T18:24:24.088626Z
- Summary
- Security update for cockpit
- Details
-
This update for cockpit fixes the following issues:
- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process (bsc#1257836).
- CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character that doesn't appear in the test string can lead to ReDoS (bsc#1258641).
- References
Affected packages
SUSE:Linux Micro 6.0 / kernel-rt
Package
- Name
- kernel-rt
- Purl
- pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.4.0-41.1
SUSE:Linux Micro 6.0 / kernel-source-rt
Package
- Name
- kernel-source-rt
- Purl
- pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.4.0-41.1
SUSE:Linux Micro 6.1 / cockpit
Package
- Name
- cockpit
- Purl
- pkg:rpm/suse/cockpit&distro=SUSE%20Linux%20Micro%206.1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed322-slfo.1.1_3.1
Ecosystem specific
{
"binaries": [
{
"cockpit-bridge": "322-slfo.1.1_3.1",
"cockpit-system": "322-slfo.1.1_3.1",
"cockpit-selinux": "322-slfo.1.1_3.1",
"cockpit-networkmanager": "322-slfo.1.1_3.1",
"cockpit": "322-slfo.1.1_3.1",
"cockpit-storaged": "322-slfo.1.1_3.1",
"cockpit-ws": "322-slfo.1.1_3.1"
}
]
}