SUSE Package Hub - SUSE-PackageHub-16.0-865

Update Info

SUSE-PackageHub-16.0-865

Security update for ovmf

Type: security

Severity: important

Issued: 2026-06-02

Description:

This update for ovmf fixes the following issues:

- CVE-2026-25833: mbedtls: buffer overflow in the `x509_inet_pton_ipv6()` function (bsc#1261476).
- CVE-2026-25834: mbedtls: client accepts signature algorithm chosen by server even if not advertised in client hello
  (bsc#1261477).
- CVE-2026-25835: mbedtls: no pseudo-random number generator reseed when cloning an application (bsc#1261478).
- CVE-2026-34874: mbedtls: NULL pointer dereference in distinguished name parsing (bsc#1261469).

References

CVE: CVE-2026-34874
CVE: CVE-2026-25835
CVE: CVE-2026-25834
CVE: CVE-2026-25833
Bugzilla: 1261478 VUL-0: CVE-2026-25835: ovmf: mbedtls: PSA random generator cloning
Bugzilla: 1261477 VUL-0: CVE-2026-25834: ovmf: mbedtls: Algorithm downgrade vulnerability
Bugzilla: 1261476 VUL-0: CVE-2026-25833: ovmf: mbedtls: buffer underflow in x509_inet_pton_ipv6()
Bugzilla: 1261469 VUL-0: CVE-2026-34874: ovmf: mbedtls: NULL pointer dereference when setting a distinguished name

Packages

ovmf-202502-160000.5.1