SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1952

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1952

Security update for ovmf

Type: security

Severity: important

Issued: 2026-05-18

Description:

This update for ovmf fixes the following issues

- CVE-2026-25833: mbedtls: buffer underflow in x509_inet_pton_ipv6() (bsc#1261476).
- CVE-2026-25834: mbedtls: Algorithm downgrade vulnerability (bsc#1261477).
- CVE-2026-25835: mbedtls: PSA random generator cloning (bsc#1261478).
- CVE-2026-34874: mbedtls: NULL pointer dereference when setting a distinguished name (bsc#1261469).

Changes for ovmf:

- Update mbedtls to 3.6.6.

References

CVE: CVE-2026-34874
CVE: CVE-2026-25835
CVE: CVE-2026-25834
CVE: CVE-2026-25833
Bugzilla: 1261478 VUL-0: CVE-2026-25835: ovmf: mbedtls: PSA random generator cloning
Bugzilla: 1261477 VUL-0: CVE-2026-25834: ovmf: mbedtls: Algorithm downgrade vulnerability
Bugzilla: 1261476 VUL-0: CVE-2026-25833: ovmf: mbedtls: buffer underflow in x509_inet_pton_ipv6()
Bugzilla: 1261469 VUL-0: CVE-2026-34874: ovmf: mbedtls: NULL pointer dereference when setting a distinguished name

Packages

ovmf-202408-150700.3.18.1