SUSE-SU-2026:0780-1

Details

This update for tracker-miners fixes the following issues:

CVE-2026-1764: heap buffer overflow leads to denial of service or information disclosure when parsing MP3 files (bsc#1257606).
CVE-2026-1765: denial of Service and potential information disclosure via crafted MP3 files (bsc#1257607).
CVE-2026-1766: denial of Service and information disclosure via malformed MP3 files (bsc#1257608).
CVE-2026-1767: heap buffer overflow leading to denial of service or information disclosure via malformed MP3 ID3 tags (bsc#1257609).

Affected Packages

tracker-miner-files

SUSE Linux Enterprise Module for Desktop Applications 15 SP7openSUSE Leap 15.6

Fixed in:

3.6.2-150600.4.6.1

tracker-miners

SUSE Linux Enterprise Module for Desktop Applications 15 SP7SUSE Linux Enterprise Workstation Extension 15 SP7openSUSE Leap 15.6

Fixed in:

3.6.2-150600.4.6.1

tracker-miners-lang

SUSE Linux Enterprise Workstation Extension 15 SP7openSUSE Leap 15.6

Fixed in: