SUSE-SU-2026:2381-1

HIGH8.6

Security update for libyang

Published Jun 12, 2026

Modified 1 weeks ago

Fix available

Details

Description of the patch:

This update for libyang fixes the following issue

CVE-2026-44673: integer overflow in lyb_read_string() of src/parser_lyb.c leads to heap buffer overflow when parsing a maliciously crafted LYB binary blob (bsc#1265330).

Affected Packages

libyang-extentions

SUSE Linux Enterprise High Performance Computing 15 SP4SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise Server 15 SP4SUSE Linux Enterprise Server 15 SP4-LTSS

Fixed in:

1.0.184-150300.3.9.1

libyang1

Fixed in:

1.0.184-150300.3.9.1

References

ADVISORY

https://bugzilla.suse.com/1265330

ADVISORY

https://lists.suse.com/pipermail/sle-security-updates/2026-June/026717.html

ADVISORY

https://www.suse.com/security/cve/CVE-2026-44673/