python311-cbor2-5.8.0-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:10014-1 Final 1 1 2026-01-07T00:00:00Z current 2026-01-07T00:00:00Z 2026-01-07T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z python311-cbor2-5.8.0-2.1 on GA media These are all security issues fixed in the python311-cbor2-5.8.0-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2026-10014 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-68131/ SUSE CVE CVE-2025-68131 page openSUSE Tumbleweed python311-cbor2-5.8.0-2.1 python312-cbor2-5.8.0-2.1 python313-cbor2-5.8.0-2.1 python311-cbor2-5.8.0-2.1 as a component of openSUSE Tumbleweed python312-cbor2-5.8.0-2.1 as a component of openSUSE Tumbleweed python313-cbor2-5.8.0-2.1 as a component of openSUSE Tumbleweed cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag (28) persist in memory and can be accessed by subsequent CBOR messages using the sharedref tag (29). This allows an attacker-controlled message to read data from previously decoded messages if the decoder is reused across trust boundaries. Version 5.8.0 patches the issue. CVE-2025-68131 openSUSE Tumbleweed:python311-cbor2-5.8.0-2.1 openSUSE Tumbleweed:python312-cbor2-5.8.0-2.1 openSUSE Tumbleweed:python313-cbor2-5.8.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-68131.html CVE-2025-68131 https://bugzilla.suse.com/1255783 SUSE Bug 1255783