libsuricata8_0_3-8.0.3-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:10082-1 Final 1 1 2026-01-22T00:00:00Z current 2026-01-22T00:00:00Z 2026-01-22T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libsuricata8_0_3-8.0.3-1.1 on GA media These are all security issues fixed in the libsuricata8_0_3-8.0.3-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2026-10082 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-64330/ SUSE CVE CVE-2025-64330 page https://www.suse.com/security/cve/CVE-2025-64331/ SUSE CVE CVE-2025-64331 page https://www.suse.com/security/cve/CVE-2025-64332/ SUSE CVE CVE-2025-64332 page https://www.suse.com/security/cve/CVE-2025-64333/ SUSE CVE CVE-2025-64333 page https://www.suse.com/security/cve/CVE-2025-64334/ SUSE CVE CVE-2025-64334 page https://www.suse.com/security/cve/CVE-2025-64335/ SUSE CVE CVE-2025-64335 page https://www.suse.com/security/cve/CVE-2025-64344/ SUSE CVE CVE-2025-64344 page https://www.suse.com/security/cve/CVE-2026-22258/ SUSE CVE CVE-2026-22258 page https://www.suse.com/security/cve/CVE-2026-22259/ SUSE CVE CVE-2026-22259 page https://www.suse.com/security/cve/CVE-2026-22260/ SUSE CVE CVE-2026-22260 page https://www.suse.com/security/cve/CVE-2026-22261/ SUSE CVE CVE-2026-22261 page https://www.suse.com/security/cve/CVE-2026-22262/ SUSE CVE CVE-2026-22262 page https://www.suse.com/security/cve/CVE-2026-22263/ SUSE CVE CVE-2026-22263 page https://www.suse.com/security/cve/CVE-2026-22264/ SUSE CVE CVE-2026-22264 page openSUSE Tumbleweed libsuricata8_0_3-8.0.3-1.1 suricata-8.0.3-1.1 suricata-devel-8.0.3-1.1 libsuricata8_0_3-8.0.3-1.1 as a component of openSUSE Tumbleweed suricata-8.0.3-1.1 as a component of openSUSE Tumbleweed suricata-devel-8.0.3-1.1 as a component of openSUSE Tumbleweed Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a single byte read heap overflow when logging the verdict in eve.alert and eve.drop records can lead to crashes. This requires the per packet alert queue to be filled with alerts and then followed by a pass rule. This issue has been patched in versions 7.0.13 and 8.0.2. To reduce the likelihood of this issue occurring, the alert queue size a should be increased (packet-alert-max in suricata.yaml) if verdict is enabled. CVE-2025-64330 openSUSE Tumbleweed:libsuricata8_0_3-8.0.3-1.1 openSUSE Tumbleweed:suricata-8.0.3-1.1 openSUSE Tumbleweed:suricata-devel-8.0.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-64330.html CVE-2025-64330 https://bugzilla.suse.com/1254283 SUSE Bug 1254283 Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user has increased the HTTP response body limit and enabled the logging of printable http bodies. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves using default HTTP response body limits and/or disabling http-body-printable logging; body logging is disabled by default. CVE-2025-64331 openSUSE Tumbleweed:libsuricata8_0_3-8.0.3-1.1 openSUSE Tumbleweed:suricata-8.0.3-1.1 openSUSE Tumbleweed:suricata-devel-8.0.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-64331.html CVE-2025-64331 https://bugzilla.suse.com/1254284 SUSE Bug 1254284 Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow that causes Suricata to crash can occur if SWF decompression is enabled. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling SWF decompression (swf-decompression in suricata.yaml), it is disabled by default; set decompress-depth to lower than half your stack size if swf-decompression must be enabled. CVE-2025-64332 openSUSE Tumbleweed:libsuricata8_0_3-8.0.3-1.1 openSUSE Tumbleweed:suricata-8.0.3-1.1 openSUSE Tumbleweed:suricata-devel-8.0.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-64332.html CVE-2025-64332 https://bugzilla.suse.com/1254282 SUSE Bug 1254282 Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a large HTTP content type, when logged can cause a stack overflow crashing Suricata. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves limiting stream.reassembly.depth to less then half the stack size. Increasing the process stack size makes it less likely the bug will trigger. CVE-2025-64333 openSUSE Tumbleweed:libsuricata8_0_3-8.0.3-1.1 openSUSE Tumbleweed:suricata-8.0.3-1.1 openSUSE Tumbleweed:suricata-devel-8.0.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-64333.html CVE-2025-64333 https://bugzilla.suse.com/1254281 SUSE Bug 1254281 Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2. A workaround involves disabling LZMA decompression or limiting response-body-limit size. CVE-2025-64334 openSUSE Tumbleweed:libsuricata8_0_3-8.0.3-1.1 openSUSE Tumbleweed:suricata-8.0.3-1.1 openSUSE Tumbleweed:suricata-devel-8.0.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-64334.html CVE-2025-64334 https://bugzilla.suse.com/1254280 SUSE Bug 1254280 Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data. CVE-2025-64335 openSUSE Tumbleweed:libsuricata8_0_3-8.0.3-1.1 openSUSE Tumbleweed:suricata-8.0.3-1.1 openSUSE Tumbleweed:suricata-devel-8.0.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-64335.html CVE-2025-64335 https://bugzilla.suse.com/1254279 SUSE Bug 1254279 Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size. CVE-2025-64344 openSUSE Tumbleweed:libsuricata8_0_3-8.0.3-1.1 openSUSE Tumbleweed:suricata-8.0.3-1.1 openSUSE Tumbleweed:suricata-devel-8.0.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-64344.html CVE-2025-64344 https://bugzilla.suse.com/1254278 SUSE Bug 1254278 unknown CVE-2026-22258 openSUSE Tumbleweed:libsuricata8_0_3-8.0.3-1.1 openSUSE Tumbleweed:suricata-8.0.3-1.1 openSUSE Tumbleweed:suricata-devel-8.0.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-22258.html CVE-2026-22258 unknown CVE-2026-22259 openSUSE Tumbleweed:libsuricata8_0_3-8.0.3-1.1 openSUSE Tumbleweed:suricata-8.0.3-1.1 openSUSE Tumbleweed:suricata-devel-8.0.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-22259.html CVE-2026-22259 unknown CVE-2026-22260 openSUSE Tumbleweed:libsuricata8_0_3-8.0.3-1.1 openSUSE Tumbleweed:suricata-8.0.3-1.1 openSUSE Tumbleweed:suricata-devel-8.0.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-22260.html CVE-2026-22260 unknown CVE-2026-22261 openSUSE Tumbleweed:libsuricata8_0_3-8.0.3-1.1 openSUSE Tumbleweed:suricata-8.0.3-1.1 openSUSE Tumbleweed:suricata-devel-8.0.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-22261.html CVE-2026-22261 unknown CVE-2026-22262 openSUSE Tumbleweed:libsuricata8_0_3-8.0.3-1.1 openSUSE Tumbleweed:suricata-8.0.3-1.1 openSUSE Tumbleweed:suricata-devel-8.0.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-22262.html CVE-2026-22262 unknown CVE-2026-22263 openSUSE Tumbleweed:libsuricata8_0_3-8.0.3-1.1 openSUSE Tumbleweed:suricata-8.0.3-1.1 openSUSE Tumbleweed:suricata-devel-8.0.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-22263.html CVE-2026-22263 unknown CVE-2026-22264 openSUSE Tumbleweed:libsuricata8_0_3-8.0.3-1.1 openSUSE Tumbleweed:suricata-8.0.3-1.1 openSUSE Tumbleweed:suricata-devel-8.0.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-22264.html CVE-2026-22264