Security update for micropython SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:20199-1 Final 1 1 2026-02-11T16:38:19Z current 2026-02-11T16:38:19Z 2026-02-11T16:38:19Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for micropython This update for micropython fixes the following issues: Changes in micropython: - CVE-2026-1998: Fixed segmentation fault in `mp_map_lookup` via `mp_import_all` (bsc#1257803). - Version 1.26.1 * esp32: update esp_tinyusb component to v1.7.6 * tools: add an environment variable MICROPY_MAINTAINER_BUILD * esp32: add IDF Component Lockfiles to git repo * shared/tinyusb: fix hang from new tx_overwritabe_if_not_connected flag * shared/tinyusb/mp_usbd_cdc: rewrite USB CDC TX loop * tools/mpremote: don't apply Espressif DTR/RTS quirk to TinyUSB CDC dev - Fix building on single core systems * Skip tests/thread/stress_schedule.py when single core system detected The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Leap-16.0-packagehub-122 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1257803 SUSE Bug 1257803 https://www.suse.com/security/cve/CVE-2026-1998/ SUSE CVE CVE-2026-1998 page openSUSE Leap 16.0 micropython-1.26.1-bp160.1.1 mpremote-1.26.1-bp160.1.1 mpy-tools-1.26.1-bp160.1.1 micropython-1.26.1-bp160.1.1 as a component of openSUSE Leap 16.0 mpremote-1.26.1-bp160.1.1 as a component of openSUSE Leap 16.0 mpy-tools-1.26.1-bp160.1.1 as a component of openSUSE Leap 16.0 A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be launched locally. The exploit has been published and may be used. Patch name: 570744d06c5ba9dba59b4c3f432ca4f0abd396b6. It is suggested to install a patch to address this issue. CVE-2026-1998 openSUSE Leap 16.0:micropython-1.26.1-bp160.1.1 openSUSE Leap 16.0:mpremote-1.26.1-bp160.1.1 openSUSE Leap 16.0:mpy-tools-1.26.1-bp160.1.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-1998.html CVE-2026-1998 https://bugzilla.suse.com/1257803 SUSE Bug 1257803