Security update for krb5-appl SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:20374-1 Final 1 1 2026-03-17T13:34:53Z current 2026-03-17T13:34:53Z 2026-03-17T13:34:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for krb5-appl This update for krb5-appl fixes the following issues: Changes in krb5-appl: - CVE-2026-32746: Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd LINEMODE (bsc#1259691) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Leap-16.0-packagehub-167 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1259691 SUSE Bug 1259691 https://www.suse.com/security/cve/CVE-2026-32746/ SUSE CVE CVE-2026-32746 page openSUSE Leap 16.0 krb5-appl-clients-1.0.3-bp160.2.1 krb5-appl-servers-1.0.3-bp160.2.1 krb5-appl-clients-1.0.3-bp160.2.1 as a component of openSUSE Leap 16.0 krb5-appl-servers-1.0.3-bp160.2.1 as a component of openSUSE Leap 16.0 telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. CVE-2026-32746 openSUSE Leap 16.0:krb5-appl-clients-1.0.3-bp160.2.1 openSUSE Leap 16.0:krb5-appl-servers-1.0.3-bp160.2.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-32746.html CVE-2026-32746 https://bugzilla.suse.com/1259691 SUSE Bug 1259691