Security update for abseil-cpp SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0338-1 Final 1 1 2026-01-29T10:35:48Z current 2026-01-29T10:35:48Z 2026-01-29T10:35:48Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for abseil-cpp This update for abseil-cpp fixes the following issues: - CVE-2025-0838: Fixed heap buffer overflow in sized constructors, reserve(), and rehash() methods of absl:{flat,node}hash{set,map} (bsc#1237543). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/kiosk/firefox-esr:latest-2026-338,Container suse/kiosk/pulseaudio:latest-2026-338,SUSE-2026-338,SUSE-SLE-Module-Basesystem-15-SP7-2026-338,openSUSE-SLE-15.6-2026-338 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260338-1/ Link for SUSE-SU-2026:0338-1 https://lists.suse.com/pipermail/sle-security-updates/2026-January/023984.html E-Mail link for SUSE-SU-2026:0338-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1237543 SUSE Bug 1237543 https://www.suse.com/security/cve/CVE-2025-0838/ SUSE CVE CVE-2025-0838 page Container suse/kiosk/firefox-esr:latest Container suse/kiosk/pulseaudio:latest SUSE Linux Enterprise Module for Basesystem 15 SP7 openSUSE Leap 15.6 libabsl2401_0_0-20240116.3-150600.19.6.1 abseil-cpp-devel-20240116.3-150600.19.6.1 libabsl2401_0_0-32bit-20240116.3-150600.19.6.1 libabsl2401_0_0-64bit-20240116.3-150600.19.6.1 libabsl2401_0_0-20240116.3-150600.19.6.1 as a component of Container suse/kiosk/firefox-esr:latest libabsl2401_0_0-20240116.3-150600.19.6.1 as a component of Container suse/kiosk/pulseaudio:latest abseil-cpp-devel-20240116.3-150600.19.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libabsl2401_0_0-20240116.3-150600.19.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libabsl2401_0_0-32bit-20240116.3-150600.19.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 abseil-cpp-devel-20240116.3-150600.19.6.1 as a component of openSUSE Leap 15.6 libabsl2401_0_0-20240116.3-150600.19.6.1 as a component of openSUSE Leap 15.6 libabsl2401_0_0-32bit-20240116.3-150600.19.6.1 as a component of openSUSE Leap 15.6 There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the container's backing store, and a subsequent out-of-bounds memory write. Subsequent accesses to the container might also access out-of-bounds memory. We recommend upgrading past commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1 CVE-2025-0838 Container suse/kiosk/firefox-esr:latest:libabsl2401_0_0-20240116.3-150600.19.6.1 Container suse/kiosk/pulseaudio:latest:libabsl2401_0_0-20240116.3-150600.19.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:abseil-cpp-devel-20240116.3-150600.19.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libabsl2401_0_0-20240116.3-150600.19.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libabsl2401_0_0-32bit-20240116.3-150600.19.6.1 openSUSE Leap 15.6:abseil-cpp-devel-20240116.3-150600.19.6.1 openSUSE Leap 15.6:libabsl2401_0_0-20240116.3-150600.19.6.1 openSUSE Leap 15.6:libabsl2401_0_0-32bit-20240116.3-150600.19.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260338-1/ https://www.suse.com/security/cve/CVE-2025-0838.html CVE-2025-0838 https://bugzilla.suse.com/1237543 SUSE Bug 1237543