Security update for wicked2nm,suse-migration-services,suse-migration-sle16-activation,SLES16-Migration,SLES16-SAP_Migration SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0806-1 Final 1 1 2026-03-04T15:46:27Z current 2026-03-04T15:46:27Z 2026-03-04T15:46:27Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wicked2nm,suse-migration-services,suse-migration-sle16-activation,SLES16-Migration,SLES16-SAP_Migration This update for wicked2nm,suse-migration-services,suse-migration-sle16-activation,SLES16-Migration,SLES16-SAP_Migration fixes the following issues: Changes for SLES16-SAP_Migration: - Bump version: 2.1.30 Changes for SLES16-Migration: - Bump version: 2.1.30 Changes for suse-migration-sle16-activation: - Move script package to the main migration provider - Create lib file for common network-prereq tasks - Refactor mount_system service Changes for suse-migration-services: - Bump to version: 2.1.30: * Update docinfo * Update doc/adoc/user_guide.adoc * Update documentation for 12-to-15 in pubclouds Fix information about default service pack target. * Apply make black * Added black for code formatting * refactor: add `Zypper.install` wrapper Add `Zypper.install` wrapper method for package installation * Fixed get_migration_target return behavior * fix: ensure NetworkManager is installed on the target system Changes for wicked2nm: - Update to version v1.4.1. Security issues fixed: - CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257911). Other updates and bugfixes: - update bytes from 1.10.1 to 1.11.1 - update time to 0.3.47 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-806,SUSE-SLE-Module-Basesystem-15-SP7-2026-806,SUSE-SLE-Module-SAP-Applications-15-SP7-2026-806 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260806-1/ Link for SUSE-SU-2026:0806-1 https://lists.suse.com/pipermail/sle-security-updates/2026-March/024566.html E-Mail link for SUSE-SU-2026:0806-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1257911 SUSE Bug 1257911 https://www.suse.com/security/cve/CVE-2026-25727/ SUSE CVE CVE-2026-25727 page SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Module for SAP Applications 15 SP7 SLES16-Migration-2.1.30-15.26.4 SLES16-SAP_Migration-2.1.30-15.18.4 python3-migration-2.1.30-150700.15.21.1 suse-migration-2.1.30-150700.15.21.1 suse-migration-pre-checks-2.1.30-150700.15.21.1 suse-migration-rpm-1.0.1-150700.15.11.1 suse-migration-scripts-2.1.30-150700.15.21.1 suse-migration-services-2.1.30-150700.15.21.1 suse-migration-sle16-activation-2.1.30-150700.15.13.1 wicked2nm-1.4.1-150700.15.16.1 SLES16-Migration-2.1.30-15.26.4 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 python3-migration-2.1.30-150700.15.21.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 suse-migration-pre-checks-2.1.30-150700.15.21.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 suse-migration-scripts-2.1.30-150700.15.21.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 suse-migration-sle16-activation-2.1.30-150700.15.13.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 wicked2nm-1.4.1-150700.15.16.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 SLES16-SAP_Migration-2.1.30-15.18.4 as a component of SUSE Linux Enterprise Module for SAP Applications 15 SP7 time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack. CVE-2026-25727 SUSE Linux Enterprise Module for Basesystem 15 SP7:SLES16-Migration-2.1.30-15.26.4 SUSE Linux Enterprise Module for Basesystem 15 SP7:python3-migration-2.1.30-150700.15.21.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:suse-migration-pre-checks-2.1.30-150700.15.21.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:suse-migration-scripts-2.1.30-150700.15.21.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:suse-migration-sle16-activation-2.1.30-150700.15.13.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:wicked2nm-1.4.1-150700.15.16.1 SUSE Linux Enterprise Module for SAP Applications 15 SP7:SLES16-SAP_Migration-2.1.30-15.18.4 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260806-1/ https://www.suse.com/security/cve/CVE-2026-25727.html CVE-2026-25727 https://bugzilla.suse.com/1257901 SUSE Bug 1257901