VDB

ESB-2026.6845

ESB-2026.6845 PUBLISHED CVSS 8.399999618530273 HIGH

=========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2026.6845 Security update for amazon-ssm-agent 22 June 2026 =========================================================================== AUSCERT Security Bulletin Summary --------------------------------- Product: amazon-ssm-agent Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2026-1229 CVE-2026-39827 CVE-2026-39828 CVE-2026-39829 CVE-2026-39830 CVE-2026-39831 CVE-2026-39832 CVE-2025-22869 CVE-2026-39833 CVE-2026-39834 CVE-2026-42508 CVE-2026-39835 CVE-2026-46595 CVE-2026-46597 CVE-2026-46598 CVE-2026-41506 CVE-2026-44740 CVE-2026-39821 CVE-2025-47913 CVE-2026-25934 CVE-2025-22870 Original Bulletin: https://www.suse.com/support/update/announcement/2026/suse-su-20262467-1 Comment: CVSS (Max): 8.4 CVE-2026-39832 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N EPSS (Max): 0.9% (53rd) CVE-2025-22869 2026-06-21 - --------------------------BEGIN INCLUDED TEXT-------------------- Security update for amazon-ssm-agent Announcement ID: SUSE-SU-2026:2467-1 Release Date: 2026-06-19T11:03:15Z Rating: important o bsc#1238702 o bsc#1239342 o bsc#1253611 o bsc#1258095 o bsc#1264952 References: o bsc#1265474 o bsc#1266200 o bsc#1266781 o bsc#1267332 o jsc#PED-14843 o CVE-2025-22869 o CVE-2025-22870 o CVE-2025-47913 o CVE-2026-1229 o CVE-2026-25934 o CVE-2026-39821 o CVE-2026-39827 o CVE-2026-39828 o CVE-2026-39829 o CVE-2026-39830 Cross-References: o CVE-2026-39831 o CVE-2026-39832 o CVE-2026-39833 o CVE-2026-39834 o CVE-2026-39835 o CVE-2026-41506 o CVE-2026-42508 o CVE-2026-44740 o CVE-2026-46595 o CVE-2026-46597 o CVE-2026-46598 o CVE-2025-22869 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N /UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N o CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2025-22869 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:N/I:N/A:H o CVE-2025-22870 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L /UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N o CVE-2025-22870 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:L/I:N/A:L o CVE-2025-22870 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:L/I:N/A:L o CVE-2025-47913 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N o CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2025-47913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:N/I:N/A:H o CVE-2026-1229 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/ UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N o CVE-2026-1229 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/ S:U/C:L/I:H/A:L o CVE-2026-1229 ( NVD ): 2.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/ UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/CR:X/IR:X/AR:X/ MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/ MSI:X/MSA:X/S:N/AU:Y/R:X/V:X/RE:X/U:Amber o CVE-2026-1229 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:H/I:H/A:H o CVE-2026-25934 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N o CVE-2026-25934 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R /S:U/C:N/I:L/A:N o CVE-2026-25934 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/ S:U/C:N/I:L/A:N o CVE-2026-25934 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/ S:U/C:N/I:L/A:N o CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N /UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N o CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N /S:U/C:H/I:H/A:N o CVE-2026-39821 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/ S:C/C:H/I:H/A:N o CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L /UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N o CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2026-39827 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2026-39828 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L /UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N o CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N /S:U/C:H/I:H/A:N o CVE-2026-39828 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/ S:U/C:L/I:L/A:L o CVE-2026-39829 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N o CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2026-39829 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:N/I:N/A:H o CVE-2026-39830 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L /UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N o CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2026-39830 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:H/I:N/A:H o CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L CVSS scores: /UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N o CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N /S:U/C:H/I:H/A:N o CVE-2026-39831 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:H/I:H/A:N o CVE-2026-39832 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L /UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N o CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:C/C:H/I:H/A:N o CVE-2026-39832 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:H/I:H/A:N o CVE-2026-39833 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N /UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N o CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N /S:U/C:H/I:H/A:N o CVE-2026-39833 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:H/I:H/A:N o CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N o CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2026-39834 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:N/I:H/A:H o CVE-2026-39835 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N o CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2026-39835 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:N/I:N/A:L o CVE-2026-41506 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N o CVE-2026-41506 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R /S:U/C:H/I:N/A:N o CVE-2026-41506 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/ S:C/C:L/I:N/A:N o CVE-2026-41506 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/ S:C/C:H/I:N/A:N o CVE-2026-42508 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L /UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N o CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N /S:U/C:H/I:H/A:N o CVE-2026-42508 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:H/I:H/A:N o CVE-2026-44740 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N o CVE-2026-44740 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2026-44740 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2026-46595 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L /UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N o CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N /S:U/C:H/I:H/A:N o CVE-2026-46595 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:C/C:H/I:H/A:L o CVE-2026-46597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N o CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2026-46597 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:N/I:N/A:H o CVE-2026-46598 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N o CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2026-46598 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:N/I:N/A:L o Public Cloud Module 15-SP4 o Public Cloud Module 15-SP5 o Public Cloud Module 15-SP6 o Public Cloud Module 15-SP7 o SUSE Linux Enterprise High Performance Computing 15 SP4 o SUSE Linux Enterprise High Performance Computing 15 SP5 o SUSE Linux Enterprise Server 15 SP4 Affected o SUSE Linux Enterprise Server 15 SP5 Products: o SUSE Linux Enterprise Server 15 SP6 o SUSE Linux Enterprise Server 15 SP7 o SUSE Linux Enterprise Server for SAP Applications 15 SP4 o SUSE Linux Enterprise Server for SAP Applications 15 SP5 o SUSE Linux Enterprise Server for SAP Applications 15 SP6 o SUSE Linux Enterprise Server for SAP Applications 15 SP7 o SUSE Manager Proxy 4.3 o SUSE Manager Retail Branch Server 4.3 o SUSE Manager Server 4.3 An update that solves 21 vulnerabilities and contains one feature can now be installed. Description: This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: o CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239342). o CVE-2025-22870: golang.org/x/net/proxy: proxy bypass using IPv6 zone IDs (bsc#1238702). o CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253611). o CVE-2026-1229: the CombinedMult function in the ecc/p384 package produces an incorrect value for specific inputs (bsc#1265474). o CVE-2026-25934: github.com/go-git/go-git/v5: improper verification of data integrity values for .pack and .idx files can lead to the consumption of corrupted files (bsc#1258095). o CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege esca (bsc#1266781). o CVE-2026-41506: github.com/go-git/go-git/v5: HTTP authentication credential leak when following redirects during smart-HTTP clone and fetch operations (bsc#1264952). o CVE-2026-44740: github.com/go-git/go-billy/v5: improper input handling in many components can lead to DoS via infinite loops, panics or resource consumption (bsc#1267332). o CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266200). o CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x /crypto/ssh (bsc#1266200). o CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266200). o CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh (bsc#1266200). o CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh (bsc#1266200). o CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent (bsc#1266200). o CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/ crypto/ssh/agent (bsc#1266200). o CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266200). o CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266200). o CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts (bsc#1266200). o CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh (bsc#1266200). o CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266200). o CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266200). Changes: o Bump golang.org/x/crypto from v0.51.0 to v0.52.0 o Bump golang.org/x/net from v0.54.0 to v0.55.0 o Enforce directory boundary in BuildSafePath o Fix visibility issue with Bottlerocket OS in document output o Update go-git from v5.17.1 to v5.19.1 (bsc#1264952, CVE-2026-41506), this also updates go-billy from v5.8.0 to v5.9.0 (bsc#1267332, CVE-2026-44740) o Bump golang.org/x/net from v0.48.0 to v0.53.0 (bsc#1266781, CVE-2026-39821) o Quit if sysprep failed and log its current state o Remove attached legacy cloudwatch plugin packages o Upgrade Go version to 1.25.10 o Use BuildSafePath wherever it is applicable o Add OOM killer protection to systemd service files o Apply more sanitation to file and registry inventory gatherers o Bump go-git to v5.17.1 o Deprecate legacy cloudwatch plugin o Preserve network error details in credential refresher SSM API failures o Upgrade Go version to 1.25.9 o Add SSM Distributor support for Bottlerocket OS o Implement flush credentials command in ssm-cli o Log ec2messages access denied as debug instead of error to reduce log noise o Make credential refresher refresh cache quickly in case of credential flush o Make Greengrass component registration resilient with retry o Add EnforceWorkspaceRootOwnership configuration to support disable hardening of agent workspace o Add reboot comment to Windows shutdown command for SSM Agent traceability o Update privilege access check to verify ownership and permissions of document state files o Add read-only version check prior to install and uninstall in case of occupied package manager locks o Add ANSI processing for CloudWatch and S3 log o Upgrade go-git to v5.17.0 and cloudflare/circl to v1.6.3 to fix CVE-2026-1229 o Switch to systemd-tmpfiles to store runtime data (jsc#PED-14843) o Disable Go 1.25 container-aware GOMAXPROCS to prevent holding cgroup file descriptors open o Upgrade Go version to 1.25.8 o Document CommandWorkerBufferLimit config o Include package update in Dockerfile o Reduce CloudWatch event message length threshold o Upgrade Go version to 1.25.7 o Update github.com/go-git/go-git/v5 to 5.16.5 (bsc#1258095, CVE-2026-25934) o Update greengrass version o Update Golang version to 1.24.12 o Updating golang.org/x/crypto from v0.37.0 to v0.47.0, golang.org/x/net from v0.39.0 to v0.48.0 and golang.org/x/sys from v0.32.0 to v0.40.0 (bsc# 1253611, CVE-2025-47913) o Categorize integration tests by adding new tags to split fast and slow ones o Fix bug where IP field being empty string and causing UII API failure o Allow Patch execution to persist across reboots not registered to SSM Agent o Fix ENV_VAR interpolation to work correctly with parameter store value o Implement immediate retries for failed reply messages to MGS for RunCommand documents o Improve ssm-cli get-diagnostics command log output o Support DomainJoin endpoint for EU sovereign cloud o Support dualstack S3 endpoint for distributor packages o Upgrade Go version to 1.24.11 o Add initial IPv6 support with UseDualStackEndpoint configuration option o Fix CPU utilization issue for instances with thousands of network interfaces o Add IMDS retry count to account for EC2 droplet refresh o Fix duplicate uid error logging in MDS module o Update aws:Domainjoin plugin logging from Log4Net to NLog o Upgrade Go version to 1.24.7 o Update github.com/go-git/go-git/v5 to 5.15.0 o Update golang.org/x/crypto to v0.37.0 (bsc#1238702, CVE-2025-22870) o Update golang.org/x/net to v0.39.0 o Update golang.org/x/sys to v0.32.0 o Add EU sovereign cloud S3 endpoint for DownloadContent plugin o Add configurable credential rotation max backoff interval o Migrate from twinj/uuid to google/uuid library o Allow newer agent versions to be installed when deploying on Greengrass o Harden function to remove non-admin run command documents in execution path o Fix macOS credential refresher test issue due to missing Debugf from serialport skip file o Enhance testability of custom certificate usage in debug SSM Agent builds o Decouple serial port from startup and add credential refresher serialport logging o Add GlobalEnhancedTelemetryEnabled config to README o Add cloudwatch logs endpoint configuration to optional config for agent o Update Greengrass component version o Add file privilege check before processing document state file o Storing AWS document interpolation ENV_VAR types as environment variables o Throw explicit error when running local cli as non-priviledged user o Harden telemetry dynamic config folder permissions o Add configuration option for HandshakeTimeout o Improve unit tests o Add setup for emitting telemetry logs and metrics o Add initial selection of error logs to emit to telemetry o Simplify checkstyle and import organization in build scripts o Update golang.org/x/net from v0.37.0 to v0.38.0 o Agent hibernation reason is logged to EC2 system logs o Add metrics for the EC2Detector and IMDS EC2 status findings o Change Linux DomainJoin plugin parameter KeepHostName to accept both boolean and string o Upgrade GoLang to version 1.23.8 o Update golang.org/x/crypto from v0.32.0 to v0.36.0 (bsc#1239342, CVE-2025-22869) Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-2467=1 o Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2026-2467=1 o Public Cloud Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2026-2467=1 o Public Cloud Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2026-2467=1 Package List: o Public Cloud Module 15-SP4 (aarch64 x86_64) amazon-ssm-agent-3.3.4624.0-150000.5.37.1 o Public Cloud Module 15-SP5 (aarch64 x86_64) amazon-ssm-agent-3.3.4624.0-150000.5.37.1 o Public Cloud Module 15-SP6 (aarch64 x86_64) amazon-ssm-agent-3.3.4624.0-150000.5.37.1 o Public Cloud Module 15-SP7 (aarch64 x86_64) amazon-ssm-agent-3.3.4624.0-150000.5.37.1 References: o https://www.suse.com/security/cve/CVE-2025-22869.html o https://www.suse.com/security/cve/CVE-2025-22870.html o https://www.suse.com/security/cve/CVE-2025-47913.html o https://www.suse.com/security/cve/CVE-2026-1229.html o https://www.suse.com/security/cve/CVE-2026-25934.html o https://www.suse.com/security/cve/CVE-2026-39821.html o https://www.suse.com/security/cve/CVE-2026-39827.html o https://www.suse.com/security/cve/CVE-2026-39828.html o https://www.suse.com/security/cve/CVE-2026-39829.html o https://www.suse.com/security/cve/CVE-2026-39830.html o https://www.suse.com/security/cve/CVE-2026-39831.html o https://www.suse.com/security/cve/CVE-2026-39832.html o https://www.suse.com/security/cve/CVE-2026-39833.html o https://www.suse.com/security/cve/CVE-2026-39834.html o https://www.suse.com/security/cve/CVE-2026-39835.html o https://www.suse.com/security/cve/CVE-2026-41506.html o https://www.suse.com/security/cve/CVE-2026-42508.html o https://www.suse.com/security/cve/CVE-2026-44740.html o https://www.suse.com/security/cve/CVE-2026-46595.html o https://www.suse.com/security/cve/CVE-2026-46597.html o https://www.suse.com/security/cve/CVE-2026-46598.html o https://bugzilla.suse.com/show_bug.cgi?id=1238702 o https://bugzilla.suse.com/show_bug.cgi?id=1239342 o https://bugzilla.suse.com/show_bug.cgi?id=1253611 o https://bugzilla.suse.com/show_bug.cgi?id=1258095 o https://bugzilla.suse.com/show_bug.cgi?id=1264952 o https://bugzilla.suse.com/show_bug.cgi?id=1265474 o https://bugzilla.suse.com/show_bug.cgi?id=1266200 o https://bugzilla.suse.com/show_bug.cgi?id=1266781 o https://bugzilla.suse.com/show_bug.cgi?id=1267332 o https://jira.suse.com/browse/PED-14843 - --------------------------END INCLUDED TEXT---------------------- You have received this e-mail bulletin as a result of your organisation's registration with AUSCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AUSCERT's members. As AUSCERT did not write the document quoted above, AUSCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AUSCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://portal.auscert.org.au/bulletins/ =========================================================================== AUSCERT The University of Queensland, Brisbane QLD 4072 Australia e: auscert@auscert.org.au t: +61 (0)7 3365 4417 Allies in Cyber Security ===========================================================================

Risk Scores

CVSS 3.1
8.399999618530273
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Affected Products

VendorProductVersions
SUSEamazon-ssm-agent

Timeline

  • Jun 21, 2026 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›