Back

Critical Vulnerabilities in SUSE Multi-Linux Manager Affecting Denial of Service

Severity: High (Score: 70.5)

Sources: Linuxsecurity

Published: 2026-06-04 · Updated: 2026-06-04

Keywords: issues, fixed, update, security, denial, service, fixes

Severity indicators: issue

Summary

SUSE has issued multiple important updates addressing critical vulnerabilities in the Multi-Linux Manager and Salt software. The vulnerabilities, identified as CVE-2026-31958, CVE-2026-27448, and CVE-2026-27459, could lead to denial of service and buffer overflow attacks. CVE-2026-31958, published on March 11, 2026, allows attackers to exploit large multipart body parsing issues, while CVE-2026-27459 and CVE-2026-27448, both published on March 17, 2026, involve buffer overflow risks and unhandled exceptions in pyOpenSSL. Affected systems include various versions of SUSE Linux Enterprise and openSUSE. The updates were released on June 3, 2026, and users are urged to apply them immediately to mitigate risks. The vulnerabilities have been rated with high CVSS scores, indicating significant potential impact. Key Points: • SUSE released critical updates for Multi-Linux Manager addressing multiple CVEs. • CVE-2026-31958 allows denial of service through large multipart body parsing. • Immediate patching is recommended for affected SUSE and openSUSE systems.

Detailed Analysis

**Impact** SUSE Multi-Linux Manager users across various SUSE Linux Enterprise and openSUSE distributions are affected, including enterprise server, desktop, SAP applications, and high-performance computing sectors. The vulnerabilities allow denial of service (DoS) attacks and potential buffer overflows, impacting system availability and stability. No specific geographic limitations are noted, implying a global scope for affected deployments. There is no direct mention of data exfiltration or compromise. **Technical Details** The primary attack vector involves parsing large multipart HTTP bodies with many parts, exploiting CVE-2026-31958 in the python-tornado component to cause denial of service. Additional vulnerabilities include CVE-2026-27459, a buffer overflow in pyOpenSSL triggered by large cookie values, and CVE-2026-27448, an unhandled exception in pyOpenSSL causing connection cancellation failures. The vulnerabilities affect the venv-salt-minion and salt components, with no specific malware or attacker infrastructure reported. The kill chain stage corresponds to denial of service disruption. **Recommended Response** Apply the SUSE security updates released on 2026-06-03, covering CVE-2026-31958, CVE-2026-27459, and CVE-2026-27448, prioritizing the patch for the tornado multipart parsing vulnerability. Harden Tornado configurations to reject invalid HTTP reason phrases and ensure Python 3.11 non-vendored Tornado is in use. Monitor for abnormal multipart HTTP requests and anomalous connection failures. No specific IOCs are provided; focus on patch deployment and network traffic inspection.

Source articles (9)

  • SUSE Salt Important DoS Security Update 2026-2257-1 CVE-2026 — Linuxsecurity · 2026-06-04
    ## This update for salt fixes the following issue: Security issues fixed: * CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259554).…
  • openSUSE Salt Important DoS Vulnerability Update 2026-2256 — Linuxsecurity · 2026-06-04
    ## This update for salt fixes the following issue: Security issues fixed: * CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259554).…
  • SUSE Multi-Linux Manager Salt Bundle Significant Update 2026-2255 — Linuxsecurity · 2026-06-04
    ## This update fixes the following issues: venv-salt-minion: * Security issues fixed: * CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service (bsc…
  • openSUSE Salt Important DoS Fix Advisory SUSE-2026-2252 — Linuxsecurity · 2026-06-04
    ## This update for salt fixes the following issue: Security issues fixed: * CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259554).…
  • SUSE Multi-Linux Manager Severe Buffer Overflow and DoS CVE-202604-15331 — Linuxsecurity · 2026-06-04
    ## This update fixes the following issues: venv-salt-minion: * Security issues fixed: * CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service (bsc…
  • SUSE Multi-Linux Manager Important Denial of Service SUSE-SU-202604-15329 — Linuxsecurity · 2026-06-04
    ## This update fixes the following issues: venv-salt-minion: * Security issues fixed: * CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service (bsc…
  • SUSE Multi-Linux Manager Important Salt Bundle Update CVE-2026 — Linuxsecurity · 2026-06-04
    ## This update fixes the following issues: venv-salt-minion: * Security issues fixed: * CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service (bsc…
  • openSUSE Multi-Linux Manager Important Denial of Service Patch 2026-2244 — Linuxsecurity · 2026-06-04
    ## This update fixes the following issues: venv-salt-minion: * Security issues fixed: * CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service (bsc…
  • SUSE Multi-Linux Manager Significant Security Update 2026-2242 — Linuxsecurity · 2026-06-04
    ## This update fixes the following issues: venv-salt-minion: * Security issues fixed: * CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service (bsc…

Timeline

  • 2026-03-11 — CVE-2026-31958 published: A vulnerability in python-tornado allows denial of service via large multipart body parsing.
  • 2026-03-17 — CVE-2026-27448 published: Buffer overflow risk identified in pyOpenSSL that can lead to severe security issues.
  • 2026-03-17 — CVE-2026-27459 published: Large cookie value issue in pyOpenSSL can cause buffer overflow vulnerabilities.
  • 2026-06-03 — SUSE releases important updates: Multiple updates were released to address critical vulnerabilities affecting the Multi-Linux Manager and Salt.

CVEs

  • CVE-2026-27448
  • CVE-2026-27459
  • CVE-2026-31958

Related entities

  • DDoS (Attack Type)
  • Denial of Service (Attack Type)
  • SuSE (Company)
  • OpenSUSE (Company)
  • CWE-120 - Classic Buffer Overflow (Cwe)
  • Cwe-122 - Heap-based Buffer Overflow (Cwe)
  • Cwe-400 - Uncontrolled Resource Consumption (Cwe)
  • Ansible (Platform)
  • LDAP (Platform)
  • Linux (Platform)
  • PyOpenSSL (Platform)
  • Python 3.11 (Platform)
  • Salt-ssh (Platform)
  • SUSE Linux Enterprise Desktop 15 SP7 (Platform)
  • SUSE Linux Enterprise High Performance Computing (Platform)
  • SUSE Linux Enterprise High Performance Computing 15 SP4 (Platform)
  • SUSE Linux Enterprise High Performance Computing Espos 15 SP4 (Platform)
  • SUSE Linux Enterprise Server 15 SP7 (Platform)
  • SUSE Linux Enterprise Server For SAP Applications 15 SP7 (Platform)
  • SUSE Multi-Linux Manager (Platform)
  • Systems Management Module 15-sp7 (Platform)
  • Tornado (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed