Multiple Vulnerabilities in SUSE Apache and rmt-server Require Immediate Attention

SUSE has released important security updates addressing multiple vulnerabilities in its rmt-server and Apache2 products. The updates include fixes for CVE-2026-26961, CVE-2026-26962, CVE-2026-34230, and others, affecting various components of the systems. Notably, CVE-2026-23918 poses a risk of remote code execution due to a double free vulnerability in HTTP/2. Attack vectors include crafted headers and improper handling of requests, potentially leading to denial of service and information disclosure. The vulnerabilities have been assigned CVSS scores ranging from 3.1 to 9.2, indicating varying levels of severity. Administrators are urged to apply the patches promptly to mitigate risks associated with these vulnerabilities. The updates were released on June 20 and June 22, 2026, following the discovery of the vulnerabilities earlier this year.

Key Points: • SUSE released critical updates for rmt-server and Apache2 addressing multiple vulnerabilities. • CVE-2026-23918 allows for remote code execution through a double free vulnerability. • Administrators are urged to apply patches immediately to mitigate potential exploits.