Security update for cockpit SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:20337-1 Final 1 1 2026-02-06T03:13:42Z current 2026-02-06T03:13:42Z 2026-02-06T03:13:42Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for cockpit This update for cockpit fixes the following issues: - CVE-2025-13465: prototype pollution in the _.unset and _.omit functions can lead to deletion of methods from global prototypes (bsc#1257324). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLES-16.0-248 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-202620337-1/ Link for SUSE-SU-2026:20337-1 https://lists.suse.com/pipermail/sle-security-updates/2026-February/024261.html E-Mail link for SUSE-SU-2026:20337-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1257324 SUSE Bug 1257324 https://www.suse.com/security/cve/CVE-2025-13465/ SUSE CVE CVE-2025-13465 page SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP applications 16.0 cockpit-340-160000.4.1 cockpit-bridge-340-160000.4.1 cockpit-devel-340-160000.4.1 cockpit-doc-340-160000.4.1 cockpit-firewalld-340-160000.4.1 cockpit-kdump-340-160000.4.1 cockpit-networkmanager-340-160000.4.1 cockpit-packagekit-340-160000.4.1 cockpit-selinux-340-160000.4.1 cockpit-storaged-340-160000.4.1 cockpit-system-340-160000.4.1 cockpit-ws-340-160000.4.1 cockpit-ws-selinux-340-160000.4.1 cockpit-340-160000.4.1 as a component of SUSE Linux Enterprise Server 16.0 cockpit-bridge-340-160000.4.1 as a component of SUSE Linux Enterprise Server 16.0 cockpit-devel-340-160000.4.1 as a component of SUSE Linux Enterprise Server 16.0 cockpit-doc-340-160000.4.1 as a component of SUSE Linux Enterprise Server 16.0 cockpit-firewalld-340-160000.4.1 as a component of SUSE Linux Enterprise Server 16.0 cockpit-kdump-340-160000.4.1 as a component of SUSE Linux Enterprise Server 16.0 cockpit-networkmanager-340-160000.4.1 as a component of SUSE Linux Enterprise Server 16.0 cockpit-packagekit-340-160000.4.1 as a component of SUSE Linux Enterprise Server 16.0 cockpit-selinux-340-160000.4.1 as a component of SUSE Linux Enterprise Server 16.0 cockpit-storaged-340-160000.4.1 as a component of SUSE Linux Enterprise Server 16.0 cockpit-system-340-160000.4.1 as a component of SUSE Linux Enterprise Server 16.0 cockpit-ws-340-160000.4.1 as a component of SUSE Linux Enterprise Server 16.0 cockpit-ws-selinux-340-160000.4.1 as a component of SUSE Linux Enterprise Server 16.0 cockpit-340-160000.4.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 cockpit-bridge-340-160000.4.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 cockpit-devel-340-160000.4.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 cockpit-doc-340-160000.4.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 cockpit-firewalld-340-160000.4.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 cockpit-kdump-340-160000.4.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 cockpit-networkmanager-340-160000.4.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 cockpit-packagekit-340-160000.4.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 cockpit-selinux-340-160000.4.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 cockpit-storaged-340-160000.4.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 cockpit-system-340-160000.4.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 cockpit-ws-340-160000.4.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 cockpit-ws-selinux-340-160000.4.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. This issue is patched on 4.17.23 CVE-2025-13465 SUSE Linux Enterprise Server 16.0:cockpit-340-160000.4.1 SUSE Linux Enterprise Server 16.0:cockpit-bridge-340-160000.4.1 SUSE Linux Enterprise Server 16.0:cockpit-devel-340-160000.4.1 SUSE Linux Enterprise Server 16.0:cockpit-doc-340-160000.4.1 SUSE Linux Enterprise Server 16.0:cockpit-firewalld-340-160000.4.1 SUSE Linux Enterprise Server 16.0:cockpit-kdump-340-160000.4.1 SUSE Linux Enterprise Server 16.0:cockpit-networkmanager-340-160000.4.1 SUSE Linux Enterprise Server 16.0:cockpit-packagekit-340-160000.4.1 SUSE Linux Enterprise Server 16.0:cockpit-selinux-340-160000.4.1 SUSE Linux Enterprise Server 16.0:cockpit-storaged-340-160000.4.1 SUSE Linux Enterprise Server 16.0:cockpit-system-340-160000.4.1 SUSE Linux Enterprise Server 16.0:cockpit-ws-340-160000.4.1 SUSE Linux Enterprise Server 16.0:cockpit-ws-selinux-340-160000.4.1 SUSE Linux Enterprise Server for SAP applications 16.0:cockpit-340-160000.4.1 SUSE Linux Enterprise Server for SAP applications 16.0:cockpit-bridge-340-160000.4.1 SUSE Linux Enterprise Server for SAP applications 16.0:cockpit-devel-340-160000.4.1 SUSE Linux Enterprise Server for SAP applications 16.0:cockpit-doc-340-160000.4.1 SUSE Linux Enterprise Server for SAP applications 16.0:cockpit-firewalld-340-160000.4.1 SUSE Linux Enterprise Server for SAP applications 16.0:cockpit-kdump-340-160000.4.1 SUSE Linux Enterprise Server for SAP applications 16.0:cockpit-networkmanager-340-160000.4.1 SUSE Linux Enterprise Server for SAP applications 16.0:cockpit-packagekit-340-160000.4.1 SUSE Linux Enterprise Server for SAP applications 16.0:cockpit-selinux-340-160000.4.1 SUSE Linux Enterprise Server for SAP applications 16.0:cockpit-storaged-340-160000.4.1 SUSE Linux Enterprise Server for SAP applications 16.0:cockpit-system-340-160000.4.1 SUSE Linux Enterprise Server for SAP applications 16.0:cockpit-ws-340-160000.4.1 SUSE Linux Enterprise Server for SAP applications 16.0:cockpit-ws-selinux-340-160000.4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-202620337-1/ https://www.suse.com/security/cve/CVE-2025-13465.html CVE-2025-13465 https://bugzilla.suse.com/1257321 SUSE Bug 1257321