{"affected":[{"ecosystem_specific":{"binaries":[{"cockpit":"354-160000.1.1","cockpit-bridge":"354-160000.1.1","cockpit-devel":"354-160000.1.1","cockpit-doc":"354-160000.1.1","cockpit-firewalld":"354-160000.1.1","cockpit-kdump":"354-160000.1.1","cockpit-machines":"346-160000.1.1","cockpit-networkmanager":"354-160000.1.1","cockpit-packagekit":"354-160000.1.1","cockpit-selinux":"354-160000.1.1","cockpit-storaged":"354-160000.1.1","cockpit-system":"354-160000.1.1","cockpit-ws":"354-160000.1.1","cockpit-ws-selinux":"354-160000.1.1"}]},"package":{"ecosystem":"openSUSE:Leap 16.0","name":"cockpit","purl":"pkg:rpm/opensuse/cockpit&distro=openSUSE%20Leap%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"354-160000.1.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cockpit":"354-160000.1.1","cockpit-bridge":"354-160000.1.1","cockpit-devel":"354-160000.1.1","cockpit-doc":"354-160000.1.1","cockpit-firewalld":"354-160000.1.1","cockpit-kdump":"354-160000.1.1","cockpit-machines":"346-160000.1.1","cockpit-networkmanager":"354-160000.1.1","cockpit-packagekit":"354-160000.1.1","cockpit-selinux":"354-160000.1.1","cockpit-storaged":"354-160000.1.1","cockpit-system":"354-160000.1.1","cockpit-ws":"354-160000.1.1","cockpit-ws-selinux":"354-160000.1.1"}]},"package":{"ecosystem":"openSUSE:Leap 16.0","name":"cockpit-machines","purl":"pkg:rpm/opensuse/cockpit-machines&distro=openSUSE%20Leap%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"346-160000.1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for cockpit-machines, cockpit fixes the following issues:\n\n- CVE-2025-13465: Update the lodash dependencie to avoid prototype pollution. (bsc#1257324)\n\nChanges in cockpit-machines:\n\n- Update to 346\n  * 346\n    - Performance improvements\n    - Translation updates\n  * 345\n    - New virtual machines don't get SPICE graphics anymore\n    - Support for network port forwarding\n    - Bug fixes and translation updates\n\n- Update to 344\n  * 344\n    - Port forwarding for user session VMs\n    - \"Shutdown and restart\" action\n    - Faster startup\n  * 343\n    - Memory usage now shows numbers reported by the guest (RHEL-116731)\n\n- Update to 342\n  * 342\n    - Bug fixes and translation updates\n  * 341\n    - Improved UX for Disks and Network interface tables\n    - Bug fixes and translation updates\n  * 340\n    - Use exclusive VNC connections with \"Remote resizing\"\n\n- Update to 339\n  * 339\n    - Serial consoles now keep their content and stay alive\n    - No longer copies qemu.conf values into VM definitions\n  * 338\n    - Translation and dependency updates\n    - Detachable VNC console\n\n- Update to 337\n  * 337\n    - Bug fixes and translation updates\n  * 336\n    - Graphical VNC and serial consoles improvements\n    - Control VNC console resizing and scaling\n    - Bug fixes and translation updates\n  * 335\n    - Bug fixes and translation updates\n  * 334\n    - Bug fixes and translation updates\n\nChanges in cockpit:\n\n- Update to 354\n  * changes since 351\n    - 354\n      * Convert documentation to AsciiDoc\n      * Work around Firefox 146/147 bug (rhbz#2422331)\n      * Bug fixes\n    - 353\n      * Networking: Suggest prefix length and gateway address\n      * Bug fixes and translation updates\n    - 352\n      * Shown a warning if the last shutdown/reboot was unclean\n      * Bug fixes and translation updates\n\n- Update to 351\n  * Changes since 349\n    - 351\n      * Firewall ports can be deleted individually\n    - 350\n      * networking: fix renaming of bridges and other groups (RHEL-117883)\n      * bridge: fix OpenSSH_10.2p1 host key detection\n\n- Update to 349\n  * Changes since 346\n    - 349\n      * Package manifests: add any test\n      * Bug fixes and translation updates\n    - 348\n      * Bug fixes and translation updates\n    - 347\n      * Site-specific branding support\n\n- Update to 346\n  * Changes since 344\n    - 346\n      * Support branding Cockpit pages\n      * Storage: Support for Stratis \"V2\" pools\n    - 345\n      * Translation and dependency updates\n      * Shorter IPv6 addresses\n      * IPv6 addresses for WireGuard\n\n- Update to 344\n  * Changes since 340\n    - 344\n      * Bug fixes and translation updates\n    - 343\n      * login: Improve error message for unsupported shells\n      * cockpit: Handle file access issues with files in machines.d\n      * Translation updates\n    - 342\n      * systemd: ensure update() is called at least once for tuned-dialog\n      * Translation updates\n    - 341\n      * services: show link to podman page for quadlets\n      * Bug fixes and translation updates\n","id":"openSUSE-SU-2026:20244-1","modified":"2026-02-17T14:20:44Z","published":"2026-02-17T14:20:44Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1221342"},{"type":"REPORT","url":"https://bugzilla.suse.com/1236149"},{"type":"REPORT","url":"https://bugzilla.suse.com/1239759"},{"type":"REPORT","url":"https://bugzilla.suse.com/1248250"},{"type":"REPORT","url":"https://bugzilla.suse.com/1249828"},{"type":"REPORT","url":"https://bugzilla.suse.com/1249830"},{"type":"REPORT","url":"https://bugzilla.suse.com/1257324"},{"type":"REPORT","url":"https://bugzilla.suse.com/1257325"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-13465"}],"related":["CVE-2025-13465"],"summary":"Security update for cockpit-machines, cockpit","upstream":["CVE-2025-13465"]}