This vulnerability is neutralized by the default SUSE toolchain which uses gcc -fstack-protector. We can close this bug and wait for upstream to release a new version.