Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

openSUSE openQA Moderate XSS Vulnerability Fix 2026-0235-1

opensuse
Calendar Grey July 9, 2026
Dist Opensuse Esm H88
An openSUSE security update solves a moderate severity XSS vulnerability in openQA with successful fixes.
An update that solves one vulnerability and has 6 fixes is now available.

Description

This update for openQA, os-autoinst fixes the following issues:

Changes in openQA:

- Update to version 5.1782486535.1bf71ec4:

* fix(details view): Align video link the same as the bugref actions

* fix: Correct call to console.error

- Update to version 5.1782295118.57cb8aa0:

* chore(deps): Dependency cron 2026-06-24

* feat: Don't rewrite history for test result tabs

* chore(deps): Dependency cron 2026-06-23

- Update to version 5.1782133597.39cd80e0:

* refactor: Calculate module category headings in frontend

* chore(deps): Dependency cron 2026-06-20

* test: Make parallel execution of the fullstack test more reliable

* ci: disable Mergify interactive queue controls in PR comments

* feat(worker): enable direct execution with podman

* fix(worker): add --init and --rm flags for containerized engine

* feat(worker): support containerized os-autoinst worker engine

* test: refactor archive download tests for...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-235=1

Package List

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64):

openQA-5.1782486535.1bf71ec4-bp157.2.9.1

openQA-auto-update-5.1782486535.1bf71ec4-bp157.2.9.1

openQA-bootstrap-5.1782486535.1bf71ec4-bp157.2.9.1

openQA-client-5.1782486535.1bf71ec4-bp157.2.9.1

openQA-client-bash-completion-5.1782486535.1bf71ec4-bp157.2.9.1

openQA-client-zsh-completion-5.1782486535.1bf71ec4-bp157.2.9.1

openQA-common-5.1782486535.1bf71ec4-bp157.2.9.1

openQA-continuous-update-5.1782486535.1bf71ec4-bp157.2.9.1

openQA-doc-5.1782486535.1bf71ec4-bp157.2.9.1

openQA-llm-server-5.1782486535.1bf71ec4-bp157.2.9.1

openQA-local-db-5.1782486535.1bf71ec4-bp157.2.9.1

openQA-mcp-5.1782486535.1bf71ec4-bp157.2.9.1

openQA-munin-5.1782486535.1bf71ec4-bp157.2.9.1

openQA-python-scripts-5.1782486535.1bf71ec4-bp157.2.9.1

openQA-single-instance-5.1782486535.1bf71ec4-bp157.2.9.1

openQA-single-instance-nginx-5.1782486535.1bf71ec4-bp157.2.9.1

openQA-worker-5.1782486535.1bf71ec4-bp157.2.9.1

os-autoinst-5.1782809557.0ae98f8-bp157.2.3.1

os-autoinst-debuginf...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2026-25547.html

https://bugzilla.suse.com/1244139

https://bugzilla.suse.com/1245378

https://bugzilla.suse.com/1245379

https://bugzilla.suse.com/1257852

https://bugzilla.suse.com/1258632

https://bugzilla.suse.com/1259005

https://bugzilla.suse.com/1264376

Severity
moderate
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:0235-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP7 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.