This update for tree-sitter fixes the following issues
Security issues:
- CVE-2026-34941: wasmtime: crafted input string can lead to an out-of-bound read (bsc#1261871).
- CVE-2026-34942: wasmtime: unaligned pointers can lead to a denial of service (bsc#1261894).
- CVE-2026-34943: wasmtime: lifting `flags` component value can lead to a denial of service (bsc#1261954).
- CVE-2026-34944: wasmtime: out-of-bounds read during WebAssembly compilation can lead to a denial of service
(bsc#1261963).
- CVE-2026-34945: wasmtime: incorrectly translated table.size could lead to disclosing data (bsc#1262007).
- CVE-2026-34946: wasmtime: denial of service due to WebAssembly compilation error (bsc#1261974).
- CVE-2026-34987: wasmtime: winch compiler backend may allow a sandbox-escaping memory access (bsc#1262032).
- CVE-2026-34988: wasmtime: pooling allocator instances can cause data leakage (bsc#1261968).
- CVE-2026-35186: wasmtime: translating the table.grow operator can cause a masked return...
Read the Full Advisory- openSUSE Leap 16.0:
libtree-sitter0_26-0.26.8-160000.1.1
libtree-sitter0_26-x86-64-v3-0.26.8-160000.1.1
tree-sitter-0.26.8-160000.1.1
tree-sitter-devel-0.26.8-160000.1.1
* bsc#1259205
* bsc#1261839
* bsc#1261871
* bsc#1261894
* bsc#1261954
* bsc#1261963
* bsc#1261968
* bsc#1261974
* bsc#1262007
* bsc#1262032
* bsc#1262036
* bsc#1262040
References:
* https://www.suse.com/security/cve/CVE-2026-34941.html
* https://www.suse.com/security/cve/CVE-2026-34942.html
* https://www.suse.com/security/cve/CVE-2026-34943.html
* https://www.suse.com/security/cve/CVE-2026-34944.html
* https://www.suse.com/security/cve/CVE-2026-34945.html
* https://www.suse.com/security/cve/CVE-2026-34946.html
* https://www.suse.com/security/cve/CVE-2026-34987.html
* https://www.suse.com/security/cve/CVE-2026-34988.html
* https://www.suse.com/security/cve/CVE-2026-35186.html
* https://www.suse.com/security/cve/CVE-2026-35195.html
Get the latest Linux and open source security news straight to your inbox.