This update for mozjs115 fixes the following issues:
Changes in mozjs115:
- CVE-2026-32776: Fixed a NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259728)
- CVE-2026-32777: Fixed a denial of service due to infinite loop in DTD content parsing (bsc#1259713)
- CVE-2026-32778: Fixed a NULL pointer dereference in 'setContext' on retry after an out-of-memory condition (bsc#1259731)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-packagehub-261=1
- openSUSE Leap 16.0:
libmozjs-115-0-115.15.0-bp160.2.1
mozjs115-115.15.0-bp160.2.1
mozjs115-devel-115.15.0-bp160.2.1
* bsc#1259713
* bsc#1259728
* bsc#1259731
References:
* https://www.suse.com/security/cve/CVE-2026-32776.html
* https://www.suse.com/security/cve/CVE-2026-32777.html
* https://www.suse.com/security/cve/CVE-2026-32778.html
Get the latest Linux and open source security news straight to your inbox.