Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

openSUSE yq Important Multiple Vulnerabilities Fix 2026-20892-1

opensuse
Calendar Grey June 3, 2026
Scroller Opensuse
An openSUSE security update for yq addresses 11 vulnerabilities with important patch instructions.
An update that solves 11 vulnerabilities and has 6 bug fixes can now be installed.

Description

This update for yq fixes the following issues:

Changes in yq:

- Fix multiple CVEs:

* CVE-2026-27136 (GO-2026-5030)

CVE-2026-25681 (GO-2026-5029)

CVE-2026-25680 (GO-2026-5028)

CVE-2026-42502 (GO-2026-5027)

CVE-2026-42506 (GO-2026-5025) (bsc#1267053)

CVE-2026-39821 (GO-2026-5026) (bsc#1267199)

- update to v4.53.2

* Add system(command; args) operator (disabled by default).

* TOML encoder: prefer readable table sections over inline tables.

* Fix TOML encoder to quote keys containing special characters.

* Add string slicing support.

* Fix findInArray misuse on MappingNodes in equality and contains.

* Fix panic on negative slice indices that underflow after adjustment.

* Fix stack overflow from circular alias in traverse.

* Fix panic and OOM in repeatString for large repeat counts.

- update to v4.52.5

* Fix: reset TOML decoder state between files.

* Fix: preserve original filename when using --front-matter.

- Integrate vulnchecker support into...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

yq-4.53.2-bp160.1.1

yq-bash-completion-4.53.2-bp160.1.1

yq-fish-completion-4.53.2-bp160.1.1

yq-zsh-completion-4.53.2-bp160.1.1

References

* bsc#1241719

* bsc#1251339

* bsc#1251540

* bsc#1266248

* bsc#1267053

* bsc#1267199

References:

* https://www.suse.com/security/cve/CVE-2024-45338.html

* https://www.suse.com/security/cve/CVE-2025-22872.html

* https://www.suse.com/security/cve/CVE-2025-47911.html

* https://www.suse.com/security/cve/CVE-2025-58190.html

* https://www.suse.com/security/cve/CVE-2026-25680.html

* https://www.suse.com/security/cve/CVE-2026-25681.html

* https://www.suse.com/security/cve/CVE-2026-27136.html

* https://www.suse.com/security/cve/CVE-2026-33814.html

* https://www.suse.com/security/cve/CVE-2026-39821.html

* https://www.suse.com/security/cve/CVE-2026-42502.html

* https://www.suse.com/security/cve/CVE-2026-42506.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20892-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.