Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 518
Alerts This Week
Warning Icon 1 518

openSUSE Leap 16.0 Lux Important Denial of Service Issues 2026-21367-1

opensuse
Calendar Grey July 18, 2026
Scroller Opensuse
Update to fix 9 vulnerabilities and 5 bugs in lux for openSUSE Leap 16.0 ensures system security and efficiency.
An update that solves 9 vulnerabilities and has 5 bug fixes can now be installed.

Description

This update for lux fixes the following issues:

Changes in lux:

- CVE-2026-25680, CVE-2026-42502, CVE-2026-27136, CVE-2026-25681, CVE-2026-42506:

Issues when parsing HTML files (bsc#1267110)

- CVE-2024-45338: Denial of service due to non-linear parsing of case-insensitive content (bsc#1235304)

- CVE-2025-22872: Incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241766)

- CVE-2025-47911: Various algorithms with quadratic complexity when parsing HTML documents (bsc#1251460)

- CVE-2025-58190: Excessive memory consumption (bsc#1251627)

Bump x/net to 0.57.0

- Update to 0.24.1:

* ci: bump go version to 1.22 #1350

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-427=1

Patch

Package List

- openSUSE Leap 16.0:

lux-0.24.1-bp160.1.1

References

* bsc#1235304

* bsc#1241766

* bsc#1251460

* bsc#1251627

* bsc#1267110

References:

* https://www.suse.com/security/cve/CVE-2024-45338.html

* https://www.suse.com/security/cve/CVE-2025-22872.html

* https://www.suse.com/security/cve/CVE-2025-47911.html

* https://www.suse.com/security/cve/CVE-2025-58190.html

* https://www.suse.com/security/cve/CVE-2026-25680.html

* https://www.suse.com/security/cve/CVE-2026-25681.html

* https://www.suse.com/security/cve/CVE-2026-27136.html

* https://www.suse.com/security/cve/CVE-2026-42502.html

* https://www.suse.com/security/cve/CVE-2026-42506.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21367-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.