Explore top 10 tips to secure your open-source projects now. Read More
×
This update for lux fixes the following issues:
Changes in lux:
- CVE-2026-25680, CVE-2026-42502, CVE-2026-27136, CVE-2026-25681, CVE-2026-42506:
Issues when parsing HTML files (bsc#1267110)
- CVE-2024-45338: Denial of service due to non-linear parsing of case-insensitive content (bsc#1235304)
- CVE-2025-22872: Incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241766)
- CVE-2025-47911: Various algorithms with quadratic complexity when parsing HTML documents (bsc#1251460)
- CVE-2025-58190: Excessive memory consumption (bsc#1251627)
Bump x/net to 0.57.0
- Update to 0.24.1:
* ci: bump go version to 1.22 #1350
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-packagehub-427=1
- openSUSE Leap 16.0:
lux-0.24.1-bp160.1.1
* bsc#1235304
* bsc#1241766
* bsc#1251460
* bsc#1251627
* bsc#1267110
References:
* https://www.suse.com/security/cve/CVE-2024-45338.html
* https://www.suse.com/security/cve/CVE-2025-22872.html
* https://www.suse.com/security/cve/CVE-2025-47911.html
* https://www.suse.com/security/cve/CVE-2025-58190.html
* https://www.suse.com/security/cve/CVE-2026-25680.html
* https://www.suse.com/security/cve/CVE-2026-25681.html
* https://www.suse.com/security/cve/CVE-2026-27136.html
* https://www.suse.com/security/cve/CVE-2026-42502.html
* https://www.suse.com/security/cve/CVE-2026-42506.html
Get the latest Linux and open source security news straight to your inbox.