This update for editorconfig-core-c fixes the following issue:
* CVE-2026-40489: improper use of `strcpy` can lead to a stack buffer overflow
(bsc#1262131).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-2731=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2731=1
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* libeditorconfig-devel-0.12.6-150600.3.6.1
* editorconfig-core-c-debugsource-0.12.6-150600.3.6.1
* editorconfig-debuginfo-0.12.6-150600.3.6.1
* editorconfig-0.12.6-150600.3.6.1
* libeditorconfig0-debuginfo-0.12.6-150600.3.6.1
* libeditorconfig0-0.12.6-150600.3.6.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libeditorconfig-devel-64bit-0.12.6-150600.3.6.1
* libeditorconfig0-64bit-debuginfo-0.12.6-150600.3.6.1
* libeditorconfig0-64bit-0.12.6-150600.3.6.1
* openSUSE Leap 15.6 (x86_64)
* libeditorconfig-devel-32bit-0.12.6-150600.3.6.1
* libeditorconfig0-32bit-debuginfo-0.12.6-150600.3.6.1
* libeditorconfig0-32bit-0.12.6-150600.3.6.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libeditorconfig0-debuginfo-0.12.6-150600.3.6.1
* editorconfig-core-c-debugsource-0.12.6-150600.3.6.1
* libeditorconfig0-0.12.6-150600.3.6.1
* bsc#1262131
## References:
* https://www.suse.com/security/cve/CVE-2026-40489.html
* https://bugzilla.suse.com/show_bug.cgi?id=1262131
Get the latest Linux and open source security news straight to your inbox.