Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

openSUSE phpunit Major Update - CVE-2026-24765 Poisoned Pipeline Issue

opensuse
Calendar Grey February 24, 2026
Dist Opensuse Esm H88
Critical security update for phpunit on openSUSE addresses CVE-2026-24765 vulnerabilities and enhances security.
An update that fixes one vulnerability is now available.

Description

This update for phpunit fixes the following issues:

version 9.6.34:

- CVE-2026-24765: prevent Poisoned Pipeline Execution (PPE) attacks using

prepared .coverage (boo#1257381)

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-61=1

Package List

- openSUSE Backports SLE-15-SP7 (noarch):

php7-phpunit-9.6.34-bp157.2.3.1

php8-phpunit-9.6.34-bp157.2.3.1

References

https://www.suse.com/security/cve/CVE-2026-24765.html

https://bugzilla.suse.com/1257381

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:0061-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP7

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here