Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves five vulnerabilities, contains two features and has three security fixes can now be installed.. # Security update for go1.26-openssl Announcement ID: SUSE-SU-2026:3102-1 Release Date: 2026-07-17T13:10:42Z Rating: important References: * bsc#1245878 * bsc#1255111 * bsc#1264395 * bsc#1267442 * bsc#1267444 * bsc#1267450 * bsc#1271014 * bsc#1271015 * jsc#PED-1962 * jsc#SLE-18320 Cross-References: * CVE-2026-27145 * CVE-2026-39822 * CVE-2026-42504 * CVE-2026-42505 * CVE-2026-42507 CVSS scores: * CVE-2026-27145 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-27145 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-27145 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-27145 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39822 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-39822 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-42504 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-42504 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-42504 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42505 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-42505 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-42507 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-42507 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-42507 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE LinuxEnterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves five vulnerabilities, contains two features and has three security fixes can now be installed. ## Description: This update for go1.26-openssl fixes the following issues * Update to version go1.26.5 (bsc#1255111). * CVE-2026-27145: crypto/x509: split candidate hostname only once (bsc#1267450). * CVE-2026-39822: os: Root escape via symlink plus trailing slash (bsc#1271014). * CVE-2026-42504: mime: quadratic complexity in WordDecoder.DecodeHeader (bsc#1267442). * CVE-2026-42505: crypto/tls: omit PSK in ECH outer client hello (bsc#1271015). * CVE-2026-42507: net/textproto: arbitrary input are included in errors without any escaping (bsc#1267444). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-3102=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-3102=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3102=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3102=1 ## Package List: * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * go1.26-openssl-doc-1.26.5-150600.13.9.1 * go1.26-openssl-1.26.5-150600.13.9.1 * go1.26-openssl-race-1.26.5-150600.13.9.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * go1.26-openssl-race-1.26.5-150600.13.9.1 * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * go1.26-openssl-doc-1.26.5-150600.13.9.1 * go1.26-openssl-1.26.5-150600.13.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) *go1.26-openssl-doc-1.26.5-150600.13.9.1 * go1.26-openssl-1.26.5-150600.13.9.1 * go1.26-openssl-race-1.26.5-150600.13.9.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * go1.26-openssl-doc-1.26.5-150600.13.9.1 * go1.26-openssl-1.26.5-150600.13.9.1 * go1.26-openssl-race-1.26.5-150600.13.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27145.html * https://www.suse.com/security/cve/CVE-2026-39822.html * https://www.suse.com/security/cve/CVE-2026-42504.html * https://www.suse.com/security/cve/CVE-2026-42505.html * https://www.suse.com/security/cve/CVE-2026-42507.html * https://bugzilla.suse.com/show_bug.cgi?id=1245878 * https://bugzilla.suse.com/show_bug.cgi?id=1255111 * https://bugzilla.suse.com/show_bug.cgi?id=1264395 * https://bugzilla.suse.com/show_bug.cgi?id=1267442 * https://bugzilla.suse.com/show_bug.cgi?id=1267444 * https://bugzilla.suse.com/show_bug.cgi?id=1267450 * https://bugzilla.suse.com/show_bug.cgi?id=1271014 * https://bugzilla.suse.com/show_bug.cgi?id=1271015 * https://jira.suse.com/browse/PED-1962 * https://jira.suse.com/browse/SLE-18320 . An update for openSUSE addresses five issues in go1.26-openssl with important security fixes to implement now.. openSUSE security, go1.26-openssl patch, important vulnerabilities. . Severity: Important. LinuxSecurity.com Team
An update that solves four vulnerabilities can now be installed.. # Security update for python311 Announcement ID: SUSE-SU-2026:3104-1 Release Date: 2026-07-17T13:31:49Z Rating: important References: * bsc#1261969 * bsc#1262098 * bsc#1262319 * bsc#1262654 Cross-References: * CVE-2026-1502 * CVE-2026-4786 * CVE-2026-6019 * CVE-2026-6100 CVSS scores: * CVE-2026-1502 ( SUSE ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1502 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-1502 ( NVD ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4786 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4786 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2026-4786 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4786 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2026-6019 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6019 ( SUSE ): 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6019 ( NVD ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6019 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-6100 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N *CVE-2026-6100 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6100 ( NVD ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6100 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves four vulnerabilities can now be installed. ## Description: This update for python311 fixes the following issues * CVE-2026-1502: CR/LF bytes not rejected by HTTP client proxy tunnel headers or host (bsc#1261969). * CVE-2026-4786: URLs containing `%action` can bypass mitigation that allows command injection via the `webbrowser.open()` API (bsc#1262319). * CVE-2026-6019: HTML parser-sensitive sequence not neutralized by `http.cookies.Morsel.js_output()` (bsc#1262654). * CVE-2026-6100: use-after-free in decompression modules when a memory allocation fails with a `MemoryError` and the decompression instance is re- used (bsc#1262098). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-3104=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3104=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-3104=1 * SUSE Linux EnterpriseServer for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3104=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-3104=1 ## Package List: * openSUSE Leap 15.6 (aarch64_ilp32) * libpython3_11-1_0-64bit-3.11.15-150600.3.59.3 * python311-base-64bit-debuginfo-3.11.15-150600.3.59.3 * python311-64bit-3.11.15-150600.3.59.3 * python311-base-64bit-3.11.15-150600.3.59.3 * libpython3_11-1_0-64bit-debuginfo-3.11.15-150600.3.59.3 * python311-64bit-debuginfo-3.11.15-150600.3.59.3 * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * python311-doc-devhelp-3.11.15-150600.3.59.1 * python311-3.11.15-150600.3.59.3 * python311-curses-3.11.15-150600.3.59.3 * python311-core-debugsource-3.11.15-150600.3.59.3 * python311-tk-debuginfo-3.11.15-150600.3.59.3 * libpython3_11-1_0-debuginfo-3.11.15-150600.3.59.3 * python311-testsuite-3.11.15-150600.3.59.3 * python311-dbm-debuginfo-3.11.15-150600.3.59.3 * python311-dbm-3.11.15-150600.3.59.3 * python311-testsuite-debuginfo-3.11.15-150600.3.59.3 * python311-base-3.11.15-150600.3.59.3 * python311-curses-debuginfo-3.11.15-150600.3.59.3 * libpython3_11-1_0-3.11.15-150600.3.59.3 * python311-base-debuginfo-3.11.15-150600.3.59.3 * python311-debugsource-3.11.15-150600.3.59.3 * python311-tk-3.11.15-150600.3.59.3 * python311-tools-3.11.15-150600.3.59.3 * python311-idle-3.11.15-150600.3.59.3 * python311-doc-3.11.15-150600.3.59.1 * python311-debuginfo-3.11.15-150600.3.59.3 * python311-devel-3.11.15-150600.3.59.3 * openSUSE Leap 15.6 (x86_64) * python311-base-32bit-debuginfo-3.11.15-150600.3.59.3 * python311-base-32bit-3.11.15-150600.3.59.3 * libpython3_11-1_0-32bit-3.11.15-150600.3.59.3 * python311-32bit-debuginfo-3.11.15-150600.3.59.3 * python311-32bit-3.11.15-150600.3.59.3 * libpython3_11-1_0-32bit-debuginfo-3.11.15-150600.3.59.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) *python311-base-debuginfo-3.11.15-150600.3.59.3 * python311-dbm-debuginfo-3.11.15-150600.3.59.3 * python311-3.11.15-150600.3.59.3 * python311-curses-3.11.15-150600.3.59.3 * python311-dbm-3.11.15-150600.3.59.3 * python311-debugsource-3.11.15-150600.3.59.3 * libpython3_11-1_0-debuginfo-3.11.15-150600.3.59.3 * python311-core-debugsource-3.11.15-150600.3.59.3 * python311-tk-3.11.15-150600.3.59.3 * python311-base-3.11.15-150600.3.59.3 * python311-curses-debuginfo-3.11.15-150600.3.59.3 * python311-tools-3.11.15-150600.3.59.3 * python311-tk-debuginfo-3.11.15-150600.3.59.3 * python311-idle-3.11.15-150600.3.59.3 * libpython3_11-1_0-3.11.15-150600.3.59.3 * python311-debuginfo-3.11.15-150600.3.59.3 * python311-devel-3.11.15-150600.3.59.3 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * python311-base-debuginfo-3.11.15-150600.3.59.3 * python311-debugsource-3.11.15-150600.3.59.3 * python311-dbm-3.11.15-150600.3.59.3 * python311-curses-3.11.15-150600.3.59.3 * python311-dbm-debuginfo-3.11.15-150600.3.59.3 * python311-3.11.15-150600.3.59.3 * python311-core-debugsource-3.11.15-150600.3.59.3 * python311-tk-3.11.15-150600.3.59.3 * python311-base-3.11.15-150600.3.59.3 * python311-curses-debuginfo-3.11.15-150600.3.59.3 * python311-tk-debuginfo-3.11.15-150600.3.59.3 * python311-tools-3.11.15-150600.3.59.3 * libpython3_11-1_0-3.11.15-150600.3.59.3 * python311-idle-3.11.15-150600.3.59.3 * libpython3_11-1_0-debuginfo-3.11.15-150600.3.59.3 * python311-debuginfo-3.11.15-150600.3.59.3 * python311-devel-3.11.15-150600.3.59.3 * Python 3 Module 15-SP7 (aarch64 ppc64le s390x x86_64) * python311-dbm-debuginfo-3.11.15-150600.3.59.3 * python311-dbm-3.11.15-150600.3.59.3 * python311-curses-3.11.15-150600.3.59.3 * python311-3.11.15-150600.3.59.3 * python311-debugsource-3.11.15-150600.3.59.3 * python311-core-debugsource-3.11.15-150600.3.59.3 *python311-tk-3.11.15-150600.3.59.3 * python311-curses-debuginfo-3.11.15-150600.3.59.3 * python311-tk-debuginfo-3.11.15-150600.3.59.3 * python311-tools-3.11.15-150600.3.59.3 * python311-idle-3.11.15-150600.3.59.3 * python311-debuginfo-3.11.15-150600.3.59.3 * python311-devel-3.11.15-150600.3.59.3 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * python311-base-debuginfo-3.11.15-150600.3.59.3 * libpython3_11-1_0-debuginfo-3.11.15-150600.3.59.3 * python311-core-debugsource-3.11.15-150600.3.59.3 * python311-base-3.11.15-150600.3.59.3 * libpython3_11-1_0-3.11.15-150600.3.59.3 ## References: * https://www.suse.com/security/cve/CVE-2026-1502.html * https://www.suse.com/security/cve/CVE-2026-4786.html * https://www.suse.com/security/cve/CVE-2026-6019.html * https://www.suse.com/security/cve/CVE-2026-6100.html * https://bugzilla.suse.com/show_bug.cgi?id=1261969 * https://bugzilla.suse.com/show_bug.cgi?id=1262098 * https://bugzilla.suse.com/show_bug.cgi?id=1262319 * https://bugzilla.suse.com/show_bug.cgi?id=1262654 . Four security issues in python311 are resolved in openSUSE update SUSE-SU-2026:3104-1. Install the patch immediately.. openSUSE update, python update, security flaws, important fixes, python311 patch. . Severity: Important. LinuxSecurity.com Team
An update that solves nine vulnerabilities can now be installed.. # Security update for php-composer2 Announcement ID: SUSE-SU-2026:3105-1 Release Date: 2026-07-17T13:32:58Z Rating: important References: * bsc#1271122 * bsc#1271129 * bsc#1271151 * bsc#1271504 Cross-References: * CVE-2024-35241 * CVE-2024-35242 * CVE-2025-67746 * CVE-2026-40176 * CVE-2026-40261 * CVE-2026-45793 * CVE-2026-59946 * CVE-2026-59947 * CVE-2026-59948 CVSS scores: * CVE-2024-35241 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-35241 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-35242 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-35242 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-67746 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-67746 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-67746 ( NVD ): 1.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-67746 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-40176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-40176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-40176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-40261 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-40261 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-40261 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-45793 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-45793 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-59946 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-59946 ( SUSE ): 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-59946 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N * CVE-2026-59947 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-59947 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-59947 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-59948 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-59948 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-59948 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * Web and Scripting Module 15-SP7 An update that solves nine vulnerabilities can now be installed. ## Description: This update for php-composer2 fixes the following issues: * CVE-2026-45793: Github Actions issued `GITHUB_TOKEN` disclosure in GitHub Actions logs (bsc#1271504). * CVE-2026-59946: path traversal in package `bin` field lets dependencies `chmod` arbitrary host files (bsc#1271151). * CVE-2026-59947: URL-embedded HTTP-Basic username leaks to verbose logs (bsc#1271129). * CVE-2026-59948: arbitrary file write outside `vendor`directory via malicious transitive package name (bsc#1271122). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3105=1 * Web and Scripting Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-3105=1 * SUSE Linux Enterprise Server forSAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3105=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-3105=1 ## Package List: * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * php-composer2-2.6.4-150600.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * php-composer2-2.6.4-150600.3.12.1 * Web and Scripting Module 15-SP7 (noarch) * php-composer2-2.6.4-150600.3.12.1 * openSUSE Leap 15.6 (noarch) * php-composer2-2.6.4-150600.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2024-35241.html * https://www.suse.com/security/cve/CVE-2024-35242.html * https://www.suse.com/security/cve/CVE-2025-67746.html * https://www.suse.com/security/cve/CVE-2026-40176.html * https://www.suse.com/security/cve/CVE-2026-40261.html * https://www.suse.com/security/cve/CVE-2026-45793.html * https://www.suse.com/security/cve/CVE-2026-59946.html * https://www.suse.com/security/cve/CVE-2026-59947.html * https://www.suse.com/security/cve/CVE-2026-59948.html * https://bugzilla.suse.com/show_bug.cgi?id=1271122 * https://bugzilla.suse.com/show_bug.cgi?id=1271129 * https://bugzilla.suse.com/show_bug.cgi?id=1271151 * https://bugzilla.suse.com/show_bug.cgi?id=1271504 . OpenSUSE has released important updates for php-composer2 addressing multiple vulnerabilities in the software package.. php composer update, opensuse security, important updates, package vulnerabilities. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for mariadb-connector-c Announcement ID: SUSE-SU-2026:3110-1 Release Date: 2026-07-17T14:15:40Z Rating: important References: * bsc#1266438 Cross-References: * CVE-2026-44172 CVSS scores: * CVE-2026-44172 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-44172 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-44172 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-44172 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for mariadb-connector-c fixes the following issue: * CVE-2026-44172: mysql_real_escape_string() incorrectly handled big5 (bsc#1266438). Changes for mariadb-connector-c: * Update to 3.1.28. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-3110=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-3110=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3110=1 * SUSE LinuxEnterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3110=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-3110=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libmariadb_plugins-debuginfo-3.1.28-150600.18.3.1 * libmariadb3-debuginfo-3.1.28-150600.18.3.1 * libmariadb-devel-3.1.28-150600.18.3.1 * libmariadb-devel-debuginfo-3.1.28-150600.18.3.1 * libmariadb3-3.1.28-150600.18.3.1 * libmariadb_plugins-3.1.28-150600.18.3.1 * mariadb-connector-c-debugsource-3.1.28-150600.18.3.1 * libmariadbprivate-3.1.28-150600.18.3.1 * libmariadbprivate-debuginfo-3.1.28-150600.18.3.1 * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * libmariadb_plugins-debuginfo-3.1.28-150600.18.3.1 * libmariadb3-debuginfo-3.1.28-150600.18.3.1 * libmariadb-devel-3.1.28-150600.18.3.1 * libmariadb3-3.1.28-150600.18.3.1 * libmariadb-devel-debuginfo-3.1.28-150600.18.3.1 * libmariadb_plugins-3.1.28-150600.18.3.1 * mariadb-connector-c-debugsource-3.1.28-150600.18.3.1 * libmariadbprivate-3.1.28-150600.18.3.1 * libmariadbprivate-debuginfo-3.1.28-150600.18.3.1 * openSUSE Leap 15.6 (x86_64) * libmariadb3-32bit-3.1.28-150600.18.3.1 * libmariadb3-32bit-debuginfo-3.1.28-150600.18.3.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libmariadb3-64bit-debuginfo-3.1.28-150600.18.3.1 * libmariadb3-64bit-3.1.28-150600.18.3.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libmariadb_plugins-debuginfo-3.1.28-150600.18.3.1 * libmariadb3-debuginfo-3.1.28-150600.18.3.1 * libmariadb-devel-3.1.28-150600.18.3.1 * libmariadb3-3.1.28-150600.18.3.1 * libmariadb-devel-debuginfo-3.1.28-150600.18.3.1 * libmariadb_plugins-3.1.28-150600.18.3.1 * mariadb-connector-c-debugsource-3.1.28-150600.18.3.1 * libmariadbprivate-3.1.28-150600.18.3.1 * libmariadbprivate-debuginfo-3.1.28-150600.18.3.1 * Basesystem Module15-SP7 (aarch64 ppc64le s390x x86_64) * libmariadb3-debuginfo-3.1.28-150600.18.3.1 * libmariadb3-3.1.28-150600.18.3.1 * mariadb-connector-c-debugsource-3.1.28-150600.18.3.1 * libmariadbprivate-3.1.28-150600.18.3.1 * libmariadbprivate-debuginfo-3.1.28-150600.18.3.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libmariadb_plugins-debuginfo-3.1.28-150600.18.3.1 * libmariadb-devel-3.1.28-150600.18.3.1 * libmariadb-devel-debuginfo-3.1.28-150600.18.3.1 * libmariadb_plugins-3.1.28-150600.18.3.1 * mariadb-connector-c-debugsource-3.1.28-150600.18.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-44172.html * https://bugzilla.suse.com/show_bug.cgi?id=1266438 . Update for mariadb-connector-c addresses CVE-2026-44172 in openSUSE systems with important significance.. MariaDB Connector, openSUSE security, important updates. . Severity: Important. LinuxSecurity.com Team
Update to 150.0.7871.124 * CVE-2026-15764: Use after free in Ozone * CVE-2026-15765: Use after free in Ozone * CVE-2026-15766: Uninitialized Use in Skia * CVE-2026-15767: Heap buffer overflow in libyuv. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-32e3e23696 2026-07-18 00:27:50.464608+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 43 Version : 150.0.7871.124 Release : 1.fc43 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 150.0.7871.124 * CVE-2026-15764: Use after free in Ozone * CVE-2026-15765: Use after free in Ozone * CVE-2026-15766: Uninitialized Use in Skia * CVE-2026-15767: Heap buffer overflow in libyuv * CVE-2026-15768: Insufficient policy enforcement in HTML-in-Canvas * CVE-2026-15769: Insufficient validation of untrusted input in Linux Toolkit Theming * CVE-2026-15770: Uninitialized Use in V8 * CVE-2026-15771: Insufficient validation of untrusted input in Media * CVE-2026-15772: Use after free in GPU * CVE-2026-15773: Use after free in Core * CVE-2026-15774: Use after free in Skia * CVE-2026-15775: Insufficient policy enforcement in V8 * CVE-2026-15776: Type Confusion in V8 * CVE-2026-15777: Use after free in UI * CVE-2026-15778: Insufficient validation of untrusted input in Navigation -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 15 2026 Than Ngo - 150.0.7871.124-1 - Update to 150.0.7871.124 * CVE-2026-15764: Use after free in Ozone * CVE-2026-15765: Use after free in Ozone * CVE-2026-15766: Uninitialized Use in Skia *CVE-2026-15767: Heap buffer overflow in libyuv * CVE-2026-15768: Insufficient policy enforcement in HTML-in-Canvas * CVE-2026-15769: Insufficient validation of untrusted input in Linux Toolkit Theming * CVE-2026-15770: Uninitialized Use in V8 * CVE-2026-15771: Insufficient validation of untrusted input in Media * CVE-2026-15772: Use after free in GPU * CVE-2026-15773: Use after free in Core * CVE-2026-15774: Use after free in Skia * CVE-2026-15775: Insufficient policy enforcement in V8 * CVE-2026-15776: Type Confusion in V8 * CVE-2026-15777: Use after free in UI * CVE-2026-15778: Insufficient validation of untrusted input in Navigation - Backport patches to improve auto darkmode -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-32e3e23696' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to 1.12.1 Update to 1.12.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-5924722657 2026-07-18 00:27:50.464606+00:00 -------------------------------------------------------------------------------- Name : node-exporter Product : Fedora 43 Version : 1.12.1 Release : 1.fc43 URL : https://github.com/prometheus/node_exporter Summary : Exporter for machine metrics Description : Prometheus exporter for hardware and OS metrics exposed by *NIX kernels, written in Go with pluggable metric collectors. -------------------------------------------------------------------------------- Update Information: Update to 1.12.1 Update to 1.12.0 -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 14 2026 Packit - 1.12.1-1 - Update to 1.12.1 upstream release - Resolves: rhbz#2500038 * Sat Jul 11 2026 Mikel Olasagasti Uranga - 1.12.0-1 - Update to 1.12.0 - Closes rhbz#2499355 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494365 - CVE-2026-27145 node-exporter: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494365 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-5924722657' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to 4.53.3. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-990cdd8329 2026-07-18 00:27:50.464596+00:00 -------------------------------------------------------------------------------- Name : yq Product : Fedora 43 Version : 4.53.3 Release : 1.fc43 URL : https://github.com/mikefarah/yq Summary : Yq is a portable command-line YAML, JSON, XML, CSV, TOML, HCL and properties processor Description : Yq is a portable command-line YAML, JSON, XML, CSV, TOML, HCL and properties processor. -------------------------------------------------------------------------------- Update Information: Update to 4.53.3 -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 14 2026 Mikel Olasagasti Uranga - 4.53.3-1 - Update to 4.53.3 and add packit integration * Tue Feb 3 2026 Maxwell G - 4.47.1-5 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 * Sat Jan 17 2026 Fedora Release Engineering - 4.47.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Oct 10 2025 Alejandro Sáez - 4.47.1-3 - rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2495328 - CVE-2026-25681 yq: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2495328 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-990cdd8329' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update for Fedora 43 addresses important security issue in yq, fixing potential cross-site scripting vulnerabilities.. fedora update,yq security,arbitrary code execution,yq bug fix,cross-site scripting. . Severity: Important. LinuxSecurity.com Team
Fix Go version requirement for F43 build compatibility. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-77f23c0bc4 2026-07-18 00:27:50.464594+00:00 -------------------------------------------------------------------------------- Name : spoofdpi Product : Fedora 43 Version : 1.5.3 Release : 2.fc43 URL : https://github.com/xvzc/SpoofDPI Summary : Simple and fast anti-censorship tool written in Go Description : Simple and fast anti-censorship tool written in Go. -------------------------------------------------------------------------------- Update Information: Fix Go version requirement for F43 build compatibility -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 14 2026 Emir Akdag - 1.5.3-2 - Fix Go version requirement for F43 build compatibility * Tue Jul 14 2026 Emir Akdag - 1.5.3-1 - Update spoofdpi to 1.5.3 - Update to 1.5.3 to fix CVE-2026-27145 - Add missing license for go-localereader - Fix build directory case sensitivity issue - Resolves: rhbz#2494220, rhbz#2494389 * Tue Feb 3 2026 Maxwell G - 1.2.1-3 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 * Sat Jan 17 2026 Fedora Release Engineering - 1.2.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-77f23c0bc4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.