Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves 10 vulnerabilities and has 9 bug fixes can now be installed.. openSUSE security update: security update for python-mistune ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21339-1 Rating: moderate References: * bsc#1271082 * bsc#1271117 * bsc#1271119 * bsc#1271121 * bsc#1271125 * bsc#1271127 * bsc#1271128 * bsc#1271131 * bsc#1271132 Cross-References: * CVE-2026-44896 * CVE-2026-59922 * CVE-2026-59923 * CVE-2026-59924 * CVE-2026-59925 * CVE-2026-59926 * CVE-2026-59927 * CVE-2026-59928 * CVE-2026-59929 * CVE-2026-59930 CVSS scores: * CVE-2026-44896 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-44896 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-59922 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-59922 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-59923 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-59923 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-59924 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-59924 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-59925 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-59925 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-59926 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-59926 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-59927 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-59927 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-59928 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-59928 ( SUSE ): 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-59929 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-59930 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 10 vulnerabilities and has 9 bug fixes can now be installed. Description: This update for python-mistune fixes the following issues - CVE-2026-59922: quadratic-time parsing on long runs of some markers in `formatting.py` can lead to DoS (bsc#1271117). - CVE-2026-59923: `HTMLRenderer.safe_url()` does not block percent-encoded javascript URIs and allows for XSS (bsc#1271119). - CVE-2026-59924: improper processing of user-supplied include paths in `Include.parse()` can lead to path traversal and arbitrary file reads (bsc#1271121). - CVE-2026-59925: quadratic-time parsing on long runs of some emphasis pairs in `inline_parser` can lead to DoS (bsc#1271125). - CVE-2026-59926: improper escaping in `render_admonition()` can lead to atribute injection and XSS (bsc#1271127). - CVE-2026-59927: uncontrolled recursion when processing two markdown files that include each other can lead to a DoS (bsc#1271128). - CVE-2026-59928: quadratic-time parsing on long lists of repeated reference-link definitions in `block_parser` can lead to DoS (bsc#1271131). - CVE-2026-59929: HARMFUL_PROTOCOLS list misses legacy and chained schemes and allow arbitrary script execution in user agents (bsc#1271132). - CVE-2026-59930: the `toc` plugin and `TableOfContents` directive generate heading IDs with predictable values and allow for collisions with attacker-controlled `id="toc_N"` content (bsc#1271082). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patchopenSUSE-Leap-16.0-1243=1 Package List: - openSUSE Leap 16.0: python313-mistune-3.1.3-160000.5.1 References: * https://www.suse.com/security/cve/CVE-2026-44896.html * https://www.suse.com/security/cve/CVE-2026-59922.html * https://www.suse.com/security/cve/CVE-2026-59923.html * https://www.suse.com/security/cve/CVE-2026-59924.html * https://www.suse.com/security/cve/CVE-2026-59925.html * https://www.suse.com/security/cve/CVE-2026-59926.html * https://www.suse.com/security/cve/CVE-2026-59927.html * https://www.suse.com/security/cve/CVE-2026-59928.html * https://www.suse.com/security/cve/CVE-2026-59929.html * https://www.suse.com/security/cve/CVE-2026-59930.html . Update for python-mistune resolves 10 issues and includes critical fixes for DoS and XSS vulnerabilities.. openSUSE security, python-mistune update, DoS mitigation, XSS prevention. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.