Stay Secure with the Latest Linux Advisories

security advisorymoderateupdate

openSUSE Leap 16.0 gleam Moderate Security Flaws 2026-21143-1

An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.. openSUSE security update: security update for gleam ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21143-1 Rating: moderate References: * bsc#1267396 * bsc#1267397 * bsc#1267398 Cross-References: * CVE-2026-32685 * CVE-2026-42795 * CVE-2026-43965 Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed. Description: This update for gleam fixes the following issues: Changes in gleam: - Update to 1.17.0: * Fixed security vulnerabilities: - Restrict custom documentation page `path` and `source` values so `gleam docs build` cannot escape the docs output directory or project root (bsc#1267396, CVE-2026-32685) - Restrict publication tarball creation so they cannot contain files from outside the project root (bsc#1267397, CVE-2026-42795) - Stricter deserialisation rules for files internal the build directory to reject corrupted data (bsc#1267398, CVE-2026-43965) * All features and bug fixes are extensively highlighted with examples in the upstream blog post at https://gleam.run/news/single-file-gleam-beam-programs-with-escript/ and changelog at https://github.com/gleam-lang/gleam/blob/v1.17.0/CHANGELOG.md some of the highlights include: - Various JavaScript code generation fixes and optimization - Various compiler error handling improvements - Ability to use the `todo` keyword in constants - Improved handling of Git monorepos during package management - Ability to create escripts from Gleam programs - Various language server improvements like reference highlighting, record hovering and code actions - Update to 1.16.0: * Changelog v1.16.0: https://gleam.run/news/javascript-source-maps/ - Update to 1.15.1: * Changelog v1.12.0:https://gleam.run/news/no-more-dependency-management-headaches/ * Changelog v1.13.0: https://gleam.run/news/formalising-external-apis/ * Changelog v1.14.0: https://gleam.run/news/the-happy-holidays-2025-release/ * Changelog v1.15.0: https://gleam.run/news/upgrading-hex-security/ - Replace deprecated "disabled" mode with "manual" in _service - Update to 1.11.0: * The displaying of internal types in HTML documentation has been improved * A warning is now emitted when the same module is imported multiple times into the same module with different aliases * Fixed a bug where a bit array segment matching on a floating point number would match with NaN or Infinity on the JavaScript target * https://github.com/gleam-lang/gleam/blob/v1.11.1/CHANGELOG.md - Update to 1.10.0: * Changelog: https://gleam.run/news/global-rename-and-find-references/ - skip unit tests that requires networking upon build - Update to 1.9.0: * Changelog: https://gleam.run/news/hello-echo-hello-git/ - Update to 1.8.1: * Fixed a metadata caching bug where accessors for opaque types could sometimes be used in other modules. (Louis Pilfold) * Changelog: https://gleam.run/news/gleam-gets-rename-variable/ - Update to 1.7.0: * Changelog: https://gleam.run/news/improved-performance-and-publishing/ - Update to 1.6.3: * Fixed a bug where Gleam would be unable to compile to BEAM bytecode on older versions of Erlang/OTP. (yoshi) - Update to 1.6.2: * Fixed a bug where patterns in use expressions would not be checked to ensure that they were exhaustive. (Surya Rose) - Update to 1.6.1: * fix update use_manifest logic (Jason Sipula) * 1.6.0 Changelog: https://gleam.run/news/context-aware-compilation/ Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-338=1 Package List: -openSUSE Leap 16.0: gleam-1.17.0-bp160.1.1 References: * https://www.suse.com/security/cve/CVE-2026-32685.html * https://www.suse.com/security/cve/CVE-2026-42795.html * https://www.suse.com/security/cve/CVE-2026-43965.html . Three bugs and vulnerabilities fixed in the latest openSUSE gleam update ensure stability and security in the system.. openSUSE,JAVA,gleam,security update,bug fixes. . Severity: moderate. LinuxSecurity.com Team

Jun 30, 2026 •moderate OpenSUSE