Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves one vulnerability can now be installed.. # Security update for yelp Announcement ID: SUSE-SU-2026:3036-1 Release Date: 2026-07-15T11:44:33Z Rating: important References: * bsc#1269625 Cross-References: * CVE-2026-13601 CVSS scores: * CVE-2026-13601 ( SUSE ): 6.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2026-13601 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2026-13601 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2026-13601 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2026-13601 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for yelp fixes the following issue * CVE-2026-13601: overly permissive Content Security Policy allows host file disclosure via Flatpak applications (bsc#1269625). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-3036=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3036=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3036=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-3036=1 ## Package List: *SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * yelp-debugsource-42.2-150600.3.6.1 * libyelp0-42.2-150600.3.6.1 * yelp-devel-42.2-150600.3.6.1 * libyelp0-debuginfo-42.2-150600.3.6.1 * yelp-debuginfo-42.2-150600.3.6.1 * yelp-42.2-150600.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * yelp-lang-42.2-150600.3.6.1 * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * yelp-debugsource-42.2-150600.3.6.1 * libyelp0-42.2-150600.3.6.1 * yelp-devel-42.2-150600.3.6.1 * libyelp0-debuginfo-42.2-150600.3.6.1 * yelp-debuginfo-42.2-150600.3.6.1 * yelp-42.2-150600.3.6.1 * openSUSE Leap 15.6 (noarch) * yelp-lang-42.2-150600.3.6.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * yelp-debugsource-42.2-150600.3.6.1 * libyelp0-42.2-150600.3.6.1 * yelp-devel-42.2-150600.3.6.1 * libyelp0-debuginfo-42.2-150600.3.6.1 * yelp-debuginfo-42.2-150600.3.6.1 * yelp-42.2-150600.3.6.1 * Desktop Applications Module 15-SP7 (noarch) * yelp-lang-42.2-150600.3.6.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * yelp-debugsource-42.2-150600.3.6.1 * libyelp0-42.2-150600.3.6.1 * yelp-devel-42.2-150600.3.6.1 * libyelp0-debuginfo-42.2-150600.3.6.1 * yelp-debuginfo-42.2-150600.3.6.1 * yelp-42.2-150600.3.6.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * yelp-lang-42.2-150600.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-13601.html * https://bugzilla.suse.com/show_bug.cgi?id=1269625 . An essential security update for openSUSE's yelp addresses a significant file disclosure risk. Install it now.. openSUSE security file disclosure update yelp vulnerability. . Severity: Important. LinuxSecurity.com Team
Multiple security issues were discovered in LXD, a system container and virtual machine manager, which could result in file disclosure, information disclosure or or cross-site request forgery. For the oldstable distribution (bookworm), these problems have been fixed in version 5.0.2-5+deb12u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6028-1
Multiple security issues were discovered in Incus, a system container and virtual machine manager, which could result in file disclosure, information disclosure, privilege escalation or cross-site request forgery. For the stable distribution (trixie), these problems have been fixed in. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6027-1
Several security issues were fixed in rsync.. ========================================================================== Ubuntu Security Notice USN-7206-1 January 14, 2025 Several security issues were fixed in rsync ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in rsync. Software Description: - rsync: fast, versatile, remote (and local) file-copying tool Details: Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync did not properly handle checksum lengths. An attacker could use this issue to execute arbitrary code. (CVE-2024-12084) Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync compared checksums with uninitialized memory. An attacker could exploit this issue to leak sensitive information. (CVE-2024-12085) Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync incorrectly handled file checksums. A malicious server could use this to expose arbitrary client files. (CVE-2024-12086) Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync mishandled symlinks for some settings. An attacker could exploit this to write files outside the intended directory. (CVE-2024-12087) Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync failed to verify symbolic link destinations for some settings. An attacker could exploit this for path traversal attacks. (CVE-2024-12088) Aleksei Gorban discovered a race condition in rsync's handling of symbolic links. An attacker could use this to access sensitive information or escalate privileges. (CVE-2024-12747) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS rsync 3.2.7-1ubuntu1.1 Ubuntu 22.04 LTS rsync 3.2.7-0ubuntu0.22.04.3 Ubuntu 20.04 LTS rsync 3.1.3-8ubuntu0.8 Ubuntu 18.04 LTS rsync 3.1.2-2.1ubuntu1.6+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS rsync 3.1.1-3ubuntu1.3+esm3 Available with Ubuntu Pro Ubuntu 14.04 LTS rsync 3.1.0-2ubuntu0.4+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. After a standard system update you need to restart rsync daemons if configured to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7206-1 CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747 Package Information: https://launchpad.net/ubuntu/+source/rsync/3.2.7-1ubuntu1.1 https://launchpad.net/ubuntu/+source/rsync/3.2.7-0ubuntu0.22.04.3 https://launchpad.net/ubuntu/+source/rsync/3.1.3-8ubuntu0.8 . Security issues in rsync for Ubuntu fixed, addressing critical exploits across versions including code execution risks.. Ubuntu Security Update, Rsync Security Fixes, File-Copying Tool Vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3871-1
Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5756-1
Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5755-1
Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5754-1
Get the latest Linux and open source security news straight to your inbox.