Stay Secure with the Latest Linux Advisories

security advisoryarbitrary code executionimportant

openSUSE yt-dlp Important Cookie Leakage Code Execution 2026-21163-1

An update that solves 3 vulnerabilities can now be installed.. openSUSE security update: security update for yt-dlp ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21163-1 Rating: important Cross-References: * CVE-2026-50019 * CVE-2026-50023 * CVE-2026-50574 Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 3 vulnerabilities can now be installed. Description: This update for yt-dlp fixes the following issues: Changes in yt-dlp: - Update to version 2026.06.09 * Fixed [CVE-2026-50019]: File Downloader cookie leak with curl * Fixed [CVE-2026-50023]: Dangerous file type creation via insufficient filename sanitization * Fixed [CVE-2026-50574]: Arbitrary code execution via manifest downloads with aria2c * Added lockfile and pinned extras * Removed url, desktop and webloc from safe extensions * Extract supplemental codecs from DASH manifests * abematv: Extract subtitles * ard: Support new ardsounds domain * monstercat: Support older URLs * pornhub: Support browser impersonation * reddit: Fix unauthenticated extraction * rtp: Support multi-part episodes and --no-playlist * s4c: Extract more metadata * soop: Adapt extractors to new domain * soundcloud: Support --extractor-retries for original formats * twitch: Remove dead rechat subtitles * twitter: Fix view_count extraction * external: aria2c: Remove support for m3u8/dash protocols * ffmpegmetadata: Avoid erroneous ISO 639 conversions Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-358=1 Package List: - openSUSE Leap 16.0: python313-yt-dlp-2026.06.09-bp160.1.1 yt-dlp-2026.06.09-bp160.1.1 yt-dlp-youtube-dl-2026.06.09-bp160.1.1 References: * https://www.suse.com/security/cve/CVE-2026-50019.html * https://www.suse.com/security/cve/CVE-2026-50023.html * https://www.suse.com/security/cve/CVE-2026-50574.html . Update for yt-dlp addresses important vulnerabilities in openSUSE with installation instructions included.. yt-dlp security patch, openSUSE security update, vulnerability fix yt-dlp. . Severity: Important. LinuxSecurity.com Team

Jun 30, 2026 •Important OpenSUSE