Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
202
security advisorymoderatesecurity fixopenSUSE Backports SLE-15-SP6 openQA Moderate Security Fix CVE-2026-25547
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for openQA, openQA-devel-container, os-autoinst ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0060-1 Rating: moderate References: #1257852 Cross-References: CVE-2026-25547 CVSS scores: CVE-2026-25547 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openQA, openQA-devel-container, os-autoinst fixes the following issues: Changes in openQA: - Update to version 5.1771422749.560a3b26: * fix(mcp): set navbar check expression to read-only * feat: support inverted result filters in /tests/overview * fix(test): Enable helm install-chart test again * git subrepo pull (merge) --force external/os-autoinst-common * feat: Make allowed hosts for SCENARIO_DEFINITIONS_YAML_FILE configurable * test: Consider everything under `lib/OpenQA/Shared/` covered * fix: Provide specific error message if job was removed `enqueue_\u2026_track` * refactor: Remove useless error message in `enqueue_and_keep_track` * test: Cover case of successful executing in `enqueue_and_keep_track` * refactor: Simplify error handling of `enqueue_and_keep_track` * test: Cover error handling of `enqueue_and_keep_track` * test: Consider shared session controller fully covered * refactor: Avoid duplications in sessions controller * refactor: Use signatures in session controller code * test: Cover error handling in case of a bad CRSF token * test: Cover test route for session * fix(worker): reject jobs explicitly when worker is stopping * feat: Remove workaround for codecov and gpg *feat: Switch to Leap 16 in Helm charts * feat: Switch to Leap 16.0 in openqa_data container * feat: Replace all Leap 15.6 with 16.0 in docs and scripts * test: Cover showing special image when backend has terminated * fix: Use new apachectl command * Update openQA containers to Leap 16.0 * test: Extend tests for controller handling live view * refactor: Move throttling into its own function * feat(throttling): throttle jobs resources based on parameters size * refactor: Avoid repeated use of `$t-> app-> minion` in gru tasks tests * feat: Allow archiving jobs with infinite important storage durations * feat: Flag jobs without results as archived for consistency * feat: Remove one corner case preventing jobs from being archived - Update to version 5.1770718745.ce2072d3: * feat(ui): use clickable test overview summary counts for quick filtering * build(Makefile): fix uninterruptable tests * docs: Mention caveats of `\u2026_cleanup_max_free_percentage` setting * test(25-cache-service): fix race conditions * test(ui/21-admin-needles): properly wait for modal dialog and deletion * test(ui/13-admin): properly wait for API key deletion * test(40-openqa-clone-job): properly isolate from system config * test(15-asset): bump timeout to current runtime * chore: fix CVE-2026-25547 (boo#1257852) by overriding minimatch * build(deps-dev): bump @eslint from 9.36.0 to 9.38.0 * fix(eslint): correct style to be eslint-9.38 compliant * build(deps-dev): bump @eslint-community/regexpp from 4.12.1 to 4.12.2 * build(deps-dev): bump @eslint/config-array from 0.21.0 to 0.21.1 * build(deps-dev): bump @eslint/object-schema from 2.1.6 to 2.1.7 * refactor: Improve variable names in function to determine expired jobs * test: Improve name of subtest for archiving * test: Verify that archiving works regardless of logs/results present * Dependency cron 2026-02-06 * Bump js-yaml from4.1.0 to 4.1.1 * build(deps): bump ace-builds from 1.43.3 to 1.43.4 - Update to version 5.1770308102.12dfd0e4: * fix: Configure sudoers correctly in Leap 16 * Also use devel:openQA/16.0 in dependency bot workflow * test: Consider all controller code covered * refactor: Remove unused "group connect" endpoints * test: Cover `openqa_jobs_by_worker` field of InfluxDB endpoint * test: Cover all cases of search of audit log table * refactor: Simplify function to render audit log index page * test: Add test for `eventid` parameter of audit log page * test: Cover remaining lines of `Asset.pm` Changes in os-autoinst: - Update to version 5.1771353921.c8005c9: * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings - Update to version 5.1770715824.6a80a85: * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings * test: Allow running tests with `Test::Warnings
Feb 24, 2026
OpenSUSE
202
security advisorymoderatesecurity issueopenSUSE Tumbleweed openQA Update Advisory for CVE-2026-25547 Issues
An update that solves one vulnerability can now be installed.. # openQA-5.1770718745.ce2072d3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10168-1 Rating: moderate Cross-References: * CVE-2026-25547 CVSS scores: * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the openQA-5.1770718745.ce2072d3-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * openQA 5.1770718745.ce2072d3-1.1 * openQA-auto-update 5.1770718745.ce2072d3-1.1 * openQA-bootstrap 5.1770718745.ce2072d3-1.1 * openQA-client 5.1770718745.ce2072d3-1.1 * openQA-common 5.1770718745.ce2072d3-1.1 * openQA-continuous-update 5.1770718745.ce2072d3-1.1 * openQA-devel 5.1770718745.ce2072d3-1.1 * openQA-doc 5.1770718745.ce2072d3-1.1 * openQA-local-db 5.1770718745.ce2072d3-1.1 * openQA-mcp 5.1770718745.ce2072d3-1.1 * openQA-munin 5.1770718745.ce2072d3-1.1 * openQA-python-scripts 5.1770718745.ce2072d3-1.1 * openQA-single-instance 5.1770718745.ce2072d3-1.1 * openQA-single-instance-nginx 5.1770718745.ce2072d3-1.1 * openQA-worker 5.1770718745.ce2072d3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html . Update available for openQA on openSUSE Tumbleweed addressing a moderate severity security issue. Prompt installation recommended.. openSUSE security update, openQA application, moderate severity risks, software security advisory, openQA vulnerabilities. . LinuxSecurity.com Team
Feb 11, 2026
OpenSUSE
89
security advisoryfedoraJavascriptFedora 43 os-autoinst Update CVE-2025-13465 JavaScript Fix
This update provides new upstream snapshots of openQA and os-autoinst, with various fixes and enhancements. Please see upstream changelogs for details. They also address a CVE by updating a bundled javascript library, though we're fairly sure openQA didn't actually expose the vulnerability anyway.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-abd2d2d60c 2026-02-04 02:08:26.993109+00:00 -------------------------------------------------------------------------------- Name : os-autoinst Product : Fedora 43 Version : 5^20260123git72cabd0 Release : 1.fc43 URL : https://github.com/os-autoinst/os-autoinst Summary : OS-level test automation Description : The OS-autoinst project aims at providing a means to run fully automated tests. Especially to run tests of basic and low-level operating system components such as bootloader, kernel, installer and upgrade, which can not easily and safely be tested with other automated testing frameworks. However, it can just as well be used to test applications on top of a newly installed OS. -------------------------------------------------------------------------------- Update Information: This update provides new upstream snapshots of openQA and os-autoinst, with various fixes and enhancements. Please see upstream changelogs for details. They also address a CVE by updating a bundled javascript library, though we're fairly sure openQA didn't actually expose the vulnerability anyway. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 20 2026 Adam Williamson - 5^20260123git72cabd0-1 - Update to latest git, re-sync spec - Drop merged patches * Fri Jan 16 2026 Fedora Release Engineering - 5^20250707gitd55ec72-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Wed Dec 10 2025 Nicolas Chauvet - 5^20250707gitd55ec72-7 - Rebuilt forOpenCV-4.12 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2433034 - CVE-2025-13465 openqa: prototype pollution in _.unset and _.omit functions [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433034 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-abd2d2d60c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 04, 2026
•Important
Fedora
89
security advisoryfedoracriticalFedora 43 openQA Critical CVE-2025-13465 Prototype Pollution Advisory
This update provides new upstream snapshots of openQA and os-autoinst, with various fixes and enhancements. Please see upstream changelogs for details. They also address a CVE by updating a bundled javascript library, though we're fairly sure openQA didn't actually expose the vulnerability anyway.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-abd2d2d60c 2026-02-04 02:08:26.993109+00:00 -------------------------------------------------------------------------------- Name : openqa Product : Fedora 43 Version : 5^20260126git19189f0 Release : 1.fc43 URL : http://os-autoinst.github.io/openQA/ Summary : OS-level automated testing framework Description : openQA is a testing framework that allows you to test GUI applications on one hand and bootloader and kernel on the other. In both cases, it is difficult to script tests and verify the output. Output can be a popup window or it can be an error in early boot even before init is executed. openQA is an automated test tool that makes it possible to test the whole installation process of an operating system. It uses virtual machines to reproduce the process, check the output (both serial console and screen) in every step and send the necessary keystrokes and commands to proceed to the next. openQA can check whether the system can be installed, whether it works properly in 'live' mode, whether applications work or whether the system responds as expected to different installation options and commands. Even more importantly, openQA can run several combinations of tests for every revision of the operating system, reporting the errors detected for each combination of hardware configuration, installation options and variant of the operating system. -------------------------------------------------------------------------------- Update Information: This update provides new upstream snapshots of openQA and os-autoinst, with variousfixes and enhancements. Please see upstream changelogs for details. They also address a CVE by updating a bundled javascript library, though we're fairly sure openQA didn't actually expose the vulnerability anyway. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 26 2026 Adam Williamson - 5^20260126git19189f0-1 - Update to latest upstream git - Drop merged patches * Fri Jan 16 2026 Fedora Release Engineering - 5^20250711git28a0214-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2433034 - CVE-2025-13465 openqa: prototype pollution in _.unset and _.omit functions [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433034 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-abd2d2d60c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 04, 2026
•Critical
Fedora
89
security advisoryfedorabug fixFedora 30: FEDORA-2019-c404576415 Moderate: openQA Security Fixes
This update provides recent git snapshots of os-autoinst and openQA, with the usual slate of bug fixes and changes from upstream. Also, the AMQP plugin is now enabled, as the dependencies have been packaged into Fedora. The update also addresses some potential security issues.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-c404576415 2019-08-11 01:11:43.672603 --------------------------------------------------------------------------------Name : openqa Product : Fedora 30 Version : 4.6 Release : 18.20190716git5bfa647.fc30.2 URL : http://open.qa/ Summary : OS-level automated testing framework Description : openQA is a testing framework that allows you to test GUI applications on one hand and bootloader and kernel on the other. In both cases, it is difficult to script tests and verify the output. Output can be a popup window or it can be an error in early boot even before init is executed. openQA is an automated test tool that makes it possible to test the whole installation process of an operating system. It uses virtual machines to reproduce the process, check the output (both serial console and screen) in every step and send the necessary keystrokes and commands to proceed to the next. openQA can check whether the system can be installed, whether it works properly in 'live' mode, whether applications work or whether the system responds as expected to different installation options and commands. Even more importantly, openQA can run several combinations of tests for every revision of the operating system, reporting the errors detected for each combination of hardware configuration, installation options and variant of the operating system. --------------------------------------------------------------------------------Update Information: This update provides recent git snapshots of os-autoinst and openQA, with the usual slate of bug fixes and changes from upstream. Also, theAMQP plugin is now enabled, as the dependencies have been packaged into Fedora. The update also addresses some potential security issues. --------------------------------------------------------------------------------ChangeLog: * Thu Aug 1 2019 Adam Williamson - 4.6-18.20190716git5bfa647.fc30.2 - Backport PR #2232 (faster and safer markdown rendering) - Allow comments by users again (safe with PR #2232) * Wed Jul 31 2019 Adam Williamson - 4.6-18.20190716git5bfa647.fc30.1 - Only allow operators and admins to post comments (security issue) * Thu Jul 25 2019 Adam Williamson - 4.6-18.20190716git5bfa647 - Backport PR #2213 (fixes vulnerability to maliciously-formed API requests) - Backport PR #2217 (allow passing headers to publish_amqp) * Thu Jul 25 2019 Fedora Release Engineering - 4.6-17.20190716git5bfa647 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Tue Jul 16 2019 Adam Williamson - 4.6-16.20190716git5bfa647 - Update to latest git again, re-sync spec with upstream - Enable AMQP plugin now the dependencies are packaged - Backport some PRs to fix some test failures * Mon Jun 3 2019 Adam Williamson - 4.6-15.20190603git8a35385 - Update to latest git again - Fix update auto restart plugin for upstream changes * Fri May 24 2019 Adam Williamson - 4.6-14.20190522gitab91f31 - Update to latest git again - Drop merged patch --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-c404576415' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Aug 10, 2019
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!