An update that solves one vulnerability and has 2 bug fixes can now be installed.. openSUSE security update: security update for papers ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21106-1 Rating: important References: * bsc#1261947 * bsc#1265880 Cross-References: * CVE-2026-46529 CVSS scores: * CVE-2026-46529 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-46529 ( SUSE ): 7.5 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has 2 bug fixes can now be installed. Description: This update for papers fixes the following issues Security issue: - CVE-2026-46529: command injection (bsc#1265880). Changes for papers: - Update to version 48.10 (bsc#1265880): - Update to version 48.9 (jsc#PED-15957, bsc#1261947): - Bug fixes: - Saved image files are empty - Print dialog says "Manage Custom Sizes" for Paper Size every time - libview: Correct zoom in odd left dual page mode - Scrolling in presentation mode skips pages + Changes in version 48.8: + Bug fixes: - Ctrl+F sometimes does not focus search box when query is blank - Page number is not in the center of the number box - Keyboard input unresponsive in presentation mode, unable to exit with Esc - help: Update icon + Changes in version 48.7: - Fixes for the nautilus plugin filename encodings - shell: Fix signing when the rectangle is too small - libdocument: fix weak page references - shell: Fix opening PDFs from GVFS mounts like Google Drive + Changes in version 48.6: + Bug fixed: - Fix various memory leak - Fix several focus issues - Remove trailing new lines from section names - Migrate to xz compression and manual service run - Update to version 48.5: + Bugs fixed: - Preview for a link doesn't work more than once - Link preview triggers even after the cursor leaves the link - shell: fix a translation issue in printing - libview/pps-view: Ignore the scroll offset when drawing the sign area - Selection performance - libview: deal with large pages - shell: Make sure that all child widgets of PpsView are removed when closing document - Caret selection doesn't cover more than one character + Updated translations. - Update to version 48.4: - shell: Enable digital signing action when document supports - Documentation still mentions possibility of saving the settings - Launch target file - shell: Fix signature banner title - Slideshow presentation is blurry - libview/pps-view: Do not replace the sign cursor on drag-less movements - Saved annotation timestamps tooltips are shown using UTC time in 12-hours format - Update to version 48.3: - shell: disable dual-odd-left action when dual mode is disabled. - libview: Rerender annotation when the icon property is updated - shell: Display the filename if the document title is only whitespace Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-971=1 Package List: - openSUSE Leap 16.0: libppsdocument4_0-5-48.10-160000.1.1 libppsview4_0-4-48.10-160000.1.1 nautilus-extension-papers-48.10-160000.1.1 papers-48.10-160000.1.1 papers-devel-48.10-160000.1.1 papers-lang-48.10-160000.1.1 papers-plugin-comicsdocument-48.10-160000.1.1 papers-plugin-djvudocument-48.10-160000.1.1 papers-plugin-pdfdocument-48.10-160000.1.1 papers-plugin-tiffdocument-48.10-160000.1.1 typelib-1_0-PapersDocument-4_0-48.10-160000.1.1 typelib-1_0-PapersView-4_0-48.10-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2026-46529.html . This update addresses a command injection issue in Papers for openSUSE Leap 16.0, improving overall system security.. openSUSE security, commandinjection, update patches. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.