Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
89
security advisoryfedoraimportantFedora 41: yq Important HTTP Proxy and Input Security Fixes 2025-d8a379a267
Add shell-completions Update to 4.47.1 and adopt go-vendor-tools. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-d8a379a267 2025-09-07 01:12:58.236453+00:00 -------------------------------------------------------------------------------- Name : yq Product : Fedora 41 Version : 4.47.1 Release : 2.fc41 URL : https://github.com/mikefarah/yq Summary : Yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor Description : Yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor. -------------------------------------------------------------------------------- Update Information: Add shell-completions Update to 4.47.1 and adopt go-vendor-tools -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 29 2025 Mikel Olasagasti Uranga - 4.47.1-2 - Add shell completions * Thu Aug 21 2025 Romain Geissler - 4.47.1-1 - Upgrade to upstream version 4.47.1 and use vendoring (rhbz#2282002). * Fri Aug 15 2025 Maxwell G - 4.43.1-7 - Rebuild for golang-1.25.0 * Fri Jul 25 2025 Fedora Release Engineering - 4.43.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2352349 - CVE-2025-22870 yq: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2352349 [ 2 ] Bug #2360619 - CVE-2025-22872 yq: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2360619 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-d8a379a267' at the command line. For more information,refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Sep 07, 2025
•Important
Fedora
89
security advisoryfedoraimportantFedora 42: yq Important Input Sanitation Issue Fix FEDORA-2025-99309ef35f
Add shell-completions Update to 4.47.1 and adopt go-vendor-tools. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-99309ef35f 2025-09-07 00:51:16.113251+00:00 -------------------------------------------------------------------------------- Name : yq Product : Fedora 42 Version : 4.47.1 Release : 2.fc42 URL : https://github.com/mikefarah/yq Summary : Yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor Description : Yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor. -------------------------------------------------------------------------------- Update Information: Add shell-completions Update to 4.47.1 and adopt go-vendor-tools -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 29 2025 Mikel Olasagasti Uranga - 4.47.1-2 - Add shell completions * Thu Aug 21 2025 Romain Geissler - 4.47.1-1 - Upgrade to upstream version 4.47.1 and use vendoring (rhbz#2282002). * Fri Aug 15 2025 Maxwell G - 4.43.1-7 - Rebuild for golang-1.25.0 * Fri Jul 25 2025 Fedora Release Engineering - 4.43.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2282002 - v4.44.1 of yq was released https://bugzilla.redhat.com/show_bug.cgi?id=2282002 [ 2 ] Bug #2360655 - CVE-2025-22872 yq: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2360655 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-99309ef35f' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Sep 07, 2025
•Important
Fedora
89
security advisoryupdateFedoraFedora 40: FEDORA-2025-93d6242840 moderate: yq security update
Rebuilt against golang-x-net 0.33.0 for CVE-2024-45338. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-93d6242840 2025-02-05 02:09:51.857910+00:00 -------------------------------------------------------------------------------- Name : yq Product : Fedora 40 Version : 4.43.1 Release : 5.fc40 URL : https://github.com/mikefarah/yq Summary : Yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor Description : Yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor. -------------------------------------------------------------------------------- Update Information: Rebuilt against golang-x-net 0.33.0 for CVE-2024-45338 -------------------------------------------------------------------------------- ChangeLog: * Sun Jan 26 2025 Michel Lind - 4.43.1-5 - Fix building with Go 1.24; Resolves: RHBZ#2341595 * Sun Jan 19 2025 Fedora Release Engineering - 4.43.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Sat Jul 20 2024 Fedora Release Engineering - 4.43.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2333241 - CVE-2024-45338 yq: Non-linear parsing of case-insensitive content in golang.org/x/net/html [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2333241 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-93d6242840' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 05, 2025
Fedora
89
security advisoryupdateFedoraFedora 41: FEDORA-2025-cd51e0177b moderate: yq command-line processor
Rebuilt against golang-x-net 0.33.0 for CVE-2024-45338. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-cd51e0177b 2025-02-04 01:14:03.353042+00:00 -------------------------------------------------------------------------------- Name : yq Product : Fedora 41 Version : 4.43.1 Release : 5.fc41 URL : https://github.com/mikefarah/yq Summary : Yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor Description : Yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor. -------------------------------------------------------------------------------- Update Information: Rebuilt against golang-x-net 0.33.0 for CVE-2024-45338 -------------------------------------------------------------------------------- ChangeLog: * Sun Jan 26 2025 Michel Lind - 4.43.1-5 - Fix building with Go 1.24; Resolves: RHBZ#2341595 * Sun Jan 19 2025 Fedora Release Engineering - 4.43.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2333265 - CVE-2024-45338 yq: Non-linear parsing of case-insensitive content in golang.org/x/net/html [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2333265 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-cd51e0177b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 04, 2025
Fedora
202
security advisorymoderateupdateopenSUSE Leap 15.5: SUSE-SU-2023:4001-1 Moderate: jq Release
This update for yq fixes the following issues: yq was updated to 4.35.2 (bsc#1215808):. # Security update for yq Announcement ID: SUSE-SU-2023:4000-1 Rating: moderate References: * #1215808 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that has one security fix can now be installed. ## Description: This update for yq fixes the following issues: yq was updated to 4.35.2 (bsc#1215808): * Fixed number parsing as float bug in JSON #1756 * Fixed string, null concatenation consistency #1712 * Fixed expression parsing issue #1711 Update to 4.35.1: * Added Lua output support * Added BSD checksum format Update to 4.34.1: * Added shell output format * Fixed nil pointer dereference Update to 4.33.3: * Fixed bug when splatting empty array #1613 * Added scalar output for TOML (#1617) * Fixed passing of read-only context in pipe (partial fix for #1631) Update to 4.33.2: * Add `--nul-output|-0` flag to separate element with NUL character (#1550) Thanks @vaab! * Add removable-media interface plug declaration to the snap packaging(#1618) Thanks @brlin-tw! * Scalar output now handled in csv, tsv and property files Update to 4.33.1: * Added read-only TOML support! #1364. Thanks @pelletier for making your API available in your toml lib :) * Added warning when auto detect by file type is outputs JSON Update to 4.32.2: * Fixes parsing terraform tfstate files results in "unknown" format * Added divide and modulo operators (#1593) * Add support for decoding base64 strings without padding * Add filter operation (#1588) - thanks @rbren! * Detect input format based on file name extension (#1582) * Auto output format when input formatis automatically detected * Fixed npe in log #1596 * Improved binary file size! Update to 4.31.2: * Fixed merged anchor reference problem #1482 * Fixed xml encoding of ProcInst #1563, improved XML comment handling * Allow build without json and xml support (#1556) Thanks Update to 4.31.1: * Added shuffle command #1503 * Added ability to sort by multiple fields #1541 * Added @sh encoder #1526 * Added @uri/@urid encoder/decoder #1529 * Fixed date comparison with string date #1537 * Added from_unix/to_unix Operators ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4000=1 SUSE-2023-4000=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4000=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * yq-4.35.2-150500.3.3.1 * yq-debuginfo-4.35.2-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * yq-bash-completion-4.35.2-150500.3.3.1 * yq-fish-completion-4.35.2-150500.3.3.1 * yq-zsh-completion-4.35.2-150500.3.3.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * yq-4.35.2-150500.3.3.1 * yq-debuginfo-4.35.2-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215808 . Minor security enhancement for zq focusing on numerous issues, with critical corrections and setup guidelines included.. SUSE Security Update,yq Update,openSUSE Advisory. . LinuxSecurity.com Team
Oct 06, 2023
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!