openSUSE-SU-2026:20117-1

Опубликовано: 27 янв. 2026

Источник: suse-cvrf

Описание

Security update for cockpit-subscriptions

This update for cockpit-subscriptions fixes the following issues:

Update to version 12.1:

CVE-2025-64718: js-yaml: fixed prototype pollution in merge (bsc#1255425).

Список пакетов

openSUSE Leap 16.0

cockpit-subscriptions-12.1-160000.1.1

Ссылки

https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1255425
SUSE Bug 1255425
https://www.suse.com/security/cve/CVE-2025-64718/
SUSE CVE CVE-2025-64718 page

Описание

js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).

Затронутые продукты

openSUSE Leap 16.0:cockpit-subscriptions-12.1-160000.1.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-64718.html
CVE-2025-64718
https://bugzilla.suse.com/1255407
SUSE Bug 1255407

openSUSE-SU-2026:20117-1

Описание

Список пакетов

openSUSE Leap 16.0

Ссылки

Уязвимость: CVE-2025-64718

Описание

Затронутые продукты

Ссылки