SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2096

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2096

Security update for yq

Type: security

Severity: important

Issued: 2026-05-27

Description:

This update for yq fixes the following issues

- CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during
  DOM construction (bsc#1241719).
- CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents
  (bsc#1251339).
- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially
  crafted input (bsc#1251540).
- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
  (bsc#1266248).

Changes for yq:

- update to v4.53.2

References

CVE: CVE-2026-33814
CVE: CVE-2025-58190
CVE: CVE-2025-47911
CVE: CVE-2025-22872
Bugzilla: 1266248 VUL-0: CVE-2026-33814: yq: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
Bugzilla: 1251540 VUL-0: CVE-2025-58190: yq: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input
Bugzilla: 1251339 VUL-0: CVE-2025-47911: yq: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents
Bugzilla: 1241719 VUL-0: CVE-2025-22872: yq: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction

Packages

yq-4.53.2-150500.3.6.1