SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2285

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2285

Security update for yq

Type: security

Severity: important

Issued: 2026-06-05

Description:

This update for yq fixes the following issues:

- CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues
  when parsing HTML files (bsc#1267053).
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation
  bypass and privilege escalation (bsc#1267199).

References

CVE: CVE-2026-42506
CVE: CVE-2026-42502
CVE: CVE-2026-39821
CVE: CVE-2026-27136
CVE: CVE-2026-25681
CVE: CVE-2026-25680
Bugzilla: 1267199 VUL-0: CVE-2026-39821: yq: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation
Bugzilla: 1267053 VUL-0: CVE-2026-25680,CVE-2026-42502,CVE-2026-27136,CVE-2026-25681,CVE-2026-42506: yq: golang.org/x/net/html: multiple issues when parsing HTML files

Packages

yq-4.53.2-150500.3.9.1