19.06.2026 12:45 This update fixes a command injection issue resulting from the use of the 2-argument form of open .
19.06.2026 12:45 Metric names and values are now validated to ensure they do not contain characters below ASCII 32 , colon or pipe characters that might allow metric injection. Offending calls now croak.
19.06.2026 12:45 Ongres Scram update and security fix.
19.06.2026 12:45 Update to 0.19.0
19.06.2026 12:45 CVE-2026-34253 - fix arbitrary code execution via buffer underflow
19.06.2026 12:45 Fixed CVE-2026-42496 - Path traversal via crafted symlinks allows arbitrary file access Backported from 3.08
19.06.2026 12:45 fix pam-guard-page test
19.06.2026 12:45 This update fixes a command injection issue resulting from the use of the 2-argument form of open .
19.06.2026 12:45 Changes: 6.17 2026-05-19 23:11:06Z Fix CVE-2026-8450 : 2-arg open in send_file enabled RCE / arbitrary file write / response-body exfiltration when a string argument was derived from attacker-
19.06.2026 12:45 Metric names and values are now validated to ensure they do not contain characters below ASCII 32 , colon or pipe characters that might allow metric injection. Offending calls now croak.
19.06.2026 12:45 upstream upgrade with security fixes: CVE-2026-53612 - libmount: TOCTOU attack via ancestor directory swap during mount CVE-2026-53613 - libmount: SUID bypass via LIBMOUNT_FORCE_MOUNT2 and legacy mount path
19.06.2026 12:45 Update to 0.19.0
19.06.2026 12:45 Upgrade to 4.4.2 upstream version.
19.06.2026 12:45 An update that solves two vulnerabilities can now be installed.
19.06.2026 12:45 # Security update for rootlesskit Announcement ID: SUSE-SU-2026:2451-1 Release Date: 2026-06-18T13:48:10Z Rating: important References:
