Linux Distros Unpatched Vulnerability : CVE-2026-44942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A path traversal in handling the path component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by...

CVE-2026-44942

A flaw was found in libzypp. This path traversal vulnerability, present in the handling of the "path" component within .repo files, could allow attackers to write content to directories outside of the intended zypp cache. This unauthorized writing of data can lead to a Denial of Service DoS by...

CVE-2026-44942

A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content...

UBUNTU-CVE-2026-44942

A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content...

EUVD-2026-37871

A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content...

CVE-2026-44942

CVE-2026-44942 affects libzypp: a path traversal in handling the "path" component of .repo files could allow writing outside the zypp cache. The issue affects the 17.x series (before 17.38.13) and before 16.22.19. OpenSUSE Tumbleweed/ SUSE advisories indicate this vulnerability is fixed in libzyp...

CVE-2026-44942 libzypp .repo files can have an optional path which can lead to path traversal attacks

A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content...

libzypp-17.38.13-1.1 on GA media (moderate)

libzypp-17.38.13-1.1 on GA media Announcement ID: openSUSE-SU-2026:10984-1 Rating: moderate Cross-References: CVE-2026-44941 CVE-2026-44942 CVSS scores: CVE-2026-44941 SUSE : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2026-44941 SUSE : 7.5...

SUSE-SU-2026:22064-1 Security update for libzypp

This update for libzypp fixes the following issue Update to 17.38.13 35: - CVE-2026-44942: .repo files can have an optional path which can lead to path traversal attacks bsc1267874...

SUSE-SU-2026:22073-1 Security update for libzypp

This update for libzypp fixes the following issues Version 17.38.13 35: - CVE-2026-44941: path traversal via "keyhint" bsc1267426. - CVE-2026-44942: .repo files can have an optional path which can lead to path traversal attacks bsc1267874...

PT-2026-48598

Name of the Vulnerable Software and Affected Versions libzypp versions prior to 17.38.13 Description An issue exists where .repo files can contain an optional path that may lead to path traversal attacks. Path traversal is a technique that allows an attacker to access files and directories that a...

OPENSUSE-SU-2026:10984-1 libzypp-17.38.13-1.1 on GA media

These are all security issues fixed in the libzypp-17.38.13-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE-SU-2026:22062-1 Security update for libzypp

This update for libzypp fixes the following issue Version 17.38.12 35: - CVE-2026-44941: path traversal via "keyhint" bsc1267426...

PT-2026-48597

Name of the Vulnerable Software and Affected Versions libzypp versions prior to 17.38.13-1.1 Description An issue exists allowing path traversal via the keyhint variable. Recommendations Update to version 17.38.13-1.1...

SUSE-SU-2026:21988-1 Security update for libzypp, libsolv

This update for libzypp, libsolv fixes the following issues: libsolv was updated to 0.7.39: - fix solvchksumfree segfault when called with a NULL pointer - made repoaddsolv more robust against corrupt files bsc1265935 CVE-2026-9149 - fix potential buffer overflow when verifying EdDSA signatures...

SUSE-SU-2026:21992-1 Security update for libzypp, libsolv

This update for libzypp, libsolv fixes the following issues: libsolv was updated to 0.7.39. - fix solvchksumfree segfault when called with a NULL pointer - made repoaddsolv more robust against corrupt files bsc1265935 CVE-2026-9149 - fix potential buffer overflow when verifying EdDSA signatures...

libzypp-17.38.10-1.1 on GA media (moderate)

libzypp-17.38.10-1.1 on GA media Announcement ID: openSUSE-SU-2026:10896-1 Rating: moderate Cross-References: CVE-2026-25707 CVSS scores: CVE-2026-25707 SUSE : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now b...

PT-2026-45144

This update for libsolv, libzypp, zypper fixes the following issues - CVE-2026-9149: Heap buffer overflow in libsolv repo add solv via negative maxsize from crafted .solv file bsc1265935. - CVE-2026-9150: Stack-based buffer overflow in libsolv's Debian metadata parser when handling SHA384/SHA512...

OPENSUSE-SU-2026:10896-1 libzypp-17.38.10-1.1 on GA media

These are all security issues fixed in the libzypp-17.38.10-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE-SU-2026:21786-1 Security update for libzypp

This update for libzypp fixes the following issue - CVE-2026-44933: scan of the Mandatory signature verification plugin support bsc1265223...