SUSE alert openSUSE-SU-2026:0060-1 (openQA, openQA-devel-container, os-autoinst)
| From: | maintenance@opensuse.org | |
| To: | security-announce@lists.opensuse.org | |
| Subject: | openSUSE-SU-2026:0060-1: moderate: Security update for openQA, openQA-devel-container, os-autoinst | |
| Date: | Tue, 24 Feb 2026 15:06:14 +0100 | |
| Message-ID: | <20260224140614.5C194FD85@maintenance.suse.de> | |
| Archive-link: | Article |
openSUSE Security Update: Security update for openQA, openQA-devel-container, os-autoinst ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0060-1 Rating: moderate References: #1257852 Cross-References: CVE-2026-25547 CVSS scores: CVE-2026-25547 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openQA, openQA-devel-container, os-autoinst fixes the following issues: Changes in openQA: - Update to version 5.1771422749.560a3b26: * fix(mcp): set navbar check expression to read-only * feat: support inverted result filters in /tests/overview * fix(test): Enable helm install-chart test again * git subrepo pull (merge) --force external/os-autoinst-common * feat: Make allowed hosts for SCENARIO_DEFINITIONS_YAML_FILE configurable * test: Consider everything under `lib/OpenQA/Shared/` covered * fix: Provide specific error message if job was removed `enqueue_…_track` * refactor: Remove useless error message in `enqueue_and_keep_track` * test: Cover case of successful executing in `enqueue_and_keep_track` * refactor: Simplify error handling of `enqueue_and_keep_track` * test: Cover error handling of `enqueue_and_keep_track` * test: Consider shared session controller fully covered * refactor: Avoid duplications in sessions controller * refactor: Use signatures in session controller code * test: Cover error handling in case of a bad CRSF token * test: Cover test route for session * fix(worker): reject jobs explicitly when worker is stopping * feat: Remove workaround for codecov and gpg * feat: Switch to Leap 16 in Helm charts * feat: Switch to Leap 16.0 in openqa_data container * feat: Replace all Leap 15.6 with 16.0 in docs and scripts * test: Cover showing special image when backend has terminated * fix: Use new apachectl command * Update openQA containers to Leap 16.0 * test: Extend tests for controller handling live view * refactor: Move throttling into its own function * feat(throttling): throttle jobs resources based on parameters size * refactor: Avoid repeated use of `$t->app->minion` in gru tasks tests * feat: Allow archiving jobs with infinite important storage durations * feat: Flag jobs without results as archived for consistency * feat: Remove one corner case preventing jobs from being archived - Update to version 5.1770718745.ce2072d3: * feat(ui): use clickable test overview summary counts for quick filtering * build(Makefile): fix uninterruptable tests * docs: Mention caveats of `…_cleanup_max_free_percentage` setting * test(25-cache-service): fix race conditions * test(ui/21-admin-needles): properly wait for modal dialog and deletion * test(ui/13-admin): properly wait for API key deletion * test(40-openqa-clone-job): properly isolate from system config * test(15-asset): bump timeout to current runtime * chore: fix CVE-2026-25547 (boo#1257852) by overriding minimatch * build(deps-dev): bump @eslint from 9.36.0 to 9.38.0 * fix(eslint): correct style to be eslint-9.38 compliant * build(deps-dev): bump @eslint-community/regexpp from 4.12.1 to 4.12.2 * build(deps-dev): bump @eslint/config-array from 0.21.0 to 0.21.1 * build(deps-dev): bump @eslint/object-schema from 2.1.6 to 2.1.7 * refactor: Improve variable names in function to determine expired jobs * test: Improve name of subtest for archiving * test: Verify that archiving works regardless of logs/results present * Dependency cron 2026-02-06 * Bump js-yaml from 4.1.0 to 4.1.1 * build(deps): bump ace-builds from 1.43.3 to 1.43.4 - Update to version 5.1770308102.12dfd0e4: * fix: Configure sudoers correctly in Leap 16 * Also use devel:openQA/16.0 in dependency bot workflow * test: Consider all controller code covered * refactor: Remove unused "group connect" endpoints * test: Cover `openqa_jobs_by_worker` field of InfluxDB endpoint * test: Cover all cases of search of audit log table * refactor: Simplify function to render audit log index page * test: Add test for `eventid` parameter of audit log page * test: Cover remaining lines of `Asset.pm` Changes in os-autoinst: - Update to version 5.1771353921.c8005c9: * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings - Update to version 5.1770715824.6a80a85: * style: Fix crop.py style issues * workaround: Remove "get_mempolicy" warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings * test: Allow running tests with `Test::Warnings<0.033` * test: Format test of `loadtestdir` in a more compact way - Update to version 5.1770127521.c249fe9: * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings * test: Allow running tests with `Test::Warnings<0.033` * test: Format test of `loadtestdir` in a more compact way * test: Use `ENABLE_MODERN_PERL_FEATURES=1` in test suite * feat: Allow enabling strict/warnings/signatures globally * fix: Improve wrong comment about enablement of modern Perl features Changes in openQA-devel-container: - Update to version 5.1771422749.560a3b26b: * Update to latest openQA version Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2026-60=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 ppc64le s390x x86_64): openQA-5.1771422749.560a3b26-bp156.2.124.1 openQA-auto-update-5.1771422749.560a3b26-bp156.2.124.1 openQA-bootstrap-5.1771422749.560a3b26-bp156.2.124.1 openQA-client-5.1771422749.560a3b26-bp156.2.124.1 openQA-common-5.1771422749.560a3b26-bp156.2.124.1 openQA-continuous-update-5.1771422749.560a3b26-bp156.2.124.1 openQA-devel-5.1771422749.560a3b26-bp156.2.124.1 openQA-doc-5.1771422749.560a3b26-bp156.2.124.1 openQA-local-db-5.1771422749.560a3b26-bp156.2.124.1 openQA-mcp-5.1771422749.560a3b26-bp156.2.124.1 openQA-munin-5.1771422749.560a3b26-bp156.2.124.1 openQA-python-scripts-5.1771422749.560a3b26-bp156.2.124.1 openQA-single-instance-5.1771422749.560a3b26-bp156.2.124.1 openQA-single-instance-nginx-5.1771422749.560a3b26-bp156.2.124.1 openQA-worker-5.1771422749.560a3b26-bp156.2.124.1 os-autoinst-5.1771353921.c8005c9-bp156.2.93.1 os-autoinst-debuginfo-5.1771353921.c8005c9-bp156.2.93.1 os-autoinst-debugsource-5.1771353921.c8005c9-bp156.2.93.1 os-autoinst-devel-5.1771353921.c8005c9-bp156.2.93.1 os-autoinst-ipmi-deps-5.1771353921.c8005c9-bp156.2.93.1 os-autoinst-openvswitch-5.1771353921.c8005c9-bp156.2.93.1 os-autoinst-s390-deps-5.1771353921.c8005c9-bp156.2.93.1 os-autoinst-swtpm-5.1771353921.c8005c9-bp156.2.93.1 - openSUSE Backports SLE-15-SP6 (x86_64): os-autoinst-qemu-kvm-5.1771353921.c8005c9-bp156.2.93.1 os-autoinst-qemu-x86-5.1771353921.c8005c9-bp156.2.93.1 References: https://www.suse.com/security/cve/CVE-2026-25547.html https://bugzilla.suse.com/1257852