SUSE alert openSUSE-SU-2026:0098-1 (python-nltk)
| From: | maintenance@opensuse.org | |
| To: | security-announce@lists.opensuse.org | |
| Subject: | openSUSE-SU-2026:0098-1: important: Security update for python-nltk | |
| Date: | Fri, 27 Mar 2026 15:05:19 +0100 | |
| Message-ID: | <20260327140519.6DBCAFD1A@maintenance.suse.de> | |
| Archive-link: | Article |
openSUSE Security Update: Security update for python-nltk ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0098-1 Rating: important References: #1260066 #1260067 #1260068 Cross-References: CVE-2026-33230 CVE-2026-33231 CVE-2026-33236 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python-nltk fixes the following issues: - CVE-2026-33230: reflected cross-site scripting issue in the `lookup_...` route (boo#1260066) - CVE-2026-33231: unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode (boo#1260067) - CVE-2026-33236: Attackers can control a remote XML index server to provide malicious values containing path traversal sequences (boo#1260068) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-98=1 Package List: - openSUSE Backports SLE-15-SP7 (noarch): python3-nltk-3.7-bp157.3.9.1 References: https://www.suse.com/security/cve/CVE-2026-33230.html https://www.suse.com/security/cve/CVE-2026-33231.html https://www.suse.com/security/cve/CVE-2026-33236.html https://bugzilla.suse.com/1260066 https://bugzilla.suse.com/1260067 https://bugzilla.suse.com/1260068