SUSE-CU-2026:2272-1: Security update of suse/ltss/sle12.5/sles12sp5

Wed Apr 1 07:39:20 UTC 2026

SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:2272-1
Container Tags        : suse/ltss/sle12.5/sles12sp5:8.5.217 , suse/ltss/sle12.5/sles12sp5:latest
Container Release     : 8.5.217
Severity              : important
Type                  : security
References            : 1259711 1259726 1259729 CVE-2026-32776 CVE-2026-32777 CVE-2026-32778
-----------------------------------------------------------------

The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1159-1
Released:    Tue Mar 31 17:03:45 2026
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1259711,1259726,1259729,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778
This update for expat fixes the following issues:

- CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity
  declaration value (bsc#1259726).
- CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711).
- CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729).

The following package changes have been done:

- libexpat1-2.7.1-21.52.1 updated