SUSE-CU-2026:4017-1: Security update of private-registry/harbor-core

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Apr 16 07:05:39 UTC 2026 

SUSE Container Update Advisory: private-registry/harbor-core
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:4017-1
Container Tags        : private-registry/harbor-core:1.1.2 , private-registry/harbor-core:1.1.2-2.16 , private-registry/harbor-core:latest
Container Release     : 2.16
Severity              : important
Type                  : security
References            : 1260441 1260442 1260443 1260444 1260445 1261678 CVE-2026-28387
                        CVE-2026-28388 CVE-2026-28389 CVE-2026-28390 CVE-2026-31789 CVE-2026-31790
-----------------------------------------------------------------

The container private-registry/harbor-core was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1375-1
Released:    Wed Apr 15 19:25:40 2026
Summary:     Security update for openssl-3
Type:        security
Severity:    important
References:  1260441,1260442,1260443,1260444,1260445,1261678,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-28390,CVE-2026-31789,CVE-2026-31790
This update for openssl-3 fixes the following issues:

Security issues fixed:
    
- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
- CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).
- CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with
  KeyTransportRecipientInfo (bsc#1261678).
    
Other updates and bugfixes:
 
- Enable MD2 in legacy provider (jsc#PED-15724).


The following package changes have been done:

- libopenssl3-3.2.3-150700.5.31.1 updated
- openssl-3-3.2.3-150700.5.31.1 updated
- system-user-harbor-2.14.3-150700.1.9 updated
- harbor-core-2.14.3-150700.1.9 updated

More information about the sle-container-updates mailing list