SUSE-CU-2026:4029-1: Security update of private-registry/harbor-trivy-adapter

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Apr 16 07:10:25 UTC 2026 

SUSE Container Update Advisory: private-registry/harbor-trivy-adapter
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:4029-1
Container Tags        : private-registry/harbor-trivy-adapter:1.1.2 , private-registry/harbor-trivy-adapter:1.1.2-2.19 , private-registry/harbor-trivy-adapter:latest
Container Release     : 2.19
Severity              : important
Type                  : security
References            : 1259711 1259726 1259729 1260441 1260442 1260443 1260444 1260445
                        1261678 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390
                        CVE-2026-31789 CVE-2026-31790 CVE-2026-32776 CVE-2026-32777 CVE-2026-32778
-----------------------------------------------------------------

The container private-registry/harbor-trivy-adapter was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1352-1
Released:    Wed Apr 15 15:36:49 2026
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1259711,1259726,1259729,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778
This update for expat fixes the following issues:

- CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity
  declaration value (bsc#1259726).
- CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711).
- CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1375-1
Released:    Wed Apr 15 19:25:40 2026
Summary:     Security update for openssl-3
Type:        security
Severity:    important
References:  1260441,1260442,1260443,1260444,1260445,1261678,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-28390,CVE-2026-31789,CVE-2026-31790
This update for openssl-3 fixes the following issues:

Security issues fixed:
    
- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
- CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).
- CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with
  KeyTransportRecipientInfo (bsc#1261678).
    
Other updates and bugfixes:
 
- Enable MD2 in legacy provider (jsc#PED-15724).


The following package changes have been done:

- libexpat1-2.7.1-150700.3.12.1 updated
- libopenssl3-3.2.3-150700.5.31.1 updated
- openssl-3-3.2.3-150700.5.31.1 updated
- harbor-scanner-trivy-0.35.1-150700.1.4 updated
- system-user-harbor-2.14.3-150700.1.9 updated

More information about the sle-container-updates mailing list