SUSE-CU-2026:4104-1: Security update of suse/sle-micro/5.2/toolbox
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Apr 16 22:19:42 UTC 2026
SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:4104-1
Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.272 , suse/sle-micro/5.2/toolbox:latest
Container Release : 7.11.272
Severity : important
Type : security
References : 1259985 1261191 1261271 CVE-2026-33412 CVE-2026-34714 CVE-2026-34982
-----------------------------------------------------------------
The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1387-1
Released: Thu Apr 16 11:17:48 2026
Summary: Security update for vim
Type: security
Severity: important
References: 1259985,1261191,1261271,CVE-2026-33412,CVE-2026-34714,CVE-2026-34982
This update for vim fixes the following issues:
Update to version 9.2.0280.
- CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command
execution (bsc#1261271).
- CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and can lead to arbitrary OS command execution
(bsc#1261191).
- CVE-2026-33412: improper escaping of newline characters allows for command injection in `glob` and can lead to
arbitrary code execution (bsc#1259985).
The following package changes have been done:
- vim-data-common-9.2.0280-150000.5.89.1 updated
- vim-9.2.0280-150000.5.89.1 updated
More information about the sle-container-updates
mailing list