SUSE-CU-2026:4460-1: Security update of suse/sles/16.0/toolbox
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Apr 23 08:13:49 UTC 2026
SUSE Container Update Advisory: suse/sles/16.0/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:4460-1
Container Tags : suse/sles/16.0/toolbox:16.3 , suse/sles/16.0/toolbox:16.3-1.63 , suse/sles/16.0/toolbox:latest
Container Release : 1.63
Severity : important
Type : security
References : 1261420 1261809 CVE-2026-35535 CVE-2026-4878
-----------------------------------------------------------------
The container suse/sles/16.0/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 616
Released: Wed Apr 22 11:56:41 2026
Summary: Security update for sudo
Type: security
Severity: important
References: 1261420,CVE-2026-35535
This update for sudo fixes the following issues:
- CVE-2026-35535: unhandled failure of `setuid`, `setgid` or `setgroups` calls during a mailer privilege drop allows
for local privilege escalation (bsc#1261420).
-----------------------------------------------------------------
Advisory ID: 625
Released: Wed Apr 22 12:22:37 2026
Summary: Security update for libcap
Type: security
Severity: important
References: 1261809,CVE-2026-4878
This update for libcap fixes the following issues:
- CVE-2026-4878: local privilege escalation through file capability injection due to TOCTOU race condition in
`cap_set_file()` (bsc#1261809).
The following package changes have been done:
- libcap-progs-2.73-160000.3.1 updated
- libcap2-2.73-160000.3.1 updated
- sudo-1.9.17p1-160000.3.1 updated
More information about the sle-container-updates
mailing list