SUSE-CU-2026:4468-1: Security update of suse/multi-linux-manager/5.1/x86_64/proxy-tftpd
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Apr 23 08:22:31 UTC 2026
SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/proxy-tftpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:4468-1
Container Tags : suse/multi-linux-manager/5.1/x86_64/proxy-tftpd:5.1.3 , suse/multi-linux-manager/5.1/x86_64/proxy-tftpd:5.1.3.8.16.1 , suse/multi-linux-manager/5.1/x86_64/proxy-tftpd:latest
Container Release : 8.16.1
Severity : important
Type : security
References : 1229003 1254670 1254867 1257029 1257031 1257041 1257042 1257044
1257046 1257144 1257181 1257463 1257496 1258002 1258311 1258319
1258392 1259619 1259711 1259726 1259729 1259803 1259825 1259829
1260078 1260082 1260441 1260441 1260442 1260442 1260443 1260443
1260444 1260444 1260445 1261678 1261678 1261809 CVE-2025-11468
CVE-2025-15282 CVE-2025-15366 CVE-2025-15367 CVE-2025-66471 CVE-2025-70873
CVE-2025-7709 CVE-2026-0672 CVE-2026-0865 CVE-2026-1299 CVE-2026-24515
CVE-2026-25210 CVE-2026-27171 CVE-2026-28387 CVE-2026-28387 CVE-2026-28388
CVE-2026-28388 CVE-2026-28389 CVE-2026-28389 CVE-2026-28390 CVE-2026-28390
CVE-2026-30922 CVE-2026-31789 CVE-2026-31789 CVE-2026-31790 CVE-2026-32776
CVE-2026-32777 CVE-2026-32778 CVE-2026-4437 CVE-2026-4438 CVE-2026-4878
-----------------------------------------------------------------
The container suse/multi-linux-manager/5.1/x86_64/proxy-tftpd was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:646-1
Released: Wed Feb 25 17:29:20 2026
Summary: Security update for expat
Type: security
Severity: moderate
References: 1257144,1257496,CVE-2026-24515,CVE-2026-25210
This update for expat fixes the following issues:
- CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144)
- CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:664-1
Released: Thu Feb 26 16:15:04 2026
Summary: Security update for python3
Type: security
Severity: important
References: 1257029,1257031,1257041,1257042,1257044,1257046,CVE-2025-11468,CVE-2025-15282,CVE-2025-15366,CVE-2025-15367,CVE-2026-0672,CVE-2026-0865
This update for python3 fixes the following issues:
- CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable
characters (bsc#1257029).
- CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel
(bsc#1257031).
- CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042).
- CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044).
- CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046).
- CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:783-1
Released: Tue Mar 3 14:36:14 2026
Summary: Security update for zlib
Type: security
Severity: moderate
References: 1258392,CVE-2026-27171
This update for zlib fixes the following issue:
- CVE-2026-27171: Fixed infinite loop via the `crc32_combine64` and `crc32_combine_gen64` functions due to missing
checks for negative lengths (bsc#1258392).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:791-1
Released: Tue Mar 3 16:59:33 2026
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1257463
This update for gcc15 fixes the following issues:
- Fix bogus expression simplification (bsc#1257463)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:844-1
Released: Fri Mar 6 16:45:31 2026
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1258319
This update for glibc fixes the following issues:
- nss: Missing checks in __nss_configure_lookup, __nss_database_get (bsc#1258319, BZ #28940)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:912-1
Released: Wed Mar 18 07:19:42 2026
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: moderate
References: 1229003,1258002
This update for ca-certificates-mozilla fixes the following issues:
- test for a concretely missing certificate rather than
just the directory, as the latter is now also provided by openssl-3
- Re-create java-cacerts with SOURCE_DATE_EPOCH set
for reproducible builds (bsc#1229003)
- Also mark /usr/share/factory/var/lib/ca-certificates/ as writable by the user
during install: allow rpm to properly execute %clean when completed.
- Create /var/lib/ca-certificates during build to ensure rpm gives
the %ghost'ed directory proper mode attributes.
- Updated to 2.84 state (bsc#1258002)
* Removed:
+ Baltimore CyberTrust Root
+ CommScope Public Trust ECC Root-01
+ CommScope Public Trust ECC Root-02
+ CommScope Public Trust RSA Root-01
+ CommScope Public Trust RSA Root-02
+ DigiNotar Root CA
* Added:
+ e-Szigno TLS Root CA 2023
+ OISTE Client Root ECC G1
+ OISTE Client Root RSA G1
+ OISTE Server Root ECC G1
+ OISTE Server Root RSA G1
+ SwissSign RSA SMIME Root CA 2022 - 1
+ SwissSign RSA TLS Root CA 2022 - 1
+ TrustAsia SMIME ECC Root CA
+ TrustAsia SMIME RSA Root CA
+ TrustAsia TLS ECC Root CA
+ TrustAsia TLS RSA Root CA
- reenable the distrusted certs again. the distrust is only for certs
issued after the distrust date, not for all certs of a CA.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1065-1
Released: Thu Mar 26 11:38:12 2026
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1254670,1259619,CVE-2025-70873,CVE-2025-7709
This update for sqlite3 fixes the following issues:
Update sqlite3 to 3.51.3:
- CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670).
- CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619).
Changelog:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1067-1
Released: Thu Mar 26 11:39:01 2026
Summary: Security update for python-urllib3
Type: security
Severity: moderate
References: 1254867,1259829,CVE-2025-66471
This update for python-urllib3 fixes the following issue:
- CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API
(bsc#1254867).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1090-1
Released: Thu Mar 26 18:44:54 2026
Summary: Security update for python3
Type: security
Severity: important
References: 1257181,CVE-2026-1299
This update for python3 fixes the following issues:
- CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator (bsc#1257181).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1113-1
Released: Fri Mar 27 10:34:35 2026
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1258311,1259825
This update for crypto-policies fixes the following issues:
Enables PQC key exchange support for OpenSSH (bsc#1258311, bsc#1259825)
* The sntrup761x25519-sha512 hybrid keyexchange for OpenSSH is enabled.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1158-1
Released: Tue Mar 31 13:55:47 2026
Summary: Security update for python-pyasn1
Type: security
Severity: important
References: 1259803,CVE-2026-30922
This update for python-pyasn1 fixes the following issues:
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1352-1
Released: Wed Apr 15 15:36:49 2026
Summary: Security update for expat
Type: security
Severity: important
References: 1259711,1259726,1259729,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778
This update for expat fixes the following issues:
- CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity
declaration value (bsc#1259726).
- CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711).
- CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1369-1
Released: Wed Apr 15 16:42:55 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1260078,1260082,CVE-2026-4437,CVE-2026-4438
This update for glibc fixes the following issues:
- CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078).
- CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1375-1
Released: Wed Apr 15 19:25:40 2026
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1260441,1260442,1260443,1260444,1260445,1261678,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-28390,CVE-2026-31789,CVE-2026-31790
This update for openssl-3 fixes the following issues:
Security issues fixed:
- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
- CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).
- CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with
KeyTransportRecipientInfo (bsc#1261678).
Other updates and bugfixes:
- Enable MD2 in legacy provider (jsc#PED-15724).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1386-1
Released: Thu Apr 16 11:17:06 2026
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1260441,1260442,1260443,1260444,1261678,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-28390,CVE-2026-31789
This update for openssl-1_1 fixes the following issues:
- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with
KeyTransportRecipientInfo (bsc#1261678).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1432-1
Released: Fri Apr 17 12:12:08 2026
Summary: Security update for libcap
Type: security
Severity: important
References: 1261809,CVE-2026-4878
This update for libcap fixes the following issue:
- CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809).
The following package changes have been done:
- crypto-policies-20230920.570ea89-150600.3.16.1 updated
- glibc-2.38-150600.14.46.1 updated
- libz1-1.2.13-150500.4.6.1 updated
- libsqlite3-0-3.51.3-150000.3.39.1 updated
- libgcc_s1-15.2.0+git10201-150000.1.9.1 updated
- libcap2-2.63-150400.3.6.1 updated
- libstdc++6-15.2.0+git10201-150000.1.9.1 updated
- libopenssl3-3.2.3-150700.5.31.1 updated
- libopenssl-3-fips-provider-3.2.3-150700.5.31.1 updated
- openssl-3-3.2.3-150700.5.31.1 updated
- ca-certificates-mozilla-2.84-150200.44.1 updated
- libexpat1-2.7.1-150700.3.12.1 updated
- libopenssl1_1-1.1.1w-150700.11.16.1 updated
- libpython3_6m1_0-3.6.15-150300.10.109.1 updated
- python3-base-3.6.15-150300.10.109.1 updated
- python3-3.6.15-150300.10.109.1 updated
- python3-pyasn1-0.4.2-150000.3.16.1 updated
- python3-urllib3-1.25.10-150300.4.24.1 updated
- container:bci-bci-base-15.7-aea7ef73589b78abbd1fe98bc2619a772c9e7a2dc8912c4bef09fae3a48c8e24-0 updated
More information about the sle-container-updates
mailing list