SUSE-CU-2026:4469-1: Security update of suse/multi-linux-manager/5.1/x86_64/server-attestation
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Apr 23 08:22:35 UTC 2026
SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/server-attestation
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:4469-1
Container Tags : suse/multi-linux-manager/5.1/x86_64/server-attestation:5.1.3 , suse/multi-linux-manager/5.1/x86_64/server-attestation:5.1.3.8.18.1 , suse/multi-linux-manager/5.1/x86_64/server-attestation:latest
Container Release : 8.18.1
Severity : important
Type : security
References : 1254670 1257463 1258311 1258319 1258392 1258568 1258913 1258942
1259313 1259418 1259619 1259650 1259697 1259825 1259924 1260078
1260082 1260441 1260442 1260443 1260444 1260445 1260754 1260755
1261678 1261809 CVE-2025-69720 CVE-2025-70873 CVE-2025-7709 CVE-2026-27171
CVE-2026-27727 CVE-2026-2781 CVE-2026-27830 CVE-2026-28387 CVE-2026-28388
CVE-2026-28389 CVE-2026-28390 CVE-2026-29111 CVE-2026-31789 CVE-2026-31790
CVE-2026-33416 CVE-2026-33636 CVE-2026-4105 CVE-2026-4437 CVE-2026-4438
CVE-2026-4878
-----------------------------------------------------------------
The container suse/multi-linux-manager/5.1/x86_64/server-attestation was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:783-1
Released: Tue Mar 3 14:36:14 2026
Summary: Security update for zlib
Type: security
Severity: moderate
References: 1258392,CVE-2026-27171
This update for zlib fixes the following issue:
- CVE-2026-27171: Fixed infinite loop via the `crc32_combine64` and `crc32_combine_gen64` functions due to missing
checks for negative lengths (bsc#1258392).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:791-1
Released: Tue Mar 3 16:59:33 2026
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1257463
This update for gcc15 fixes the following issues:
- Fix bogus expression simplification (bsc#1257463)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:813-1
Released: Thu Mar 5 09:33:59 2026
Summary: Security update for mozilla-nss
Type: security
Severity: moderate
References: 1258568,CVE-2026-2781
This update for mozilla-nss fixes the following issues:
Update to NSS 3.112.3:
* CVE-2026-2781: Avoid integer overflow in platform-independent ghash (bsc#1258568)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:844-1
Released: Fri Mar 6 16:45:31 2026
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1258319
This update for glibc fixes the following issues:
- nss: Missing checks in __nss_configure_lookup, __nss_database_get (bsc#1258319, BZ #28940)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:855-1
Released: Tue Mar 10 06:06:34 2026
Summary: Security update for c3p0 and mchange-commons
Type: security
Severity: important
References: 1258913,1258942,1259313,CVE-2026-27727,CVE-2026-27830
This update for c3p0 and mchange-commons fixes the following issues:
c3p0:
- Security issues fixed:
- CVE-2026-27830: Fixed unsafe object deserialization (bsc#1258942)
- Fix the null pointer exception in the userOverridesAsString
method (bsc#1259313).
mchange-commons:
- Security issues fixed:
- CVE-2026-27727: Disabled remote ClassLoading when dereferencing javax.naming.Reference instances (bsc#1258913)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1040-1
Released: Wed Mar 25 13:43:08 2026
Summary: Security update for systemd
Type: security
Severity: important
References: 1259418,1259650,1259697,CVE-2026-29111,CVE-2026-4105
This update for systemd fixes the following issues:
- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418).
- udev: check for invalid chars in various fields received from the kernel (bsc#1259697).
Changelog:
- a943e3ce2f machined: reject invalid class types when registering machines
- 71593f77db udev: fix review mixup
- 73a89810b4 udev-builtin-net-id: print cescaped bad attributes
- 0f360bfdc0 udev-builtin-net_id: do not assume the current interface name is ethX
- 40905232e2 udev: ensure tag parsing stays within bounds
- 7bce9026e3 udev: ensure there is space for trailing NUL before calling sprintf
- d018ac1ea3 udev: check for invalid chars in various fields received from the kernel
- aef6e11921 core/cgroup: avoid one unnecessary strjoina()
- cc7426f38a sd-json: fix off-by-one issue when updating parent for array elements
- 26a748f727 core: validate input cgroup path more prudently
- 99d8308fde core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1065-1
Released: Thu Mar 26 11:38:12 2026
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1254670,1259619,CVE-2025-70873,CVE-2025-7709
This update for sqlite3 fixes the following issues:
Update sqlite3 to 3.51.3:
- CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670).
- CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619).
Changelog:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1113-1
Released: Fri Mar 27 10:34:35 2026
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1258311,1259825
This update for crypto-policies fixes the following issues:
Enables PQC key exchange support for OpenSSH (bsc#1258311, bsc#1259825)
* The sntrup761x25519-sha512 hybrid keyexchange for OpenSSH is enabled.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1368-1
Released: Wed Apr 15 16:35:24 2026
Summary: Security update for libpng16
Type: security
Severity: important
References: 1260754,1260755,CVE-2026-33416,CVE-2026-33636
This update for libpng16 fixes the following issues:
- CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code
execution (bsc#1260754).
- CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and
crashes (bsc#1260755).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1369-1
Released: Wed Apr 15 16:42:55 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1260078,1260082,CVE-2026-4437,CVE-2026-4438
This update for glibc fixes the following issues:
- CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078).
- CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1375-1
Released: Wed Apr 15 19:25:40 2026
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1260441,1260442,1260443,1260444,1260445,1261678,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-28390,CVE-2026-31789,CVE-2026-31790
This update for openssl-3 fixes the following issues:
Security issues fixed:
- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
- CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).
- CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with
KeyTransportRecipientInfo (bsc#1261678).
Other updates and bugfixes:
- Enable MD2 in legacy provider (jsc#PED-15724).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1432-1
Released: Fri Apr 17 12:12:08 2026
Summary: Security update for libcap
Type: security
Severity: important
References: 1261809,CVE-2026-4878
This update for libcap fixes the following issue:
- CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1510-1
Released: Tue Apr 21 08:28:12 2026
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1259924,CVE-2025-69720
This update for ncurses fixes the following issue:
- CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924).
The following package changes have been done:
- crypto-policies-20230920.570ea89-150600.3.16.1 updated
- glibc-2.38-150600.14.46.1 updated
- libz1-1.2.13-150500.4.6.1 updated
- libsqlite3-0-3.51.3-150000.3.39.1 updated
- libgcc_s1-15.2.0+git10201-150000.1.9.1 updated
- libcap2-2.63-150400.3.6.1 updated
- libstdc++6-15.2.0+git10201-150000.1.9.1 updated
- terminfo-base-6.1-150000.5.33.1 updated
- libopenssl3-3.2.3-150700.5.31.1 updated
- libopenssl-3-fips-provider-3.2.3-150700.5.31.1 updated
- openssl-3-3.2.3-150700.5.31.1 updated
- mchange-commons-0.2.20-150400.3.3.1 updated
- libncurses6-6.1-150000.5.33.1 updated
- libfreebl3-3.112.3-150400.3.63.1 updated
- libpng16-16-1.6.40-150600.3.17.1 updated
- libsystemd0-254.27-150600.4.62.1 updated
- mozilla-nss-certs-3.112.3-150400.3.63.1 updated
- mozilla-nss-3.112.3-150400.3.63.1 updated
- libsoftokn3-3.112.3-150400.3.63.1 updated
- c3p0-0.9.5.5-150400.3.5.1 updated
- container:bci-bci-base-15.7-aea7ef73589b78abbd1fe98bc2619a772c9e7a2dc8912c4bef09fae3a48c8e24-0 updated
More information about the sle-container-updates
mailing list