SUSE-IU-2026:2453-1: Security update of suse/sle-micro/base-5.5
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Apr 24 07:06:36 UTC 2026
SUSE Image Update Advisory: suse/sle-micro/base-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:2453-1
Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.267 , suse/sle-micro/base-5.5:latest
Image Release : 5.8.267
Severity : moderate
Type : security
References : 1258045 1258049 1258054 1258080 1258081 1259377 CVE-2026-0964
CVE-2026-0965 CVE-2026-0966 CVE-2026-0967 CVE-2026-0968 CVE-2026-3731
-----------------------------------------------------------------
The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1561-1
Released: Thu Apr 23 08:34:49 2026
Summary: Recommended update for mozilla-nss
Type: recommended
Severity: moderate
References:
This update for mozilla-nss fixes the following issues:
Update to NSS 3.112.4:
* improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey.
* Improving the allocation of S/MIME DecryptSymKey.
* store email on subject cache_entry in NSS trust domain.
* Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation.
* Improve size calculations in CMS content buffering.
* avoid integer overflow while escaping RFC822 Names.
* Reject excessively large ASN.1 SEQUENCE OF in quickder.
* Deep copy profile data in CERT_FindSMimeProfile.
* Improve input validation in DSAU signature decoding.
* avoid integer overflow in RSA_EMSAEncodePSS.
* RSA_EMSAEncodePSS should validate the length of mHash.
* Add a maximum cert uncompressed len and tests.
* Clarify extension negotiation mechanism for TLS Handshakes.
* ensure permittedSubtrees don't match wildcards that could be outside the permitted tree.
* Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag.
* Remove invalid PORT_Free().
* free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed.
* make ss->ssl3.hs.cookie an owned-copy of the cookie.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1565-1
Released: Thu Apr 23 09:08:29 2026
Summary: Security update for libssh
Type: security
Severity: moderate
References: 1258045,1258049,1258054,1258080,1258081,1259377,CVE-2026-0964,CVE-2026-0965,CVE-2026-0966,CVE-2026-0967,CVE-2026-0968,CVE-2026-3731
This update for libssh fixes the following issues:
- CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049).
- CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045).
- CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054).
- CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081).
- CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080).
- CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler (bsc#1259377).
The following package changes have been done:
- libfreebl3-3.112.4-150400.3.66.1 updated
- libssh-config-0.9.8-150400.3.17.1 updated
- libssh4-0.9.8-150400.3.17.1 updated
- mozilla-nss-certs-3.112.4-150400.3.66.1 updated
- mozilla-nss-3.112.4-150400.3.66.1 updated
- libsoftokn3-3.112.4-150400.3.66.1 updated
More information about the sle-container-updates
mailing list