SUSE-CU-2026:922-1: Security update of bci/bci-base
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Feb 13 16:10:28 UTC 2026
SUSE Container Update Advisory: bci/bci-base
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:922-1
Container Tags : bci/bci-base:16.1 , bci/bci-base:16.1-8.5
Container Release : 8.5
Severity : critical
Type : security
References : 1247463 1250232 1250233 1250234 1256829 1256830 1256831 1256832
1256833 1256834 1256835 1256836 1256837 1256838 1256839 1256840
1257274 CVE-2025-11187 CVE-2025-15467 CVE-2025-15468 CVE-2025-15469
CVE-2025-66199 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420
CVE-2025-69421 CVE-2025-9230 CVE-2025-9231 CVE-2025-9232 CVE-2026-22795
CVE-2026-22796
-----------------------------------------------------------------
The container bci/bci-base was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 1
Released: Thu Feb 12 00:38:47 2026
Summary: Security update for openssl-3
Type: security
Severity: critical
References: 1247463,1250232,1250233,1250234,1256829,1256830,1256831,1256832,1256833,1256834,1256835,1256836,1256837,1256838,1256839,1256840,1257274,CVE-2025-11187,CVE-2025-15467,CVE-2025-15468,CVE-2025-15469,CVE-2025-66199,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2025-9230,CVE-2025-9231,CVE-2025-9232,CVE-2026-22795,CVE-2026-22796
This update for openssl-3 fixes the following issues:
Changes in openssl-3:
* Missing ASN1_TYPE validation in PKCS#12 parsing [bsc#1256839, CVE-2026-22795]
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function [bsc#1256838, CVE-2025-69421]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion [bsc#1256836, CVE-2025-69419]
* TLS 1.3 CompressedCertificate excessive memory allocation [bsc#1256833, CVE-2025-66199]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls [bsc#1256835, CVE-2025-69418]
* 'openssl dgst' one-shot codepath silently truncates inputs greater than 16MB [bsc#1256832, CVE-2025-15469]
* Stack buffer overflow in CMS AuthEnvelopedData parsing [bsc#1256830, CVE-2025-15467]
* Improper validation of PBMAC1 parameters in PKCS#12 MAC verification [bsc#1256829, CVE-2025-11187]
* NULL dereference in SSL_CIPHER_find() function on unknown cipher ID [bsc#1256831, CVE-2025-15468]
- Enable livepatching support for ppc64le [bsc#1257274]
- Security fix: [bsc#1250232 CVE-2025-9230]
* Fix out-of-bounds read & write in RFC 3211 KEK unwrap
- Security fix: [bsc#1250233 CVE-2025-9231]
* Fix timing side-channel in SM2 algorithm on 64 bit ARM
- Security fix: [bsc#1250234 CVE-2025-9232]
* Fix out-of-bounds read in HTTP client no_proxy handling
- Move ssl configuration files to the libopenssl package [bsc#1247463]
- Don't install unneeded NOTES
The following package changes have been done:
- SLES-release-16.1-160099.11.1 updated
- container-suseconnect-2.5.6-160099.1.1 updated
- curl-8.18.0-160099.1.3 updated
- libgcrypt20-1.12.0-160099.1.4 updated
- libnghttp2-14-1.64.0-160099.3.2 updated
- libopenssl-3-fips-provider-3.5.0-160099.6.1 updated
- libopenssl3-3.5.0-160099.6.1 updated
- libp11-kit0-0.26.2-160099.1.1 updated
- libudev1-257.10-160099.2.7 updated
- libxml2-2-2.13.8-160099.5.1 updated
- libzypp-17.37.17-160099.2.4 updated
- openssl-3-3.5.0-160099.6.1 updated
- p11-kit-tools-0.26.2-160099.1.1 updated
- p11-kit-0.26.2-160099.1.1 updated
More information about the sle-container-updates
mailing list