SUSE-CU-2026:1073-1: Security update of suse/sle-micro/5.2/toolbox

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Feb 19 08:24:13 UTC 2026 

SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:1073-1
Container Tags        : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.242 , suse/sle-micro/5.2/toolbox:latest
Container Release     : 7.11.242
Severity              : moderate
Type                  : security
References            : 1250553 1256807 1256808 1256809 1256811 1256812 1257593 1257594
                        1257595 1258045 1258049 1258054 1258080 1258081 CVE-2025-10911
                        CVE-2026-0964 CVE-2026-0965 CVE-2026-0966 CVE-2026-0967 CVE-2026-0968
                        CVE-2026-0990 CVE-2026-0992 CVE-2026-1757 
-----------------------------------------------------------------

The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:567-1
Released:    Tue Feb 17 13:26:08 2026
Summary:     Security update for libssh
Type:        security
Severity:    moderate
References:  1258045,1258049,1258054,1258080,1258081,CVE-2026-0964,CVE-2026-0965,CVE-2026-0966,CVE-2026-0967,CVE-2026-0968
This update for libssh fixes the following issues:

- CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049).
- CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045).
- CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054).
- CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081).
- CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:568-1
Released:    Tue Feb 17 13:26:23 2026
Summary:     Security update for libxml2
Type:        security
Severity:    moderate
References:  1250553,1256807,1256808,1256809,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757
This update for libxml2 fixes the following issues:

- CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811)
- CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812)
- CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595)
- CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553)
  

The following package changes have been done:

- libssh-config-0.9.8-150200.13.15.1 updated
- libssh4-0.9.8-150200.13.15.1 updated
- libxml2-2-2.9.7-150000.3.94.1 updated

More information about the sle-container-updates mailing list