SUSE-CU-2026:1212-1: Security update of suse/multi-linux-manager/5.1/x86_64/proxy-httpd
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Feb 26 08:38:25 UTC 2026
SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/proxy-httpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:1212-1
Container Tags : suse/multi-linux-manager/5.1/x86_64/proxy-httpd:5.1.2 , suse/multi-linux-manager/5.1/x86_64/proxy-httpd:5.1.2.8.15.2 , suse/multi-linux-manager/5.1/x86_64/proxy-httpd:latest
Container Release : 8.15.2
Severity : critical
Type : security
References : 1228081 1240532 1244449 1246130 1247644 1247687 1247721 1247850
1247858 1248356 1248586 1248848 1249155 1249400 1250553 1250940
1250976 1250981 1251044 1251138 1252020 1253282 1253347 1253738
1253773 1253966 1254202 1254293 1254297 1254316 1254325 1254400
1254400 1254401 1254478 1254511 1254512 1254514 1254515 1254563
1254662 1254666 1254670 1254878 1254903 1254904 1254905 1254997
1255715 1255731 1255732 1255733 1255734 1255781 1256105 1256243
1256244 1256246 1256389 1256390 1256427 1256437 1256766 1256804
1256805 1256807 1256808 1256809 1256810 1256811 1256812 1256822
1256830 1256834 1256834 1256835 1256835 1256836 1256836 1256837
1256837 1256838 1256838 1256839 1256839 1256840 1256840 1256902
1256991 1257005 1257049 1257147 1257255 1257353 1257354 1257355
1257396 1257538 1257593 1257594 1257595 1257992 1258082 1258164
CVE-2025-10911 CVE-2025-12084 CVE-2025-13601 CVE-2025-13836 CVE-2025-13836
CVE-2025-13837 CVE-2025-14017 CVE-2025-14087 CVE-2025-14104 CVE-2025-14512
CVE-2025-14524 CVE-2025-14819 CVE-2025-15079 CVE-2025-15224 CVE-2025-15281
CVE-2025-15467 CVE-2025-55753 CVE-2025-58098 CVE-2025-65082 CVE-2025-66200
CVE-2025-67724 CVE-2025-67725 CVE-2025-67726 CVE-2025-68160 CVE-2025-68160
CVE-2025-68973 CVE-2025-69418 CVE-2025-69418 CVE-2025-69419 CVE-2025-69419
CVE-2025-69420 CVE-2025-69420 CVE-2025-69421 CVE-2025-69421 CVE-2025-7709
CVE-2025-8732 CVE-2026-0861 CVE-2026-0915 CVE-2026-0988 CVE-2026-0989
CVE-2026-0990 CVE-2026-0992 CVE-2026-1484 CVE-2026-1485 CVE-2026-1489
CVE-2026-1757 CVE-2026-22795 CVE-2026-22795 CVE-2026-22796 CVE-2026-22796
CVE-2026-23490 CVE-2026-24882
-----------------------------------------------------------------
The container suse/multi-linux-manager/5.1/x86_64/proxy-httpd was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4518-1
Released: Tue Dec 23 20:07:29 2025
Summary: Security update for apache2
Type: security
Severity: important
References: 1254511,1254512,1254514,1254515,CVE-2025-55753,CVE-2025-58098,CVE-2025-65082,CVE-2025-66200
This update for apache2 fixes the following issues:
- CVE-2025-55753: Fixed mod_md (ACME) unintended retry intervals (bsc#1254511)
- CVE-2025-65082: Fixed CGI environment variable override (bsc#1254514)
- CVE-2025-58098: Fixed Server Side Includes adding query string to #exec cmd=... (bsc#1254512)
- CVE-2025-66200: Fixed mod_userdir+suexec bypass via AllowOverride FileInfo (bsc#1254515)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:18-1
Released: Mon Jan 5 11:52:25 2026
Summary: Security update for glib2
Type: security
Severity: important
References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512
This update for glib2 fixes the following issues:
- CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote
filesystem attribute values can lead to denial-of-service (bsc#1254878).
- CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()`functions when
processing attacker-influenced data may lead to crash or code execution (bsc#1254662).
- CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a
large number of unacceptable characters may lead to crash or code execution (bsc#1254297).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:27-1
Released: Mon Jan 5 13:45:08 2026
Summary: Security update for python3
Type: security
Severity: moderate
References: 1254400,1254401,1254997,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837
This update for python3 fixes the following issues:
- CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997)
- CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400)
- CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:52-1
Released: Wed Jan 7 10:28:34 2026
Summary: Security update for curl
Type: security
Severity: moderate
References: 1255731,1255732,1255733,1255734,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224
This update for curl fixes the following issues:
- CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
- CVE-2025-14819: libssh global knownhost override (bsc#1255732).
- CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733).
- CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:215-1
Released: Thu Jan 22 13:10:16 2026
Summary: Security update for gpg2
Type: security
Severity: important
References: 1255715,1256243,1256244,1256246,1256390,CVE-2025-68973
This update for gpg2 fixes the following issues:
- CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715).
- Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246).
- Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244).
- Fix a memory leak in gpg2 agent (bsc#1256243).
- Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:221-1
Released: Thu Jan 22 13:15:35 2026
Summary: Security update for curl
Type: security
Severity: moderate
References: 1256105,CVE-2025-14017
This update for curl fixes the following issues:
- CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:230-1
Released: Thu Jan 22 13:22:31 2026
Summary: Security update for util-linux
Type: security
Severity: moderate
References: 1254666,CVE-2025-14104
This update for util-linux fixes the following issues:
- CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:286-1
Released: Sat Jan 24 00:35:35 2026
Summary: Security update for glib2
Type: security
Severity: low
References: 1257049,CVE-2026-0988
This update for glib2 fixes the following issues:
- CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:309-1
Released: Wed Jan 28 10:36:32 2026
Summary: Security update for openssl-3
Type: security
Severity: critical
References: 1256830,1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-15467,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796
This update for openssl-3 fixes the following issues:
- CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:331-1
Released: Wed Jan 28 18:12:49 2026
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796
This update for openssl-1_1 fixes the following issues:
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:371-1
Released: Tue Feb 3 19:08:49 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1256437,1256766,1256822,1257005,CVE-2025-15281,CVE-2026-0861,CVE-2026-0915
This update for glibc fixes the following issues:
Security fixes:
- CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766).
- CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822).
- CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005).
Other fixes:
- NPTL: Optimize trylock for high cache contention workloads (bsc#1256437).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:373-1
Released: Wed Feb 4 03:50:41 2026
Summary: Security update for glib2
Type: security
Severity: important
References: 1257353,1257354,1257355,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489
This update for glib2 fixes the following issues:
- CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354).
- CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355).
- CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:407-1
Released: Mon Feb 9 07:43:45 2026
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1228081,1244449,1248356,1254202,1254293,1254563,1256427
This update for systemd fixes the following issues:
- Name libsystemd-{shared,core} based on the major version of systemd and
the package release number (bsc#1228081, bsc#1256427)
This way, both the old and new versions of the shared libraries will be
present during the update. This should prevent issues during package updates
when incompatible changes are introduced in the new versions of the shared libraries.
- detect-virt: bare-metal GCE only for x86 and i386 (bsc#1254293)
- timer: rebase last_trigger timestamp if needed
- timer: rebase the next elapse timestamp only if timer didn't already run
- timer: don't run service immediately after restart of a timer (bsc#1254563)
- test: check the next elapse timer timestamp after deserialization
- test: restarting elapsed timer shouldn't trigger the corresponding service
- Reintroduce systemd-network as a transitional dummy package containing no files (bsc#1254202)
The contents of this package were split into two independent packages:
systemd-networkd and systemd-resolved. However, the initial replacement caused
both network services to be disabled. Consequently, the original package has
been restored as an empty transitional package to prevent the disabling of the services.
It can be safely removed once the update is complete.
- units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356)
- units: add dep on systemd-logind.service by user at .service
- detect-virt: add bare-metal support for GCE (bsc#1244449)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:430-1
Released: Wed Feb 11 09:43:42 2026
Summary: Security update for python-pyasn1
Type: security
Severity: important
References: 1256902,CVE-2026-23490
This update for python-pyasn1 fixes the following issues:
- CVE-2026-23490: Fixed malformed RELATIVE-OID with excessive continuation
octets leading to Denial of Service (bsc#1256902)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:432-1
Released: Wed Feb 11 10:11:56 2026
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1248586,1254670,CVE-2025-7709
This update for sqlite3 fixes the following issues:
- Update to v3.51.2:
- CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:434-1
Released: Wed Feb 11 10:23:18 2026
Summary: Security update for gpg2
Type: security
Severity: important
References: 1256389,1257396,CVE-2026-24882
This update for gpg2 fixes the following issues:
Security fixes:
- CVE-2026-24882: Fixed stack-based buffer overflow in TPM2
PKDECRYPT for TPM-backed RSA and ECC keys (bsc#1257396)
- Fixed GnuPG accepting Path Separators and Path Traversals in Literal
Data 'Filename' Field (bsc#1256389)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:605-1
Released: Tue Feb 24 12:19:11 2026
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1247850,1247858,1250553,1256804,1256805,1256807,1256808,1256809,1256810,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2025-8732,CVE-2026-0989,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757
This update for libxml2 fixes the following issues:
- CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811)
- CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812)
- CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595)
- CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553)
- CVE-2025-8732: Fixed an infinite recursion in catalog parsing functions when processing malformed SGML catalog files. (bsc#1247858)
- CVE-2026-0989: Fixe a call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth. (bsc#1256805, bsc#1256810)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:624-1
Released: Wed Feb 25 10:40:30 2026
Summary: Maintenance update for Multi-Linux Manager 5.1: Server, Proxy and Retail Branch Server
Type: recommended
Severity: important
References: 1240532,1246130,1247644,1247687,1247721,1248848,1249155,1249400,1250940,1250976,1250981,1251044,1251138,1252020,1253282,1253347,1253738,1253773,1253966,1254316,1254325,1254400,1254478,1254903,1254904,1254905,1255781,1256991,1257147,1257255,1257538,1257992,1258082,1258164,CVE-2025-13836,CVE-2025-67724,CVE-2025-67725,CVE-2025-67726
Maintenance update for Multi-Linux Manager 5.1: Server, Proxy and Retail Branch Server
This is a codestream only update
The following package changes have been done:
- glibc-2.38-150600.14.40.1 updated
- libuuid1-2.40.4-150700.4.3.1 updated
- libsqlite3-0-3.51.2-150000.3.36.1 updated
- libsmartcols1-2.40.4-150700.4.3.1 updated
- libglib-2_0-0-2.78.6-150600.4.35.1 updated
- libxml2-2-2.12.10-150700.4.11.1 updated
- libopenssl3-3.2.3-150700.5.24.1 updated
- libblkid1-2.40.4-150700.4.3.1 updated
- libudev1-254.27-150600.4.55.1 updated
- libopenssl-3-fips-provider-3.2.3-150700.5.24.1 updated
- libmount1-2.40.4-150700.4.3.1 updated
- libfdisk1-2.40.4-150700.4.3.1 updated
- libcurl4-8.14.1-150700.7.11.1 updated
- gpg2-2.4.4-150600.3.15.1 updated
- util-linux-2.40.4-150700.4.3.1 updated
- curl-8.14.1-150700.7.11.1 updated
- libgmodule-2_0-0-2.78.6-150600.4.35.1 updated
- libgobject-2_0-0-2.78.6-150600.4.35.1 updated
- libopenssl1_1-1.1.1w-150700.11.11.1 updated
- release-notes-multi-linux-manager-proxy-5.1.2-150700.4.9.1 updated
- libsystemd0-254.27-150600.4.55.1 updated
- python3-base-3.6.15-150300.10.103.1 updated
- libpython3_6m1_0-3.6.15-150300.10.103.1 updated
- uyuni-base-common-5.1.5-150700.3.6.5 updated
- apache2-prefork-2.4.62-150700.4.9.1 updated
- python3-3.6.15-150300.10.103.1 updated
- python3-uyuni-common-libs-5.1.5-150700.3.3.5 updated
- python3-pyasn1-0.4.2-150000.3.13.1 updated
- systemd-254.27-150600.4.55.1 updated
- libgio-2_0-0-2.78.6-150600.4.35.1 updated
- glib2-tools-2.78.6-150600.4.35.1 updated
- apache2-2.4.62-150700.4.9.1 updated
- spacewalk-proxy-html-5.1.4-150700.3.6.5 updated
- python3-rhnlib-5.1.4-150700.6.6.5 updated
- spacewalk-backend-5.1.15-150700.3.6.12 updated
- python3-spacewalk-client-tools-5.1.8-150700.3.6.11 updated
- spacewalk-client-tools-5.1.8-150700.3.6.11 updated
- mgr-push-5.1.5-150700.2.6.5 updated
- python3-mgr-push-5.1.5-150700.2.6.5 updated
- spacewalk-proxy-package-manager-5.1.7-150700.3.6.5 updated
- spacewalk-proxy-common-5.1.7-150700.3.6.5 updated
- spacewalk-proxy-broker-5.1.7-150700.3.6.5 updated
- susemanager-tftpsync-recv-5.1.4-150700.3.6.5 updated
- spacewalk-proxy-redirect-5.1.7-150700.3.6.5 updated
- container:bci-bci-base-15.7-b5348ae5fdbf31d45ff492a751e4d0215af00ce3a6d2330478239aa70431ecf5-0 updated
More information about the sle-container-updates
mailing list