SUSE-CU-2026:1214-1: Security update of suse/multi-linux-manager/5.1/x86_64/proxy-squid
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Feb 26 08:38:30 UTC 2026
SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/proxy-squid
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:1214-1
Container Tags : suse/multi-linux-manager/5.1/x86_64/proxy-squid:5.1.2 , suse/multi-linux-manager/5.1/x86_64/proxy-squid:5.1.2.8.13.1 , suse/multi-linux-manager/5.1/x86_64/proxy-squid:latest
Container Release : 8.13.1
Severity : critical
Type : security
References : 1171566 1180125 1183374 1183858 1185588 1186819 1187338 1187668
1188607 1189241 1189287 1189659 1190566 1192249 1193179 1198511
1202624 1203125 1203355 1203750 1204577 1205244 1208443 1208471
1210638 1211158 1214691 1214692 1219559 1219666 1220664 1221563
1221622 1221854 1221941 1222075 1222109 1222985 1223571 1224014
1224016 1225417 1226447 1226448 1227086 1227233 1227308 1227378
1227999 1228780 1229596 1230227 1230906 1231795 1232241 1233012
1233012 1233307 1233307 1236705 1239618 1243273 1244032 1244056
1244059 1244060 1244061 1244401 1244705 1246570 1246697 1247249
1247850 1247858 1248586 1249584 1250232 1250553 1250627 1251305
1252281 1252974 1254400 1254401 1254670 1254997 1256437 1256766
1256804 1256805 1256807 1256808 1256809 1256810 1256811 1256812
1256822 1256830 1256834 1256834 1256835 1256835 1256836 1256836
1256837 1256837 1256838 1256838 1256839 1256839 1256840 1256840
1257005 1257593 1257594 1257595 831629 CVE-2007-4559 CVE-2015-20107
CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2021-28861 CVE-2021-3426
CVE-2021-3572 CVE-2021-3733 CVE-2021-3737 CVE-2022-37454 CVE-2022-45061
CVE-2022-48566 CVE-2023-24329 CVE-2023-27043 CVE-2023-40217 CVE-2023-52425
CVE-2023-6597 CVE-2024-0397 CVE-2024-0450 CVE-2024-11168 CVE-2024-11168
CVE-2024-12718 CVE-2024-33427 CVE-2024-37894 CVE-2024-4032 CVE-2024-5642
CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 CVE-2024-8176 CVE-2024-9287
CVE-2025-0938 CVE-2025-10911 CVE-2025-12084 CVE-2025-13836 CVE-2025-13837
CVE-2025-15281 CVE-2025-15467 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435
CVE-2025-4516 CVE-2025-4517 CVE-2025-59362 CVE-2025-59375 CVE-2025-6069
CVE-2025-6075 CVE-2025-62168 CVE-2025-68160 CVE-2025-68160 CVE-2025-69418
CVE-2025-69418 CVE-2025-69419 CVE-2025-69419 CVE-2025-69420 CVE-2025-69420
CVE-2025-69421 CVE-2025-69421 CVE-2025-7709 CVE-2025-8194 CVE-2025-8291
CVE-2025-8732 CVE-2025-9230 CVE-2026-0861 CVE-2026-0915 CVE-2026-0989
CVE-2026-0990 CVE-2026-0992 CVE-2026-1757 CVE-2026-22795 CVE-2026-22795
CVE-2026-22796 CVE-2026-22796
-----------------------------------------------------------------
The container suse/multi-linux-manager/5.1/x86_64/proxy-squid was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2080-1
Released: Wed Jul 29 20:09:09 2020
Summary: Recommended update for libtool
Type: recommended
Severity: moderate
References: 1171566
This update for libtool provides missing the libltdl 32bit library. (bsc#1171566)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2895-1
Released: Tue Aug 31 19:40:32 2021
Summary: Recommended update for unixODBC
Type: recommended
Severity: moderate
References:
This update for unixODBC fixes the following issues:
- ECO: Update unixODBC to 2.3.9 in SLE 15. (jsc#SLE-18004)
- Fix incorrect permission for documentation files.
- Update requires and baselibs for new libodbc2.
- Employ shared library packaging guideline: new subpacakge libodbc2.
- Update to 2.3.9:
* Remove '#define UNIXODBC_SOURCE' from unixodbc_conf.h
- Update to 2.3.8:
* Add configure support for editline
* SQLDriversW was ignoring user config
* SQLDataSources Fix termination character
* Fix for pooling seg fault
* Make calling SQLSetStmtAttrW call the W function in the driver is its there
* Try and fix race condition clearing system odbc.ini file
* Remove trailing space from isql/iusql SQL
* When setting connection attributes set before connect also check if the W entry poins can be used
* Try calling the W error functions first if available in the driver
* Add iconvperdriver configure option to allow calling unicode_setup in SQLAllocHandle
* iconv handles was being lost when reusing pooled connection
* Catch null copy in iniPropertyInsert
* Fix a few leaks
- Update to 2.3.7:
* Fix for pkg-config file update on no linux platforms
* Add W entry for GUI work
* Various fixes for SQLBrowseConnect/W, SQLGetConnectAttr/W,and SQLSetConnectAttr/W
* Fix buffer overflows in SQLConnect/W and refine behaviour of SQLGet/WritePrivateProfileString
* SQLBrowseConnect/W allow disconnecting a started browse session after error
* Add --with-stats-ftok-name configure option to allow the selection of a file name
used to generate the IPC id when collecting stats. Default is the system odbc.ini file
* Improve diag record handling with the behavior of Windows DM and export SQLCancelHandle
* bug fix when SQLGetPrivateProfileString() is called to get a list of sections or a list of keys
* Connection pooling: Fix liveness check for Unicode drivers
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2997-1
Released: Thu Sep 9 14:37:34 2021
Summary: Recommended update for python3
Type: recommended
Severity: moderate
References: 1187338,1189659
This update for python3 fixes the following issues:
- Fixed an issue when the missing 'stropts.h' causing build errors for different python modules. (bsc#1187338)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:4104-1
Released: Thu Dec 16 11:14:12 2021
Summary: Security update for python3
Type: security
Severity: moderate
References: 1180125,1183374,1183858,1185588,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737
This update for python3 fixes the following issues:
- CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374).
- CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241).
- CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287).
- We do not require python-rpm-macros package (bsc#1180125).
- Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858).
- Stop providing 'python' symbol, which means python2 currently (bsc#1185588).
- Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:48-1
Released: Tue Jan 11 09:17:57 2022
Summary: Recommended update for python3
Type: recommended
Severity: moderate
References: 1190566,1192249,1193179
This update for python3 fixes the following issues:
- Don't use OpenSSL 1.1 on platforms which don't have it.
- Remove shebangs from python-base libraries in '_libdir'. (bsc#1193179, bsc#1192249).
- Build against 'openssl 1.1' as it is incompatible with 'openssl 3.0+' (bsc#1190566)
- Fix for permission error when changing the mtime of the source file in presence of 'SOURCE_DATE_EPOCH'.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:942-1
Released: Thu Mar 24 10:30:15 2022
Summary: Security update for python3
Type: security
Severity: moderate
References: 1186819,CVE-2021-3572
This update for python3 fixes the following issues:
- CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2357-1
Released: Mon Jul 11 20:34:20 2022
Summary: Security update for python3
Type: security
Severity: important
References: 1198511,CVE-2015-20107
This update for python3 fixes the following issues:
- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3544-1
Released: Thu Oct 6 13:48:42 2022
Summary: Security update for python3
Type: security
Severity: important
References: 1202624,CVE-2021-28861
This update for python3 fixes the following issues:
- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4281-1
Released: Tue Nov 29 15:46:10 2022
Summary: Security update for python3
Type: security
Severity: important
References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454
This update for python3 fixes the following issues:
- CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)
- CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)
The following non-security bug was fixed:
- Fixed a crash in the garbage collection (bsc#1188607).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:549-1
Released: Mon Feb 27 17:35:07 2023
Summary: Security update for python3
Type: security
Severity: moderate
References: 1205244,1208443,CVE-2022-45061
This update for python3 fixes the following issues:
- CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244).
Bugfixes:
- Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:868-1
Released: Wed Mar 22 09:41:01 2023
Summary: Security update for python3
Type: security
Severity: important
References: 1203355,1208471,CVE-2023-24329
This update for python3 fixes the following issues:
- CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471).
The following non-security bug was fixed:
- Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2517-1
Released: Thu Jun 15 07:09:52 2023
Summary: Security update for python3
Type: security
Severity: moderate
References: 1203750,1211158,CVE-2007-4559
This update for python3 fixes the following issues:
- CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750).
- Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3828-1
Released: Wed Sep 27 19:07:38 2023
Summary: Security update for python3
Type: security
Severity: important
References: 1214692,CVE-2023-40217
This update for python3 fixes the following issues:
- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:581-1
Released: Wed Feb 21 14:08:16 2024
Summary: Security update for python3
Type: security
Severity: moderate
References: 1210638,CVE-2023-27043
This update for python3 fixes the following issues:
- CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:901-1
Released: Thu Mar 14 17:49:10 2024
Summary: Security update for python3
Type: security
Severity: important
References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597
This update for python3 fixes the following issues:
- CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666).
- CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1279-1
Released: Fri Apr 12 21:35:09 2024
Summary: Recommended update for python3
Type: recommended
Severity: moderate
References: 1222109
This update for python3 fixes the following issue:
- Fix syslog making default 'ident' from sys.argv (bsc#1222109)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1342-1
Released: Thu Apr 18 16:35:49 2024
Summary: Recommended update for unixODBC, libtool and libssh2_org
Type: recommended
Severity: moderate
References: 1221622,1221941
This update for unixODBC, libtool and libssh2_org fixes the following issue:
- Ship 2 additional 32bit packages: unixODBC-32bit and libssh2-1-32bit for SLES (bsc#1221941).
- Fix an issue with Encrypt-then-MAC family. (bsc#1221622)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1961-1
Released: Mon Jun 10 13:05:47 2024
Summary: Security update for squid
Type: security
Severity: moderate
References: 1225417,CVE-2024-33427
This update for squid fixes the following issues:
- CVE-2024-33427: Fixed possible buffer overread that could have led to a denial-of-service (bsc#1225417).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2268-1
Released: Tue Jul 2 11:06:06 2024
Summary: Security update for squid
Type: security
Severity: moderate
References: 1227086,CVE-2024-37894
This update for squid fixes the following issues:
- Update to version 6.10
- CVE-2024-37894: Fixed a denial of Service issue in ESI processing (bsc#1227086)
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2024:2282-1
Released: Tue Jul 2 22:41:28 2024
Summary: Optional update for openscap, scap-security-guide
Type: optional
Severity: moderate
References:
This update for scap-security-guide and openscap provides the SCAP tooling
for SLE Micro 5.3, 5.4, 5.5.
This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2479-1
Released: Mon Jul 15 10:33:22 2024
Summary: Security update for python3
Type: security
Severity: important
References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032
This update for python3 fixes the following issues:
- CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559).
- CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854).
- CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448)
- CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2912-1
Released: Wed Aug 14 20:20:12 2024
Summary: Recommended update for cloud-regionsrv-client
Type: recommended
Severity: important
References: 1222985,1223571,1224014,1224016,1227308
This update for cloud-regionsrv-client contains the following fixes:
- Update to version 10.3.0 (bsc#1227308, bsc#1222985)
+ Add support for sidecar registry
Podman and rootless Docker support to set up the necessary
configuration for the container engines to run as defined
+ Add running command as root through sudoers file
- Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016)
+ In addition to logging, write message to stderr when registration fails
+ Detect transactional-update system with read only setup and use
the transactional-update command to register
+ Handle operation in a different target root directory for credentials
checking
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3470-1
Released: Fri Sep 27 14:34:46 2024
Summary: Security update for python3
Type: security
Severity: important
References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592
This update for python3 fixes the following issues:
- CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780).
- CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233).
- CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596).
- CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227)
Bug fixes:
- %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999).
- Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378).
- Remove %suse_update_desktop_file macro as it is not useful any more.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3879-1
Released: Fri Nov 1 17:04:25 2024
Summary: Security update for python3
Type: security
Severity: moderate
References: 1230906,1232241,CVE-2024-9287
This update for python3 fixes the following issues:
Security fixes:
- CVE-2024-9287: properly quote path names provided when creating a virtual environment (bsc#1232241)
Other fixes:
- Drop .pyc files from docdir for reproducible builds (bsc#1230906)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4193-1
Released: Thu Dec 5 12:01:40 2024
Summary: Security update for python3
Type: security
Severity: low
References: 1231795,1233307,CVE-2024-11168
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307)
Other fixes:
- Remove -IVendor/ from python-config (bsc#1231795)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:554-1
Released: Fri Feb 14 16:10:40 2025
Summary: Security update for python3
Type: security
Severity: moderate
References: 1236705,CVE-2025-0938
This update for python3 fixes the following issues:
- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1056-1
Released: Fri Mar 28 18:06:22 2025
Summary: Security update for python3
Type: security
Severity: moderate
References: 1233307,CVE-2024-11168
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2543-1
Released: Tue Jul 29 11:09:01 2025
Summary: Recommended update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3
Type: recommended
Severity: moderate
References: 1233012
This update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 fixes the following issues:
- Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012)
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:2763-1
Released: Tue Aug 12 14:45:40 2025
Summary: Optional update for libyaml
Type: optional
Severity: moderate
References: 1246570
This update for libyaml ships the missing libyaml-0-2 library package to
SUSE MicroOS 5.1 and 5.2.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2778-1
Released: Wed Aug 13 08:45:57 2025
Summary: Security update for python3
Type: security
Severity: important
References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194
This update for python3 fixes the following issues:
- CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273).
- CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056)
- CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059)
- CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060)
- CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061)
- CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032)
- CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705)
- CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249)
Other fixes:
- Limit buffer size for IPv6 address parsing (bsc#1244401).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2890-1
Released: Tue Aug 19 09:54:32 2025
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1246697
This update for openssl-1_1 fixes the following issues:
- FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test
instead of NID_secp256k1. [bsc#1246697]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3239-1
Released: Tue Sep 16 19:04:00 2025
Summary: Security update for expat
Type: security
Severity: important
References: 1239618,CVE-2024-8176
This update for expat fixes the following issues:
expat was updated to version 2.7.1:
- Bug fixes:
- Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
- Other changes:
- Fix printf format specifiers for 32bit Emscripten
- docs: Promote OpenSSF Best Practices self-certification
- tests/benchmark: Resolve mistaken double close
- Address compiler warnings
- Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Version update to 2.7.0 (CVE-2024-8176, bsc#1239618, jsc#PED-12507)
* Security fixes:
- CVE-2024-8176 -- Fix crash from chaining a large number of
entities caused by stack overflow by resolving use of recursion,
for all three uses of entities: - general entities in character data
('<e>&g1;</e>') - general entities in attribute values
('<e k1='&g1;'/>') - parameter entities ('%p1;')
Known impact is (reliable and easy) denial of service:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
(Base Score: 7.5, Temporal Score: 7.2)
Please note that a layer of compression around XML can
significantly reduce the minimum attack payload size.
* Other changes:
- docs: Add missing documentation of error code XML_ERROR_NOT_STARTED
that was introduced with 2.6.4
- docs: Document need for C++11 compiler for use from C++
- Address Cppcheck warnings
- Mass-migrate links from http:// to https://
- Document changes since the previous release
- Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3508-1
Released: Thu Oct 9 10:32:56 2025
Summary: Security update for expat
Type: security
Severity: important
References: 1249584,CVE-2025-59375
This update for expat fixes the following issues:
- CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations
by submitting crafted XML input (bsc#1249584).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3606-1
Released: Wed Oct 15 15:38:20 2025
Summary: Security update for squid
Type: security
Severity: important
References: 1250627,CVE-2025-59362
This update for squid fixes the following issues:
- CVE-2025-59362: fixed buffer overflow (bsc#1250627)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3635-1
Released: Fri Oct 17 16:33:06 2025
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1250232,CVE-2025-9230
This update for openssl-1_1 fixes the following issues:
- CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4026-1
Released: Mon Nov 10 10:12:42 2025
Summary: Security update for squid
Type: security
Severity: important
References: 1252281,CVE-2025-62168
This update for squid fixes the following issues:
- CVE-2025-62168: Fixed failure to redact HTTP authentication credentials in error handling leading to information disclosure (bsc#1252281)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4368-1
Released: Thu Dec 11 16:12:16 2025
Summary: Security update for python3
Type: security
Severity: low
References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291
This update for python3 fixes the following issues:
- CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed
to it are user-controlled (bsc#1252974).
- CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of
ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:27-1
Released: Mon Jan 5 13:45:08 2026
Summary: Security update for python3
Type: security
Severity: moderate
References: 1254400,1254401,1254997,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837
This update for python3 fixes the following issues:
- CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997)
- CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400)
- CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:309-1
Released: Wed Jan 28 10:36:32 2026
Summary: Security update for openssl-3
Type: security
Severity: critical
References: 1256830,1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-15467,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796
This update for openssl-3 fixes the following issues:
- CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:331-1
Released: Wed Jan 28 18:12:49 2026
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796
This update for openssl-1_1 fixes the following issues:
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:371-1
Released: Tue Feb 3 19:08:49 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1256437,1256766,1256822,1257005,CVE-2025-15281,CVE-2026-0861,CVE-2026-0915
This update for glibc fixes the following issues:
Security fixes:
- CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766).
- CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822).
- CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005).
Other fixes:
- NPTL: Optimize trylock for high cache contention workloads (bsc#1256437).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:432-1
Released: Wed Feb 11 10:11:56 2026
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1248586,1254670,CVE-2025-7709
This update for sqlite3 fixes the following issues:
- Update to v3.51.2:
- CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:605-1
Released: Tue Feb 24 12:19:11 2026
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1247850,1247858,1250553,1256804,1256805,1256807,1256808,1256809,1256810,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2025-8732,CVE-2026-0989,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757
This update for libxml2 fixes the following issues:
- CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811)
- CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812)
- CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595)
- CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553)
- CVE-2025-8732: Fixed an infinite recursion in catalog parsing functions when processing malformed SGML catalog files. (bsc#1247858)
- CVE-2026-0989: Fixe a call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth. (bsc#1256805, bsc#1256810)
The following package changes have been done:
- glibc-2.38-150600.14.40.1 updated
- libsqlite3-0-3.51.2-150000.3.36.1 updated
- libxml2-2-2.12.10-150700.4.11.1 updated
- libopenssl3-3.2.3-150700.5.24.1 updated
- libopenssl-3-fips-provider-3.2.3-150700.5.24.1 updated
- libexpat1-2.7.1-150700.3.6.1 added
- libltdl7-2.4.6-150000.3.8.1 added
- libnettle8-3.10.1-150700.2.16 added
- libopenssl1_1-1.1.1w-150700.11.11.1 added
- libtdb1-1.4.12-150700.1.4 added
- libyaml-0-2-0.1.7-150000.3.4.1 added
- libpython3_6m1_0-3.6.15-150300.10.103.1 added
- python3-base-3.6.15-150300.10.103.1 added
- python3-3.6.15-150300.10.103.1 added
- squid-6.10-150600.3.14.1 added
- python3-PyYAML-5.4.1-150300.3.6.1 added
- container:bci-bci-base-15.7-b5348ae5fdbf31d45ff492a751e4d0215af00ce3a6d2330478239aa70431ecf5-0 updated
More information about the sle-container-updates
mailing list