SUSE-CU-2026:1215-1: Security update of suse/multi-linux-manager/5.1/x86_64/proxy-ssh
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Feb 26 08:38:33 UTC 2026
SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/proxy-ssh
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:1215-1
Container Tags : suse/multi-linux-manager/5.1/x86_64/proxy-ssh:5.1.2 , suse/multi-linux-manager/5.1/x86_64/proxy-ssh:5.1.2.8.13.1 , suse/multi-linux-manager/5.1/x86_64/proxy-ssh:latest
Container Release : 8.13.1
Severity : critical
Type : security
References : 1228081 1244449 1248356 1248586 1254202 1254293 1254400 1254401
1254563 1254670 1254997 1256427 1256437 1256766 1256822 1256830
1256834 1256834 1256835 1256835 1256836 1256836 1256837 1256837
1256838 1256838 1256839 1256839 1256840 1256840 1257005 CVE-2025-12084
CVE-2025-13836 CVE-2025-13837 CVE-2025-15281 CVE-2025-15467 CVE-2025-68160
CVE-2025-68160 CVE-2025-69418 CVE-2025-69418 CVE-2025-69419 CVE-2025-69419
CVE-2025-69420 CVE-2025-69420 CVE-2025-69421 CVE-2025-69421 CVE-2025-7709
CVE-2026-0861 CVE-2026-0915 CVE-2026-22795 CVE-2026-22795 CVE-2026-22796
CVE-2026-22796
-----------------------------------------------------------------
The container suse/multi-linux-manager/5.1/x86_64/proxy-ssh was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:27-1
Released: Mon Jan 5 13:45:08 2026
Summary: Security update for python3
Type: security
Severity: moderate
References: 1254400,1254401,1254997,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837
This update for python3 fixes the following issues:
- CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997)
- CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400)
- CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:309-1
Released: Wed Jan 28 10:36:32 2026
Summary: Security update for openssl-3
Type: security
Severity: critical
References: 1256830,1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-15467,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796
This update for openssl-3 fixes the following issues:
- CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:331-1
Released: Wed Jan 28 18:12:49 2026
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796
This update for openssl-1_1 fixes the following issues:
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:371-1
Released: Tue Feb 3 19:08:49 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1256437,1256766,1256822,1257005,CVE-2025-15281,CVE-2026-0861,CVE-2026-0915
This update for glibc fixes the following issues:
Security fixes:
- CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766).
- CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822).
- CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005).
Other fixes:
- NPTL: Optimize trylock for high cache contention workloads (bsc#1256437).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:407-1
Released: Mon Feb 9 07:43:45 2026
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1228081,1244449,1248356,1254202,1254293,1254563,1256427
This update for systemd fixes the following issues:
- Name libsystemd-{shared,core} based on the major version of systemd and
the package release number (bsc#1228081, bsc#1256427)
This way, both the old and new versions of the shared libraries will be
present during the update. This should prevent issues during package updates
when incompatible changes are introduced in the new versions of the shared libraries.
- detect-virt: bare-metal GCE only for x86 and i386 (bsc#1254293)
- timer: rebase last_trigger timestamp if needed
- timer: rebase the next elapse timestamp only if timer didn't already run
- timer: don't run service immediately after restart of a timer (bsc#1254563)
- test: check the next elapse timer timestamp after deserialization
- test: restarting elapsed timer shouldn't trigger the corresponding service
- Reintroduce systemd-network as a transitional dummy package containing no files (bsc#1254202)
The contents of this package were split into two independent packages:
systemd-networkd and systemd-resolved. However, the initial replacement caused
both network services to be disabled. Consequently, the original package has
been restored as an empty transitional package to prevent the disabling of the services.
It can be safely removed once the update is complete.
- units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356)
- units: add dep on systemd-logind.service by user at .service
- detect-virt: add bare-metal support for GCE (bsc#1244449)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:432-1
Released: Wed Feb 11 10:11:56 2026
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1248586,1254670,CVE-2025-7709
This update for sqlite3 fixes the following issues:
- Update to v3.51.2:
- CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670)
The following package changes have been done:
- glibc-2.38-150600.14.40.1 updated
- libsqlite3-0-3.51.2-150000.3.36.1 updated
- libopenssl3-3.2.3-150700.5.24.1 updated
- libudev1-254.27-150600.4.55.1 updated
- libopenssl-3-fips-provider-3.2.3-150700.5.24.1 updated
- libopenssl1_1-1.1.1w-150700.11.11.1 updated
- libsystemd0-254.27-150600.4.55.1 updated
- libpython3_6m1_0-3.6.15-150300.10.103.1 updated
- python3-base-3.6.15-150300.10.103.1 updated
- python3-3.6.15-150300.10.103.1 updated
- container:bci-bci-base-15.7-b5348ae5fdbf31d45ff492a751e4d0215af00ce3a6d2330478239aa70431ecf5-0 updated
More information about the sle-container-updates
mailing list