SUSE-CU-2026:141-1: Security update of suse/manager/4.3/proxy-httpd

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Jan 6 16:28:11 UTC 2026 

SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:141-1
Container Tags        : suse/manager/4.3/proxy-httpd:4.3.16.2 , suse/manager/4.3/proxy-httpd:4.3.16.2.9.73.6 , suse/manager/4.3/proxy-httpd:latest
Container Release     : 9.73.6
Severity              : important
Type                  : security
References            : 1254400 1254401 1254511 1254512 1254514 1254515 1254997 CVE-2025-12084
                        CVE-2025-13836 CVE-2025-13837 CVE-2025-55753 CVE-2025-58098 CVE-2025-65082
                        CVE-2025-66200 
-----------------------------------------------------------------

The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:19-1
Released:    Mon Jan  5 12:06:21 2026
Summary:     Security update for apache2
Type:        security
Severity:    important
References:  1254511,1254512,1254514,1254515,CVE-2025-55753,CVE-2025-58098,CVE-2025-65082,CVE-2025-66200
This update for apache2 fixes the following issues:

- CVE-2025-55753: Fixed mod_md (ACME) unintended retry intervals (bsc#1254511)
- CVE-2025-65082: Fixed CGI environment variable override (bsc#1254514)
- CVE-2025-58098: Fixed Server Side Includes adding query string to #exec cmd=... (bsc#1254512)
- CVE-2025-66200: Fixed mod_userdir+suexec bypass via AllowOverride FileInfo (bsc#1254515)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:27-1
Released:    Mon Jan  5 13:45:08 2026
Summary:     Security update for python3
Type:        security
Severity:    moderate
References:  1254400,1254401,1254997,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837
This update for python3 fixes the following issues:

- CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997)
- CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400)
- CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401)
  

The following package changes have been done:

- python3-base-3.6.15-150300.10.103.1 updated
- libpython3_6m1_0-3.6.15-150300.10.103.1 updated
- python3-3.6.15-150300.10.103.1 updated
- apache2-utils-2.4.51-150400.6.52.1 updated
- apache2-2.4.51-150400.6.52.1 updated
- apache2-prefork-2.4.51-150400.6.52.1 updated
- container:sles15-ltss-image-15.4.0-6.1 updated

More information about the sle-container-updates mailing list