SUSE-CU-2026:153-1: Security update of suse/sle-micro/5.2/toolbox

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Jan 7 16:40:27 UTC 2026 

SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:153-1
Container Tags        : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.220 , suse/sle-micro/5.2/toolbox:latest
Container Release     : 7.11.220
Severity              : moderate
Type                  : security
References            : 1255731 1255732 1255733 1255734 1255765 CVE-2025-11961 CVE-2025-14524
                        CVE-2025-14819 CVE-2025-15079 CVE-2025-15224 
-----------------------------------------------------------------

The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:51-1
Released:    Wed Jan  7 10:28:23 2026
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1255731,1255732,1255733,1255734,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224
This update for curl fixes the following issues:

- CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
- CVE-2025-14819: libssh global knownhost override (bsc#1255732).
- CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733).
- CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:53-1
Released:    Wed Jan  7 12:03:42 2026
Summary:     Security update for libpcap
Type:        security
Severity:    low
References:  1255765,CVE-2025-11961
This update for libpcap fixes the following issues:

- CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds
  read and write (bsc#1255765).


The following package changes have been done:

- curl-8.14.1-150200.4.97.1 updated
- libcurl4-8.14.1-150200.4.97.1 updated
- libpcap1-1.9.1-150300.3.6.1 updated

More information about the sle-container-updates mailing list