SUSE-CU-2026:160-1: Security update of suse/ltss/sle12.5/sles12sp5
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Jan 9 08:30:19 UTC 2026
SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:160-1
Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.174 , suse/ltss/sle12.5/sles12sp5:latest
Container Release : 8.5.174
Severity : moderate
Type : security
References : 1255731 1255732 1255733 CVE-2025-14524 CVE-2025-14819 CVE-2025-15079
-----------------------------------------------------------------
The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:66-1
Released: Thu Jan 8 13:21:34 2026
Summary: Security update for curl
Type: security
Severity: moderate
References: 1255731,1255732,1255733,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079
This update for curl fixes the following issues:
- CVE-2025-14524: Fixed bearer token leak on cross-protocol redirect (bsc#1255731)
- CVE-2025-15079: Fixed unknown host connection acceptance when set in the global knownhostsfile (bsc#1255733)
- CVE-2025-14819: Fixed issue where alteration of CURLSSLOPT_NO_PARTIALCHAIN could
accidentally lead to CA cache reuse for which partial chain was reversed (bsc#1255732)
The following package changes have been done:
- libcurl4-8.0.1-11.111.1 updated
More information about the sle-container-updates
mailing list