SUSE-CU-2026:449-1: Security update of suse/pcp

Thu Jan 29 08:20:15 UTC 2026

SUSE Container Update Advisory: suse/pcp
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:449-1
Container Tags        : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-70.9 , suse/pcp:latest
Container Release     : 70.9
Severity              : moderate
Type                  : security
References            : 1254666 1256498 1256499 1256500 CVE-2025-14104 CVE-2025-68276
                        CVE-2025-68468 CVE-2025-68471 
-----------------------------------------------------------------

The container suse/pcp was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:230-1
Released:    Thu Jan 22 13:22:31 2026
Summary:     Security update for util-linux
Type:        security
Severity:    moderate
References:  1254666,CVE-2025-14104
This update for util-linux fixes the following issues:

- CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:259-1
Released:    Thu Jan 22 17:10:44 2026
Summary:     Security update for avahi
Type:        security
Severity:    moderate
References:  1256498,1256499,1256500,CVE-2025-68276,CVE-2025-68468,CVE-2025-68471
This update for avahi fixes the following issues:

- CVE-2025-68276: Fixed refuse to create wide-area record browsers when 
  wide-area is off (bsc#1256498)
- CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500)
- CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499)

The following package changes have been done:

- libavahi-common3-0.8-150600.15.12.1 updated
- util-linux-systemd-2.40.4-150700.4.3.1 updated
- libavahi-client3-0.8-150600.15.12.1 updated