SUSE-CU-2026:458-1: Security update of suse/manager/4.3/proxy-httpd

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Jan 29 08:24:26 UTC 2026 

SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:458-1
Container Tags        : suse/manager/4.3/proxy-httpd:4.3.16.2 , suse/manager/4.3/proxy-httpd:4.3.16.2.9.73.8 , suse/manager/4.3/proxy-httpd:latest
Container Release     : 9.73.8
Severity              : important
Type                  : security
References            : 1239119 1255715 1256244 1256246 1256390 CVE-2025-30258 CVE-2025-68973
-----------------------------------------------------------------

The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3986-1
Released:    Fri Nov  7 11:31:03 2025
Summary:     Security update for gpg2
Type:        security
Severity:    low
References:  1239119,CVE-2025-30258
This update for gpg2 fixes the following issues:

  - CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring (bsc#1239119) 

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:214-1
Released:    Thu Jan 22 13:09:26 2026
Summary:     Security update for gpg2
Type:        security
Severity:    important
References:  1255715,1256244,1256246,1256390,CVE-2025-68973
This update for gpg2 fixes the following issues:

- CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715).
- Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246).
- Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244).
- Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390).


The following package changes have been done:

- gpg2-2.2.27-150300.3.16.1 updated
- container:sles15-ltss-image-15.4.0-6.3 updated

More information about the sle-container-updates mailing list