SUSE-CU-2026:6574-1: Security update of private-registry/harbor-trivy-adapter
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Jul 1 07:30:05 UTC 2026
SUSE Container Update Advisory: private-registry/harbor-trivy-adapter
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:6574-1
Container Tags : private-registry/harbor-trivy-adapter:1.1.3 , private-registry/harbor-trivy-adapter:1.1.3-2.64 , private-registry/harbor-trivy-adapter:latest
Container Release : 2.64
Severity : important
Type : security
References : 1267268 1268356 1268399 1268400 1268403 1268404 1268440 1269269
1269271 CVE-2026-44740 CVE-2026-46680 CVE-2026-47262 CVE-2026-50195
CVE-2026-53488 CVE-2026-53489 CVE-2026-53492 CVE-2026-54448 CVE-2026-55092
-----------------------------------------------------------------
The container private-registry/harbor-trivy-adapter was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2708-1
Released: Tue Jun 30 12:55:22 2026
Summary: Security update for trivy
Type: security
Severity: important
References: 1267268,1268356,1268399,1268400,1268403,1268404,1268440,1269269,1269271,CVE-2026-44740,CVE-2026-46680,CVE-2026-47262,CVE-2026-50195,CVE-2026-53488,CVE-2026-53489,CVE-2026-53492,CVE-2026-54448,CVE-2026-55092
This update for trivy fixes the following issues:
- CVE-2026-50195: containerd: fails to validate the image references specified within a checkpoint image's configuration (bsc#1268399).
- CVE-2026-53488: Update github.com/containerd/containerd/v2/client dependency (bsc#1268400).
- CVE-2026-53492: containerd: improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration (bsc#1268403).
- CVE-2026-53489: containerd: CRI plugin restores container.log from a checkpoint image without validating a symlinked path (bsc#1268404).
- CVE-2026-47262: Update github.com/containerd/containerd/v2/pkg/oci dependency (bsc#1268440).
- CVE-2026-55092: Arbitrary file writes via `org.opencontainers.image.title` annotation from OCI artifact manifest (bsc#1269269).
- CVE-2026-44740: Update github.com/go-git/go-billy/v5 dependency (bsc#1267268).
- CVE-2026-46680: Update github.com/containerd/containerd/v2/pkg/oci dependency (bsc#1268356).
- CVE-2026-54448: tar unpacker reads scanned Helm chart archives (.tgz) with `io.ReadAll(tr)` and defines no size limit (bsc#1269271).
The following package changes have been done:
- trivy-0.71.2-150000.1.24.1 updated
- system-user-harbor-2.14.4-150700.1.13 updated
- container:suse-sle15-15.7-4d81126fa653178328136a0e8e92cebf0854d60a118a21867f074affb3afeaa2-0 updated
More information about the sle-container-updates
mailing list