SUSE-CU-2026:6819-1: Security update of suse/multi-linux-manager/5.1/x86_64/proxy-squid

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Jul 7 08:17:05 UTC 2026


SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/proxy-squid
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:6819-1
Container Tags        : suse/multi-linux-manager/5.1/x86_64/proxy-squid:5.1.4 , suse/multi-linux-manager/5.1/x86_64/proxy-squid:5.1.4.8.22.1 , suse/multi-linux-manager/5.1/x86_64/proxy-squid:latest
Container Release     : 8.22.1
Severity              : important
Type                  : security
References            : 1250782 1250782 1259327 1261206 1261280 1262144 1262464 1262465
                        1266340 1266340 1266341 1266341 1266342 1266342 1266343 1266345
                        1266349 1266349 1266350 1266351 1266352 1266353 1266355 1266356
                        1266357 1266357 1268012 1268013 CVE-2026-11822 CVE-2026-11824
                        CVE-2026-34180 CVE-2026-34180 CVE-2026-34181 CVE-2026-34183 CVE-2026-34743
                        CVE-2026-4046 CVE-2026-42766 CVE-2026-42766 CVE-2026-42767 CVE-2026-42768
                        CVE-2026-42769 CVE-2026-42770 CVE-2026-45445 CVE-2026-45446 CVE-2026-45447
                        CVE-2026-45447 CVE-2026-5450 CVE-2026-5928 CVE-2026-5958 CVE-2026-7383
                        CVE-2026-7383 CVE-2026-9076 CVE-2026-9076 
-----------------------------------------------------------------

The container suse/multi-linux-manager/5.1/x86_64/proxy-squid was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1941-1
Released:    Mon May 18 09:44:34 2026
Summary:     Security update for sed
Type:        security
Severity:    moderate
References:  1262144,CVE-2026-5958
This update for sed fixes the following issue:

- CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintended file (bsc#1262144).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:2041-1
Released:    Thu May 21 16:29:18 2026
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1250782
This update for openssl-1_1 fixes the following issues:

- Fix 30-test_fips_sli.t fails intermittently on s390x (bsc#1250782):
    * Fix AES_GCM IV test sometimes failing on s390x.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2051-1
Released:    Mon May 25 15:59:43 2026
Summary:     Security update for xz
Type:        security
Severity:    important
References:  1261280,CVE-2026-34743
This update for xz fixes the following issue

- CVE-2026-34743: buffer overflow in lzma_index_append() (bsc#1261280).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2231-1
Released:    Wed Jun  3 12:57:18 2026
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1261206,1262464,1262465,CVE-2026-4046,CVE-2026-5450,CVE-2026-5928
This update for glibc fixes the following issues

- CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261206).
- CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width > 1024 (bsc#1262465).
- CVE-2026-5928: libio: ungetwc could be used to leak data on special conditions (bsc#1262464).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2392-1
Released:    Mon Jun 15 10:05:31 2026
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1250782,1266340,1266341,1266342,1266349,1266357,CVE-2026-34180,CVE-2026-42766,CVE-2026-45447,CVE-2026-7383,CVE-2026-9076
This update for openssl-1_1 fixes the following issues

- CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion (bsc#1266340).
- CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption (bsc#1266341).
- CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing (bsc#1266342).
- CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption (bsc#1266349).
- CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify() (bsc#1266357).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:2434-1
Released:    Wed Jun 17 16:40:10 2026
Summary:     Recommended update for coreutils
Type:        recommended
Severity:    important
References:  1259327
This update for coreutils fixes the following issues:

- proc: Use affinity mask even on systems with more than 1024 CPUs (bsc#1259327)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2528-1
Released:    Tue Jun 23 11:06:07 2026
Summary:     Security update for sqlite3
Type:        security
Severity:    important
References:  1268012,1268013,CVE-2026-11822,CVE-2026-11824
This update for sqlite3 fixes the following issues

Update to 3.53.2:

- CVE-2026-11822: memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause
  process crashes, memory exhaustion, or arbitrary code execution (bsc#1268012).
- CVE-2026-11824: heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers
  to cause a crash or execute arbitrary code (bsc#1268013).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2648-1
Released:    Fri Jun 26 13:05:57 2026
Summary:     Security update for openssl-3
Type:        security
Severity:    important
References:  1266340,1266341,1266342,1266343,1266345,1266349,1266350,1266351,1266352,1266353,1266355,1266356,1266357,CVE-2026-34180,CVE-2026-34181,CVE-2026-34183,CVE-2026-42766,CVE-2026-42767,CVE-2026-42768,CVE-2026-42769,CVE-2026-42770,CVE-2026-45445,CVE-2026-45446,CVE-2026-45447,CVE-2026-7383,CVE-2026-9076
This update for openssl-3 fixes the following issues

- CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion (bsc#1266340).
- CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption (bsc#1266341).
- CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing (bsc#1266342).
- CVE-2026-34181: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys (bsc#1266343).
- CVE-2026-34183: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler (bsc#1266345).
- CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption (bsc#1266349).
- CVE-2026-42767: NULL Pointer Dereference in CRMF EncryptedValue Decryption (bsc#1266350).
- CVE-2026-42768: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() (bsc#1266351).
- CVE-2026-42769: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate (bsc#1266352).
- CVE-2026-42770: FFC-DH Peer Validation Uses Attacker-Supplied q (bsc#1266353).
- CVE-2026-45445: AES-OCB IV Ignored on EVP_Cipher() Path (bsc#1266355).
- CVE-2026-45446: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes (bsc#1266356).
- CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify() (bsc#1266357).


The following package changes have been done:

- glibc-2.38-150600.14.49.1 updated
- libsqlite3-0-3.53.2-150000.3.42.1 updated
- liblzma5-5.4.1-150600.3.6.1 updated
- libopenssl3-3.2.3-150700.5.36.1 updated
- sed-4.9-150600.3.3.1 updated
- coreutils-8.32-150400.9.12.1 updated
- libopenssl-3-fips-provider-3.2.3-150700.5.36.1 updated
- libopenssl1_1-1.1.1w-150700.11.22.1 updated
- container:bci-bci-base-15.7-d2aab68ae05470b62bbe38c4ca03ff5bf72b405197482ed96e34dd0087d7bde2-0 updated


More information about the sle-container-updates mailing list