SUSE-CU-2026:6820-1: Security update of suse/multi-linux-manager/5.1/x86_64/proxy-ssh
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Jul 8 09:10:49 UTC 2026
SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/proxy-ssh
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:6820-1
Container Tags : suse/multi-linux-manager/5.1/x86_64/proxy-ssh:5.1.4 , suse/multi-linux-manager/5.1/x86_64/proxy-ssh:5.1.4.8.22.1 , suse/multi-linux-manager/5.1/x86_64/proxy-ssh:latest
Container Release : 8.22.1
Severity : important
Type : security
References : 1250782 1250782 1259327 1259642 1261206 1261280 1261427 1261427
1261430 1261430 1261441 1262464 1262465 1264568 1266340 1266340
1266341 1266341 1266342 1266342 1266343 1266345 1266349 1266349
1266350 1266351 1266352 1266353 1266355 1266356 1266357 1266357
1268012 1268013 CVE-2026-11822 CVE-2026-11824 CVE-2026-34180
CVE-2026-34180 CVE-2026-34181 CVE-2026-34183 CVE-2026-34743 CVE-2026-3497
CVE-2026-35385 CVE-2026-35385 CVE-2026-35388 CVE-2026-35414 CVE-2026-35414
CVE-2026-4046 CVE-2026-42766 CVE-2026-42766 CVE-2026-42767 CVE-2026-42768
CVE-2026-42769 CVE-2026-42770 CVE-2026-45445 CVE-2026-45446 CVE-2026-45447
CVE-2026-45447 CVE-2026-5450 CVE-2026-5928 CVE-2026-7383 CVE-2026-7383
CVE-2026-9076 CVE-2026-9076
-----------------------------------------------------------------
The container suse/multi-linux-manager/5.1/x86_64/proxy-ssh was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1876-1
Released: Sat May 16 00:06:36 2026
Summary: Security update for openssh
Type: security
Severity: important
References: 1261427,1261430,CVE-2026-35385,CVE-2026-35414
This update for openssh fixes the following issues
- CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid (bsc#1261427).
- CVE-2026-35414: mishandling of authorized_keys principals option (bsc#1261430).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:2041-1
Released: Thu May 21 16:29:18 2026
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1250782
This update for openssl-1_1 fixes the following issues:
- Fix 30-test_fips_sli.t fails intermittently on s390x (bsc#1250782):
* Fix AES_GCM IV test sometimes failing on s390x.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2051-1
Released: Mon May 25 15:59:43 2026
Summary: Security update for xz
Type: security
Severity: important
References: 1261280,CVE-2026-34743
This update for xz fixes the following issue
- CVE-2026-34743: buffer overflow in lzma_index_append() (bsc#1261280).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2231-1
Released: Wed Jun 3 12:57:18 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1261206,1262464,1262465,CVE-2026-4046,CVE-2026-5450,CVE-2026-5928
This update for glibc fixes the following issues
- CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261206).
- CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width > 1024 (bsc#1262465).
- CVE-2026-5928: libio: ungetwc could be used to leak data on special conditions (bsc#1262464).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2371-1
Released: Thu Jun 11 16:01:35 2026
Summary: Security update for openssh
Type: security
Severity: important
References: 1259642,1261427,1261430,1261441,1264568,CVE-2026-3497,CVE-2026-35385,CVE-2026-35388,CVE-2026-35414
This update for openssh fixes the following issues
- CVE-2026-3497: information disclosure or denial of service due to uninitialized variables (bsc#1259642).
- CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid (bsc#1261427).
- CVE-2026-35388: omitted connection multiplexing confirmation for proxy-mode multiplexing sessions (bsc#1261441).
- CVE-2026-35414: mishandling of authorized_keys principals option (bsc#1261430).
- potential security issue when validating mac (bsc#1264568).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2392-1
Released: Mon Jun 15 10:05:31 2026
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1250782,1266340,1266341,1266342,1266349,1266357,CVE-2026-34180,CVE-2026-42766,CVE-2026-45447,CVE-2026-7383,CVE-2026-9076
This update for openssl-1_1 fixes the following issues
- CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion (bsc#1266340).
- CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption (bsc#1266341).
- CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing (bsc#1266342).
- CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption (bsc#1266349).
- CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify() (bsc#1266357).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:2434-1
Released: Wed Jun 17 16:40:10 2026
Summary: Recommended update for coreutils
Type: recommended
Severity: important
References: 1259327
This update for coreutils fixes the following issues:
- proc: Use affinity mask even on systems with more than 1024 CPUs (bsc#1259327)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2528-1
Released: Tue Jun 23 11:06:07 2026
Summary: Security update for sqlite3
Type: security
Severity: important
References: 1268012,1268013,CVE-2026-11822,CVE-2026-11824
This update for sqlite3 fixes the following issues
Update to 3.53.2:
- CVE-2026-11822: memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause
process crashes, memory exhaustion, or arbitrary code execution (bsc#1268012).
- CVE-2026-11824: heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers
to cause a crash or execute arbitrary code (bsc#1268013).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2648-1
Released: Fri Jun 26 13:05:57 2026
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1266340,1266341,1266342,1266343,1266345,1266349,1266350,1266351,1266352,1266353,1266355,1266356,1266357,CVE-2026-34180,CVE-2026-34181,CVE-2026-34183,CVE-2026-42766,CVE-2026-42767,CVE-2026-42768,CVE-2026-42769,CVE-2026-42770,CVE-2026-45445,CVE-2026-45446,CVE-2026-45447,CVE-2026-7383,CVE-2026-9076
This update for openssl-3 fixes the following issues
- CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion (bsc#1266340).
- CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption (bsc#1266341).
- CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing (bsc#1266342).
- CVE-2026-34181: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys (bsc#1266343).
- CVE-2026-34183: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler (bsc#1266345).
- CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption (bsc#1266349).
- CVE-2026-42767: NULL Pointer Dereference in CRMF EncryptedValue Decryption (bsc#1266350).
- CVE-2026-42768: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() (bsc#1266351).
- CVE-2026-42769: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate (bsc#1266352).
- CVE-2026-42770: FFC-DH Peer Validation Uses Attacker-Supplied q (bsc#1266353).
- CVE-2026-45445: AES-OCB IV Ignored on EVP_Cipher() Path (bsc#1266355).
- CVE-2026-45446: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes (bsc#1266356).
- CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify() (bsc#1266357).
The following package changes have been done:
- glibc-2.38-150600.14.49.1 updated
- libsqlite3-0-3.53.2-150000.3.42.1 updated
- liblzma5-5.4.1-150600.3.6.1 updated
- libopenssl3-3.2.3-150700.5.36.1 updated
- coreutils-8.32-150400.9.12.1 updated
- libopenssl-3-fips-provider-3.2.3-150700.5.36.1 updated
- libopenssl1_1-1.1.1w-150700.11.22.1 updated
- openssh-common-9.6p1-150600.6.42.1 updated
- openssh-fips-9.6p1-150600.6.42.1 updated
- openssh-clients-9.6p1-150600.6.42.1 updated
- openssh-server-9.6p1-150600.6.42.1 updated
- openssh-9.6p1-150600.6.42.1 updated
- container:bci-bci-base-15.7-d2aab68ae05470b62bbe38c4ca03ff5bf72b405197482ed96e34dd0087d7bde2-0 updated
More information about the sle-container-updates
mailing list