SUSE-CU-2026:5672-1: Security update of suse/manager/5.0/x86_64/proxy-httpd
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sat Jun 6 09:03:44 UTC 2026
SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-httpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:5672-1
Container Tags : suse/manager/5.0/x86_64/proxy-httpd:5.0.8 , suse/manager/5.0/x86_64/proxy-httpd:5.0.8.7.35.3 , suse/manager/5.0/x86_64/proxy-httpd:latest
Container Release : 7.35.3
Severity : important
Type : security
References : 1222465 1225811 1234736 1240895 1245107 1249675 1250782 1252927
1254182 1254427 1254666 1255857 1256392 1256953 1257181 1257621
1258041 1258106 1258109 1258311 1258378 1258382 1258796 1258859
1259127 1259243 1259261 1259362 1259441 1259611 1259711 1259726
1259729 1259734 1259735 1259803 1259825 1259845 1259989 1260026
1260078 1260082 1260441 1260441 1260442 1260442 1260443 1260443
1260444 1260444 1260445 1261280 1261307 1261678 1261678 1261809
1261969 1261970 1262098 1262319 1262631 1262632 1262635 1262636
1262638 1262654 1262741 1262803 1263935 1263950 1263951 1263952
1263953 1263954 1263955 1263956 1263957 1264150 1264163 1264256
CVE-2025-13462 CVE-2025-14104 CVE-2026-1299 CVE-2026-1502 CVE-2026-1965
CVE-2026-23918 CVE-2026-24072 CVE-2026-27135 CVE-2026-28387 CVE-2026-28387
CVE-2026-28388 CVE-2026-28388 CVE-2026-28389 CVE-2026-28389 CVE-2026-28390
CVE-2026-28390 CVE-2026-28780 CVE-2026-29168 CVE-2026-29169 CVE-2026-30922
CVE-2026-31789 CVE-2026-31789 CVE-2026-31790 CVE-2026-3184 CVE-2026-32776
CVE-2026-32777 CVE-2026-32778 CVE-2026-33006 CVE-2026-33007 CVE-2026-33523
CVE-2026-33857 CVE-2026-34032 CVE-2026-34059 CVE-2026-3446 CVE-2026-34743
CVE-2026-3479 CVE-2026-3644 CVE-2026-40475 CVE-2026-4224 CVE-2026-4437
CVE-2026-4438 CVE-2026-4519 CVE-2026-4786 CVE-2026-4873 CVE-2026-4878
CVE-2026-5545 CVE-2026-6019 CVE-2026-6100 CVE-2026-6253 CVE-2026-6276
CVE-2026-6429
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/proxy-httpd was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:115-1
Released: Mon Jan 12 16:03:42 2026
Summary: Security update for util-linux
Type: security
Severity: moderate
References: 1254666,CVE-2025-14104
This update for util-linux fixes the following issues:
- CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:803-1
Released: Wed Mar 4 13:57:07 2026
Summary: Security update for util-linux
Type: security
Severity: moderate
References: 1258859,CVE-2026-3184
This update for util-linux fixes the following issues:
- CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' (bsc#1258859).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1090-1
Released: Thu Mar 26 18:44:54 2026
Summary: Security update for python3
Type: security
Severity: important
References: 1257181,CVE-2026-1299
This update for python3 fixes the following issues:
- CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator (bsc#1257181).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1113-1
Released: Fri Mar 27 10:34:35 2026
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1258311,1259825
This update for crypto-policies fixes the following issues:
Enables PQC key exchange support for OpenSSH (bsc#1258311, bsc#1259825)
* The sntrup761x25519-sha512 hybrid keyexchange for OpenSSH is enabled.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1158-1
Released: Tue Mar 31 13:55:47 2026
Summary: Security update for python-pyasn1
Type: security
Severity: important
References: 1259803,CVE-2026-30922
This update for python-pyasn1 fixes the following issues:
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1166-1
Released: Thu Apr 2 03:08:04 2026
Summary: Security update for expat
Type: security
Severity: important
References: 1259711,1259726,1259729,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778
This update for expat fixes the following issues:
- CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity
declaration value (bsc#1259726).
- CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711).
- CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1168-1
Released: Thu Apr 2 08:23:44 2026
Summary: Recommended update for apache2
Type: recommended
Severity: important
References: 1254182
This update for apache2 fixes the following issues:
- Update to 2.4.66:
* ECO: (jsc#PED-15953):
* Fix: apache2-worker segfaults (bsc#1254182)
- Removed patches, as they've been merged/fixed upstream.
- Removed these FIPS-related patches too, as they too have been merged upstream
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1215-1
Released: Wed Apr 8 14:27:57 2026
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1260441,1260442,1260443,1260444,1260445,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-31789,CVE-2026-31790
This update for openssl-3 fixes the following issues:
- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
- CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1350-1
Released: Wed Apr 15 15:36:20 2026
Summary: Security update for nghttp2
Type: security
Severity: important
References: 1259845,CVE-2026-27135
This update for nghttp2 fixes the following issue:
- CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1369-1
Released: Wed Apr 15 16:42:55 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1260078,1260082,CVE-2026-4437,CVE-2026-4438
This update for glibc fixes the following issues:
- CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078).
- CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1410-1
Released: Thu Apr 16 14:41:43 2026
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1222465,1234736
This update for util-linux fixes the following issues:
- recognize fuse 'portal' as a virtual file system (bsc#1234736).
- fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1432-1
Released: Fri Apr 17 12:12:08 2026
Summary: Security update for libcap
Type: security
Severity: important
References: 1261809,CVE-2026-4878
This update for libcap fixes the following issue:
- CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1434-1
Released: Fri Apr 17 12:49:03 2026
Summary: Recommended update for apparmor
Type: recommended
Severity: moderate
References: 1225811,1259441
This update for apparmor fixes the following issues:
- samba gives denied in audit with apparmor (bsc#1225811).
- apparmor denies printing with profiles on sle15-sp7 (bsc#1259441).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1577-1
Released: Thu Apr 23 17:53:45 2026
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1260441,1260442,1260443,1260444,1261678,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-28390,CVE-2026-31789
This update for openssl-1_1 fixes the following issues:
- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with
KeyTransportRecipientInfo (bsc#1261678).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1605-1
Released: Fri Apr 24 13:48:53 2026
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1261678,CVE-2026-28390
This update for openssl-3 fixes the following issue:
Security issues fixed:
- CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with
KeyTransportRecipientInfo (bsc#1261678).
Other updates and bugfixes:
- Enable MD2 in legacy provider (jsc#PED-15724).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1715-1
Released: Wed May 6 14:09:30 2026
Summary: Security update for python3
Type: security
Severity: important
References: 1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100
This update for python3 fixes the following issues:
- CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to
misinterpretation of tar archives (bsc#1259611).
- CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969).
- CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be
processed (bsc#1261970).
- CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989).
- CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass
(bsc#1259734).
- CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735).
- CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser
command line option injection (bsc#1260026).
- CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection
(bsc#1262319).
- CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654).
- CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is
under memory pressure(bsc#1262098).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1940-1
Released: Mon May 18 09:44:14 2026
Summary: Security update for curl
Type: security
Severity: important
References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631).
- CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632).
- CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635).
- CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636).
- CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638).
Other updates and bugfixes:
- sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2051-1
Released: Mon May 25 15:59:43 2026
Summary: Security update for xz
Type: security
Severity: important
References: 1261280,CVE-2026-34743
This update for xz fixes the following issue
- CVE-2026-34743: buffer overflow in lzma_index_append() (bsc#1261280).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:2061-1
Released: Tue May 26 07:14:34 2026
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1250782
This update for openssl-1_1 fixes the following issues:
- Fix 30-test_fips_sli.t fails intermittently on s390x (bsc#1250782):
* Fix AES_GCM IV test sometimes failing on s390x.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2103-1
Released: Thu May 28 14:34:03 2026
Summary: Security update for apache2
Type: security
Severity: important
References: 1263935,1263950,1263951,1263952,1263953,1263954,1263955,1263956,1263957,1264150,1264163,CVE-2026-23918,CVE-2026-24072,CVE-2026-28780,CVE-2026-29168,CVE-2026-29169,CVE-2026-33006,CVE-2026-33007,CVE-2026-33523,CVE-2026-33857,CVE-2026-34032,CVE-2026-34059
This update for apache2 fixes the following issues
- CVE-2026-23918: http2: double free and possible RCE on early reset (bsc#1263957).
- CVE-2026-24072: mod_rewrite elevation of privileges via ap_expr (bsc#1263935).
- CVE-2026-28780: heap buffer overflow in `mod_proxy_ajp` via `ajp_msg_check_header()` (bsc#1264163).
- CVE-2026-29168: allocation of resources without limits in `mod_md` via OCSP response (bsc#1264150).
- CVE-2026-29169: NULL pointer dereference in `mod_dav_lock` allows server crash via malicious requests (bsc#1263956).
- CVE-2026-33006: `mod_auth_digest` timing attack allows bypass of Digest authentication (bsc#1263955).
- CVE-2026-33007: NULL pointer dereference in `mod_authn_socache` allows unauthenticated remote user to crash a child
processes (bsc#1263954).
- CVE-2026-33523: HTTP response splitting forwarding malicious status line (bsc#1263953).
- CVE-2026-33857: off-by-one OOB reads in AJP getter functions (bsc#1263952).
- CVE-2026-34032: heap buffer overread in `mod_proxy_ajp` due to missing null-termination check (bsc#1263951).
- CVE-2026-34059: heap buffer overread and memory disclosure via `ajp_parse_data()` (bsc#1263950).
-----------------------------------------------------------------
Advisory ID: SUSE-Manager-5.0-2026-2240
Released: Wed Jun 3 15:51:03 2026
Summary: Maintenance update for Multi-Linux Manager 5.0: Server, Proxy and Retail
Type: recommended
Severity: moderate
References: 1240895,1245107,1249675,1252927,1254427,1255857,1256392,1256953,1257621,1258041,1258106,1258109,1258378,1258382,1258796,1259127,1259243,1259261,1261307,1262741,1264256
Maintenance update for Multi-Linux Manager 5.0: Server, Proxy and Retail Branch Server
This is a codestream only update
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2259-1
Released: Wed Jun 3 17:31:35 2026
Summary: Security update for python3-pyOpenSSL
Type: security
Severity: moderate
References: 1262803,CVE-2026-40475
This update for python3-pyOpenSSL fixes the following issue
- CVE-2026-40475: improper input handling of null bytes can lead to silent data truncation and security-state
inconsistency (bsc#1262803).
The following package changes have been done:
- crypto-policies-20230920.570ea89-150600.3.16.1 updated
- glibc-2.38-150600.14.46.1 updated
- libuuid1-2.39.3-150600.4.21.1 updated
- libsmartcols1-2.39.3-150600.4.21.1 updated
- libnghttp2-14-1.40.0-150600.25.5.1 updated
- liblzma5-5.4.1-150600.3.6.1 updated
- libcap2-2.63-150400.3.6.1 updated
- libblkid1-2.39.3-150600.4.21.1 updated
- libudev1-254.27-150600.4.62.1 updated
- libfdisk1-2.39.3-150600.4.21.1 updated
- libopenssl3-3.1.4-150600.5.50.1 updated
- libmount1-2.39.3-150600.4.21.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.50.1 updated
- libcurl4-8.14.1-150600.4.43.1 updated
- util-linux-2.39.3-150600.4.21.1 updated
- curl-8.14.1-150600.4.43.1 updated
- libapparmor1-3.1.7-150600.5.12.2 updated
- libexpat1-2.7.1-150400.3.37.1 updated
- libopenssl1_1-1.1.1w-150600.5.29.1 updated
- release-notes-susemanager-proxy-5.0.8-150600.11.42.1 updated
- xz-5.4.1-150600.3.6.1 updated
- python3-base-3.6.15-150300.10.118.1 updated
- libpython3_6m1_0-3.6.15-150300.10.118.1 updated
- apache2-prefork-2.4.66-150600.5.52.1 updated
- python3-3.6.15-150300.10.118.1 updated
- python3-pyasn1-0.4.2-150000.3.16.1 updated
- apache2-2.4.66-150600.5.52.1 updated
- python3-pyOpenSSL-21.0.0-150400.13.1 updated
- spacewalk-backend-5.0.18-150600.4.29.4 updated
- python3-spacewalk-client-tools-5.0.13-150600.4.21.4 updated
- spacewalk-client-tools-5.0.13-150600.4.21.4 updated
- container:sles15-ltss-image-15.6.0-5.58 updated
More information about the sle-container-updates
mailing list