SUSE-CU-2026:5674-1: Security update of suse/manager/5.0/x86_64/proxy-squid

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Sun Jun 7 07:35:09 UTC 2026 

SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-squid
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:5674-1
Container Tags        : suse/manager/5.0/x86_64/proxy-squid:5.0.8 , suse/manager/5.0/x86_64/proxy-squid:5.0.8.7.35.1 , suse/manager/5.0/x86_64/proxy-squid:latest
Container Release     : 7.35.1
Severity              : important
Type                  : security
References            : 1258311 1259825 1260078 1260082 1260441 1260442 1260443 1260444
                        1260445 1261280 1261678 1261809 CVE-2026-28387 CVE-2026-28388
                        CVE-2026-28389 CVE-2026-28390 CVE-2026-31789 CVE-2026-31790 CVE-2026-34743
                        CVE-2026-4437 CVE-2026-4438 CVE-2026-4878 
-----------------------------------------------------------------

The container suse/manager/5.0/x86_64/proxy-squid was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1113-1
Released:    Fri Mar 27 10:34:35 2026
Summary:     Recommended update for crypto-policies
Type:        recommended
Severity:    moderate
References:  1258311,1259825
This update for crypto-policies fixes the following issues:

Enables PQC key exchange support for OpenSSH (bsc#1258311, bsc#1259825)

* The sntrup761x25519-sha512 hybrid keyexchange for OpenSSH is enabled.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1215-1
Released:    Wed Apr  8 14:27:57 2026
Summary:     Security update for openssl-3
Type:        security
Severity:    important
References:  1260441,1260442,1260443,1260444,1260445,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-31789,CVE-2026-31790
This update for openssl-3 fixes the following issues:

- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
- CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1369-1
Released:    Wed Apr 15 16:42:55 2026
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1260078,1260082,CVE-2026-4437,CVE-2026-4438
This update for glibc fixes the following issues:

- CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078).
- CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1432-1
Released:    Fri Apr 17 12:12:08 2026
Summary:     Security update for libcap
Type:        security
Severity:    important
References:  1261809,CVE-2026-4878
This update for libcap fixes the following issue:

- CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1605-1
Released:    Fri Apr 24 13:48:53 2026
Summary:     Security update for openssl-3
Type:        security
Severity:    moderate
References:  1261678,CVE-2026-28390
This update for openssl-3 fixes the following issue:

Security issues fixed:
    
- CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with
  KeyTransportRecipientInfo (bsc#1261678).
    
Other updates and bugfixes:
    
- Enable MD2 in legacy provider (jsc#PED-15724).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2051-1
Released:    Mon May 25 15:59:43 2026
Summary:     Security update for xz
Type:        security
Severity:    important
References:  1261280,CVE-2026-34743
This update for xz fixes the following issue

- CVE-2026-34743: buffer overflow in lzma_index_append() (bsc#1261280).


The following package changes have been done:

- crypto-policies-20230920.570ea89-150600.3.16.1 updated
- glibc-2.38-150600.14.46.1 updated
- liblzma5-5.4.1-150600.3.6.1 updated
- libcap2-2.63-150400.3.6.1 updated
- libopenssl3-3.1.4-150600.5.50.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.50.1 updated
- container:sles15-ltss-image-15.6.0-5.58 updated

More information about the sle-container-updates mailing list