SUSE-CU-2026:5677-1: Security update of suse/manager/5.0/x86_64/server-attestation
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sun Jun 7 07:35:43 UTC 2026
SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-attestation
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:5677-1
Container Tags : suse/manager/5.0/x86_64/server-attestation:5.0.8 , suse/manager/5.0/x86_64/server-attestation:5.0.8.6.39.1 , suse/manager/5.0/x86_64/server-attestation:latest
Container Release : 6.39.1
Severity : important
Type : security
References : 1254670 1258311 1259118 1259619 1259825 1259924 1260078 1260082
1260441 1260442 1260443 1260444 1260445 1260754 1260755 1261206
1261280 1261678 1261809 1261957 1262050 1262091 1262092 1262093
1262464 1262465 1262490 1262494 1262495 1262496 1262497 1262500
1262501 1264174 CVE-2025-69720 CVE-2025-70873 CVE-2025-7709 CVE-2026-22007
CVE-2026-22013 CVE-2026-22016 CVE-2026-22018 CVE-2026-22021 CVE-2026-23865
CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390 CVE-2026-31789
CVE-2026-31790 CVE-2026-33416 CVE-2026-33636 CVE-2026-34268 CVE-2026-34282
CVE-2026-34477 CVE-2026-34479 CVE-2026-34480 CVE-2026-34481 CVE-2026-34743
CVE-2026-34757 CVE-2026-4046 CVE-2026-42198 CVE-2026-4437 CVE-2026-4438
CVE-2026-4878 CVE-2026-5450 CVE-2026-5928
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/server-attestation was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1065-1
Released: Thu Mar 26 11:38:12 2026
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1254670,1259619,CVE-2025-70873,CVE-2025-7709
This update for sqlite3 fixes the following issues:
Update sqlite3 to 3.51.3:
- CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670).
- CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619).
Changelog:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1113-1
Released: Fri Mar 27 10:34:35 2026
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1258311,1259825
This update for crypto-policies fixes the following issues:
Enables PQC key exchange support for OpenSSH (bsc#1258311, bsc#1259825)
* The sntrup761x25519-sha512 hybrid keyexchange for OpenSSH is enabled.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1215-1
Released: Wed Apr 8 14:27:57 2026
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1260441,1260442,1260443,1260444,1260445,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-31789,CVE-2026-31790
This update for openssl-3 fixes the following issues:
- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
- CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1368-1
Released: Wed Apr 15 16:35:24 2026
Summary: Security update for libpng16
Type: security
Severity: important
References: 1260754,1260755,CVE-2026-33416,CVE-2026-33636
This update for libpng16 fixes the following issues:
- CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code
execution (bsc#1260754).
- CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and
crashes (bsc#1260755).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1369-1
Released: Wed Apr 15 16:42:55 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1260078,1260082,CVE-2026-4437,CVE-2026-4438
This update for glibc fixes the following issues:
- CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078).
- CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1432-1
Released: Fri Apr 17 12:12:08 2026
Summary: Security update for libcap
Type: security
Severity: important
References: 1261809,CVE-2026-4878
This update for libcap fixes the following issue:
- CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1510-1
Released: Tue Apr 21 08:28:12 2026
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1259924,CVE-2025-69720
This update for ncurses fixes the following issue:
- CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1561-1
Released: Thu Apr 23 08:34:49 2026
Summary: Recommended update for mozilla-nss
Type: recommended
Severity: moderate
References:
This update for mozilla-nss fixes the following issues:
Update to NSS 3.112.4:
* improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey.
* Improving the allocation of S/MIME DecryptSymKey.
* store email on subject cache_entry in NSS trust domain.
* Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation.
* Improve size calculations in CMS content buffering.
* avoid integer overflow while escaping RFC822 Names.
* Reject excessively large ASN.1 SEQUENCE OF in quickder.
* Deep copy profile data in CERT_FindSMimeProfile.
* Improve input validation in DSAU signature decoding.
* avoid integer overflow in RSA_EMSAEncodePSS.
* RSA_EMSAEncodePSS should validate the length of mHash.
* Add a maximum cert uncompressed len and tests.
* Clarify extension negotiation mechanism for TLS Handshakes.
* ensure permittedSubtrees don't match wildcards that could be outside the permitted tree.
* Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag.
* Remove invalid PORT_Free().
* free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed.
* make ss->ssl3.hs.cookie an owned-copy of the cookie.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1602-1
Released: Fri Apr 24 13:46:25 2026
Summary: Security update for libpng16
Type: security
Severity: moderate
References: 1261957,CVE-2026-34757
This update for libpng16 fixes the following issue:
- CVE-2026-34757: information disclosure and data corruption due to use-after-free in `png_set_PLTE`, `png_set_tRNS`
and `png_set_hIST` (bsc#1261957).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1605-1
Released: Fri Apr 24 13:48:53 2026
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1261678,CVE-2026-28390
This update for openssl-3 fixes the following issue:
Security issues fixed:
- CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with
KeyTransportRecipientInfo (bsc#1261678).
Other updates and bugfixes:
- Enable MD2 in legacy provider (jsc#PED-15724).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1731-1
Released: Thu May 7 02:41:44 2026
Summary: Security update for java-11-openjdk
Type: security
Severity: important
References: 1259118,1262490,1262494,1262495,1262496,1262497,1262500,1262501,CVE-2026-22007,CVE-2026-22013,CVE-2026-22016,CVE-2026-22018,CVE-2026-22021,CVE-2026-23865,CVE-2026-34268,CVE-2026-34282
This update for java-11-openjdk fixes the following issues:
Upgrade to upstream tag jdk-11.0.31+11 (April 2026 CPU).
Security issues fixed:
- CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain
unauthorized read access to a subset of accessible data (bsc#1262490).
- CVE-2026-22013: JGSS: unauthenticated attacker with network access via multiple protocols can gain unauthorized
access to critical data (bsc#1262494).
- CVE-2026-22016: JAXP: unauthenticated attacker with network access via multiple protocols can gain unauthorized
to access critical data (bsc#1262495).
- CVE-2026-22018: Libraries: unauthenticated attacker with network access via multiple protocols can cause a partial
denial of service (bsc#1262496).
- CVE-2026-22021: JSSE: unauthenticated attacker with network access via HTTPS can cause a partial denial of service
(bsc#1262497).
- CVE-2026-23865: freetype2: integer overflow in the `tt_var_load_item_variation_store` function allows for an
out-of-bounds read when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts(bsc#1259118).
- CVE-2026-34268: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain
unauthorized read access to a subset of data (bsc#1262500).
- CVE-2026-34282: Networking: unauthenticated attacker with network access via multiple protocols can cause a hang or
frequently repeatable crash (bsc#1262501).
Other updates and bugfixes:
- Provide the timezone-java and tzdata-java (jsc#PED-15898).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1843-1
Released: Wed May 13 17:24:48 2026
Summary: Security update for log4j
Type: security
Severity: moderate
References: 1262050,1262091,1262092,1262093,CVE-2026-34477,CVE-2026-34479,CVE-2026-34480,CVE-2026-34481
This update for log4j fixes the following issues:
- CVE-2026-34477: TLS connections vulnerable to interception due to incomplete hostname verification configuration
checks (bsc#1262050).
- CVE-2026-34479: silent log event loss due to improper XML escaping in `Log4j1XmlLayout` (bsc#1262091).
- CVE-2026-34480: silent log event loss due to improper XML escaping in `XmlLayout` (bsc#1262092).
- CVE-2026-34481: silent log event loss due to improper serialization of non-finite floating-point values in
`JsonTemplateLayout` (bsc#1262093).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2028-1
Released: Wed May 20 11:07:11 2026
Summary: Security update for postgresql-jdbc
Type: security
Severity: important
References: 1264174,CVE-2026-42198
This update for postgresql-jdbc fixes the following issue
- CVE-2026-42198: client-side denial of service via malicious SCRAM-SHA-256 authentication (bsc#1264174).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2051-1
Released: Mon May 25 15:59:43 2026
Summary: Security update for xz
Type: security
Severity: important
References: 1261280,CVE-2026-34743
This update for xz fixes the following issue
- CVE-2026-34743: buffer overflow in lzma_index_append() (bsc#1261280).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2231-1
Released: Wed Jun 3 12:57:18 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1261206,1262464,1262465,CVE-2026-4046,CVE-2026-5450,CVE-2026-5928
This update for glibc fixes the following issues
- CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261206).
- CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width > 1024 (bsc#1262465).
- CVE-2026-5928: libio: ungetwc could be used to leak data on special conditions (bsc#1262464).
The following package changes have been done:
- crypto-policies-20230920.570ea89-150600.3.16.1 updated
- libsqlite3-0-3.51.3-150000.3.39.1 updated
- liblzma5-5.4.1-150600.3.6.1 updated
- libcap2-2.63-150400.3.6.1 updated
- glibc-2.38-150600.14.49.1 updated
- terminfo-base-6.1-150000.5.33.1 updated
- libopenssl3-3.1.4-150600.5.50.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.50.1 updated
- openssl-3-3.1.4-150600.5.50.1 updated
- libncurses6-6.1-150000.5.33.1 updated
- libfreebl3-3.112.4-150400.3.66.1 updated
- libpng16-16-1.6.40-150600.3.20.1 updated
- mozilla-nss-certs-3.112.4-150400.3.66.1 updated
- mozilla-nss-3.112.4-150400.3.66.1 updated
- libsoftokn3-3.112.4-150400.3.66.1 updated
- java-11-openjdk-headless-11.0.31.0-150000.3.138.1 updated
- log4j-2.20.0-150200.4.33.1 updated
- postgresql-jdbc-42.2.25-150400.3.15.1 updated
- container:sles15-ltss-image-15.6.0-5.58 updated
More information about the sle-container-updates
mailing list