SUSE-CU-2026:5678-1: Security update of suse/manager/5.0/x86_64/server-hub-xmlrpc-api
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sun Jun 7 07:35:54 UTC 2026
SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-hub-xmlrpc-api
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:5678-1
Container Tags : suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.8 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.8.6.35.1 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:latest
Container Release : 6.35.1
Severity : important
Type : security
References : 1222465 1225811 1234736 1254666 1258311 1258859 1259362 1259441
1259711 1259726 1259729 1259825 1259845 1260078 1260082 1260441
1260442 1260443 1260444 1260445 1261280 1261678 1261809 1262631
1262632 1262635 1262636 1262638 CVE-2025-14104 CVE-2026-1965
CVE-2026-27135 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390
CVE-2026-31789 CVE-2026-31790 CVE-2026-3184 CVE-2026-32776 CVE-2026-32777
CVE-2026-32778 CVE-2026-34743 CVE-2026-4437 CVE-2026-4438 CVE-2026-4873
CVE-2026-4878 CVE-2026-5545 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/server-hub-xmlrpc-api was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:115-1
Released: Mon Jan 12 16:03:42 2026
Summary: Security update for util-linux
Type: security
Severity: moderate
References: 1254666,CVE-2025-14104
This update for util-linux fixes the following issues:
- CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:803-1
Released: Wed Mar 4 13:57:07 2026
Summary: Security update for util-linux
Type: security
Severity: moderate
References: 1258859,CVE-2026-3184
This update for util-linux fixes the following issues:
- CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' (bsc#1258859).
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2026:1111-1
Released: Fri Mar 27 10:33:51 2026
Summary: Optional update for rsyslog
Type: optional
Severity: moderate
References:
This update for rsyslog fixes the following issue:
- add the rsyslog-module-ossl (openssl TLS support).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1113-1
Released: Fri Mar 27 10:34:35 2026
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1258311,1259825
This update for crypto-policies fixes the following issues:
Enables PQC key exchange support for OpenSSH (bsc#1258311, bsc#1259825)
* The sntrup761x25519-sha512 hybrid keyexchange for OpenSSH is enabled.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1166-1
Released: Thu Apr 2 03:08:04 2026
Summary: Security update for expat
Type: security
Severity: important
References: 1259711,1259726,1259729,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778
This update for expat fixes the following issues:
- CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity
declaration value (bsc#1259726).
- CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711).
- CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1215-1
Released: Wed Apr 8 14:27:57 2026
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1260441,1260442,1260443,1260444,1260445,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-31789,CVE-2026-31790
This update for openssl-3 fixes the following issues:
- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
- CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1350-1
Released: Wed Apr 15 15:36:20 2026
Summary: Security update for nghttp2
Type: security
Severity: important
References: 1259845,CVE-2026-27135
This update for nghttp2 fixes the following issue:
- CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1369-1
Released: Wed Apr 15 16:42:55 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1260078,1260082,CVE-2026-4437,CVE-2026-4438
This update for glibc fixes the following issues:
- CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078).
- CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1410-1
Released: Thu Apr 16 14:41:43 2026
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1222465,1234736
This update for util-linux fixes the following issues:
- recognize fuse 'portal' as a virtual file system (bsc#1234736).
- fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1432-1
Released: Fri Apr 17 12:12:08 2026
Summary: Security update for libcap
Type: security
Severity: important
References: 1261809,CVE-2026-4878
This update for libcap fixes the following issue:
- CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1434-1
Released: Fri Apr 17 12:49:03 2026
Summary: Recommended update for apparmor
Type: recommended
Severity: moderate
References: 1225811,1259441
This update for apparmor fixes the following issues:
- samba gives denied in audit with apparmor (bsc#1225811).
- apparmor denies printing with profiles on sle15-sp7 (bsc#1259441).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1605-1
Released: Fri Apr 24 13:48:53 2026
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1261678,CVE-2026-28390
This update for openssl-3 fixes the following issue:
Security issues fixed:
- CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with
KeyTransportRecipientInfo (bsc#1261678).
Other updates and bugfixes:
- Enable MD2 in legacy provider (jsc#PED-15724).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1940-1
Released: Mon May 18 09:44:14 2026
Summary: Security update for curl
Type: security
Severity: important
References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631).
- CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632).
- CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635).
- CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636).
- CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638).
Other updates and bugfixes:
- sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2051-1
Released: Mon May 25 15:59:43 2026
Summary: Security update for xz
Type: security
Severity: important
References: 1261280,CVE-2026-34743
This update for xz fixes the following issue
- CVE-2026-34743: buffer overflow in lzma_index_append() (bsc#1261280).
The following package changes have been done:
- crypto-policies-20230920.570ea89-150600.3.16.1 updated
- glibc-2.38-150600.14.46.1 updated
- libuuid1-2.39.3-150600.4.21.1 updated
- libsmartcols1-2.39.3-150600.4.21.1 updated
- libnghttp2-14-1.40.0-150600.25.5.1 updated
- liblzma5-5.4.1-150600.3.6.1 updated
- libcap2-2.63-150400.3.6.1 updated
- libblkid1-2.39.3-150600.4.21.1 updated
- libfdisk1-2.39.3-150600.4.21.1 updated
- libopenssl3-3.1.4-150600.5.50.1 updated
- libmount1-2.39.3-150600.4.21.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.50.1 updated
- libcurl4-8.14.1-150600.4.43.1 updated
- util-linux-2.39.3-150600.4.21.1 updated
- libapparmor1-3.1.7-150600.5.12.2 updated
- libexpat1-2.7.1-150400.3.37.1 updated
- xz-5.4.1-150600.3.6.1 updated
- rsyslog-8.2406.0-150600.12.10.1 updated
- container:sles15-ltss-image-15.6.0-5.58 updated
More information about the sle-container-updates
mailing list