SUSE-CU-2026:6170-1: Security update of rancher/seedimage-builder

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Jun 19 07:05:24 UTC 2026


SUSE Container Update Advisory: rancher/seedimage-builder
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:6170-1
Container Tags        : rancher/seedimage-builder:1.6.11 , rancher/seedimage-builder:1.6.11-10.1
Container Release     : 10.1
Severity              : important
Type                  : security
References            : 1201840 1202970 1204538 1230861 1234100 1234101 1234102 1234103
                        1234104 1235475 1239439 1241002 1244550 1251679 1251850 1252890
                        1252930 1252931 1252932 1252933 1252934 1252935 1254441 1254441
                        1257490 1257625 1257667 1257825 1258907 1258909 1260277 1260277
                        1261155 1261206 1261280 1261427 1261430 1261606 1261639 1262223
                        1262223 1262223 1262464 1262465 1262555 1263726 1263728 1263729
                        1263731 1263732 1263733 1263734 1263735 1263736 1263737 1263739
                        1263741 1263742 1263743 1263744 1263745 1263746 1263747 1263749
                        1263750 1263751 1263752 1263753 1263754 1263756 1263757 1263762
                        1263765 1263766 1263767 1263809 1264353 1264354 1264356 1264511
                        1264512 1264513 1264514 1264515 1265296 1265921 1266187 1266340
                        1266341 1266342 1266344 1266349 1266353 1266355 1266356 1266357
                        1266789 1267168 1267168 1267197 CVE-2022-29154 CVE-2024-12084
                        CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747
                        CVE-2025-10158 CVE-2025-10158 CVE-2025-54770 CVE-2025-54771 CVE-2025-58190
                        CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664 CVE-2026-25680
                        CVE-2026-25680 CVE-2026-25681 CVE-2026-25681 CVE-2026-27136 CVE-2026-27136
                        CVE-2026-27456 CVE-2026-29518 CVE-2026-3201 CVE-2026-3203 CVE-2026-33186
                        CVE-2026-33186 CVE-2026-33814 CVE-2026-34180 CVE-2026-34182 CVE-2026-34743
                        CVE-2026-35385 CVE-2026-35414 CVE-2026-39821 CVE-2026-39827 CVE-2026-39828
                        CVE-2026-39829 CVE-2026-39830 CVE-2026-39831 CVE-2026-39832 CVE-2026-39833
                        CVE-2026-39834 CVE-2026-39835 CVE-2026-4046 CVE-2026-41035 CVE-2026-41035
                        CVE-2026-41035 CVE-2026-41142 CVE-2026-42216 CVE-2026-42217 CVE-2026-42502
                        CVE-2026-42502 CVE-2026-42506 CVE-2026-42506 CVE-2026-42508 CVE-2026-42766
                        CVE-2026-42770 CVE-2026-43617 CVE-2026-43618 CVE-2026-43619 CVE-2026-43620
                        CVE-2026-45232 CVE-2026-45445 CVE-2026-45446 CVE-2026-45447 CVE-2026-46595
                        CVE-2026-46597 CVE-2026-46598 CVE-2026-5299 CVE-2026-5401 CVE-2026-5403
                        CVE-2026-5404 CVE-2026-5405 CVE-2026-5406 CVE-2026-5407 CVE-2026-5408
                        CVE-2026-5409 CVE-2026-5450 CVE-2026-5653 CVE-2026-5654 CVE-2026-5656
                        CVE-2026-5657 CVE-2026-5928 CVE-2026-6519 CVE-2026-6520 CVE-2026-6521
                        CVE-2026-6522 CVE-2026-6523 CVE-2026-6524 CVE-2026-6527 CVE-2026-6529
                        CVE-2026-6530 CVE-2026-6531 CVE-2026-6532 CVE-2026-6533 CVE-2026-6534
                        CVE-2026-6535 CVE-2026-6537 CVE-2026-6538 CVE-2026-6868 CVE-2026-6869
                        CVE-2026-7383 CVE-2026-9076 
-----------------------------------------------------------------

The container rancher/seedimage-builder was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 702
Released:    Wed May  6 02:14:18 2026
Summary:     Security update for wireshark
Type:        security
Severity:    important
References:  1252930,1252931,1252932,1252933,1252934,1252935,1258907,1258909,1263726,1263728,1263729,1263731,1263732,1263733,1263734,1263735,1263736,1263737,1263739,1263741,1263742,1263743,1263744,1263745,1263746,1263747,1263749,1263750,1263751,1263752,1263753,1263754,1263756,1263757,1263762,1263765,1263766,1263767,1263809,CVE-2025-54770,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664,CVE-2026-3201,CVE-2026-3203,CVE-2026-5299,CVE-2026-5401,CVE-2026-5403,CVE-2026-5404,CVE-2026-5405,CVE-2026-5406,CVE-2026-5407,CVE-2026-5408,CVE-2026-5409,CVE-2026-5653,CVE-2026-5654,CVE-2026-5656,CVE-2026-5657,CVE-2026-6519,CVE-2026-6520,CVE-2026-6521,CVE-2026-6522,CVE-2026-6523,CVE-2026-6524,CVE-2026-6527,CVE-2026-6529,CVE-2026-6530,CVE-2026-6531,CVE-2026-6532,CVE-2026-6533,CVE-2026-6534,CVE-2026-6535,CVE-2026-6537,CVE-2026-6538,CVE-2026-6868,CVE-2026-6869
This update for wireshark fixes the following issues

- CVE-2026-3201: missing limit checks in USB HID protocol dissector's `parse_report_descriptor` function can lead to
  memory exhaustion (bsc#1258907).
- CVE-2026-3203: missing length checks in the RF4CE Profile protocol dissector can lead to illegal memory access and
  crash (bsc#1258909).
- CVE-2026-5299: ICMPv6 dissector crash (bsc#1263757).
- CVE-2026-5401: AFP dissector crash (bsc#1263756).
- CVE-2026-5403: SBC audio codec crash (bsc#1263765).
- CVE-2026-5404: K12 RF5 file parser crash (bsc#1263766).
- CVE-2026-5405: RDP dissector crash (bsc#1263767).
- CVE-2026-5406: FC-SWILS dissector crash (bsc#1263754).
- CVE-2026-5407: SMB2 dissector infinite loop (bsc#1263753).
- CVE-2026-5408: BT-DHT dissector crash (bsc#1263752).
- CVE-2026-5409: Monero dissector crash (bsc#1263751).
- CVE-2026-5653: DCP-ETSI dissector crash (bsc#1263750).
- CVE-2026-5654: AMR-NB audio codec crash (bsc#1263749).
- CVE-2026-5656: Profile import crash and possible code execution (bsc#1263809).
- CVE-2026-5657: iLBC audio codec crash (bsc#1263747).
- CVE-2026-6519: MBIM protocol dissector infinite loop (bsc#1263746).
- CVE-2026-6520: OpenFlow v6 protocol dissector infinite loop (bsc#1263745).
- CVE-2026-6521: OpenFlow v5 protocol dissector infinite loops (bsc#1263744).
- CVE-2026-6522: RPKI-Router protocol dissector infinite loop (bsc#1263743).
- CVE-2026-6523: GNW protocol dissector infinite loop (bsc#1263742).
- CVE-2026-6524: MySQL protocol dissector crash (bsc#1263741).
- CVE-2026-6527: ASN.1 PER dissector crash (bsc#1263739).
- CVE-2026-6529: iLBC audio codec crash (bsc#1263737).
- CVE-2026-6530: DCP-ETSI protocol dissector crash (bsc#1263736).
- CVE-2026-6531: SANE protocol dissector infinite loop (bsc#1263735).
- CVE-2026-6532: Kismet protocol dissector crash (bsc#1263734).
- CVE-2026-6533: Dissection engine LZ77 decompression crash (bsc#1263733).
- CVE-2026-6534: USB HID dissector infinite loop (bsc#1263732).
- CVE-2026-6535: Dissection engine zlib decompression crash (bsc#1263731).
- CVE-2026-6537: ZigBee dissector crash (bsc#1263729).
- CVE-2026-6538: BEEP dissector crash (bsc#1263728).
- CVE-2026-6868: HTTP protocol dissector crash (bsc#1263762).
- CVE-2026-6869: WebSocket protocol dissector crash (bsc#1263726).

Changes for wireshark:

- Updated to 4.4.15

-----------------------------------------------------------------
Advisory ID: 708
Released:    Wed May  6 12:44:56 2026
Summary:     Recommended update for libselinux
Type:        recommended
Severity:    moderate
References:  1261639,1262223,CVE-2026-41035
This update for libselinux fixes the following issues:

- Backport commit 'libselinux: retain LIFO order for path substitutions' (bsc#1261639)
    * otherwise we can not add equivalencies that overload each other in the policy
    * libselinux: retain LIFO order for path substitutions

-----------------------------------------------------------------
Advisory ID: 710
Released:    Wed May  6 14:43:17 2026
Summary:     Recommended update for python-hatchling
Type:        recommended
Severity:    moderate
References:  1261206,1262464,1262465,CVE-2026-4046,CVE-2026-5450,CVE-2026-5928
This update for python-hatchling fixes the following issues:

Changes in python-hatchling:

- Convert to libalternatives on SLE-16-based and newer systems only

-----------------------------------------------------------------
Advisory ID: 720
Released:    Thu May  7 18:05:16 2026
Summary:     Recommended update for gtk-vnc
Type:        recommended
Severity:    moderate
References:  1201840,1202970,1204538,1234100,1234101,1234102,1234103,1234104,1235475,1251850,1254441,1262223,1264511,1264512,1264513,1264514,1264515,1265296,CVE-2022-29154,CVE-2024-12084,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747,CVE-2025-10158,CVE-2026-29518,CVE-2026-41035,CVE-2026-43617,CVE-2026-43618,CVE-2026-43619,CVE-2026-43620,CVE-2026-45232
This update for gtk-vnc fixes the following issues:

- Fixed that removal of spice led to a regression in functionality, specifically for graphical console copy paste (bsc#1251850)

-----------------------------------------------------------------
Advisory ID: 721
Released:    Thu May  7 18:13:26 2026
Summary:     Recommended update for elemental-toolkit
Type:        recommended
Severity:    moderate
References:  1261606,CVE-2026-27456
This update for elemental-toolkit fixes the following issues:

Changes in elemental-toolkit:

- Drop upstream reproducible build patch.

-----------------------------------------------------------------
Advisory ID: 723
Released:    Fri May  8 10:01:26 2026
Summary:     Recommended update for suseconnect-ng
Type:        recommended
Severity:    important
References:  1230861,1239439,1241002,1244550,1257490,1257625,1257667,1257825,1261155,1261280,CVE-2026-34743
This update for suseconnect-ng fixes the following issues:

- Update version to 1.21.1:
    * Fix nil token handling (bsc#1261155)
    * Switch to using go1.24-openssl as the default Go version to
      install to support building the package (jsc#SCC-585).
- Update version to 1.21:
    * Add expanded metric collection for kernel modules and hardware detection (jsc#TEL-226).
    * Support new profile based metric collection
    * Fix ignored --root parameter hanbling when reading and writing configuration (bsc#1257667)
    * Add expanded metric collection for system vendor/manfacturer (jsc#TEL-260).
    * Removed backport patch
    * Add missing product id to allow yast2-registration to not break (bsc#1257825)
    * Fix libsuseconnect APIError detection logic (bsc#1257825)
- Regressions found during QA test runs:
    * Ignore product in announce call (bsc#1257490)
    * Registration to SMT server with failed (bsc#1257625)
- Update version to 1.20:
    * Update error message for Public Cloud instances with registercloudguest  installed.
      SUSEConnect -d is disabled on PYAG and BYOS when the registercloudguest command is available. (bsc#1230861)
    * Enhanced SAP detected. Take TREX into account and remove empty values when
      only /usr/sap but no installation exists (bsc#1241002)
    * Fixed modules and extension link to point to version less documentation. (bsc#1239439)
    * Fixed SAP instance detection (bsc#1244550)
    * Remove link to extensions documentation (bsc#1239439)
    * Migrate to the public library
- Version 1.14 public library release:
  This version is only available on Github as a tag to release the
  new golang public library which can be consumed without the need
  to interface with SUSEConnect directly.

-----------------------------------------------------------------
Advisory ID: 749
Released:    Thu May 14 18:43:27 2026
Summary:     Security update for rsync
Type:        security
Severity:    important
References:  1254441,1260277,1262223,1266187,1267168,CVE-2025-10158,CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-33186,CVE-2026-39827,CVE-2026-39828,CVE-2026-39829,CVE-2026-39830,CVE-2026-39831,CVE-2026-39832,CVE-2026-39833,CVE-2026-39834,CVE-2026-39835,CVE-2026-41035,CVE-2026-42502,CVE-2026-42506,CVE-2026-42508,CVE-2026-46595,CVE-2026-46597,CVE-2026-46598
This update for rsync fixes the following issues

- CVE-2025-10158: Out of bounds array access via negative index (bsc#1254441).
- CVE-2026-41035: count of entries mismatch can lead to a use-after-free (bsc#1262223).

-----------------------------------------------------------------
Advisory ID: 750
Released:    Fri May 15 10:14:43 2026
Summary:     Security update for openexr
Type:        security
Severity:    important
References:  1251679,1260277,1264353,1264354,1264356,1265921,1266789,1267168,1267197,CVE-2025-58190,CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-33186,CVE-2026-33814,CVE-2026-39821,CVE-2026-41142,CVE-2026-42216,CVE-2026-42217,CVE-2026-42502,CVE-2026-42506
This update for openexr fixes the following issues

- CVE-2026-41142: integer overflow in `ImageChannel: resize` can lead to a heap out-of-bounds write via OpenEXRUtil
  public API (bsc#1264356).
- CVE-2026-42216: missing checks in `IDManifest: init()` can lead to out-of-bounds read during prefix expansion
  (bsc#1264354).
- CVE-2026-42217: missing bounds check for shift counter in `readVariableLengthInteger` can lead to shift exponent
  overflow and cause undefined behavior (bsc#1264353).

-----------------------------------------------------------------
Advisory ID: 752
Released:    Fri May 15 13:23:14 2026
Summary:     Security update for openssh
Type:        security
Severity:    important
References:  1252890,1261427,1261430,1262555,1266340,1266341,1266342,1266344,1266349,1266353,1266355,1266356,1266357,CVE-2026-34180,CVE-2026-34182,CVE-2026-35385,CVE-2026-35414,CVE-2026-42766,CVE-2026-42770,CVE-2026-45445,CVE-2026-45446,CVE-2026-45447,CVE-2026-7383,CVE-2026-9076
This update for openssh fixes the following issues

Security issues fixed:

- CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid (bsc#1261427).
- CVE-2026-35414: mishandling of authorized_keys principals option (bsc#1261430).

Other issues fixed:

- SSH port not reachable on SLES-16.0-CHOST-BYOS since build 1.32 for both x86_64 and aarch64 (bsc#1262555).
- OpenSSH audit support causes connection lost with parallel sessions (bsc#1252890).


The following package changes have been done:

- boost-license1_84_0-1.84.0-1.4 added
- btrfsprogs-udev-rules-6.1.3-6.19 added
- compat-usrmerge-tools-84.87-3.1 added
- crypto-policies-20230920.570ea89-2.1 added
- elemental-httpfy-1.6.11-1.1 added
- elemental-seedimage-hooks-1.6.11-1.1 added
- file-magic-5.44-4.151 added
- kbd-legacy-2.6.4-1.3 added
- libsemanage-conf-3.5-3.1 added
- pkgconf-m4-1.8.0-2.205 added
- system-user-root-20190513-2.208 added
- filesystem-84.87-5.2 added
- glibc-2.38-13.1 added
- libzstd1-1.5.5-8.142 added
- libz1-1.2.13-7.1 added
- libxxhash0-0.8.1-2.194 added
- libuuid1-2.39.3-7.1 added
- liburcu8-0.14.0-2.8 added
- libunistring5-1.1-3.1 added
- libtextstyle0-0.21.1-6.1 added
- libtasn1-6-4.19.0-5.1 added
- libsmartcols1-2.39.3-7.1 added
- libsepol2-3.5-3.1 added
- libseccomp2-2.5.4-3.1 added
- libpopt0-1.19-2.184 added
- libpkgconf3-1.8.0-2.205 added
- libpcre2-8-0-10.42-2.179 added
- libparted-fs-resize0-3.5-2.11 added
- libnss_usrfiles2-2.27-3.1 added
- libnghttp2-14-1.52.0-6.1 added
- liblzo2-2-2.10-3.1 added
- liblzma5-5.4.3-6.1 added
- liblz4-1-1.9.4-4.1 added
- liblua5_4-5-5.4.6-1.68 added
- libjson-c5-0.16-3.1 added
- libjitterentropy3-3.4.1-3.1 added
- libip4tc2-1.8.9-4.1 added
- libgpg-error0-1.47-4.136 added
- libgmp10-6.3.0-1.119 added
- libgcc_s1-13.3.0+git8781-2.1 added
- libfuse2-2.9.9-3.1 added
- libffi8-3.4.4-3.1 added
- libexpat1-2.7.1-5.1 added
- libeconf0-0.6.1-1.13 added
- libcrypt1-4.4.36-1.134 added
- libcom_err2-1.47.0-3.1 added
- libcap2-2.69-3.1 added
- libcap-ng0-0.8.3-4.1 added
- libbz2-1-1.0.8-3.1 added
- libburn4-1.5.4-1.9 added
- libbtrfsutil1-6.1.3-6.19 added
- libbtrfs0-6.1.3-6.19 added
- libbrotlicommon1-1.1.0-1.6 added
- libblkid1-2.39.3-7.1 added
- libaudit1-3.0.9-4.1 added
- libattr1-2.5.1-3.1 added
- libargon2-1-20190702-3.1 added
- libalternatives1-1.2+30.a5431e9-3.1 added
- libaio1-0.3.113-3.1 added
- libacl1-2.3.1-3.1 added
- fillup-1.42-3.1 added
- dosfstools-4.2-2.9 added
- diffutils-3.10-2.101 added
- libpng16-16-1.6.43-5.1 added
- libidn2-0-2.3.4-3.1 added
- pkgconf-1.8.0-2.205 added
- libselinux1-3.5-3.1 added
- netcfg-11.6-4.42 added
- libxml2-2-2.11.6-12.1 added
- squashfs-4.6.1-3.7 added
- libgcrypt20-1.10.3-3.1 added
- libstdc++6-13.3.0+git8781-2.1 added
- libp11-kit0-0.25.3-1.6 added
- perl-base-5.38.2-4.1 added
- libext2fs2-1.47.0-3.1 added
- libudev1-254.27-3.1 added
- chkstat-1600_20240206-1.8 added
- libzio1-1.08-3.1 added
- libmagic1-5.44-4.151 added
- libjte2-1.22-1.8 added
- libbrotlidec1-1.1.0-1.6 added
- libfdisk1-2.39.3-7.1 added
- alts-1.2+30.a5431e9-3.1 added
- libpsl5-0.21.2-3.1 added
- sed-4.9-3.1 added
- libsubid4-4.15.1-1.1 added
- libsemanage2-3.5-3.1 added
- libmount1-2.39.3-7.1 added
- findutils-4.9.0-4.1 added
- libsystemd0-254.27-3.1 added
- libncurses6-6.4.20240224-11.1 added
- terminfo-base-6.4.20240224-11.1 added
- libinih0-56-3.1 added
- libboost_thread1_84_0-1.84.0-1.4 added
- p11-kit-0.25.3-1.6 added
- p11-kit-tools-0.25.3-1.6 added
- libisofs6-1.5.4-1.9 added
- libfreetype6-2.14.2-1.1 added
- ncurses-utils-6.4.20240224-11.1 added
- libreadline8-8.2-2.180 added
- libedit0-20210910.3.1-9.169 added
- gptfdisk-1.0.9-4.1 added
- libisoburn1-1.5.4-1.9 added
- bash-5.2.15-3.1 added
- bash-sh-5.2.15-3.1 added
- xz-5.4.3-6.1 added
- systemd-default-settings-branding-openSUSE-0.7-2.4 added
- systemd-default-settings-0.7-2.4 added
- pkgconf-pkg-config-1.8.0-2.205 added
- login_defs-4.15.1-1.1 added
- libdevmapper1_03-2.03.22_1.02.196-1.8 added
- gzip-1.13-1.50 added
- grep-3.11-4.8 added
- gettext-runtime-0.21.1-6.1 added
- coreutils-9.4-5.1 added
- ALP-dummy-release-0.1-8.67 added
- libparted2-3.5-2.11 added
- libdevmapper-event1_03-2.03.22_1.02.196-1.8 added
- info-7.0.3-4.1 added
- xfsprogs-6.5.0-1.9 added
- thin-provisioning-tools-0.9.0-2.10 added
- systemd-rpm-macros-24-1.205 added
- systemd-presets-common-SUSE-15-5.1 added
- rpm-config-SUSE-20240214-1.1 added
- rpm-4.18.0-7.1 added
- permissions-config-1600_20240206-1.8 added
- glibc-locale-base-2.38-13.1 added
- e2fsprogs-1.47.0-3.1 added
- ca-certificates-2+git20230406.2dae8b7-3.1 added
- ca-certificates-mozilla-2.84-1.1 added
- btrfsprogs-6.1.3-6.19 added
- parted-3.5-2.11 added
- liblvm2cmd2_03-2.03.22-1.8 added
- xorriso-1.5.4-1.9 added
- device-mapper-2.03.22_1.02.196-1.8 added
- systemd-presets-branding-ALP-transactional-20230214-3.1 added
- permissions-1600_20240206-1.8 added
- mtools-4.0.43-4.9 added
- libopenssl3-3.1.4-14.1 added
- pam-1.6.0-5.1 added
- grub2-2.12~rc1-8.1 added
- grub2-i386-pc-2.12~rc1-8.1 added
- suse-module-tools-16.0.43-1.1 added
- kmod-30-11.1 added
- rsync-3.2.7-7.1 added
- libkmod2-30-11.1 added
- libcurl-mini4-8.14.1-6.1 added
- libcryptsetup12-2.6.1-4.13 added
- util-linux-2.39.3-7.1 added
- shadow-4.15.1-1.1 added
- pam-config-2.11-2.1 added
- kbd-2.6.4-1.3 added
- curl-8.14.1-6.1 added
- libsnapper7-0.10.5-2.10 added
- aaa_base-84.87+git20240906.742565b-1.1 added
- dbus-1-daemon-1.14.10-1.11 added
- dbus-1-tools-1.14.10-1.11 added
- systemd-254.27-3.1 added
- sysuser-shadow-3.1-2.197 added
- dbus-1-common-1.14.10-1.11 added
- libdbus-1-3-1.14.10-1.11 added
- dbus-1-1.14.10-1.11 added
- system-group-kvm-20170617-2.197 added
- system-group-hardware-20170617-2.197 added
- udev-254.27-3.1 added
- snapper-0.10.5-2.10 added
- lvm2-2.03.22-1.8 added
- elemental-toolkit-2.1.6-1.1 added
- container:suse-toolbox-image-1.0.0-9.125 added
- container:bci-bci-base-16.0-09f3129e830182403f5e00e5fb1ca84ff076335d4cadda06876d3a45324be0f3-0 removed


More information about the sle-container-updates mailing list