SUSE-IU-2026:4959-1: Security update of suse-sles-15-sp5-chost-byos-v20260619-hvm-ssd-x86_64

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Jun 23 07:03:41 UTC 2026


SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20260619-hvm-ssd-x86_64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:4959-1
Image Tags        : suse-sles-15-sp5-chost-byos-v20260619-hvm-ssd-x86_64:20260619
Image Release     : 
Severity          : important
Type              : security
References        : 1257235 1259327 1259642 1261206 1261427 1261430 1261441 1261546
                        1262043 1262464 1262465 1263790 1263940 1263995 1264551 1264568
                        1264965 1265221 1266001 1266009 1266238 1266340 1266341 1266342
                        1266349 1266357 1266711 1266901 1266952 1266953 1266955 CVE-2026-24401
                        CVE-2026-31629 CVE-2026-33948 CVE-2026-34180 CVE-2026-34933 CVE-2026-3497
                        CVE-2026-35385 CVE-2026-35388 CVE-2026-35414 CVE-2026-4046 CVE-2026-42487
                        CVE-2026-42488 CVE-2026-42489 CVE-2026-42490 CVE-2026-42766 CVE-2026-43037
                        CVE-2026-43206 CVE-2026-43499 CVE-2026-43501 CVE-2026-44932 CVE-2026-45447
                        CVE-2026-45852 CVE-2026-46043 CVE-2026-46243 CVE-2026-5450 CVE-2026-5928
                        CVE-2026-7383 CVE-2026-9076 
-----------------------------------------------------------------

The container suse-sles-15-sp5-chost-byos-v20260619-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:2277-1
Released:    Fri Jun  5 10:59:09 2026
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  1264965
This update for timezone fixes the following issues:

- Update to 2026b:
    * British Columbia moved to permanent -07 on 2026-03-09. (bsc#1264965)
    * Some more overflow bugs have been fixed in zic.
- Update to 2026a:
    * Moldova has used EU transition times since 2022.
    * The 'right' TZif files are no longer installed by default.
    * -DTZ_RUNTIME_LEAPS=0 disables runtime support for leap seconds.
    * TZif files are no longer limited to 50 bytes of abbreviations.
    * zic is no longer limited to 50 leap seconds.
    * Several integer overflow bugs have been fixed.
- Update to 2025c:
    * Update Baja California DST rules in 1953, 1961-1975
    * An unset TZ is no longer invalid when /etc/localtime is
      missing, and is abbreviated 'UTC' not '-00'. This reverts to 2024b behavior
    * tzset etc. are now more cautious about questionable TZ settings.
    * tzset etc. now treat ' ' like '_' in time zone abbreviations
    * tzfree now preserves errno, consistently with POSIX.1-2024 'free'.
    * zic has new options inspired by FreeBSD.
    * multiple changes visible to developers
- Use 'REDO=posix_right' to keep installing 'right' TZif files.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2283-1
Released:    Fri Jun  5 14:14:57 2026
Summary:     Security update for jq
Type:        security
Severity:    moderate
References:  1262043,CVE-2026-33948
This update for jq fixes the following issue

- CVE-2026-33948: CLI input parsing may allow validation bypass via embedded NUL bytes (bsc#1262043)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2311-1
Released:    Tue Jun  9 13:05:23 2026
Summary:     Security update for avahi
Type:        security
Severity:    moderate
References:  1257235,1261546,CVE-2026-24401,CVE-2026-34933
This update for avahi fixes the following issue:

- CVE-2026-24401: uncontrolled recursion in `lookup_handle_cname` can crash the `avahi-daemon` (bsc#1257235).
- CVE-2026-34933: reachable assertion in `transport_flags_from_domain` can crash the `avahi-daemon` (bsc#1261546).    

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2328-1
Released:    Wed Jun 10 09:39:22 2026
Summary:     Security update for xen
Type:        security
Severity:    important
References:  1266952,1266953,1266955,CVE-2026-42487,CVE-2026-42488,CVE-2026-42489,CVE-2026-42490
This update for xen fixes the following issues:

- CVE-2026-42487: x86 HVM I/O port list traversal (bsc#1266952).
- CVE-2026-42488: x86: mismatched mapcache metadata (bsc#1266955).
- CVE-2026-42489,CVE-2026-42490: domctl lock open to abuse (bsc#1266953).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2333-1
Released:    Wed Jun 10 10:41:58 2026
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1261206,1262464,1262465,CVE-2026-4046,CVE-2026-5450,CVE-2026-5928
This update for glibc fixes the following issues

- CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261206).
- CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width > 1024 (bsc#1262465).
- CVE-2026-5928: libio: ungetwc could be used to leak data on special conditions (bsc#1262464).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2353-1
Released:    Wed Jun 10 16:54:50 2026
Summary:     Security update for wicked
Type:        security
Severity:    important
References:  1265221,CVE-2026-44932
This update for wicked fixes the following issues:

- CVE-2026-44932: Fixed indirect remote shell command injection via unsanitized DHCP options (bsc#1265221).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:2358-1
Released:    Wed Jun 10 18:41:22 2026
Summary:     Recommended update for dracut
Type:        recommended
Severity:    moderate
References:  1263940
This update for dracut fixes the following issues:

- Update to version 055+suse.400.ge4a5a79:
  * fix(systemd): explicitly install /bin/bash (bsc#1263940)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2375-1
Released:    Thu Jun 11 18:05:37 2026
Summary:     Security update for openssh
Type:        security
Severity:    important
References:  1259642,1261427,1261430,1261441,1264568,CVE-2026-3497,CVE-2026-35385,CVE-2026-35388,CVE-2026-35414
This update for openssh fixes the following issues

- CVE-2026-3497: information disclosure or denial of service due to uninitialized variables (bsc#1259642).
- CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid (bsc#1261427).
- CVE-2026-35388: omitted connection multiplexing confirmation for proxy-mode multiplexing sessions (bsc#1261441).
- CVE-2026-35414: mishandling of authorized_keys principals option (bsc#1261430).
- potential security issue when validating mac (bsc#1264568).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:2382-1
Released:    Fri Jun 12 10:07:34 2026
Summary:     Recommended update for hwdata
Type:        recommended
Severity:    moderate
References:  
This update for hwdata fixes the following issues:

- update to version 0.406:
    * Update pci and vendor ids
- update to version 0.405:
    * Update pci and vendor ids
- Update to version 0.397:
    * Update pci and vendor ids
- Update to version 0.395:
    * Update pci and vendor ids

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2405-1
Released:    Tue Jun 16 08:54:02 2026
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1266340,1266341,1266342,1266349,1266357,CVE-2026-34180,CVE-2026-42766,CVE-2026-45447,CVE-2026-7383,CVE-2026-9076
This update for openssl-1_1 fixes the following issues:

- CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify() (bsc#1266357).
- CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption (bsc#1266349).
- CVE-2026-9076:  Out-of-Bounds Read in CMS Password-Based Decryption (bsc#1266341).
- CVE-2026-7383:  Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion (bsc#1266340).
- CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing (bsc#1266342).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2414-1
Released:    Tue Jun 16 14:21:30 2026
Summary:     Security update for runc
Type:        security
Severity:    important
References:  

This update for runc rebuilds it against the current go security release.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2421-1
Released:    Tue Jun 16 16:35:23 2026
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1263790,1263995,1264551,1266001,1266009,1266238,1266711,1266901,CVE-2026-31629,CVE-2026-43037,CVE-2026-43206,CVE-2026-43499,CVE-2026-43501,CVE-2026-45852,CVE-2026-46043,CVE-2026-46243

The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2026-31629: nfc: llcp: add missing return after LLCP_CLOSED checks (bsc#1263790).
- CVE-2026-43037: ip6_tunnel: clear skb2->cb in ip4ip6_err() (bsc#1263995).
- CVE-2026-43206: drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (bsc#1264551).
- CVE-2026-43499: rtmutex: Use waiter::task instead of current in remove_waiter() (bsc#1266001).
- CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (bsc#1266009).
- CVE-2026-45852: RDMA/rxe: Fix double free in rxe_srq_from_init (bsc#1266711).
- CVE-2026-46043: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv (bsc#1266901).
- CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions (CIFSwitch) (bsc#1266238).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:2434-1
Released:    Wed Jun 17 16:40:10 2026
Summary:     Recommended update for coreutils
Type:        recommended
Severity:    important
References:  1259327
This update for coreutils fixes the following issues:

- proc: Use affinity mask even on systems with more than 1024 CPUs (bsc#1259327)


The following package changes have been done:

- coreutils-8.32-150400.9.12.1 updated
- dracut-055+suse.400.ge4a5a79-150500.3.38.2 updated
- glibc-locale-base-2.31-150300.101.1 updated
- glibc-locale-2.31-150300.101.1 updated
- glibc-2.31-150300.101.1 updated
- hwdata-0.406-150000.3.80.1 updated
- jq-1.6-150000.3.15.1 updated
- kernel-default-5.14.21-150500.55.169.1 updated
- libavahi-client3-0.8-150400.7.31.2 updated
- libavahi-common3-0.8-150400.7.31.2 updated
- libjq1-1.6-150000.3.15.1 updated
- libopenssl1_1-1.1.1l-150500.17.57.2 updated
- openssh-clients-8.4p1-150300.3.65.1 updated
- openssh-common-8.4p1-150300.3.65.1 updated
- openssh-server-8.4p1-150300.3.65.1 updated
- openssh-8.4p1-150300.3.65.1 updated
- openssl-1_1-1.1.1l-150500.17.57.2 updated
- runc-1.3.4-150000.96.1 updated
- timezone-2026b-150000.75.37.1 updated
- wicked-service-0.6.79-150500.3.42.1 updated
- wicked-0.6.79-150500.3.42.1 updated
- xen-libs-4.17.6_12-150500.3.73.1 updated
- xen-tools-domU-4.17.6_12-150500.3.73.1 updated


More information about the sle-container-updates mailing list