SUSE-CU-2026:6282-1: Security update of suse/sles/16.0/toolbox
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Jun 23 07:43:08 UTC 2026
SUSE Container Update Advisory: suse/sles/16.0/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:6282-1
Container Tags : suse/sles/16.0/toolbox:16.3 , suse/sles/16.0/toolbox:16.3-1.84 , suse/sles/16.0/toolbox:latest
Container Release : 1.84
Severity : important
Type : security
References : 1259652 1261606 1262144 1266340 1266341 1266342 1266344 1266345
1266347 1266349 1266350 1266351 1266352 1266353 1266355 1266356
1266357 CVE-2026-2673 CVE-2026-27456 CVE-2026-34180 CVE-2026-34182
CVE-2026-34183 CVE-2026-42764 CVE-2026-42766 CVE-2026-42767 CVE-2026-42768
CVE-2026-42769 CVE-2026-42770 CVE-2026-45445 CVE-2026-45446 CVE-2026-45447
CVE-2026-5958 CVE-2026-7383 CVE-2026-9076
-----------------------------------------------------------------
The container suse/sles/16.0/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 1017
Released: Mon Jun 22 14:26:17 2026
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1259652,1266340,1266341,1266342,1266344,1266345,1266347,1266349,1266350,1266351,1266352,1266353,1266355,1266356,1266357,CVE-2026-2673,CVE-2026-34180,CVE-2026-34182,CVE-2026-34183,CVE-2026-42764,CVE-2026-42766,CVE-2026-42767,CVE-2026-42768,CVE-2026-42769,CVE-2026-42770,CVE-2026-45445,CVE-2026-45446,CVE-2026-45447,CVE-2026-7383,CVE-2026-9076
This update for openssl-3 fixes the following issues
- CVE-2026-2673: TLS 1.3 servers may choose unexpected key agreement group (bsc#1259652).
- CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion (bsc#1266340).
- CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption (bsc#1266341).
- CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing (bsc#1266342).
- CVE-2026-34182: CMS AuthEnvelopedData Processing May Accept Forged Messages (bsc#1266344).
- CVE-2026-34183: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler (bsc#1266345).
- CVE-2026-42764: NULL pointer dereference in QUIC server initial packet handling (bsc#1266347).
- CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption (bsc#1266349).
- CVE-2026-42767: NULL Pointer Dereference in CRMF EncryptedValue Decryption (bsc#1266350).
- CVE-2026-42768: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() (bsc#1266351).
- CVE-2026-42769: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate (bsc#1266352).
- CVE-2026-42770: FFC-DH Peer Validation Uses Attacker-Supplied q (bsc#1266353).
- CVE-2026-45445: AES-OCB IV Ignored on EVP_Cipher() Path (bsc#1266355).
- CVE-2026-45446: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes (bsc#1266356).
- CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify() (bsc#1266357).
-----------------------------------------------------------------
Advisory ID: 1036
Released: Mon Jun 22 16:30:37 2026
Summary: Security update for sed
Type: security
Severity: moderate
References: 1262144,CVE-2026-5958
This update for sed fixes the following issue
- CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintended file
(bsc#1262144).
-----------------------------------------------------------------
Advisory ID: 1040
Released: Mon Jun 22 16:34:40 2026
Summary: Security update for util-linux
Type: security
Severity: moderate
References: 1261606,CVE-2026-27456
This update for util-linux fixes the following issue
- CVE-2026-27456: TOCTOU in the mount program when setting up loop devices (bsc#1261606).
The following package changes have been done:
- libopenssl-3-fips-provider-3.5.0-160000.8.1 updated
- libopenssl3-3.5.0-160000.8.1 updated
- libuuid1-2.41.1-160000.4.1 updated
- sed-4.9-160000.3.1 updated
More information about the sle-container-updates
mailing list