SUSE-CU-2026:6537-1: Security update of private-registry/1.2/harbor-core

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Jun 30 07:04:33 UTC 2026


SUSE Container Update Advisory: private-registry/1.2/harbor-core
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:6537-1
Container Tags        : private-registry/1.2/harbor-core:1.2.0 , private-registry/1.2/harbor-core:1.2.0-1.38 , private-registry/1.2/harbor-core:latest
Container Release     : 1.38
Severity              : important
Type                  : security
References            : 1266340 1266341 1266342 1266343 1266345 1266349 1266350 1266351
                        1266352 1266353 1266355 1266356 1266357 CVE-2026-34180 CVE-2026-34181
                        CVE-2026-34183 CVE-2026-42766 CVE-2026-42767 CVE-2026-42768 CVE-2026-42769
                        CVE-2026-42770 CVE-2026-45445 CVE-2026-45446 CVE-2026-45447 CVE-2026-7383
                        CVE-2026-9076 
-----------------------------------------------------------------

The container private-registry/1.2/harbor-core was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2648-1
Released:    Fri Jun 26 13:05:57 2026
Summary:     Security update for openssl-3
Type:        security
Severity:    important
References:  1266340,1266341,1266342,1266343,1266345,1266349,1266350,1266351,1266352,1266353,1266355,1266356,1266357,CVE-2026-34180,CVE-2026-34181,CVE-2026-34183,CVE-2026-42766,CVE-2026-42767,CVE-2026-42768,CVE-2026-42769,CVE-2026-42770,CVE-2026-45445,CVE-2026-45446,CVE-2026-45447,CVE-2026-7383,CVE-2026-9076
This update for openssl-3 fixes the following issues

- CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion (bsc#1266340).
- CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption (bsc#1266341).
- CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing (bsc#1266342).
- CVE-2026-34181: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys (bsc#1266343).
- CVE-2026-34183: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler (bsc#1266345).
- CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption (bsc#1266349).
- CVE-2026-42767: NULL Pointer Dereference in CRMF EncryptedValue Decryption (bsc#1266350).
- CVE-2026-42768: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() (bsc#1266351).
- CVE-2026-42769: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate (bsc#1266352).
- CVE-2026-42770: FFC-DH Peer Validation Uses Attacker-Supplied q (bsc#1266353).
- CVE-2026-45445: AES-OCB IV Ignored on EVP_Cipher() Path (bsc#1266355).
- CVE-2026-45446: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes (bsc#1266356).
- CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify() (bsc#1266357).


The following package changes have been done:

- libopenssl3-3.2.3-150700.5.36.1 updated
- openssl-3-3.2.3-150700.5.36.1 updated
- system-user-harbor-2.15.1-150700.1.13 updated
- harbor-core-2.15.1-150700.1.13 updated
- container:suse-sle15-15.7-abba6c976648d3a97d1dd9beef16b3acebba666b7d1fc7f71b08ae45c72a4674-0 updated


More information about the sle-container-updates mailing list