SUSE-CU-2026:1511-1: Security update of private-registry/harbor-trivy-adapter

[sle-container-updates at lists.suse.com]

SUSE Container Update Advisory: private-registry/harbor-trivy-adapter
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:1511-1
Container Tags        : private-registry/harbor-trivy-adapter:1.1.1 , private-registry/harbor-trivy-adapter:1.1.1-1.40 , private-registry/harbor-trivy-adapter:latest
Container Release     : 1.40
Severity              : moderate
Type                  : security
References            : 1257463 1258045 1258049 1258054 1258080 1258081 1258319 1258392
                        CVE-2026-0964 CVE-2026-0965 CVE-2026-0966 CVE-2026-0967 CVE-2026-0968
                        CVE-2026-27171 
-----------------------------------------------------------------

The container private-registry/harbor-trivy-adapter was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:779-1
Released:    Tue Mar  3 14:25:07 2026
Summary:     Security update for libssh
Type:        security
Severity:    moderate
References:  1258045,1258049,1258054,1258080,1258081,CVE-2026-0964,CVE-2026-0965,CVE-2026-0966,CVE-2026-0967,CVE-2026-0968
This update for libssh fixes the following issues:

- CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049).
- CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045).
- CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054).
- CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081).
- CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:783-1
Released:    Tue Mar  3 14:36:14 2026
Summary:     Security update for zlib
Type:        security
Severity:    moderate
References:  1258392,CVE-2026-27171
This update for zlib fixes the following issue:

- CVE-2026-27171: Fixed infinite loop via the `crc32_combine64` and `crc32_combine_gen64` functions due to missing
  checks for negative lengths (bsc#1258392).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:791-1
Released:    Tue Mar  3 16:59:33 2026
Summary:     Recommended update for gcc15
Type:        recommended
Severity:    moderate
References:  1257463
This update for gcc15 fixes the following issues:

- Fix bogus expression simplification (bsc#1257463)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:844-1
Released:    Fri Mar  6 16:45:31 2026
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1258319
This update for glibc fixes the following issues:

- nss: Missing checks in __nss_configure_lookup, __nss_database_get (bsc#1258319, BZ #28940)


The following package changes have been done:

- glibc-2.38-150600.14.43.1 updated
- libgcc_s1-15.2.0+git10201-150000.1.9.1 updated
- libstdc++6-15.2.0+git10201-150000.1.9.1 updated
- libssh-config-0.9.8-150600.11.9.1 updated
- libz1-1.2.13-150500.4.6.1 updated
- libssh4-0.9.8-150600.11.9.1 updated
- harbor-scanner-trivy-0.34.2-150700.1.9 updated
- system-user-harbor-2.14.2-150700.1.18 updated
- container:suse-sle15-15.7-8788ee29eb7cd4473a072e391f6e949a8192c8093b44289ec03eaff16197ef3c-0 updated
- container:registry.suse.com-bci-bci-micro-15.7-1a6e0eea6b390e988c75daedc0a54a77767a523e2d624e6e6c24447041c1bbb3-0 updated