SUSE-CU-2026:1852-1: Security update of suse/manager/4.3/proxy-httpd

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Mar 18 09:06:08 UTC 2026 

SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:1852-1
Container Tags        : suse/manager/4.3/proxy-httpd:4.3.16.2 , suse/manager/4.3/proxy-httpd:4.3.16.2.9.73.25 , suse/manager/4.3/proxy-httpd:latest
Container Release     : 9.73.25
Severity              : important
Type                  : security
References            : 1253757 1255731 1255732 1255733 1255734 1256105 1259362 1259363
                        1259364 1259365 CVE-2025-11563 CVE-2025-14017 CVE-2025-14524
                        CVE-2025-14819 CVE-2025-15079 CVE-2025-15224 CVE-2026-1965 CVE-2026-3783
                        CVE-2026-3784 CVE-2026-3805 
-----------------------------------------------------------------

The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4309-1
Released:    Fri Nov 28 16:39:38 2025
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1253757,CVE-2025-11563
This update for curl fixes the following issues:

- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:508-1
Released:    Fri Feb 13 15:50:21 2026
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1255731,1255732,1255733,1255734,1256105,CVE-2025-14017,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224
This update for curl fixes the following issues:

- CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105).
- CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
- CVE-2025-14819: libssh global knownhost override (bsc#1255732).
- CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733).
- CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:911-1
Released:    Tue Mar 17 20:56:12 2026
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1259362,1259363,1259364,1259365,CVE-2026-1965,CVE-2026-3783,CVE-2026-3784,CVE-2026-3805
This update for curl fixes the following issues:

- CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362).
- CVE-2026-3783: token leak with redirect and netrc (bsc#1259363).
- CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364).
- CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365).


The following package changes have been done:

- libcurl4-8.14.1-150400.5.80.1 updated
- curl-8.14.1-150400.5.80.1 updated
- container:sles15-ltss-image-15.4.0-6.10 updated

More information about the sle-container-updates mailing list