SUSE-CU-2026:2092-1: Security update of suse/manager/5.0/x86_64/proxy-httpd
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Mar 26 08:51:05 UTC 2026
SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-httpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:2092-1
Container Tags : suse/manager/5.0/x86_64/proxy-httpd:5.0.7 , suse/manager/5.0/x86_64/proxy-httpd:5.0.7.7.32.2 , suse/manager/5.0/x86_64/proxy-httpd:latest
Container Release : 7.32.2
Severity : critical
Type : security
References : 1220899 1228081 1229147 1231055 1232526 1233529 1237181 1237236
1237240 1237241 1237242 1238491 1239566 1239938 1240788 1243381
1243794 1243991 1244050 1244177 1244449 1245190 1245199 1246315
1247498 1247544 1247722 1247850 1247858 1248356 1248783 1249041
1249425 1250553 1250561 1250754 1251865 1251995 1252098 1252388
1252425 1252638 1252665 1252908 1252937 1253043 1253174 1253197
1253249 1253285 1253322 1253501 1253659 1253660 1253711 1253712
1253757 1253773 1254202 1254251 1254293 1254297 1254400 1254401
1254511 1254512 1254514 1254515 1254563 1254662 1254878 1254997
1255089 1255176 1255298 1255634 1255653 1255715 1255731 1255732
1255733 1255734 1255743 1255857 1256105 1256243 1256244 1256246
1256389 1256390 1256427 1256437 1256766 1256805 1256807 1256808
1256809 1256811 1256812 1256822 1256830 1256834 1256834 1256835
1256835 1256836 1256836 1256837 1256837 1256838 1256838 1256839
1256839 1256840 1256840 1256902 1256991 1257005 1257029 1257031
1257041 1257042 1257044 1257046 1257049 1257144 1257255 1257353
1257354 1257355 1257396 1257463 1257496 1257538 1257593 1257594
1257595 1257992 1258319 1259057 1259362 1259363 1259364 1259365
1259418 1259650 1259697 CVE-2024-29371 CVE-2025-10911 CVE-2025-11468
CVE-2025-11563 CVE-2025-12084 CVE-2025-1352 CVE-2025-13601 CVE-2025-1372
CVE-2025-1376 CVE-2025-1377 CVE-2025-13836 CVE-2025-13837 CVE-2025-14017
CVE-2025-14087 CVE-2025-14512 CVE-2025-14524 CVE-2025-14819 CVE-2025-15079
CVE-2025-15224 CVE-2025-15281 CVE-2025-15282 CVE-2025-15366 CVE-2025-15367
CVE-2025-15467 CVE-2025-55753 CVE-2025-58098 CVE-2025-65082 CVE-2025-66200
CVE-2025-68160 CVE-2025-68160 CVE-2025-68973 CVE-2025-69418 CVE-2025-69418
CVE-2025-69419 CVE-2025-69419 CVE-2025-69420 CVE-2025-69420 CVE-2025-69421
CVE-2025-69421 CVE-2025-8732 CVE-2026-0672 CVE-2026-0861 CVE-2026-0865
CVE-2026-0915 CVE-2026-0988 CVE-2026-0989 CVE-2026-0990 CVE-2026-0992
CVE-2026-1484 CVE-2026-1485 CVE-2026-1489 CVE-2026-1757 CVE-2026-1965
CVE-2026-22795 CVE-2026-22795 CVE-2026-22796 CVE-2026-22796 CVE-2026-23490
CVE-2026-24515 CVE-2026-24882 CVE-2026-25210 CVE-2026-29111 CVE-2026-3783
CVE-2026-3784 CVE-2026-3805 CVE-2026-4105
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/proxy-httpd was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3836-1
Released: Tue Oct 28 11:38:00 2025
Summary: Recommended update for bash
Type: recommended
Severity: important
References: 1245199
This update for bash fixes the following issues:
- Fix histfile missing timestamp for the oldest record (bsc#1245199)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3847-1
Released: Wed Oct 29 06:06:00 2025
Summary: Recommended update for python-kiwi
Type: recommended
Severity: critical
References: 1243381,1245190,1250754
This update for python-kiwi, appx-util, python-docopt, python-xmltodict, libsolv fixes the following issues:
python-kiwi:
- Switch to Python 3.11 based python-kiwi (jsc#PED-13168)
- Fixed system booting to Emergency Mode on first reboot using qcow2 (bsc#1250754)
- Fixed get_partition_node_name (bsc#1245190)
- Added new eficsm type attribute (bsc#1243381)
- Included support for older schemas
- New binary packages:
* kiwi-bash-completion
* kiwi-systemdeps-containers-wsl
appx-util:
- Implementation as dependency required by kiwi-systemdeps-containers-wsl
python-docopt, python-xmltodict, libsolv:
- Implementation of Python 3.11 flavours required by python311-kiwi (no source changes)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3930-1
Released: Tue Nov 4 09:26:22 2025
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050
This update for gcc15 fixes the following issues:
This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029)
The compiler runtime libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 14 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc15 compilers use:
- install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages.
- override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages.
For a full changelog with all new GCC15 features, check out
https://gcc.gnu.org/gcc-15/changes.html
Update to GCC 15.2 release:
* the GCC 15.2 release contains regression fixes accumulated since
the GCC 15.1 release
- Prune the use of update-alternatives from openSUSE Factory and
SLFO.
- Adjust crosses to conflict consistently where they did not
already and make them use unsuffixed binaries.
- Tune for power10 for SLES 16. [jsc#PED-12029]
- Tune for z15 for SLES 16. [jsc#PED-253]
- Fix PR120827, ICE due to splitter emitting constant loads directly
- Exclude shared objects present for link editing in the GCC specific
subdirectory from provides processing via __provides_exclude_from.
[bsc#1244050][bsc#1243991]
- Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap
variant conflict with the unversioned cross-*-gcc package.
- Enable C++ for offload compilers. [bsc#1243794]
- Add libgcobol and libquadmath-devel dependence to the cobol frontend
package.
Update to GCC 15 branch head, 15.1.1+git9595
* includes GCC 15.1 release
- Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs
for the AMD GCN offload compiler when llvm is new enough.
- Make sure link editing is done against our own shared library
copy rather than the installed system runtime. [bsc#1240788]
- Fix newlib libm miscompilation for GCN offloading.
Update to GCC trunk head, 15.0.1+git9001
* includes -msplit-patch-nops required for user-space livepatching
on powerpc
* includes fix for Ada build with --enable-host-pie
- Build GCC executables PIE on SLE. [bsc#1239938]
- Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF
debug info DW_AT_producer string. [bsc#1239566]
- Package GCC COBOL compiler for openSUSE Factory for supported
targets which are x86_64, aarch64 and ppc64le.
- Disable profiling during build when %want_reproducible_builds is set
[bsc#1238491]
- Includes fix for emacs JIT use
- Bumps libgo SONAME to libgo24 which should fix go1.9 build
- Adjust cross compiler requirements to use %requires_ge
- For cross compilers require the same or newer binutils, newlib
or cross-glibc that was used at build time. [bsc#1232526]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3934-1
Released: Tue Nov 4 12:23:11 2025
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1247498
This update for cyrus-sasl fixes the following issue:
- Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3969-1
Released: Thu Nov 6 12:08:20 2025
Summary: Recommended update for SLES-release
Type: recommended
Severity: low
References:
This update for SLES-release provides the following fix:
- Adjust the EOL date for the product.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4120-1
Released: Mon Nov 17 10:45:27 2025
Summary: Recommended update for SLES-release, sle-module-python3-release
Type: recommended
Severity: moderate
References:
This update for SLES-release, sle-module-python3-release fixes the following issue:
- SLES-release: Clear codestream EOL info for better readability.
- sle-module-python3-release: Clear EOL as this follow the product EOL.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4155-1
Released: Fri Nov 21 15:09:44 2025
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1233529
This update for cyrus-sasl fixes the following issues:
- Python3 error log upon importing pycurl (bsc#1233529)
* Remove senceless log message.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4092-1
Released: Mon Nov 24 10:08:22 2025
Summary: Security update for elfutils
Type: security
Severity: moderate
References: 1237236,1237240,1237241,1237242,CVE-2025-1352,CVE-2025-1372,CVE-2025-1376,CVE-2025-1377
This update for elfutils fixes the following issues:
- Fixing build/testsuite for more recent glibc and kernels.
- Fixing denial of service and general buffer overflow errors
(bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242):
- CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip
- CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip
- CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf
- CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf
- Fixing testsuite race conditions in run-debuginfod-find.sh.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4236-1
Released: Tue Nov 25 17:02:19 2025
Summary: Security update for curl
Type: security
Severity: moderate
References: 1253757,CVE-2025-11563
This update for curl fixes the following issues:
- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4293-1
Released: Fri Nov 28 10:10:49 2025
Summary: Recommended update for gpgme
Type: recommended
Severity: important
References: 1231055,1252425
This update for gpgme fixes the following issues:
- Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055)
* To avoid gpgme constructing an invalid gpg command line when
the DISPLAY variable is empty it can be treated as unset.
* Reported upstream: dev.gnupg.org/T7919
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4362-1
Released: Thu Dec 11 11:08:27 2025
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1253043
This update for gcc15 fixes the following issues:
- Enable the use of _dl_find_object even when not available at build time. [bsc#1253043]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4401-1
Released: Mon Dec 15 14:35:37 2025
Summary: Recommended update for sles-release
Type: recommended
Severity: moderate
References:
This update for sles-release fixes the following issue:
- Add corrected EOL value for the codestream reflecting whats on
https://www.suse.com/lifecycle/ - this also fixes issues reported
by some parsing tools, related to ISO_8601 data format.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:18-1
Released: Mon Jan 5 11:52:25 2026
Summary: Security update for glib2
Type: security
Severity: important
References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512
This update for glib2 fixes the following issues:
- CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote
filesystem attribute values can lead to denial-of-service (bsc#1254878).
- CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()`functions when
processing attacker-influenced data may lead to crash or code execution (bsc#1254662).
- CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a
large number of unacceptable characters may lead to crash or code execution (bsc#1254297).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:20-1
Released: Mon Jan 5 12:08:28 2026
Summary: Security update for apache2
Type: security
Severity: important
References: 1254511,1254512,1254514,1254515,CVE-2025-55753,CVE-2025-58098,CVE-2025-65082,CVE-2025-66200
This update for apache2 fixes the following issues:
- CVE-2025-55753: Fixed mod_md (ACME) unintended retry intervals (bsc#1254511)
- CVE-2025-65082: Fixed CGI environment variable override (bsc#1254514)
- CVE-2025-58098: Fixed Server Side Includes adding query string to #exec cmd=... (bsc#1254512)
- CVE-2025-66200: Fixed mod_userdir+suexec bypass via AllowOverride FileInfo (bsc#1254515)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:27-1
Released: Mon Jan 5 13:45:08 2026
Summary: Security update for python3
Type: security
Severity: moderate
References: 1254400,1254401,1254997,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837
This update for python3 fixes the following issues:
- CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997)
- CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400)
- CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:50-1
Released: Wed Jan 7 10:28:14 2026
Summary: Security update for curl
Type: security
Severity: moderate
References: 1255731,1255732,1255733,1255734,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224
This update for curl fixes the following issues:
- CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
- CVE-2025-14819: libssh global knownhost override (bsc#1255732).
- CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733).
- CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:77-1
Released: Thu Jan 8 20:03:59 2026
Summary: Security update for curl
Type: security
Severity: moderate
References: 1256105,CVE-2025-14017
This update for curl fixes the following issues:
- CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:215-1
Released: Thu Jan 22 13:10:16 2026
Summary: Security update for gpg2
Type: security
Severity: important
References: 1255715,1256243,1256244,1256246,1256390,CVE-2025-68973
This update for gpg2 fixes the following issues:
- CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715).
- Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246).
- Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244).
- Fix a memory leak in gpg2 agent (bsc#1256243).
- Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:286-1
Released: Sat Jan 24 00:35:35 2026
Summary: Security update for glib2
Type: security
Severity: low
References: 1257049,CVE-2026-0988
This update for glib2 fixes the following issues:
- CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:312-1
Released: Wed Jan 28 10:37:55 2026
Summary: Security update for openssl-3
Type: security
Severity: critical
References: 1256830,1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-15467,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796
This update for openssl-3 fixes the following issues:
- CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:346-1
Released: Fri Jan 30 10:01:27 2026
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796
This update for openssl-1_1 fixes the following issues:
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:371-1
Released: Tue Feb 3 19:08:49 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1256437,1256766,1256822,1257005,CVE-2025-15281,CVE-2026-0861,CVE-2026-0915
This update for glibc fixes the following issues:
Security fixes:
- CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766).
- CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822).
- CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005).
Other fixes:
- NPTL: Optimize trylock for high cache contention workloads (bsc#1256437).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:373-1
Released: Wed Feb 4 03:50:41 2026
Summary: Security update for glib2
Type: security
Severity: important
References: 1257353,1257354,1257355,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489
This update for glib2 fixes the following issues:
- CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354).
- CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355).
- CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:391-1
Released: Thu Feb 5 15:23:42 2026
Summary: Security update for libxml2
Type: security
Severity: low
References: 1256805,CVE-2026-0989
This update for libxml2 fixes the following issues:
- CVE-2026-0989: Fixed call stack exhaustion leading to application
crash due to RelaxNG parser not limiting the recursion depth when
resolving `<include>` directives (bsc#1256805)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:407-1
Released: Mon Feb 9 07:43:45 2026
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1228081,1244449,1248356,1254202,1254293,1254563,1256427
This update for systemd fixes the following issues:
- Name libsystemd-{shared,core} based on the major version of systemd and
the package release number (bsc#1228081, bsc#1256427)
This way, both the old and new versions of the shared libraries will be
present during the update. This should prevent issues during package updates
when incompatible changes are introduced in the new versions of the shared libraries.
- detect-virt: bare-metal GCE only for x86 and i386 (bsc#1254293)
- timer: rebase last_trigger timestamp if needed
- timer: rebase the next elapse timestamp only if timer didn't already run
- timer: don't run service immediately after restart of a timer (bsc#1254563)
- test: check the next elapse timer timestamp after deserialization
- test: restarting elapsed timer shouldn't trigger the corresponding service
- Reintroduce systemd-network as a transitional dummy package containing no files (bsc#1254202)
The contents of this package were split into two independent packages:
systemd-networkd and systemd-resolved. However, the initial replacement caused
both network services to be disabled. Consequently, the original package has
been restored as an empty transitional package to prevent the disabling of the services.
It can be safely removed once the update is complete.
- units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356)
- units: add dep on systemd-logind.service by user at .service
- detect-virt: add bare-metal support for GCE (bsc#1244449)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:430-1
Released: Wed Feb 11 09:43:42 2026
Summary: Security update for python-pyasn1
Type: security
Severity: important
References: 1256902,CVE-2026-23490
This update for python-pyasn1 fixes the following issues:
- CVE-2026-23490: Fixed malformed RELATIVE-OID with excessive continuation
octets leading to Denial of Service (bsc#1256902)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:434-1
Released: Wed Feb 11 10:23:18 2026
Summary: Security update for gpg2
Type: security
Severity: important
References: 1256389,1257396,CVE-2026-24882
This update for gpg2 fixes the following issues:
Security fixes:
- CVE-2026-24882: Fixed stack-based buffer overflow in TPM2
PKDECRYPT for TPM-backed RSA and ECC keys (bsc#1257396)
- Fixed GnuPG accepting Path Separators and Path Traversals in Literal
Data 'Filename' Field (bsc#1256389)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:570-1
Released: Tue Feb 17 17:38:47 2026
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1247850,1247858,1250553,1256807,1256808,1256809,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2025-8732,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757
This update for libxml2 fixes the following issues:
- CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811)
- CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812)
- CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595)
- CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553)
- CVE-2025-8732: Fixed an infinite recursion in catalog parsing functions when processing malformed SGML catalog files. (bsc#1247858)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:664-1
Released: Thu Feb 26 16:15:04 2026
Summary: Security update for python3
Type: security
Severity: important
References: 1257029,1257031,1257041,1257042,1257044,1257046,CVE-2025-11468,CVE-2025-15282,CVE-2025-15366,CVE-2025-15367,CVE-2026-0672,CVE-2026-0865
This update for python3 fixes the following issues:
- CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable
characters (bsc#1257029).
- CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel
(bsc#1257031).
- CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042).
- CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044).
- CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046).
- CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:791-1
Released: Tue Mar 3 16:59:33 2026
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1257463
This update for gcc15 fixes the following issues:
- Fix bogus expression simplification (bsc#1257463)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:826-1
Released: Thu Mar 5 16:16:29 2026
Summary: Security update for expat
Type: security
Severity: moderate
References: 1257144,1257496,CVE-2026-24515,CVE-2026-25210
This update for expat fixes the following issues:
- CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144)
- CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:836-1
Released: Fri Mar 6 08:27:48 2026
Summary: Recommended update for apache2
Type: recommended
Severity: moderate
References: 1229147
This update for apache2 fixes the following issues:
- Fix: apache2 default config gives a warning AH00317 (bsc#1229147).
* The default value for MaxRequestWorkers should be a multiple of 25,
so we're setting it from 256 down to 250, which is what Apache was
doing during runtime in any case.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:844-1
Released: Fri Mar 6 16:45:31 2026
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1258319
This update for glibc fixes the following issues:
- nss: Missing checks in __nss_configure_lookup, __nss_database_get (bsc#1258319, BZ #28940)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:863-1
Released: Wed Mar 11 13:41:48 2026
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References:
This update for openldap2 fixes the following issues:
- expose ldap_log.h in -devel (jsc#PED-15735)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:885-1
Released: Thu Mar 12 15:50:16 2026
Summary: Security update for curl
Type: security
Severity: important
References: 1259362,1259363,1259364,1259365,CVE-2026-1965,CVE-2026-3783,CVE-2026-3784,CVE-2026-3805
This update for curl fixes the following issues:
- CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362).
- CVE-2026-3783: token leak with redirect and netrc (bsc#1259363).
- CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364).
- CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365).
-----------------------------------------------------------------
Advisory ID: SUSE-Manager-5.0-2026-1010
Released: Wed Mar 25 11:09:52 2026
Summary: Maintenance update for Multi-Linux Manager 5.0: Server, Proxy and Retail Branch Server
Type: security
Severity: important
References: 1220899,1237181,1244177,1246315,1247544,1247722,1248783,1249041,1249425,1250561,1251865,1251995,1252098,1252388,1252638,1252665,1252908,1252937,1253174,1253197,1253249,1253285,1253322,1253501,1253659,1253660,1253711,1253712,1253773,1254251,1255089,1255176,1255298,1255634,1255653,1255743,1255857,1256991,1257255,1257538,1257992,1259057,CVE-2024-29371
Maintenance update for Multi-Linux Manager 5.0: Server, Proxy and Retail Branch Server
This is a codestream only update
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1040-1
Released: Wed Mar 25 13:43:08 2026
Summary: Security update for systemd
Type: security
Severity: important
References: 1259418,1259650,1259697,CVE-2026-29111,CVE-2026-4105
This update for systemd fixes the following issues:
- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418).
- udev: check for invalid chars in various fields received from the kernel (bsc#1259697).
Changelog:
- a943e3ce2f machined: reject invalid class types when registering machines
- 71593f77db udev: fix review mixup
- 73a89810b4 udev-builtin-net-id: print cescaped bad attributes
- 0f360bfdc0 udev-builtin-net_id: do not assume the current interface name is ethX
- 40905232e2 udev: ensure tag parsing stays within bounds
- 7bce9026e3 udev: ensure there is space for trailing NUL before calling sprintf
- d018ac1ea3 udev: check for invalid chars in various fields received from the kernel
- aef6e11921 core/cgroup: avoid one unnecessary strjoina()
- cc7426f38a sd-json: fix off-by-one issue when updating parent for array elements
- 26a748f727 core: validate input cgroup path more prudently
- 99d8308fde core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs
The following package changes have been done:
- libldap-data-2.4.46-150600.25.3.1 updated
- glibc-2.38-150600.14.43.1 updated
- libgcc_s1-15.2.0+git10201-150000.1.9.1 updated
- libstdc++6-15.2.0+git10201-150000.1.9.1 updated
- libsasl2-3-2.1.28-150600.7.14.1 updated
- libelf1-0.185-150400.5.8.3 updated
- libselinux1-3.5-150600.3.3.1 updated
- libdw1-0.185-150400.5.8.3 updated
- libreadline7-7.0-150400.27.6.1 updated
- bash-4.4-150400.27.6.1 updated
- bash-sh-4.4-150400.27.6.1 updated
- sles-release-15.6-150600.64.12.1 updated
- libglib-2_0-0-2.78.6-150600.4.35.1 updated
- libudev1-254.27-150600.4.55.1 updated
- libopenssl3-3.1.4-150600.5.42.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.42.1 updated
- libldap-2_4-2-2.4.46-150600.25.3.1 updated
- libsolv-tools-base-0.7.34-150600.8.19.2 updated
- gpg2-2.4.4-150600.3.15.1 updated
- libcurl4-8.14.1-150600.4.40.1 updated
- libgpgme11-1.23.0-150600.3.5.1 updated
- curl-8.14.1-150600.4.40.1 updated
- libexpat1-2.7.1-150400.3.34.1 updated
- libgmodule-2_0-0-2.78.6-150600.4.35.1 updated
- libgobject-2_0-0-2.78.6-150600.4.35.1 updated
- libopenssl1_1-1.1.1w-150600.5.21.1 updated
- release-notes-susemanager-proxy-5.0.7-150600.11.39.1 updated
- libsystemd0-254.27-150600.4.62.1 updated
- python3-base-3.6.15-150300.10.106.1 updated
- libpython3_6m1_0-3.6.15-150300.10.106.1 updated
- apache2-prefork-2.4.58-150600.5.44.1 updated
- python3-3.6.15-150300.10.106.1 updated
- python3-pyasn1-0.4.2-150000.3.13.1 updated
- systemd-254.27-150600.4.62.1 updated
- libgio-2_0-0-2.78.6-150600.4.35.1 updated
- glib2-tools-2.78.6-150600.4.35.1 updated
- python3-libxml2-2.10.3-150500.5.38.1 updated
- apache2-2.4.58-150600.5.44.1 updated
- spacewalk-backend-5.0.17-150600.4.26.5 updated
- python3-spacewalk-client-tools-5.0.12-150600.4.18.5 updated
- spacewalk-client-tools-5.0.12-150600.4.18.5 updated
- spacewalk-proxy-package-manager-5.0.8-150600.3.15.3 updated
- spacewalk-proxy-common-5.0.8-150600.3.15.3 updated
- spacewalk-proxy-broker-5.0.8-150600.3.15.3 updated
- spacewalk-proxy-redirect-5.0.8-150600.3.15.3 updated
- container:sles15-ltss-image-15.6.0-5.32 added
- container:sles15-image-15.6.0-47.24.1 removed
More information about the sle-container-updates
mailing list