SUSE-CU-2026:2104-1: Security update of suse/manager/5.0/x86_64/server-hub-xmlrpc-api
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Mar 26 08:51:56 UTC 2026
SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-hub-xmlrpc-api
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:2104-1
Container Tags : suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.7 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.7.6.32.2 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:latest
Container Release : 6.32.2
Severity : critical
Type : security
References : 1228081 1232526 1233529 1238491 1239566 1239938 1240788 1243794
1243991 1244050 1244449 1245199 1247498 1248356 1249055 1252160
1253043 1253757 1254202 1254293 1254297 1254563 1254662 1254878
1255731 1255732 1255733 1255734 1256105 1256427 1256437 1256766
1256822 1256830 1256834 1256835 1256836 1256837 1256838 1256839
1256840 1257005 1257049 1257144 1257353 1257354 1257355 1257463
1257496 1258319 1259362 1259363 1259364 1259365 1259418 1259650
1259697 CVE-2025-11563 CVE-2025-13601 CVE-2025-14017 CVE-2025-14087
CVE-2025-14512 CVE-2025-14524 CVE-2025-14819 CVE-2025-15079 CVE-2025-15224
CVE-2025-15281 CVE-2025-15467 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419
CVE-2025-69420 CVE-2025-69421 CVE-2025-7039 CVE-2026-0861 CVE-2026-0915
CVE-2026-0988 CVE-2026-1484 CVE-2026-1485 CVE-2026-1489 CVE-2026-1965
CVE-2026-22795 CVE-2026-22796 CVE-2026-24515 CVE-2026-25210 CVE-2026-29111
CVE-2026-3783 CVE-2026-3784 CVE-2026-3805 CVE-2026-4105
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/server-hub-xmlrpc-api was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3836-1
Released: Tue Oct 28 11:38:00 2025
Summary: Recommended update for bash
Type: recommended
Severity: important
References: 1245199
This update for bash fixes the following issues:
- Fix histfile missing timestamp for the oldest record (bsc#1245199)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3877-1
Released: Fri Oct 31 05:29:41 2025
Summary: Recommended update for libselinux
Type: recommended
Severity: important
References: 1252160
This update for libselinux fixes the following issues:
- Ship license file (bsc#1252160)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3930-1
Released: Tue Nov 4 09:26:22 2025
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050
This update for gcc15 fixes the following issues:
This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029)
The compiler runtime libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 14 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc15 compilers use:
- install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages.
- override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages.
For a full changelog with all new GCC15 features, check out
https://gcc.gnu.org/gcc-15/changes.html
Update to GCC 15.2 release:
* the GCC 15.2 release contains regression fixes accumulated since
the GCC 15.1 release
- Prune the use of update-alternatives from openSUSE Factory and
SLFO.
- Adjust crosses to conflict consistently where they did not
already and make them use unsuffixed binaries.
- Tune for power10 for SLES 16. [jsc#PED-12029]
- Tune for z15 for SLES 16. [jsc#PED-253]
- Fix PR120827, ICE due to splitter emitting constant loads directly
- Exclude shared objects present for link editing in the GCC specific
subdirectory from provides processing via __provides_exclude_from.
[bsc#1244050][bsc#1243991]
- Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap
variant conflict with the unversioned cross-*-gcc package.
- Enable C++ for offload compilers. [bsc#1243794]
- Add libgcobol and libquadmath-devel dependence to the cobol frontend
package.
Update to GCC 15 branch head, 15.1.1+git9595
* includes GCC 15.1 release
- Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs
for the AMD GCN offload compiler when llvm is new enough.
- Make sure link editing is done against our own shared library
copy rather than the installed system runtime. [bsc#1240788]
- Fix newlib libm miscompilation for GCN offloading.
Update to GCC trunk head, 15.0.1+git9001
* includes -msplit-patch-nops required for user-space livepatching
on powerpc
* includes fix for Ada build with --enable-host-pie
- Build GCC executables PIE on SLE. [bsc#1239938]
- Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF
debug info DW_AT_producer string. [bsc#1239566]
- Package GCC COBOL compiler for openSUSE Factory for supported
targets which are x86_64, aarch64 and ppc64le.
- Disable profiling during build when %want_reproducible_builds is set
[bsc#1238491]
- Includes fix for emacs JIT use
- Bumps libgo SONAME to libgo24 which should fix go1.9 build
- Adjust cross compiler requirements to use %requires_ge
- For cross compilers require the same or newer binutils, newlib
or cross-glibc that was used at build time. [bsc#1232526]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3934-1
Released: Tue Nov 4 12:23:11 2025
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1247498
This update for cyrus-sasl fixes the following issue:
- Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3969-1
Released: Thu Nov 6 12:08:20 2025
Summary: Recommended update for SLES-release
Type: recommended
Severity: low
References:
This update for SLES-release provides the following fix:
- Adjust the EOL date for the product.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4120-1
Released: Mon Nov 17 10:45:27 2025
Summary: Recommended update for SLES-release, sle-module-python3-release
Type: recommended
Severity: moderate
References:
This update for SLES-release, sle-module-python3-release fixes the following issue:
- SLES-release: Clear codestream EOL info for better readability.
- sle-module-python3-release: Clear EOL as this follow the product EOL.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4155-1
Released: Fri Nov 21 15:09:44 2025
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1233529
This update for cyrus-sasl fixes the following issues:
- Python3 error log upon importing pycurl (bsc#1233529)
* Remove senceless log message.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4236-1
Released: Tue Nov 25 17:02:19 2025
Summary: Security update for curl
Type: security
Severity: moderate
References: 1253757,CVE-2025-11563
This update for curl fixes the following issues:
- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4308-1
Released: Fri Nov 28 16:38:46 2025
Summary: Security update for glib2
Type: security
Severity: moderate
References: 1249055,CVE-2025-7039
This update for glib2 fixes the following issues:
- CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4362-1
Released: Thu Dec 11 11:08:27 2025
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1253043
This update for gcc15 fixes the following issues:
- Enable the use of _dl_find_object even when not available at build time. [bsc#1253043]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4401-1
Released: Mon Dec 15 14:35:37 2025
Summary: Recommended update for sles-release
Type: recommended
Severity: moderate
References:
This update for sles-release fixes the following issue:
- Add corrected EOL value for the codestream reflecting whats on
https://www.suse.com/lifecycle/ - this also fixes issues reported
by some parsing tools, related to ISO_8601 data format.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:18-1
Released: Mon Jan 5 11:52:25 2026
Summary: Security update for glib2
Type: security
Severity: important
References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512
This update for glib2 fixes the following issues:
- CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote
filesystem attribute values can lead to denial-of-service (bsc#1254878).
- CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()`functions when
processing attacker-influenced data may lead to crash or code execution (bsc#1254662).
- CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a
large number of unacceptable characters may lead to crash or code execution (bsc#1254297).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:50-1
Released: Wed Jan 7 10:28:14 2026
Summary: Security update for curl
Type: security
Severity: moderate
References: 1255731,1255732,1255733,1255734,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224
This update for curl fixes the following issues:
- CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
- CVE-2025-14819: libssh global knownhost override (bsc#1255732).
- CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733).
- CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:77-1
Released: Thu Jan 8 20:03:59 2026
Summary: Security update for curl
Type: security
Severity: moderate
References: 1256105,CVE-2025-14017
This update for curl fixes the following issues:
- CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:286-1
Released: Sat Jan 24 00:35:35 2026
Summary: Security update for glib2
Type: security
Severity: low
References: 1257049,CVE-2026-0988
This update for glib2 fixes the following issues:
- CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:312-1
Released: Wed Jan 28 10:37:55 2026
Summary: Security update for openssl-3
Type: security
Severity: critical
References: 1256830,1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-15467,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796
This update for openssl-3 fixes the following issues:
- CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:371-1
Released: Tue Feb 3 19:08:49 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1256437,1256766,1256822,1257005,CVE-2025-15281,CVE-2026-0861,CVE-2026-0915
This update for glibc fixes the following issues:
Security fixes:
- CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766).
- CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822).
- CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005).
Other fixes:
- NPTL: Optimize trylock for high cache contention workloads (bsc#1256437).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:373-1
Released: Wed Feb 4 03:50:41 2026
Summary: Security update for glib2
Type: security
Severity: important
References: 1257353,1257354,1257355,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489
This update for glib2 fixes the following issues:
- CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354).
- CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355).
- CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:407-1
Released: Mon Feb 9 07:43:45 2026
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1228081,1244449,1248356,1254202,1254293,1254563,1256427
This update for systemd fixes the following issues:
- Name libsystemd-{shared,core} based on the major version of systemd and
the package release number (bsc#1228081, bsc#1256427)
This way, both the old and new versions of the shared libraries will be
present during the update. This should prevent issues during package updates
when incompatible changes are introduced in the new versions of the shared libraries.
- detect-virt: bare-metal GCE only for x86 and i386 (bsc#1254293)
- timer: rebase last_trigger timestamp if needed
- timer: rebase the next elapse timestamp only if timer didn't already run
- timer: don't run service immediately after restart of a timer (bsc#1254563)
- test: check the next elapse timer timestamp after deserialization
- test: restarting elapsed timer shouldn't trigger the corresponding service
- Reintroduce systemd-network as a transitional dummy package containing no files (bsc#1254202)
The contents of this package were split into two independent packages:
systemd-networkd and systemd-resolved. However, the initial replacement caused
both network services to be disabled. Consequently, the original package has
been restored as an empty transitional package to prevent the disabling of the services.
It can be safely removed once the update is complete.
- units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356)
- units: add dep on systemd-logind.service by user at .service
- detect-virt: add bare-metal support for GCE (bsc#1244449)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:791-1
Released: Tue Mar 3 16:59:33 2026
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1257463
This update for gcc15 fixes the following issues:
- Fix bogus expression simplification (bsc#1257463)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:826-1
Released: Thu Mar 5 16:16:29 2026
Summary: Security update for expat
Type: security
Severity: moderate
References: 1257144,1257496,CVE-2026-24515,CVE-2026-25210
This update for expat fixes the following issues:
- CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144)
- CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:837-1
Released: Fri Mar 6 08:30:05 2026
Summary: Recommended update for syslogd
Type: recommended
Severity: moderate
References:
This update for syslogd fixes the following issues:
- Drop last sysvinit Requirement/Provide (jsc#PED-13698)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:844-1
Released: Fri Mar 6 16:45:31 2026
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1258319
This update for glibc fixes the following issues:
- nss: Missing checks in __nss_configure_lookup, __nss_database_get (bsc#1258319, BZ #28940)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:863-1
Released: Wed Mar 11 13:41:48 2026
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References:
This update for openldap2 fixes the following issues:
- expose ldap_log.h in -devel (jsc#PED-15735)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:885-1
Released: Thu Mar 12 15:50:16 2026
Summary: Security update for curl
Type: security
Severity: important
References: 1259362,1259363,1259364,1259365,CVE-2026-1965,CVE-2026-3783,CVE-2026-3784,CVE-2026-3805
This update for curl fixes the following issues:
- CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362).
- CVE-2026-3783: token leak with redirect and netrc (bsc#1259363).
- CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364).
- CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1040-1
Released: Wed Mar 25 13:43:08 2026
Summary: Security update for systemd
Type: security
Severity: important
References: 1259418,1259650,1259697,CVE-2026-29111,CVE-2026-4105
This update for systemd fixes the following issues:
- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418).
- udev: check for invalid chars in various fields received from the kernel (bsc#1259697).
Changelog:
- a943e3ce2f machined: reject invalid class types when registering machines
- 71593f77db udev: fix review mixup
- 73a89810b4 udev-builtin-net-id: print cescaped bad attributes
- 0f360bfdc0 udev-builtin-net_id: do not assume the current interface name is ethX
- 40905232e2 udev: ensure tag parsing stays within bounds
- 7bce9026e3 udev: ensure there is space for trailing NUL before calling sprintf
- d018ac1ea3 udev: check for invalid chars in various fields received from the kernel
- aef6e11921 core/cgroup: avoid one unnecessary strjoina()
- cc7426f38a sd-json: fix off-by-one issue when updating parent for array elements
- 26a748f727 core: validate input cgroup path more prudently
- 99d8308fde core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs
The following package changes have been done:
- libldap-data-2.4.46-150600.25.3.1 updated
- glibc-2.38-150600.14.43.1 updated
- libgcc_s1-15.2.0+git10201-150000.1.9.1 updated
- libstdc++6-15.2.0+git10201-150000.1.9.1 updated
- libsasl2-3-2.1.28-150600.7.14.1 updated
- libselinux1-3.5-150600.3.3.1 updated
- libreadline7-7.0-150400.27.6.1 updated
- bash-4.4-150400.27.6.1 updated
- bash-sh-4.4-150400.27.6.1 updated
- sles-release-15.6-150600.64.12.1 updated
- libglib-2_0-0-2.78.6-150600.4.35.1 updated
- libopenssl3-3.1.4-150600.5.42.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.42.1 updated
- libldap-2_4-2-2.4.46-150600.25.3.1 updated
- libcurl4-8.14.1-150600.4.40.1 updated
- libexpat1-2.7.1-150400.3.34.1 updated
- libsystemd0-254.27-150600.4.62.1 updated
- systemd-254.27-150600.4.62.1 updated
- syslog-service-2.0-150300.13.3.1 updated
- container:sles15-ltss-image-15.6.0-5.32 added
- container:sles15-image-15.6.0-47.24.1 removed
- gawk-4.2.1-150000.3.3.1 removed
- libnl-config-3.9.0-150600.15.4.4 removed
- libnl3-200-3.9.0-150600.15.4.4 removed
- libudev1-254.27-150600.4.43.3 removed
- sysconfig-0.85.10-150200.15.1 removed
- sysconfig-netconfig-0.85.10-150200.15.1 removed
- util-linux-systemd-2.39.3-150600.4.12.2 removed
- wicked-0.6.77-150600.11.15.1 removed
- wicked-service-0.6.77-150600.11.15.1 removed
More information about the sle-container-updates
mailing list