SUSE-CU-2026:2195-1: Security update of suse/manager/4.3/proxy-ssh

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Mon Mar 30 07:46:32 UTC 2026 

SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:2195-1
Container Tags        : suse/manager/4.3/proxy-ssh:4.3.17 , suse/manager/4.3/proxy-ssh:4.3.17.9.66.3 , suse/manager/4.3/proxy-ssh:latest
Container Release     : 9.66.3
Severity              : important
Type                  : security
References            : 1257181 1259418 1259650 1259697 CVE-2026-1299 CVE-2026-29111
                        CVE-2026-4105 
-----------------------------------------------------------------

The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1061-1
Released:    Thu Mar 26 11:35:08 2026
Summary:     Security update for systemd
Type:        security
Severity:    important
References:  1259418,1259650,1259697,CVE-2026-29111,CVE-2026-4105
This update for systemd fixes the following issues:

- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418).
- udev: check for invalid chars in various fields received from the kernel (bsc#1259697).  

Changelog:

- 6a38d88a42 machined: reject invalid class types when registering machines
- 8c9a592e5a udev: fix review mixup
- b57007a917 udev-builtin-net-id: print cescaped bad attributes
- ee23c7604b udev-builtin-net_id: do not assume the current interface name is ethX
- 0f63e799e6 udev: ensure tag parsing stays within bounds
- 046f52ec12 udev: ensure there is space for trailing NUL before calling sprintf
- 5be21460ce udev: check for invalid chars in various fields received from the kernel
- 9559607b16 core/cgroup: avoid one unnecessary strjoina()
- fcae348ca4 core: validate input cgroup path more prudently
- a3ca6b3031 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere
- 08125d6b06 units: add dep on systemd-logind.service by user at .service

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1090-1
Released:    Thu Mar 26 18:44:54 2026
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1257181,CVE-2026-1299
This update for python3 fixes the following issues:

- CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator (bsc#1257181).

The following package changes have been done:

- libudev1-249.17-150400.8.55.1 updated
- libsystemd0-249.17-150400.8.55.1 updated
- libpython3_6m1_0-3.6.15-150300.10.109.1 updated
- python3-base-3.6.15-150300.10.109.1 updated
- python3-3.6.15-150300.10.109.1 updated
- container:sles15-ltss-image-15.4.0-6.12 updated

More information about the sle-container-updates mailing list