SUSE-CU-2026:4820-1: Security update of private-registry/1.2/harbor-portal
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sat May 9 07:07:17 UTC 2026
SUSE Container Update Advisory: private-registry/1.2/harbor-portal
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:4820-1
Container Tags : private-registry/1.2/harbor-portal:1.2.0 , private-registry/1.2/harbor-portal:1.2.0-1.16 , private-registry/1.2/harbor-portal:latest
Container Release : 1.16
Severity : important
Type : security
References : 1257675 1260416 1260417 1260418 CVE-2026-1642 CVE-2026-27654
CVE-2026-27784 CVE-2026-28753
-----------------------------------------------------------------
The container private-registry/1.2/harbor-portal was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1761-1
Released: Fri May 8 10:58:08 2026
Summary: Security update for nginx
Type: security
Severity: important
References: 1257675,1260416,1260417,1260418,CVE-2026-1642,CVE-2026-27654,CVE-2026-27784,CVE-2026-28753
This update for nginx fixes the following issues:
- CVE-2026-1642: plain text data injection into the response from an upstream proxied server via MITM attack
(bsc#1257675).
- CVE-2026-27654: buffer overflow in the NGINX worker process via the `ngx_http_dav_module` module (bsc#1260416).
- CVE-2026-27784: NGINX worker memory overread or overwrite via a specially crafted MP4 file (bsc#1260417).
- CVE-2026-28753: arbitrary header injection into SMTP upstream requests via attacker-controlled DNS server
(bsc#1260418).
The following package changes have been done:
- nginx-1.21.5-150600.10.15.1 updated
More information about the sle-container-updates
mailing list