SUSE-CU-2026:4848-1: Security update of suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Mon May 11 07:21:23 UTC 2026 

SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:4848-1
Container Tags        : suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:5.1.3.1 , suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:5.1.3.1.9.19.2 , suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:latest
Container Release     : 9.19.2
Severity              : important
Type                  : security
References            : 1259611 1259734 1259735 1259924 1259989 1260026 1260589 1261969
                        1261970 1262098 1262319 1262654 1262760 1263007 CVE-2025-13462
                        CVE-2025-69720 CVE-2026-1502 CVE-2026-25645 CVE-2026-3446 CVE-2026-3479
                        CVE-2026-3644 CVE-2026-4224 CVE-2026-4519 CVE-2026-4786 CVE-2026-6019
                        CVE-2026-6100 
-----------------------------------------------------------------

The container suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1510-1
Released:    Tue Apr 21 08:28:12 2026
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1259924,CVE-2025-69720
This update for ncurses fixes the following issue:

- CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1647-1
Released:    Tue Apr 28 20:02:59 2026
Summary:     Security update for python-requests
Type:        security
Severity:    moderate
References:  1260589,CVE-2026-25645
This update for python-requests fixes the following issues:

- CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and
  reuses target files that already exist without validation (bsc#1260589).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1715-1
Released:    Wed May  6 14:09:30 2026
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100
This update for python3 fixes the following issues:

- CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to
  misinterpretation of tar archives (bsc#1259611).
- CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969).
- CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be
  processed (bsc#1261970).
- CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989).
- CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass
  (bsc#1259734).
- CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735).
- CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser
  command line option injection (bsc#1260026).
- CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection
  (bsc#1262319).
- CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654).
- CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is
  under memory pressure(bsc#1262098).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1807-1
Released:    Mon May 11 08:03:00 2026
Summary:     Maintenance update for Multi-Linux Manager 5.1: Server, Proxy and Retail Branch Server
Type:        recommended
Severity:    moderate
References:  1262760,1263007
Maintenance update for Multi-Linux Manager 5.1: Server, Proxy and Retail Branch Server

This is a codestream only update


The following package changes have been done:

- libncurses6-6.1-150000.5.33.1 updated
- terminfo-base-6.1-150000.5.33.1 updated
- ncurses-utils-6.1-150000.5.33.1 updated
- python3-base-3.6.15-150300.10.118.1 updated
- libpython3_6m1_0-3.6.15-150300.10.118.1 updated
- python3-3.6.15-150300.10.118.1 updated
- python311-requests-2.31.0-150400.6.21.1 updated
- python311-salt-3006.0-150700.14.18.1 updated
- salt-3006.0-150700.14.18.1 updated
- container:bci-bci-base-15.7-07d8c80b3c1b8287450453b5fb7fab24c31e32ee657f87deeb820b65120b8658-0 updated

More information about the sle-container-updates mailing list