SUSE-CU-2026:4849-1: Security update of suse/multi-linux-manager/5.1/x86_64/proxy-squid

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Mon May 11 07:21:28 UTC 2026 

SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/proxy-squid
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:4849-1
Container Tags        : suse/multi-linux-manager/5.1/x86_64/proxy-squid:5.1.3.1 , suse/multi-linux-manager/5.1/x86_64/proxy-squid:5.1.3.1.8.19.1 , suse/multi-linux-manager/5.1/x86_64/proxy-squid:latest
Container Release     : 8.19.1
Severity              : important
Type                  : security
References            : 1259611 1259734 1259735 1259924 1259989 1260026 1261969 1261970
                        1262098 1262319 1262654 CVE-2025-13462 CVE-2025-69720 CVE-2026-1502
                        CVE-2026-3446 CVE-2026-3479 CVE-2026-3644 CVE-2026-4224 CVE-2026-4519
                        CVE-2026-4786 CVE-2026-6019 CVE-2026-6100 
-----------------------------------------------------------------

The container suse/multi-linux-manager/5.1/x86_64/proxy-squid was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1510-1
Released:    Tue Apr 21 08:28:12 2026
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1259924,CVE-2025-69720
This update for ncurses fixes the following issue:

- CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1715-1
Released:    Wed May  6 14:09:30 2026
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100
This update for python3 fixes the following issues:

- CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to
  misinterpretation of tar archives (bsc#1259611).
- CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969).
- CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be
  processed (bsc#1261970).
- CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989).
- CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass
  (bsc#1259734).
- CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735).
- CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser
  command line option injection (bsc#1260026).
- CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection
  (bsc#1262319).
- CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654).
- CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is
  under memory pressure(bsc#1262098).


The following package changes have been done:

- libncurses6-6.1-150000.5.33.1 updated
- terminfo-base-6.1-150000.5.33.1 updated
- libpython3_6m1_0-3.6.15-150300.10.118.1 updated
- python3-base-3.6.15-150300.10.118.1 updated
- python3-3.6.15-150300.10.118.1 updated
- container:bci-bci-base-15.7-07d8c80b3c1b8287450453b5fb7fab24c31e32ee657f87deeb820b65120b8658-0 updated

More information about the sle-container-updates mailing list