SUSE-CU-2026:4855-1: Security update of suse/multi-linux-manager/5.1/x86_64/server-migration-14-16
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Mon May 11 07:22:00 UTC 2026
SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/server-migration-14-16
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:4855-1
Container Tags : suse/multi-linux-manager/5.1/x86_64/server-migration-14-16:5.1.3.1 , suse/multi-linux-manager/5.1/x86_64/server-migration-14-16:5.1.3.1.8.19.1 , suse/multi-linux-manager/5.1/x86_64/server-migration-14-16:latest
Container Release : 8.19.1
Severity : important
Type : security
References : 1259611 1259734 1259735 1259924 1259989 1260026 1261969 1261970
1262098 1262319 1262654 CVE-2025-13462 CVE-2025-69720 CVE-2026-1502
CVE-2026-3446 CVE-2026-3479 CVE-2026-3644 CVE-2026-4224 CVE-2026-4519
CVE-2026-4786 CVE-2026-6019 CVE-2026-6100
-----------------------------------------------------------------
The container suse/multi-linux-manager/5.1/x86_64/server-migration-14-16 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1510-1
Released: Tue Apr 21 08:28:12 2026
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1259924,CVE-2025-69720
This update for ncurses fixes the following issue:
- CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1715-1
Released: Wed May 6 14:09:30 2026
Summary: Security update for python3
Type: security
Severity: important
References: 1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100
This update for python3 fixes the following issues:
- CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to
misinterpretation of tar archives (bsc#1259611).
- CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969).
- CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be
processed (bsc#1261970).
- CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989).
- CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass
(bsc#1259734).
- CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735).
- CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser
command line option injection (bsc#1260026).
- CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection
(bsc#1262319).
- CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654).
- CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is
under memory pressure(bsc#1262098).
The following package changes have been done:
- libncurses6-6.1-150000.5.33.1 updated
- terminfo-base-6.1-150000.5.33.1 updated
- libpython3_6m1_0-3.6.15-150300.10.118.1 updated
- python3-base-3.6.15-150300.10.118.1 updated
- container:bci-bci-base-15.7-07d8c80b3c1b8287450453b5fb7fab24c31e32ee657f87deeb820b65120b8658-0 updated
More information about the sle-container-updates
mailing list