SUSE-IU-2026:3449-1: Security update of sles-15-sp5-chost-byos-v20260518-arm64

[sle-container-updates at lists.suse.com]

SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20260518-arm64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:3449-1
Image Tags        : sles-15-sp5-chost-byos-v20260518-arm64:20260518
Image Release     : 
Severity          : important
Type              : security
References        : 1261606 1263366 1263367 1264013 1264066 1264449 1264450 1265209
                        1265308 CVE-2025-54518 CVE-2025-54518 CVE-2026-27456 CVE-2026-40355
                        CVE-2026-40356 CVE-2026-43284 CVE-2026-43500 CVE-2026-46300 CVE-2026-46333
-----------------------------------------------------------------

The container sles-15-sp5-chost-byos-v20260518-arm64 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1814-1
Released:    Mon May 11 17:16:51 2026
Summary:     Recommended update for suse-build-key
Type:        recommended
Severity:    moderate
References:  
This update for suse-build-key fixes the following issues:

- Import all keys if they are not yet in the RPM db.
- Added post quantum cryptographic keys for SLES 15 and SLES 16:
    * build-pqc-15.pem
    * build-pqc-16.pem
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1816-1
Released:    Tue May 12 09:56:32 2026
Summary:     Security update for krb5
Type:        security
Severity:    moderate
References:  1263366,1263367,CVE-2026-40355,CVE-2026-40356
This update for krb5 fixes the following issues

- CVE-2026-40355: Denial of Service via NULL pointer dereference in NegoEx mechanism (bsc#1263366).
- CVE-2026-40356: Denial of Service via integer underflow and out-of-bounds read (bsc#1263367).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1907-1
Released:    Sun May 17 19:12:35 2026
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1264013,1264449,1264450,1265209,1265308,CVE-2025-54518,CVE-2026-43284,CVE-2026-43500,CVE-2026-46300,CVE-2026-46333

The SUSE Linux Enterprise 15 SP5 kernel was updated to fix the following issue:

Security issues fixed:
    
- CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449).
- CVE-2026-43500: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present (bsc#1264450).
- CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache (bsc#1264013).
- CVE-2026-46300: net: skbuff: propagate shared-frag marker through pskb_copy() (bsc#1265209).
- CVE-2026-46333: Fixed logic bug in the Linux kernel's __ptrace_may_access() function (bsc#1265308).

Other issues fixed:

- io-wq: check that the predecessor is hashed in io_wq_remove_pending() (git-fixes).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1933-1
Released:    Mon May 18 09:38:05 2026
Summary:     Security update for xen
Type:        security
Severity:    moderate
References:  1264066,CVE-2025-54518
This update for xen fixes the following issue

- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264066).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1962-1
Released:    Mon May 18 10:07:58 2026
Summary:     Security update for util-linux
Type:        security
Severity:    moderate
References:  1261606,CVE-2026-27456
This update for util-linux fixes the following issue

- CVE-2026-27456: TOCTOU in the mount program when setting up loop devices (bsc#1261606).


The following package changes have been done:

- kernel-default-5.14.21-150500.55.163.1 updated
- krb5-1.20.1-150500.3.20.1 updated
- libblkid1-2.37.4-150500.9.29.1 updated
- libfdisk1-2.37.4-150500.9.29.1 updated
- libmount1-2.37.4-150500.9.29.1 updated
- libsmartcols1-2.37.4-150500.9.29.1 updated
- libuuid1-2.37.4-150500.9.29.1 updated
- suse-build-key-12.0-150000.8.64.1 updated
- util-linux-systemd-2.37.4-150500.9.29.1 updated
- util-linux-2.37.4-150500.9.29.1 updated
- xen-libs-4.17.6_10-150500.3.68.1 updated