SUSE-CU-2026:5137-1: Security update of private-registry/1.2/harbor-portal

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue May 26 07:14:06 UTC 2026 

SUSE Container Update Advisory: private-registry/1.2/harbor-portal
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:5137-1
Container Tags        : private-registry/1.2/harbor-portal:1.2.0 , private-registry/1.2/harbor-portal:1.2.0-1.22 , private-registry/1.2/harbor-portal:latest
Container Release     : 1.22
Severity              : important
Type                  : security
References            : 1260415 1260420 1261280 1265229 1265231 1265232 1265233 CVE-2026-27651
                        CVE-2026-32647 CVE-2026-34743 CVE-2026-40701 CVE-2026-42934 CVE-2026-42945
                        CVE-2026-42946 
-----------------------------------------------------------------

The container private-registry/1.2/harbor-portal was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2050-1
Released:    Mon May 25 15:58:36 2026
Summary:     Security update for nginx
Type:        security
Severity:    important
References:  1260415,1260420,1265229,1265231,1265232,1265233,CVE-2026-27651,CVE-2026-32647,CVE-2026-40701,CVE-2026-42934,CVE-2026-42945,CVE-2026-42946
This update for nginx fixes the following issues

- CVE-2026-27651: denial of service via undisclosed requests when the `ngx_mail_auth_http_module` is enabled
  (bsc#1260415).
- CVE-2026-32647: NGINX worker memory over-read or over-write via a specially crafted MP4 file (bsc#1260420).
- CVE-2026-40701: heap use-after-free in the worker process when the `ssl_verify_client` and the `ssl_ocsp` directives
  are set due to issue in the `ngx_http_ssl_module` module (bsc#1265229).
- CVE-2026-42934: heap buffer overread in the worker process due to issue in the `ngx_http_charset_module` module
  (bsc#1265231).
- CVE-2026-42945: heap buffer overflow via crafted HTTP requests due to issue in `ngx_http_rewrite_module`
  (bsc#1265232).
- CVE-2026-42946: excessive memory allocation and data overread due to issue in the `ngx_http_scgi_module` and
  `ngx_http_uwsgi_module` modules (bsc#1265233).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2051-1
Released:    Mon May 25 15:59:43 2026
Summary:     Security update for xz
Type:        security
Severity:    important
References:  1261280,CVE-2026-34743
This update for xz fixes the following issue

- CVE-2026-34743: buffer overflow in lzma_index_append() (bsc#1261280).


The following package changes have been done:

- liblzma5-5.4.1-150600.3.6.1 updated
- system-user-harbor-2.15.1-150700.1.3 updated
- nginx-1.21.5-150600.10.18.1 updated
- harbor-portal-2.15.1-150700.1.3 updated
- container:suse-sle15-15.7-6f0e3e3e1bb76a3be2066d46ef45a4b584c39125f00a7d07b5760f7fe19c80bc-0 updated

More information about the sle-container-updates mailing list