SUSE-CU-2026:5203-1: Security update of private-registry/harbor-trivy-adapter

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed May 27 07:05:10 UTC 2026 

SUSE Container Update Advisory: private-registry/harbor-trivy-adapter
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:5203-1
Container Tags        : private-registry/harbor-trivy-adapter:1.1.3 , private-registry/harbor-trivy-adapter:1.1.3-2.43 , private-registry/harbor-trivy-adapter:latest
Container Release     : 2.43
Severity              : important
Type                  : security
References            : 1265648 1266075 CVE-2026-33814 CVE-2026-39827 CVE-2026-39828
                        CVE-2026-39829 CVE-2026-39830 CVE-2026-39831 CVE-2026-39832 CVE-2026-39833
                        CVE-2026-39834 CVE-2026-39835 CVE-2026-42508 CVE-2026-46595 CVE-2026-46597
                        CVE-2026-46598 
-----------------------------------------------------------------

The container private-registry/harbor-trivy-adapter was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2062-1
Released:    Tue May 26 09:10:10 2026
Summary:     Security update for trivy
Type:        security
Severity:    important
References:  1265648,1266075,CVE-2026-33814,CVE-2026-39827,CVE-2026-39828,CVE-2026-39829,CVE-2026-39830,CVE-2026-39831,CVE-2026-39832,CVE-2026-39833,CVE-2026-39834,CVE-2026-39835,CVE-2026-42508,CVE-2026-46595,CVE-2026-46597,CVE-2026-46598
This update for trivy fixes the following issues

- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
  (bsc#1265648).
- CVE-2026-39827,CVE-2026-39828,CVE-2026-39829,CVE-2026-39830,CVE-2026-39831,CVE-2026-39832,CVE-2026-39833,
  CVE-2026-39834,CVE-2026-39835,CVE-2026-42508,CVE-2026-46595,CVE-2026-46597,CVE-2026-46598:golang.org/x/crypto/ssh: 
  multiple issues (bsc#1266075).


The following package changes have been done:

- trivy-0.70.0-150000.1.18.1 updated
- container:suse-sle15-15.7-dd6e31fdb1b3d21114b79fd21438499999a459ab644022b296cd1a48555a5072-0 updated

More information about the sle-container-updates mailing list