SUSE-CU-2026:5307-1: Security update of suse/sles/16.0/toolbox

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu May 28 08:48:59 UTC 2026 

SUSE Container Update Advisory: suse/sles/16.0/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:5307-1
Container Tags        : suse/sles/16.0/toolbox:16.3 , suse/sles/16.0/toolbox:16.3-1.68 , suse/sles/16.0/toolbox:latest
Container Release     : 1.68
Severity              : important
Type                  : security
References            : 1261206 1261280 1261639 1262223 1262464 1262465 CVE-2026-34743
                        CVE-2026-4046 CVE-2026-41035 CVE-2026-5450 CVE-2026-5928 
-----------------------------------------------------------------

The container suse/sles/16.0/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 708
Released:    Wed May  6 12:44:56 2026
Summary:     Recommended update for libselinux
Type:        recommended
Severity:    moderate
References:  1261639,1262223,CVE-2026-41035
This update for libselinux fixes the following issues:

- Backport commit 'libselinux: retain LIFO order for path substitutions' (bsc#1261639)
    * otherwise we can not add equivalencies that overload each other in the policy
    * libselinux: retain LIFO order for path substitutions

-----------------------------------------------------------------
Advisory ID: 761
Released:    Mon May 18 07:38:10 2026
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1261206,1262464,1262465,CVE-2026-4046,CVE-2026-5450,CVE-2026-5928
This update for glibc fixes the following issues

- CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261206).
- CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width > 1024 (bsc#1262465).
- CVE-2026-5928: libio: ungetwc could be used to leak data on special conditions (bsc#1262464).

-----------------------------------------------------------------
Advisory ID: 803
Released:    Tue May 26 14:14:16 2026
Summary:     Security update for xz
Type:        security
Severity:    important
References:  1261280,CVE-2026-34743
This update for xz fixes the following issue

- CVE-2026-34743: buffer overflow in lzma_index_append() (bsc#1261280).


The following package changes have been done:

- container-suseconnect-2.5.6-160000.2.2 updated
- glibc-locale-base-2.40-160000.5.1 updated
- glibc-locale-2.40-160000.5.1 updated
- glibc-2.40-160000.5.1 updated
- liblzma5-5.8.1-160000.3.1 updated
- libselinux1-3.8.1-160000.3.1 updated
- xz-5.8.1-160000.3.1 updated

More information about the sle-container-updates mailing list