SUSE alert openSUSE-SU-2026:20834-1 (apptainer)

From:
             
 
null@suse.de
To:
             
 
security-announce@lists.opensuse.org
Subject:
             
 
openSUSE-SU-2026:20834-1: important: Security update for apptainer
Date:
             
 
Fri, 29 May 2026 17:51:22 +0200
Message-ID:
             
 
<20260529155122.7351AFCEE@maintenance.suse.de>
Archive-link:
             
 
Article
openSUSE security update: security update for apptainer
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20834-1
Rating: important
References:

  * bsc#1257432
  * bsc#1265844
  * bsc#1266202



Cross-References:

  * CVE-2024-45310
  * CVE-2026-33814
  * CVE-2026-39827
  * CVE-2026-39828
  * CVE-2026-39829
  * CVE-2026-39830
  * CVE-2026-39831
  * CVE-2026-39832
  * CVE-2026-39833
  * CVE-2026-39834
  * CVE-2026-39835
  * CVE-2026-42508
  * CVE-2026-46595
  * CVE-2026-46597
  * CVE-2026-46598



CVSS scores:

  * CVE-2024-45310 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
  * CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  * CVE-2026-39828 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
  * CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-39829 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-39830 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  * CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
  * CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
  * CVE-2026-39832 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
  * CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  * CVE-2026-39833 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
  * CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-39835 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  * CVE-2026-42508 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
  * CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  * CVE-2026-46595 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
  * CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-46597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-46598 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

         openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 15 vulnerabilities and has 3 bug fixes can now be installed.

Description:

This update for apptainer fixes the following issues:

Changes in apptainer:

- Fix CVE-2026-39827, CVE-2026-39834, CVE-2026-39828, CVE-2026-39829,
  CVE-2026-39831, CVE-2026-42508, CVE-2026-39833, CVE-2026-39830,
  CVE-2026-39832, CVE-2026-46597, CVE-2026-46598, CVE-2026-46595,
  CVE-2026-39835 (bsc#1266202)
  Update golang.org/x/crypto to v0.52.0

- Fix  CVE-2026-33814 GO-2026-4918 (bsc#1265844)
  Update golang.org/x/net to version v0.53.0
- Integrate vulnchecker into %check stage (optional).

- Sync with Factory version which also fixes CVE-2024-45310
  tracked in bsc#1257432
- Readded SLE-15SP6.def as it was removed from Factory


Patch instructions:

   To install this openSUSE security update use the suse recommended installation methods
   like YaST online_update or "zypper patch".
   Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

   zypper in -t patch openSUSE-Leap-16.0-packagehub-273=1

Package List:

- openSUSE Leap 16.0:

  apptainer-1.4.5-bp160.2.1
  apptainer-leap-1.4.5-bp160.2.1

References:

  * https://www.suse.com/security/cve/CVE-2024-45310.html
  * https://www.suse.com/security/cve/CVE-2026-33814.html
  * https://www.suse.com/security/cve/CVE-2026-39827.html
  * https://www.suse.com/security/cve/CVE-2026-39828.html
  * https://www.suse.com/security/cve/CVE-2026-39829.html
  * https://www.suse.com/security/cve/CVE-2026-39830.html
  * https://www.suse.com/security/cve/CVE-2026-39831.html
  * https://www.suse.com/security/cve/CVE-2026-39832.html
  * https://www.suse.com/security/cve/CVE-2026-39833.html
  * https://www.suse.com/security/cve/CVE-2026-39834.html
  * https://www.suse.com/security/cve/CVE-2026-39835.html
  * https://www.suse.com/security/cve/CVE-2026-42508.html
  * https://www.suse.com/security/cve/CVE-2026-46595.html
  * https://www.suse.com/security/cve/CVE-2026-46597.html
  * https://www.suse.com/security/cve/CVE-2026-46598.html