Alerts This Week
Warning Icon 1 1,213
Alerts This Week
Warning Icon 1 1,213

openSUSE Trivy Important Update Fixing 7 Issues Advisory 2026-21072-1

opensuse
Calendar Grey June 30, 2026
Dist Opensuse Esm H88
An important openSUSE update for trivy resolves 7 vulnerabilities and requires immediate action.
An update that solves 7 vulnerabilities and has 7 bug fixes can now be installed.

Description

This update for trivy fixes the following issues

Update to version 0.71.2:

- CVE-2026-44740: github.com/go-git/go-billy/v5: improper input handling in many components can lead to DoS via infinite

loops, panics or resource consumption (bsc#1267268).

- CVE-2026-46680: github.com/containerd/containerd/v2/pkg/oci: containerd user ID handling bypass allows runAsNonRoot

evasion (bsc#1268356).

- CVE-2026-47262: github.com/containerd/containerd/v2/pkg/oci: Denial of Service (DoS) condition via a maliciously

crafted image (bsc#1268440).

- CVE-2026-50195: containerd: fails to validate the image references specified within a checkpoint image's

configuration (bsc#1268399).

- CVE-2026-53488: containerd: CRI plugin propagates labels from an image config to a container without validation

(bsc#1268400).

- CVE-2026-53489: containerd: CRI plugin restores container.log from a checkpoint image without validating a symlinked

path (bsc#1268404).

- CVE-2026-53492: containerd: improperly...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service update important OpenSUSE Trivy

Patch

Package List

- openSUSE Leap 16.0:

trivy-0.71.2-160000.1.1

References

* bsc#1267268

* bsc#1268356

* bsc#1268399

* bsc#1268400

* bsc#1268403

* bsc#1268404

* bsc#1268440

References:

* https://www.suse.com/security/cve/CVE-2026-44740.html

* https://www.suse.com/security/cve/CVE-2026-46680.html

* https://www.suse.com/security/cve/CVE-2026-47262.html

* https://www.suse.com/security/cve/CVE-2026-50195.html

* https://www.suse.com/security/cve/CVE-2026-53488.html

* https://www.suse.com/security/cve/CVE-2026-53489.html

* https://www.suse.com/security/cve/CVE-2026-53492.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21072-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Topics%20covered

Topics Covered

security advisory denial of service update important OpenSUSE Trivy

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here