Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

openSUSE Leap 16.0 docker-stable Important Threats Fix 2026-21205-1

opensuse
Calendar Grey July 3, 2026
Dist Opensuse Esm H88
This update for openSUSE addresses critical issues in docker-stable, enhancing security against multiple vulnerabilities.
An update that solves 6 vulnerabilities and has 6 bug fixes can now be installed.

Description

This update for docker-stable fixes the following issues

- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-

header (bsc#1260279).

- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE

(bsc#1265782).

- CVE-2026-33997: moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation

(bsc#1265907).

- CVE-2026-34040: Authz zero length regression (bsc#1265929).

- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation

bypass and privilege escalation (bsc#1266625).

- CVE-2026-41567: arbitrary code execution with full daemon privileges when a user uploads a compressed archive into

that container (bsc#1267827).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

docker-stable-24.0.9_ce-160000.6.1

docker-stable-bash-completion-24.0.9_ce-160000.6.1

docker-stable-buildx-0.25.0-160000.6.1

docker-stable-fish-completion-24.0.9_ce-160000.6.1

docker-stable-rootless-extras-24.0.9_ce-160000.6.1

docker-stable-zsh-completion-24.0.9_ce-160000.6.1

References

* bsc#1260279

* bsc#1265782

* bsc#1265907

* bsc#1265929

* bsc#1266625

* bsc#1267827

References:

* https://www.suse.com/security/cve/CVE-2026-33186.html

* https://www.suse.com/security/cve/CVE-2026-33814.html

* https://www.suse.com/security/cve/CVE-2026-33997.html

* https://www.suse.com/security/cve/CVE-2026-34040.html

* https://www.suse.com/security/cve/CVE-2026-39821.html

* https://www.suse.com/security/cve/CVE-2026-41567.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21205-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here