SUSE-IU-2025:1490-1: Security update of suse/sl-micro/6.1/base-os-container
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Jun 4 07:05:57 UTC 2025
SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:1490-1
Image Tags : suse/sl-micro/6.1/base-os-container:2.2.0 , suse/sl-micro/6.1/base-os-container:2.2.0-4.44 , suse/sl-micro/6.1/base-os-container:latest
Image Release : 4.44
Severity : important
Type : security
References : 1238700 1239335 CVE-2025-22869 CVE-2025-22870
-----------------------------------------------------------------
The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 130
Released: Tue Jun 3 11:03:45 2025
Summary: Security update for elemental-toolkit
Type: security
Severity: important
References: 1238700,1239335,CVE-2025-22869,CVE-2025-22870
This update for elemental-toolkit fixes the following issues:
- Updated to v2.2.3:
* Adapted .golangci.yml format to a new version
* Simplified podman calls in CI steup
* Switched GHA runners to Ubuntu 24.04
* Updated year in headers
* Vendored go.mod libraries
* CVE-2025-22870: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238700)
* CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239335)
The following package changes have been done:
- SL-Micro-release-6.1-slfo.1.11.34 updated
- elemental-toolkit-2.2.3-slfo.1.1_1.1 updated
- container:suse-toolbox-image-1.0.0-4.37 updated
More information about the sle-container-updates
mailing list