SUSE-IU-2026:2082-1: Security update of suse/sl-micro/6.1/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Apr 8 07:17:03 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:2082-1
Image Tags        : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.86 , suse/sl-micro/6.1/baremetal-os-container:latest
Image Release     : 7.86
Severity          : important
Type              : security
References        : 1230267 1237375 1246912 1247594 1247735 1248373 1249013 1250343
                        1255024 1255725 1257904 1258236 1259438 1259548 1259704 1259711
                        1259726 1259729 1260859 CVE-2025-54882 CVE-2025-58160 CVE-2026-25727
                        CVE-2026-31979 CVE-2026-32776 CVE-2026-32777 CVE-2026-32778 CVE-2026-4897
-----------------------------------------------------------------

The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 471
Released:    Tue Apr  7 13:08:58 2026
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1247594,1247735,1248373,1249013,1257904,1258236,1259548,1259711,1259726,1259729,CVE-2025-54882,CVE-2025-58160,CVE-2026-25727,CVE-2026-31979,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778
This update for expat fixes the following issues:

- CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity
  declaration value (bsc#1259726).
- CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711).
- CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729).

-----------------------------------------------------------------
Advisory ID: 472
Released:    Tue Apr  7 13:36:42 2026
Summary:     Security update for polkit
Type:        security
Severity:    moderate
References:  1230267,1237375,1246912,1250343,1255024,1255725,1259438,1259704,1260859,CVE-2026-4897
This update for polkit fixes the following issue:

- CVE-2026-4897: Fixed possible OOM condition via specially crafted input to `polkit-agent-helper-1` (bsc#1260859).


The following package changes have been done:

- libexpat1-2.7.1-slfo.1.1_5.1 updated
- SL-Micro-release-6.1-slfo.1.12.26 updated
- libpolkit-gobject-1-0-121-slfo.1.1_3.1 updated
- libpolkit-agent-1-0-121-slfo.1.1_3.1 updated
- polkit-121-slfo.1.1_3.1 updated
- container:SL-Micro-base-container-2.2.1-5.110 updated

More information about the sle-container-updates mailing list