SUSE-IU-2026:2095-1: Security update of suse/sl-micro/6.2/kvm-os-container
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Apr 8 07:32:30 UTC 2026
SUSE Image Update Advisory: suse/sl-micro/6.2/kvm-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:2095-1
Image Tags : suse/sl-micro/6.2/kvm-os-container:2.3.0 , suse/sl-micro/6.2/kvm-os-container:2.3.0-7.79 , suse/sl-micro/6.2/kvm-os-container:latest
Image Release : 7.79
Severity : critical
Type : security
References : 1084929 1159103 1211721 1219038 1221763 1227117 1242170 1255326
1256341 1258344 1259418 1259650 1259697 1260754 1260755 CVE-2025-13151
CVE-2026-29111 CVE-2026-33416 CVE-2026-33636 CVE-2026-4105
-----------------------------------------------------------------
The container suse/sl-micro/6.2/kvm-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 480
Released: Thu Oct 2 15:27:51 2025
Summary: Recommended update for scanner-databases
Type: recommended
Severity: moderate
References: 1084929,1260754,1260755,CVE-2026-33416,CVE-2026-33636
This update for scanner-databases fixes the following issues:
- database refresh on 2025-09-25 (bsc#1084929)
-----------------------------------------------------------------
Advisory ID: 485
Released: Thu Oct 9 16:42:20 2025
Summary: Security update for aaa_base
Type: security
Severity: moderate
References: 1159103,1211721,1219038,1221763,1227117,1255326,1258344,1259418,1259650,1259697,CVE-2026-29111,CVE-2026-4105
This update for aaa_base fixes the following issues:
Update to version 84.87+git20240906.742565b:
* yama-enable-ptrace: enforce changed behavior upon installation (bsc#1221763)
* Avoid unnecessary /bin/bash dependency
* sysctl: Fixup of not setting kernel.pid_max on 32b archs (bsc#1227117)
Update to version 84.87+git20240821.fbabe1d:
* Add helper service for soft-reboot
Update to version 84.87+git20240809.5d13eb4:
* cleanup aaa_base.post and fold back into specfile
Update to version 84.87+git20240805.7513b28:
* Remove obsolete resolv+ manual page
* Remove obsolete defaultdomain.5 manual page
* Move /etc/skel to /usr/etc/skel (hermetic-usr)
* Remove obsolete refresh_initrd
* Add deprecation notice for service [jsc#PED-266]
Update to version 84.87+git20240801.75f05dd:
* sysctl: Don't set kernel.pid_max on 32b archs (bsc#1227117)
Update to version 84.87+git20240620.57ee9e1:
* Remove legacy-actions support [jsc#PED-264]
Update to version 84.87+git20240617.f5ff27f:
* add /usr/bin/nu to etc/shells for nushell
Update to version 84.87+git20240614.332933e:
* Do not save/restore cursor for foot at status line
* Add tmux and others to DIR_COLORS (Issue #116)
* Remove kernel.pid_max limit (bsc#1219038)
* Add subpackge to enable ptrace
Update to version 84.87+git20240523.10a5692:
* Add tmpfiles.d/soft-reboot-cleanup.conf
Update to version 84.87+git20240415.e6815bf:
* drop obsolete 50-default-s390.conf (bsc#1211721)
* fix typo in alljava.csh and drop stderr redirection
Update to version 84.87+git20240402.16596d1:
* add alacritty to DIR_COLORS
* Make sure tput it present before resetting TERM
* Add mc helpers for both tcsh and bash resources
* Do not overwrite escape sequences for xterm like
* Check for valid TERM
Update to version 84.87+git20240202.9526d46:
* properly shorten the variable when setting JAVA_HOME and JRE_HOME
* silence output of alljava
* Restrict ptrace with Yama LSM by default
* patch alljava.sh and alljava.csh, use the links from update alternatives
Update to version 84.87+git20231023.f347d36:
* Remove %ghost lastlog entry, lastlog is long gone
* Remove shaky safe-rm and safe-rmdir helpers (bsc#1159103)
-----------------------------------------------------------------
Advisory ID: 484
Released: Fri Nov 14 12:27:35 2025
Summary: Recommended update for rust1.90, rust
Type: recommended
Severity: critical
References: 1242170,1256341,CVE-2025-13151
This update for rust1.90, rust fixes the following issues:
- bsc#1242170 - raise gcc requirement to version 14
- resolve linker test failures
Version 1.90.0 (2025-09-18)
===========================
# Language
- Split up the `unknown_or_malformed_diagnostic_attributes` lint. This lint has been split up into four finer-grained lints, with `unknown_or_malformed_diagnostic_attributes` now being the lint group that contains these lints:
1. `unknown_diagnostic_attributes`: unknown to the current compiler
2. `misplaced_diagnostic_attributes`: placed on the wrong item
3. `malformed_diagnostic_attributes`: malformed attribute syntax or options
4. `malformed_diagnostic_format_literals`: malformed format string literal
- Allow constants whose final value has references to mutable/external memory, but reject such constants as patterns
- Allow volatile access to non-Rust memory, including address 0
# Compiler
- Use `lld` by default on `x86_64-unknown-linux-gnu`
- Tier 3 `musl` targets now link dynamically by default. Affected targets:
- `mips64-unknown-linux-muslabi64`
- `powerpc64-unknown-linux-musl`
- `powerpc-unknown-linux-musl`
- `powerpc-unknown-linux-muslspe`
- `riscv32gc-unknown-linux-musl`
- `s390x-unknown-linux-musl`
- `thumbv7neon-unknown-linux-musleabihf`
# Platform Support
- Demote `x86_64-apple-darwin` to Tier 2 with host tools
Refer to Rust's platform support page for more information on Rust's tiered platform support.
# Libraries
- Stabilize `u*::{checked,overflowing,saturating,wrapping}_sub_signed`
- Allow comparisons between `CStr`, `CString`, and `Cow<CStr>`
- Remove some unsized tuple impls since unsized tuples can't be constructed
- Set `MSG_NOSIGNAL` for `UnixStream`
- `proc_macro::Ident::new` now supports `$crate`.
- Guarantee the pointer returned from `Thread::into_raw` has at least 8 bytes of alignment
# Stabilized APIs
- `u{n}::checked_sub_signed` https://doc.rust-lang.org/stable/std/primitive.usize.html#method.checked_sub_signed
- `u{n}::overflowing_sub_signed` https://doc.rust-lang.org/stable/std/primitive.usize.html#method.overflowing_sub_signed
- `u{n}::saturating_sub_signed` https://doc.rust-lang.org/stable/std/primitive.usize.html#method.saturating_sub_signed
- `u{n}::wrapping_sub_signed` https://doc.rust-lang.org/stable/std/primitive.usize.html#method.wrapping_sub_signed
- `impl Copy for IntErrorKind` https://doc.rust-lang.org/stable/std/num/enum.IntErrorKind.html#impl-Copy-for-IntErrorKind
- `impl Hash for IntErrorKind` https://doc.rust-lang.org/stable/std/num/enum.IntErrorKind.html#impl-Hash-for-IntErrorKind
- `impl PartialEq<&CStr> for CStr` https://doc.rust-lang.org/stable/std/ffi/struct.CStr.html#impl-PartialEq%3C%26CStr%3E-for-CStr
- `impl PartialEq<CString> for CStr` https://doc.rust-lang.org/stable/std/ffi/struct.CStr.html#impl-PartialEq%3CCString%3E-for-CStr
- `impl PartialEq<Cow<CStr>> for CStr` https://doc.rust-lang.org/stable/std/ffi/struct.CStr.html#impl-PartialEq%3CCow%3C'_,+CStr%3E%3E-for-CStr
- `impl PartialEq<&CStr> for CString` https://doc.rust-lang.org/stable/std/ffi/struct.CString.html#impl-PartialEq%3C%26CStr%3E-for-CString
- `impl PartialEq<CStr> for CString` https://doc.rust-lang.org/stable/std/ffi/struct.CString.html#impl-PartialEq%3CCStr%3E-for-CString
- `impl PartialEq<Cow<CStr>> for CString` https://doc.rust-lang.org/stable/std/ffi/struct.CString.html#impl-PartialEq%3CCow%3C'_,+CStr%3E%3E-for-CString
- `impl PartialEq<&CStr> for Cow<CStr>` https://doc.rust-lang.org/stable/std/borrow/enum.Cow.html#impl-PartialEq%3C%26CStr%3E-for-Cow%3C'_,+CStr%3E
- `impl PartialEq<CStr> for Cow<CStr>` https://doc.rust-lang.org/stable/std/borrow/enum.Cow.html#impl-PartialEq%3CCStr%3E-for-Cow%3C'_,+CStr%3E
- `impl PartialEq<CString> for Cow<CStr>` https://doc.rust-lang.org/stable/std/borrow/enum.Cow.html#impl-PartialEq%3CCString%3E-for-Cow%3C'_,+CStr%3E
These previously stable APIs are now stable in const contexts:
- `<[T]>::reverse` https://doc.rust-lang.org/stable/std/primitive.slice.html#method.reverse
- `f32::floor` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.floor
- `f32::ceil` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.ceil
- `f32::trunc` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.trunc
- `f32::fract` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.fract
- `f32::round` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.round
- `f32::round_ties_even` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.round_ties_even
- `f64::floor` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.floor
- `f64::ceil` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.ceil
- `f64::trunc` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.trunc
- `f64::fract` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.fract
- `f64::round` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.round
- `f64::round_ties_even` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.round_ties_even
# Cargo
- Add `http.proxy-cainfo` config for proxy certs
- Use `gix` for `cargo package`
- feat(publish): Stabilize multi-package publishing
# Rustdoc
- Add ways to collapse all impl blocks. Previously the 'Summary' button and '-' keyboard shortcut would never collapse `impl` blocks, now they do when shift is held
- Display unsafe attributes with `unsafe()` wrappers
# Compatibility Notes
- Use `lld` by default on `x86_64-unknown-linux-gnu`
See also <https://blog.rust-lang.org/2025/09/01/rust-lld-on-1.90.0-stable/>.
- Make `core::iter::Fuse`'s `Default` impl construct `I::default()` internally as promised in the docs instead of always being empty
- Set `MSG_NOSIGNAL` for `UnixStream`
This may change program behavior but results in the same behavior as other primitives (e.g., stdout, network sockets).
Programs relying on signals to terminate them should update handling of sockets to handle errors on write by exiting.
- On Unix `std::env::home_dir` will use the fallback if the `HOME` environment variable is empty
- We now [reject unsupported `extern '{abi}'`s consistently in all positions. This primarily affects the use of implementing traits on an `extern '{abi}'` function pointer, like `extern 'stdcall' fn()`, on a platform that doesn't support that, like aarch64-unknown-linux-gnu. Direct usage of these unsupported ABI strings by declaring or defining functions was already rejected, so this is only a change for consistency.
- const-eval: error when initializing a static writes to that static
- Check that the `proc_macro_derive` macro has correct arguments when applied to the crate root
The following package changes have been done:
- libtasn1-6-4.21.0-160000.1.1 updated
- libpng16-16-1.6.44-160000.6.1 updated
- libudev1-257.13-160000.1.1 updated
- libsystemd0-257.13-160000.1.1 updated
- systemd-257.13-160000.1.1 updated
- udev-257.13-160000.1.1 updated
- container:suse-sl-micro-6.2-base-os-container-latest-1919ff431c08073e0825d98d781cf7628dcb2e8aa38a57ad17c48a521a22ea92-0 updated
More information about the sle-container-updates
mailing list