SUSE-IU-2026:2119-1: Security update of suse/sl-micro/6.1/base-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Apr 10 07:27:20 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:2119-1
Image Tags        : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.112 , suse/sl-micro/6.1/base-os-container:latest
Image Release     : 5.112
Severity          : important
Type              : security
References        : 1243581 1248410 1248678 1248687 1258637 1260078 1260082 1260754
                        1260755 1260871 142461 544339 CVE-2025-46836 CVE-2026-26996 CVE-2026-33416
                        CVE-2026-33636 CVE-2026-34352 CVE-2026-4437 CVE-2026-4438 
-----------------------------------------------------------------

The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 479
Released:    Thu Apr  9 12:48:50 2026
Summary:     Security update for libpng16
Type:        security
Severity:    important
References:  1248678,1260754,1260755,1260871,CVE-2026-33416,CVE-2026-33636,CVE-2026-34352
This update for libpng16 fixes the following issues:

- CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code
  execution (bsc#1260754).
- CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and
  crashes (bsc#1260755).

-----------------------------------------------------------------
Advisory ID: 478
Released:    Thu Apr  9 13:38:10 2026
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1243581,1248410,1248687,1258637,1260078,1260082,142461,544339,CVE-2025-46836,CVE-2026-26996,CVE-2026-4437,CVE-2026-4438
This update for glibc fixes the following issues:

- CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078).
- CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082).


The following package changes have been done:

- glibc-2.38-slfo.1.1_7.1 updated
- libpng16-16-1.6.43-slfo.1.1_4.1 updated
- SL-Micro-release-6.1-slfo.1.12.28 updated
- glibc-locale-base-2.38-slfo.1.1_7.1 updated
- container:suse-toolbox-image-1.0.0-5.38 updated

More information about the sle-container-updates mailing list