SUSE-IU-2026:2265-1: Security update of suse/sl-micro/6.0/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Apr 14 15:46:01 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:2265-1
Image Tags        : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.162 , suse/sl-micro/6.0/baremetal-os-container:latest
Image Release     : 6.162
Severity          : important
Type              : security
References        : 1240385 1244933 1246602 1257235 1258229 1259051 1259985 1261191
                        1261271 CVE-2025-53906 CVE-2026-24401 CVE-2026-26269 CVE-2026-28417
                        CVE-2026-33412 CVE-2026-34714 CVE-2026-34982 
-----------------------------------------------------------------

The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 417
Released:    Wed Aug 13 13:30:36 2025
Summary:     Recommended update for python-azure-agent
Type:        recommended
Severity:    important
References:  1240385,1244933,1246602,1258229,1259051,CVE-2025-53906,CVE-2026-26269,CVE-2026-28417
This update for python-azure-agent fixes the following issues:

- Set AutoUpdate.UpdateToLatestVersion=n in /etc/waagent.conf (bsc#1244933)
- Fix %suse_version conditional in spec file so package is built
  using python2 in SLE 12 (bsc#1240385)
- Compensate for missing Python RPM macros in older distros

-----------------------------------------------------------------
Advisory ID: 665
Released:    Tue Apr 14 09:55:35 2026
Summary:     Security update for vim
Type:        security
Severity:    important
References:  1259985,1261191,1261271,CVE-2026-33412,CVE-2026-34714,CVE-2026-34982
This update for vim fixes the following issues:

- Update to 9.2.0280
- CVE-2026-33412: command injection via newline in glob() (bsc#1259985).
- CVE-2026-34714: crafted file can allow code execution (bsc#1261191).
- CVE-2026-34982: Vim modeline bypass via various options (bsc#1261271).

-----------------------------------------------------------------
Advisory ID: 667
Released:    Tue Apr 14 10:01:54 2026
Summary:     Security update for avahi
Type:        security
Severity:    moderate
References:  1257235,CVE-2026-24401
This update for avahi fixes the following issues:

- CVE-2026-24401: Fix unsolicited mDNS response containing a recursive CNAME record. (bsc#1257235)


The following package changes have been done:

- SL-Micro-release-6.0-25.85 updated
- libavahi-common3-0.8-8.1 updated
- vim-data-common-9.2.0280-1.1 updated
- libavahi-core7-0.8-8.1 updated
- libavahi-client3-0.8-8.1 updated
- vim-small-9.2.0280-1.1 updated
- avahi-0.8-8.1 updated
- container:SL-Micro-base-container-2.1.3-7.129 updated

More information about the sle-container-updates mailing list