SUSE-CU-2026:3985-1: Security update of suse/sl-micro/6.0/toolbox

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Apr 14 15:57:04 UTC 2026 

SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:3985-1
Container Tags        : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.95 , suse/sl-micro/6.0/toolbox:latest
Container Release     : 9.95
Severity              : important
Type                  : security
References            : 1240385 1244933 1246602 1258229 1259051 1259985 1261191 1261271
                        CVE-2025-53906 CVE-2026-26269 CVE-2026-28417 CVE-2026-33412 CVE-2026-34714
                        CVE-2026-34982 
-----------------------------------------------------------------

The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 417
Released:    Wed Aug 13 13:30:36 2025
Summary:     Recommended update for python-azure-agent
Type:        recommended
Severity:    important
References:  1240385,1244933,1246602,1258229,1259051,CVE-2025-53906,CVE-2026-26269,CVE-2026-28417
This update for python-azure-agent fixes the following issues:

- Set AutoUpdate.UpdateToLatestVersion=n in /etc/waagent.conf (bsc#1244933)
- Fix %suse_version conditional in spec file so package is built
  using python2 in SLE 12 (bsc#1240385)
- Compensate for missing Python RPM macros in older distros

-----------------------------------------------------------------
Advisory ID: 665
Released:    Tue Apr 14 09:55:35 2026
Summary:     Security update for vim
Type:        security
Severity:    important
References:  1259985,1261191,1261271,CVE-2026-33412,CVE-2026-34714,CVE-2026-34982
This update for vim fixes the following issues:

- Update to 9.2.0280
- CVE-2026-33412: command injection via newline in glob() (bsc#1259985).
- CVE-2026-34714: crafted file can allow code execution (bsc#1261191).
- CVE-2026-34982: Vim modeline bypass via various options (bsc#1261271).


The following package changes have been done:

- SL-Micro-release-6.0-25.85 updated
- skelcd-EULA-SL-Micro-2024.01.19-8.84 updated
- vim-data-common-9.2.0280-1.1 updated
- vim-9.2.0280-1.1 updated

More information about the sle-container-updates mailing list