SUSE-IU-2026:2417-1: Security update of suse/sl-micro/6.2/baremetal-os-container
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Apr 23 07:15:54 UTC 2026
SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:2417-1
Image Tags : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-7.128 , suse/sl-micro/6.2/baremetal-os-container:latest
Image Release : 7.128
Severity : important
Type : security
References : 1257922 1261420 CVE-2026-25727 CVE-2026-35535
-----------------------------------------------------------------
The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 616
Released: Wed Apr 22 11:56:41 2026
Summary: Security update for sudo
Type: security
Severity: important
References: 1261420,CVE-2026-35535
This update for sudo fixes the following issues:
- CVE-2026-35535: unhandled failure of `setuid`, `setgid` or `setgroups` calls during a mailer privilege drop allows
for local privilege escalation (bsc#1261420).
-----------------------------------------------------------------
Advisory ID: 622
Released: Wed Apr 22 12:52:20 2026
Summary: Security update for librsvg
Type: security
Severity: important
References: 1257922,CVE-2026-25727
This update for librsvg fixes the following issue:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257922).
The following package changes have been done:
- sudo-1.9.17p1-160000.3.1 updated
- librsvg-2-2-2.60.2-160000.2.1 updated
- gdk-pixbuf-loader-rsvg-2.60.2-160000.2.1 updated
More information about the sle-container-updates
mailing list