SUSE-IU-2026:2638-1: Security update of suse/sl-micro/6.0/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Apr 29 07:06:53 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:2638-1
Image Tags        : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.169 , suse/sl-micro/6.0/baremetal-os-container:latest
Image Release     : 6.169
Severity          : important
Type              : security
References        : 1256399 1256418 1259985 1261191 1261271 1261833 1935995 1964722
                        2009552 2019224 2019357 2023207 2023209 2026089 2026156 2026311
                        2027345 2027365 2027378 2028001 2029323 2029425 2029462 2029752
                        2030135 2033783 2034185 CVE-2026-0716 CVE-2026-0719 CVE-2026-33412
                        CVE-2026-34714 CVE-2026-34982 CVE-2026-39881 
-----------------------------------------------------------------

The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 563
Released:    Fri Jan 16 13:54:13 2026
Summary:     Security update for libsoup
Type:        security
Severity:    important
References:  1256399,1256418,1259985,1261191,1261271,CVE-2026-0716,CVE-2026-0719,CVE-2026-33412,CVE-2026-34714,CVE-2026-34982
This update for libsoup fixes the following issues:

- CVE-2026-0716: Fixed out-of-bounds read for websocket (bsc#1256418).
- CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399).

-----------------------------------------------------------------
Advisory ID: 691
Released:    Tue Apr 28 16:32:34 2026
Summary:     Security update for vim
Type:        security
Severity:    moderate
References:  1261833,CVE-2026-39881
This update for vim fixes the following issue:

Update to version 9.2.0398.

Security issues fixed:

- CVE-2026-39881: missing sanitization in `defineAnnoType` and `specialKeys` can lead to arbitrary Ex command injection
  via a malicious NetBeans server (bsc#1261833).

-----------------------------------------------------------------
Advisory ID: 692
Released:    Tue Apr 28 17:59:52 2026
Summary:     Recommended update for mozilla-nss
Type:        recommended
Severity:    moderate
References:  1935995,1964722,2009552,2019224,2019357,2023207,2023209,2026089,2026156,2026311,2027345,2027365,2027378,2028001,2029323,2029425,2029462,2029752,2030135,2033783,2034185
This update for mozilla-nss fixes the following issues:

Update to NSS 3.112.5:

  * reject DTLS 1.3 Server Hello after HVR without capping ss->vrange.max.
  * update to version 2.84 of builtins module.

- Added 'Suggests: p11-kit-nss-trust' to favor over mozilla-nss-certs
    (Jira:jsc#PED-15633)

Update to NSS 3.112.4:

  * improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey.
  * Improving the allocation of S/MIME DecryptSymKey.
  * store email on subject cache_entry in NSS trust domain.
  * Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation.
  * Improve size calculations in CMS content buffering.
  * avoid integer overflow while escaping RFC822 Names.
  * Reject excessively large ASN.1 SEQUENCE OF in quickder.
  * Deep copy profile data in CERT_FindSMimeProfile.
  * Improve input validation in DSAU signature decoding.
  * avoid integer overflow in RSA_EMSAEncodePSS.
  * RSA_EMSAEncodePSS should validate the length of mHash.
  * Add a maximum cert uncompressed len and tests.
  * Clarify extension negotiation mechanism for TLS Handshakes.
  * ensure permittedSubtrees don't match wildcards that could be outside the permitted tree.
  * Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag.
  * Remove invalid PORT_Free().
  * free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed.
  * make ss->ssl3.hs.cookie an owned-copy of the cookie. 

Update to NSS 3.112.3:

  * avoid integer overflow in platform-independent ghash



The following package changes have been done:

- SL-Micro-release-6.0-25.91 updated
- libfreebl3-3.112.5-1.1 updated
- mozilla-nss-certs-3.112.5-1.1 updated
- mozilla-nss-3.112.5-1.1 updated
- libsoftokn3-3.112.5-1.1 updated
- vim-data-common-9.2.0398-1.1 updated
- vim-small-9.2.0398-1.1 updated
- container:SL-Micro-base-container-2.1.3-7.137 updated

More information about the sle-container-updates mailing list