SUSE-IU-2026:2640-1: Recommended update of suse/sl-micro/6.0/kvm-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Apr 29 07:10:41 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:2640-1
Image Tags        : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.153 , suse/sl-micro/6.0/kvm-os-container:latest
Image Release     : 6.153
Severity          : moderate
Type              : recommended
References        : 1935995 1964722 2009552 2019224 2019357 2023207 2023209 2026089
                        2026156 2026311 2027345 2027365 2027378 2028001 2029323 2029425
                        2029462 2029752 2030135 2033783 2034185 
-----------------------------------------------------------------

The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 692
Released:    Tue Apr 28 17:59:52 2026
Summary:     Recommended update for mozilla-nss
Type:        recommended
Severity:    moderate
References:  1935995,1964722,2009552,2019224,2019357,2023207,2023209,2026089,2026156,2026311,2027345,2027365,2027378,2028001,2029323,2029425,2029462,2029752,2030135,2033783,2034185
This update for mozilla-nss fixes the following issues:

Update to NSS 3.112.5:

  * reject DTLS 1.3 Server Hello after HVR without capping ss->vrange.max.
  * update to version 2.84 of builtins module.

- Added 'Suggests: p11-kit-nss-trust' to favor over mozilla-nss-certs
    (Jira:jsc#PED-15633)

Update to NSS 3.112.4:

  * improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey.
  * Improving the allocation of S/MIME DecryptSymKey.
  * store email on subject cache_entry in NSS trust domain.
  * Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation.
  * Improve size calculations in CMS content buffering.
  * avoid integer overflow while escaping RFC822 Names.
  * Reject excessively large ASN.1 SEQUENCE OF in quickder.
  * Deep copy profile data in CERT_FindSMimeProfile.
  * Improve input validation in DSAU signature decoding.
  * avoid integer overflow in RSA_EMSAEncodePSS.
  * RSA_EMSAEncodePSS should validate the length of mHash.
  * Add a maximum cert uncompressed len and tests.
  * Clarify extension negotiation mechanism for TLS Handshakes.
  * ensure permittedSubtrees don't match wildcards that could be outside the permitted tree.
  * Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag.
  * Remove invalid PORT_Free().
  * free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed.
  * make ss->ssl3.hs.cookie an owned-copy of the cookie. 

Update to NSS 3.112.3:

  * avoid integer overflow in platform-independent ghash



The following package changes have been done:

- SL-Micro-release-6.0-25.91 updated
- libfreebl3-3.112.5-1.1 updated
- mozilla-nss-certs-3.112.5-1.1 updated
- mozilla-nss-3.112.5-1.1 updated
- libsoftokn3-3.112.5-1.1 updated
- container:SL-Micro-base-container-2.1.3-7.137 updated

More information about the sle-container-updates mailing list