SUSE-CU-2026:4580-1: Security update of suse/sl-micro/6.0/toolbox

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Apr 29 07:18:57 UTC 2026 

SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:4580-1
Container Tags        : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.103 , suse/sl-micro/6.0/toolbox:latest
Container Release     : 9.103
Severity              : important
Type                  : security
References            : 1256399 1256418 1259985 1261191 1261271 1261833 1261970 CVE-2026-0716
                        CVE-2026-0719 CVE-2026-33412 CVE-2026-3446 CVE-2026-34714 CVE-2026-34982
                        CVE-2026-39881 
-----------------------------------------------------------------

The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 563
Released:    Fri Jan 16 13:54:13 2026
Summary:     Security update for libsoup
Type:        security
Severity:    important
References:  1256399,1256418,1259985,1261191,1261271,CVE-2026-0716,CVE-2026-0719,CVE-2026-33412,CVE-2026-34714,CVE-2026-34982
This update for libsoup fixes the following issues:

- CVE-2026-0716: Fixed out-of-bounds read for websocket (bsc#1256418).
- CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399).

-----------------------------------------------------------------
Advisory ID: 691
Released:    Tue Apr 28 16:32:34 2026
Summary:     Security update for vim
Type:        security
Severity:    moderate
References:  1261833,CVE-2026-39881
This update for vim fixes the following issue:

Update to version 9.2.0398.

Security issues fixed:

- CVE-2026-39881: missing sanitization in `defineAnnoType` and `specialKeys` can lead to arbitrary Ex command injection
  via a malicious NetBeans server (bsc#1261833).

-----------------------------------------------------------------
Advisory ID: 690
Released:    Tue Apr 28 17:06:45 2026
Summary:     Security update for python311
Type:        security
Severity:    moderate
References:  1261970,CVE-2026-3446
This update for python311 fixes the following issue:

- CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be
  processed (bsc#1261970).


The following package changes have been done:

- SL-Micro-release-6.0-25.91 updated
- libpython3_11-1_0-3.11.15-4.1 updated
- python311-base-3.11.15-4.1 updated
- skelcd-EULA-SL-Micro-2024.01.19-8.90 updated
- vim-data-common-9.2.0398-1.1 updated
- vim-9.2.0398-1.1 updated

More information about the sle-container-updates mailing list