SUSE-IU-2026:2643-1: Recommended update of suse/sl-micro/6.1/base-os-container
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Apr 29 07:22:14 UTC 2026
SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:2643-1
Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.123 , suse/sl-micro/6.1/base-os-container:latest
Image Release : 5.123
Severity : moderate
Type : recommended
References : 1236834 1243503 1247106 1247108 1247581 1247582 1248117 1248330
1250413 1252441 1935995 1964722 2009552 2019224 2019357 2023207
2023209 2026089 2026156 2026311 2027345 2027365 2027378 2028001
2029323 2029425 2029462 2029752 2030135 2033783 2034185 CVE-2023-52356
CVE-2024-13978 CVE-2024-7006 CVE-2025-59438 CVE-2025-8176 CVE-2025-8177
CVE-2025-8534 CVE-2025-8961 CVE-2025-9165 CVE-2025-9900
-----------------------------------------------------------------
The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 514
Released: Tue Apr 28 16:55:34 2026
Summary: Recommended update for mozilla-nss
Type: recommended
Severity: moderate
References: 1236834,1243503,1247106,1247108,1247581,1247582,1248117,1248330,1250413,1252441,1935995,1964722,2009552,2019224,2019357,2023207,2023209,2026089,2026156,2026311,2027345,2027365,2027378,2028001,2029323,2029425,2029462,2029752,2030135,2033783,2034185,CVE-2023-52356,CVE-2024-13978,CVE-2024-7006,CVE-2025-59438,CVE-2025-8176,CVE-2025-8177,CVE-2025-8534,CVE-2025-8961,CVE-2025-9165,CVE-2025-9900
This update for mozilla-nss fixes the following issues:
Update to NSS 3.112.5:
* reject DTLS 1.3 Server Hello after HVR without capping ss->vrange.max.
* update to version 2.84 of builtins module.
- Added 'Suggests: p11-kit-nss-trust' to favor over mozilla-nss-certs
(Jira:jsc#PED-15633)
Update to NSS 3.112.4:
* improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey.
* Improving the allocation of S/MIME DecryptSymKey.
* store email on subject cache_entry in NSS trust domain.
* Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation.
* Improve size calculations in CMS content buffering.
* avoid integer overflow while escaping RFC822 Names.
* Reject excessively large ASN.1 SEQUENCE OF in quickder.
* Deep copy profile data in CERT_FindSMimeProfile.
* Improve input validation in DSAU signature decoding.
* avoid integer overflow in RSA_EMSAEncodePSS.
* RSA_EMSAEncodePSS should validate the length of mHash.
* Add a maximum cert uncompressed len and tests.
* Clarify extension negotiation mechanism for TLS Handshakes.
* ensure permittedSubtrees don't match wildcards that could be outside the permitted tree.
* Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag.
* Remove invalid PORT_Free().
* free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed.
* make ss->ssl3.hs.cookie an owned-copy of the cookie.
Update to NSS 3.112.3:
* avoid integer overflow in platform-independent ghash
The following package changes have been done:
- SL-Micro-release-6.1-slfo.1.12.35 updated
- libfreebl3-3.112.5-slfo.1.1_1.1 updated
- mozilla-nss-certs-3.112.5-slfo.1.1_1.1 updated
- mozilla-nss-3.112.5-slfo.1.1_1.1 updated
- libsoftokn3-3.112.5-slfo.1.1_1.1 updated
- container:suse-toolbox-image-1.0.0-5.47 updated
More information about the sle-container-updates
mailing list