SUSE-CU-2026:1011-1: Security update of suse/sl-micro/6.0/toolbox

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Feb 17 08:13:00 UTC 2026 

SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:1011-1
Container Tags        : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.67 , suse/sl-micro/6.0/toolbox:latest
Container Release     : 9.67
Severity              : important
Type                  : security
References            : 1256389 1257049 1257353 1257354 1257355 1257396 CVE-2026-0988
                        CVE-2026-1484 CVE-2026-1485 CVE-2026-1489 CVE-2026-24882 
-----------------------------------------------------------------

The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 582
Released:    Mon Feb 16 15:21:49 2026
Summary:     Security update for gpg2
Type:        security
Severity:    important
References:  1256389,1257396,CVE-2026-24882
This update for gpg2 fixes the following issues:

- CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys (bsc#1257396).
- gpg.fail/filename: GnuPG Accepts Path Separators and Path Traversals in Literal Data 'Filename' Field (bsc#1256389).

-----------------------------------------------------------------
Advisory ID: 579
Released:    Mon Feb 16 15:25:53 2026
Summary:     Security update for glib2
Type:        security
Severity:    important
References:  1257049,1257353,1257354,1257355,CVE-2026-0988,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489
This update for glib2 fixes the following issues:

- CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354).
- CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355).
- CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353).
- CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049).


The following package changes have been done:

- SL-Micro-release-6.0-25.69 updated
- gpg2-2.4.4-7.1 updated
- libglib-2_0-0-2.76.2-12.1 updated
- libgmodule-2_0-0-2.76.2-12.1 updated
- skelcd-EULA-SL-Micro-2024.01.19-8.68 updated

More information about the sle-container-updates mailing list