SUSE-IU-2026:1022-1: Security update of suse/sl-micro/6.1/kvm-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Feb 17 14:09:59 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:1022-1
Image Tags        : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.80 , suse/sl-micro/6.1/kvm-os-container:latest
Image Release     : 5.80
Severity          : important
Type              : security
References        : 1243767 1245169 1254297 1254662 1254878 1257049 1257144 1257353
                        1257354 1257355 1257496 391434 CVE-2025-13601 CVE-2025-14087
                        CVE-2025-14512 CVE-2025-5278 CVE-2026-0988 CVE-2026-1484 CVE-2026-1485
                        CVE-2026-1489 CVE-2026-24515 CVE-2026-25210 
-----------------------------------------------------------------

The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 410
Released:    Tue Feb 17 10:33:51 2026
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1245169,1257144,1257496,391434,CVE-2026-24515,CVE-2026-25210
This update for expat fixes the following issues:

- CVE-2026-24515: failure to copy the encoding handler data passed to XML_SetUnknownEncodingHandler may cause a NULL
  dereference (bsc#1257144).
- CVE-2026-25210: lack of buffer size check can lead to an integer overflow (bsc#1257496).

-----------------------------------------------------------------
Advisory ID: 405
Released:    Tue Feb 17 10:46:35 2026
Summary:     Security update for glib2
Type:        security
Severity:    important
References:  1243767,1254297,1254662,1254878,1257049,1257353,1257354,1257355,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512,CVE-2025-5278,CVE-2026-0988,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489
This update for glib2 fixes the following issues:

- CVE-2025-13601: Fixed integer overflow in in g_escape_uri_string() (bsc#1254297).
- CVE-2025-14087: Fixed buffer underflow in GVariant parser leads to heap corruption (bsc#1254662).
- CVE-2025-14512: Fixed integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow (bsc#1254878).
- CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354).
- CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355).
- CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353).
- CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049).


The following package changes have been done:

- libexpat1-2.7.1-slfo.1.1_4.1 updated
- SL-Micro-release-6.1-slfo.1.12.10 updated
- libglib-2_0-0-2.78.6-slfo.1.1_6.1 updated
- libgobject-2_0-0-2.78.6-slfo.1.1_6.1 updated
- libgmodule-2_0-0-2.78.6-slfo.1.1_6.1 updated
- libgio-2_0-0-2.78.6-slfo.1.1_6.1 updated
- glib2-tools-2.78.6-slfo.1.1_6.1 updated
- container:SL-Micro-base-container-2.2.1-5.78 updated

More information about the sle-container-updates mailing list