SUSE-IU-2026:1076-1: Security update of suse/sl-micro/6.2/kvm-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Feb 20 08:13:09 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.2/kvm-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:1076-1
Image Tags        : suse/sl-micro/6.2/kvm-os-container:2.3.0 , suse/sl-micro/6.2/kvm-os-container:2.3.0-7.40 , suse/sl-micro/6.2/kvm-os-container:latest
Image Release     : 7.40
Severity          : moderate
Type              : security
References        : 1035807 1036457 1079600 1198823 1198830 1198832 1229952 1230029
                        1242623 1243861 1247193 1248006 1257029 1257031 1257042 1257046
                        1257181 867620 CVE-2014-2240 CVE-2014-2241 CVE-2017-8105 CVE-2017-8287
                        CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2024-12224 CVE-2024-43806
                        CVE-2024-58266 CVE-2025-11468 CVE-2025-15282 CVE-2025-3416 CVE-2025-55159
                        CVE-2026-0672 CVE-2026-0865 CVE-2026-1299 
-----------------------------------------------------------------

The container suse/sl-micro/6.2/kvm-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 300
Released:    Tue Oct 14 15:21:02 2025
Summary:     Security update for rust-keylime
Type:        security
Severity:    moderate
References:  1035807,1036457,1079600,1198823,1198830,1198832,1229952,1230029,1242623,1243861,1247193,1248006,1257029,1257031,1257042,1257046,1257181,867620,CVE-2014-2240,CVE-2014-2241,CVE-2017-8105,CVE-2017-8287,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406,CVE-2024-12224,CVE-2024-43806,CVE-2024-58266,CVE-2025-11468,CVE-2025-15282,CVE-2025-3416,CVE-2025-55159,CVE-2026-0672,CVE-2026-0865,CVE-2026-1299
This update for rust-keylime fixes the following issues:

- CVE-2025-55159: slab: incorrect bounds check in get_disjoint_mut function can lead to undefined behavior or potential crash due to out-of-bounds access (bsc#1248006)
- CVE-2025-3416: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623)
- CVE-2024-58266: shlex: certain bytes allowed to appear unquoted and unescaped in command arguments (bsc#1247193)
- CVE-2024-43806: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952)
- CVE-2024-12224: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861)

- RUSTSEC-2024-0006: Multiple issues involving quote API (bsc#1230029)


The following package changes have been done:

- python313-base-3.13.12-160000.1.1 updated
- libpython3_13-1_0-3.13.12-160000.1.1 updated
- container:suse-sl-micro-6.2-base-os-container-latest-3063a8cdf424b3beb7decd31d39243799a8bceeee71a160c818b4572ceee85a3-0 updated

More information about the sle-container-updates mailing list