SUSE-IU-2026:1171-1: Security update of suse/sl-micro/6.0/base-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Feb 27 08:06:55 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:1171-1
Image Tags        : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.96 , suse/sl-micro/6.0/base-os-container:latest
Image Release     : 7.96
Severity          : important
Type              : security
References        : 1246965 1256525 1256526 1256766 1256822 1257005 1257364 1257365
                        1258020 CVE-2025-15281 CVE-2025-28162 CVE-2025-28164 CVE-2025-8058
                        CVE-2026-0861 CVE-2026-0915 CVE-2026-22695 CVE-2026-22801 CVE-2026-25646
-----------------------------------------------------------------

The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 593
Released:    Thu Feb 26 11:51:48 2026
Summary:     Security update for libpng16
Type:        security
Severity:    important
References:  1256525,1256526,1257364,1257365,1258020,CVE-2025-28162,CVE-2025-28164,CVE-2026-22695,CVE-2026-22801,CVE-2026-25646
This update for libpng16 fixes the following issues:

- CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364).
- CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365).
- CVE-2026-22695: heap buffer over-read in png_image_finish_read (bsc#1256525).
- CVE-2026-22801: integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526).
- CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020).

-----------------------------------------------------------------
Advisory ID: 597
Released:    Thu Feb 26 12:33:53 2026
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1246965,1256766,1256822,1257005,CVE-2025-15281,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915
This update for glibc fixes the following issues:

- CVE-2026-0861: inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766).
- CVE-2026-0915: uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822).
- CVE-2025-15281: uninitialized memory may cause the process abort (bsc#1257005).
- CVE-2025-8058: a malloc failure in regcomp function can lead to a double free (bsc#1246965).



The following package changes have been done:

- glibc-2.38-11.1 updated
- libpng16-16-1.6.43-3.1 updated
- SL-Micro-release-6.0-25.70 updated
- glibc-locale-base-2.38-11.1 updated
- container:suse-toolbox-image-1.0.0-9.68 updated

More information about the sle-container-updates mailing list