SUSE-IU-2026:24-1: Security update of suse/sl-micro/6.2/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Jan 9 08:23:14 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:24-1
Image Tags        : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-6.23 , suse/sl-micro/6.2/baremetal-os-container:latest
Image Release     : 6.23
Severity          : moderate
Type              : security
References        : 1216320 1229122 1234959 1236045 1236046 1236801 1238572 1240550
                        1245636 1245738 1245953 1246231 1247242 1249088 1249385 1252930
                        1252931 1252932 1252933 1252934 1252935 CVE-2024-45336 CVE-2024-45341
                        CVE-2024-56738 CVE-2025-22866 CVE-2025-22870 CVE-2025-22871 CVE-2025-54770
                        CVE-2025-54771 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664
-----------------------------------------------------------------

The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 106
Released:    Tue May 13 10:45:13 2025
Summary:     Security update for go1.23-openssl
Type:        security
Severity:    moderate
References:  1216320,1229122,1234959,1236045,1236046,1236801,1238572,1240550,1245636,1245738,1245953,1246231,1247242,1249088,1249385,1252930,1252931,1252932,1252933,1252934,1252935,CVE-2024-45336,CVE-2024-45341,CVE-2024-56738,CVE-2025-22866,CVE-2025-22870,CVE-2025-22871,CVE-2025-54770,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664
This update for go1.23-openssl fixes the following issues:

Update to version 1.23.9 cut from the go1.23-fips-release
branch at the revision tagged go1.23.9-0-openssl-fips.

* Rebase to 1.23.9

go1.23.9 (released 2025-05-06) includes fixes to the runtime and
the linker.

* go#73091 cmd/link: linkname directive on userspace variable can override runtime variable
* go#73380 runtime, x/sys/unix: Connectx is broken on darwin/amd64

Update to version 1.23.8 cut from the go1.23-fips-release
branch at the revision tagged go1.23.8-1-openssl-fips.

* Rebase to 1.23.8

go1.23.8 (released 2025-04-01) includes security fixes to the
net/http package, as well as bug fixes to the runtime and the go
command.  (bsc#1229122)

CVE-2025-22871:

  * go#72010 go#71988 bsc#1240550 security: fix CVE-2025-22871 net/http: reject bare LF in chunked encoding
  * go#72114 runtime: process hangs for mips hardware
  * go#72871 runtime: cgo callback on extra M treated as external code after nested cgo callback returns
  * go#72937 internal/godebugs: winsymlink and winreadlinkvolume have incorrect defaults for Go 1.22

Update to version 1.23.6 cut from the go1.23-fips-release
branch at the revision tagged go1.23.7-1-openssl-fips.

* Rebase to 1.23.7

go1.23.7 (released 2025-03-04) includes security fixes to the
net/http package, as well as bug fixes to cgo, the compiler, and
the reflect, runtime, and syscall packages. (bsc#1229122)

CVE-2025-22870:

  * go#71985 go#71984 bsc#1238572 security: fix CVE-2025-22870 net/http, x/net/proxy, x/net/http/httpproxy: proxy bypass using IPv6 zone IDs
  * go#71727 runtime: usleep computes wrong tv_nsec on s390x
  * go#71839 runtime: recover added in range-over-func loop body doesn't stop panic propagation / segfaults printing error
  * go#71848 os: spurious SIGCHILD on running child process
  * go#71875 reflect: Value.Seq panicking on functional iterator methods
  * go#71915 reflect: Value.Seq iteration value types not matching the type of given int types
  * go#71962 runtime/cgo: does not build with -Wdeclaration-after-statement

Update to version 1.23.6 cut from the go1.23-fips-release
branch at the revision tagged go1.23.6-1-openssl-fips.

* Rebase to 1.23.6 (#267)
* Allow fetching from a fork of the Go repo

go1.23.6 (released 2025-02-04) includes security fixes to the
crypto/elliptic package, as well as bug fixes to the compiler and
the go command.

CVE-2025-22866:

  * go#71423 go#71383 bsc#1236801 security: fix CVE-2025-22866 crypto/internal/fips140/nistec: p256NegCond is variable time on ppc64le
  * go#71263 cmd/go/internal/modfetch/codehost: test fails with git 2.47.1
  * go#71230 cmd/compile: broken write barrier

go1.23.5 (released 2025-01-16) includes security fixes to the
crypto/x509 and net/http packages, as well as bug fixes to the
compiler, the runtime, and the net package.

CVE-2024-45341 CVE-2024-45336:

  * go#71208 go#71156 bsc#1236045 security: fix CVE-2024-45341 crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints
  * go#71211 go#70530 bsc#1236046 security: fix CVE-2024-45336 net/http: sensitive headers incorrectly sent after cross-domain redirect
  * go#69988 runtime: severe performance drop for cgo calls in go1.22.5
  * go#70517 cmd/compile/internal/importer: flip enable alias to true
  * go#70789 os: io.Copy(net.Conn, os.Stdin) on MacOS terminate immediately without waiting for input
  * go#71104 crypto/tls: TestVerifyConnection/TLSv12 failures
  * go#71147 internal/trace: TestTraceCPUProfile/Stress failures

Update to version 1.23.4 cut from the go1.23-fips-release
branch at the revision tagged go1.23.4-1-openssl-fips.

* Update to Go 1.23.4 (#250)



The following package changes have been done:

- libtextstyle0-0.22.5-160000.2.2 added
- envsubst-0.22.5-160000.2.2 added
- gettext-runtime-0.22.5-160000.2.2 added
- grub2-common-2.12-160000.3.1 added
- grub2-i386-pc-2.12-160000.3.1 added
- grub2-2.12-160000.3.1 added
- squashfs-4.6.1-160000.2.2 added
- elemental-2.3.0-160000.1.1 updated
- elemental-updater-2.3.0-160000.1.1 updated
- elemental-toolkit-2.3.1-160000.1.1 updated

More information about the sle-container-updates mailing list