SUSE-IU-2026:28-1: Security update of suse/sl-micro/6.2/kvm-os-container
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Jan 9 08:28:13 UTC 2026
SUSE Image Update Advisory: suse/sl-micro/6.2/kvm-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:28-1
Image Tags : suse/sl-micro/6.2/kvm-os-container:2.3.0 , suse/sl-micro/6.2/kvm-os-container:2.3.0-6.22 , suse/sl-micro/6.2/kvm-os-container:latest
Image Release : 6.22
Severity : important
Type : security
References : 1216320 1229122 1229339 1233313 1233593 1233594 1233773 1234959
1236045 1236046 1236801 1237096 1238572 1238848 1240550 1245636
1245738 1245953 1246231 1247242 1249088 1249385 1252930 1252931
1252932 1252933 1252934 1252935 CVE-2024-10524 CVE-2024-11595
CVE-2024-11596 CVE-2024-21820 CVE-2024-21853 CVE-2024-23918 CVE-2024-23984
CVE-2024-24968 CVE-2024-31068 CVE-2024-36293 CVE-2024-37020 CVE-2024-39355
CVE-2024-45336 CVE-2024-45341 CVE-2024-56738 CVE-2025-22866 CVE-2025-22870
CVE-2025-22871 CVE-2025-54770 CVE-2025-54771 CVE-2025-61661 CVE-2025-61662
CVE-2025-61663 CVE-2025-61664
-----------------------------------------------------------------
The container suse/sl-micro/6.2/kvm-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 26
Released: Fri Mar 28 14:56:24 2025
Summary: Security update for ucode-intel
Type: security
Severity: important
References: 1229339,1233313,1237096,1238848,CVE-2024-21820,CVE-2024-21853,CVE-2024-23918,CVE-2024-23984,CVE-2024-24968,CVE-2024-31068,CVE-2024-36293,CVE-2024-37020,CVE-2024-39355
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20250211 release (bsc#1237096)
- Security updates for INTEL-SA-01166
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01166.html
* CVE-2024-31068: Improper Finite State Machines (FSMs) in Hardware
Logic for some Intel Processors may allow privileged user to
potentially enable denial of service via local access.
- Security updates for INTEL-SA-01213
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01213.html
* CVE-2024-36293: A potential security vulnerability in some Intel
Software Guard Extensions (Intel SGX) Platforms may allow denial
of service. Intel is releasing microcode updates to mitigate this
potential vulnerability.
- Security updates for INTEL-SA-01139
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01139.html
* not clear which CVEs are fixed here, and which are in UEFI BIOS updates.
- Security updates for INTEL-SA-01228
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01228.html
* CVE-2024-39355: A potential security vulnerability in some
13th and 14th Generation Intel Core Processors may allow denial
of service. Intel is releasing microcode and UEFI reference code
updates to mitigate this potential vulnerability.
- Security updates for INTEL-SA-01194
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01194.html
* CVE-2024-37020: A potential security vulnerability in the Intel
Data Streaming Accelerator (Intel DSA) for some Intel Xeon Processors
may allow denial of service. Intel is releasing software updates to
mitigate this potential vulnerability.
- Update for functional issues.
Refer to Intel Core Ultra Processor https://cdrdv2.intel.com/v1/dl/getContent/792254 for details.
- Refer to 13th/14th Generation Intel Core Processor Specification Update
https://cdrdv2.intel.com/v1/dl/getContent/740518 for details.
- Refer to 12th Generation Intel Core Processor Family
https://cdrdv2.intel.com/v1/dl/getContent/682436 for details.
- Refer to 11th Gen Intel Core Processor Specification Update
https://cdrdv2.intel.com/v1/dl/getContent/631123 for details.
- Refer to 8th and 9th Generation Intel Core Processor Family Spec
Update https://cdrdv2.intel.com/v1/dl/getContent/337346 for details.
- Refer to 5th Gen Intel Xeon Scalable Processors Specification Update
https://cdrdv2.intel.com/v1/dl/getContent/793902 for details.
- Refer to 4th Gen Intel Xeon Scalable Processors Specification Update
https://cdrdv2.intel.com/v1/dl/getContent/772415 for details.
- Refer to 3rd Generation Intel Xeon Processor Scalable Family
Specification Update https://cdrdv2.intel.com/v1/dl/getContent/637780
for details.
- Refer to Intel Xeon D-2700 Processor Specification Update
https://cdrdv2.intel.com/v1/dl/getContent/714071 for details.
- Refer to Intel Xeon E-2300 Processor Specification Update
https://cdrdv2.intel.com/v1/dl/getContent/709192 for details.
- Refer to Intel Xeon 6700-Series Processor Specification Update
https://cdrdv2.intel.com/v1/dl/getContent/820922 for details.
- Refer to Intel Processors and Intel Core i3 N-Series
https://cdrdv2.intel.com/v1/dl/getContent/764616 for details
### New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SRF-SP | C0 | 06-af-03/01 | | 03000330 | Xeon 6700-Series Processors
### Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000037 | 00000038 | Core Gen12
| ADL | H0 | 06-97-05/07 | 00000037 | 00000038 | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000435 | 00000436 | Core Gen12
| ADL | R0 | 06-9a-04/80 | 00000435 | 00000436 | Core Gen12
| ADL-N | N0 | 06-be-00/19 | 0000001a | 0000001c | Core i3-N305/N300, N50/N97/N100/N200,
Atom x7211E/x7213E/x7425E
| AZB | A0/R0 | 06-9a-04/40 | 00000007 | 00000009 | Intel(R) Atom(R) C1100
| CFL-H | R0 | 06-9e-0d/22 | 00000100 | 00000102 | Core Gen9 Mobile
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f8 | 000000fa | Core Gen8 Desktop, Mobile,
Xeon E
| EMR-SP | A0 | 06-cf-01/87 | 21000283 | 21000291 | Xeon Scalable Gen5
| EMR-SP | A1 | 06-cf-02/87 | 21000283 | 21000291 | Xeon Scalable Gen5
| ICL-D | B0 | 06-6c-01/10 | 010002b0 | 010002c0 | Xeon D-17xx, D-27xx
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | 0d0003f5 | Xeon Scalable Gen3
| RPL-E/HX/S | B0 | 06-b7-01/32 | 0000012b | 0000012c | Core Gen13/Gen14
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004123 | 00004124 | Core Gen13
| RPL-HX/S | C0 | 06-bf-02/07 | 00000037 | 00000038 | Core Gen13/Gen14
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004123 | 00004124 | Core Gen13
| RPL-S | H0 | 06-bf-05/07 | 00000037 | 00000038 | Core Gen13/Gen14
| RKL-S | B0 | 06-a7-01/02 | 00000062 | 00000063 | Core Gen11
| SPR-HBM | Bx | 06-8f-08/10 | 2c000390 | 2c0003e0 | Xeon Max
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000603 | 2b000620 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000603 | 2b000620 | Xeon Scalable Gen4
| TWL | N0 | 06-be-00/19 | 0000001a | 0000001c | Core i3-N305/N300, N50/N97/N100/N200,
Atom x7211E/x7213E/x7425E
### New Disclosures Updated in Prior Releases
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9
- Intel CPU Microcode was updated to the 20241112 release (bsc#1233313)
- CVE-2024-21853: Faulty finite state machines (FSMs) in the hardware
logic in some 4th and 5th Generation Intel Xeon Processors may allow
an authorized user to potentially enable denial of service via local
access. Security updates for
[INTEL-SA-01101](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01101.html)
- CVE-2024-23918: Improper conditions check in some Intel
Xeon processor memory controller configurations when using
Intel SGX may allow a privileged user to potentially enable
escalation of privilege via local access. Security updates for
[INTEL-SA-01079](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html)
- CVE-2024-21820: Incorrect default permissions in some Intel
Xeon processor memory controller configurations when using
Intel SGX may allow a privileged user to potentially enable
escalation of privilege via local access. Security updates for
[INTEL-SA-01079](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html)
- CVE-2024-24968: Improper finite state machines (FSMs)
in hardware logic in some Intel Processors may allow
an privileged user to potentially enable a denial of
service via local access. Updated security updates for
[INTEL-SA-01097](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01097.html)
- CVE-2024-23984: Observable discrepancy in RAPL interface for some
Intel Processors may allow a privileged user to potentially enable
information disclosure via local access Updated security updates for
[INTEL-SA-01103](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01103.html)
- Update for functional issues.
- Refer to [Intel Core Ultra Processor](https://cdrdv2.intel.com/v1/dl/getContent/792254) for details.
- Refer to [14th/13th Generation Intel Core Processor Specification
Update](https://cdrdv2.intel.com/v1/dl/getContent/740518) for details.
- Refer to [12th Generation Intel Core Processor
Family](https://cdrdv2.intel.com/v1/dl/getContent/682436) for details.
- Refer to [5th Gen Intel Xeon Scalable Processors Specification
Update](https://cdrdv2.intel.com/v1/dl/getContent/793902) for details.
- Refer to [4th Gen Intel Xeon Scalable Processors Specification
Update](https://cdrdv2.intel.com/v1/dl/getContent/772415) for details.
- Refer to [3rd Generation Intel Xeon Processor Scalable Family
Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)
for details.
- Refer to [Intel Xeon D-2700 Processor Specification
Update](https://cdrdv2.intel.com/v1/dl/getContent/714071) for details.
- Refer to [Intel Xeon D-1700 and D-1800 Processor Family Specification
Update](https://cdrdv2.intel.com/v1/dl/getContent/714069) for details
New Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000036 | 00000037 | Core Gen12
| ADL | H0 | 06-97-05/07 | 00000036 | 00000037 | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000434 | 00000435 | Core Gen12
| ADL | R0 | 06-9a-04/80 | 00000434 | 00000435 | Core Gen12
| EMR-SP | A0 | 06-cf-01/87 | 21000230 | 21000283 | Xeon Scalable Gen5
| EMR-SP | A1 | 06-cf-02/87 | 21000230 | 21000283 | Xeon Scalable Gen5
| MTL | C0 | 06-aa-04/e6 | 0000001f | 00000020 | Coreâ„¢ Ultra Processor
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004122 | 00004123 | Core Gen13
| RPL-HX/S | C0 | 06-bf-02/07 | 00000036 | 00000037 | Core Gen13/Gen14
| RPL-S | H0 | 06-bf-05/07 | 00000036 | 00000037 | Core Gen13/Gen14
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004122 | 00004123 | Core Gen13
| SPR-SP | E3 | 06-8f-06/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
New Disclosures Updated in Prior Releases:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ICL-D | B0 | 06-6c-01/10 | 010002b0 | N/A | Xeon D-17xx/D-18xx,
D-27xx/D-28xx
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | N/A | Xeon Scalable Gen3
- Intel CPU Microcode was updated to the 20241029 release
Update for functional issues. Refer to [14th/13th
Generation Intel Core Processor Specification
Update](https://cdrdv2.intel.com/v1/dl/getContent/740518) for details.
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| RPL-E/HX/S | B0 | 06-b7-01/32 | 00000129 | 0000012b | Core Gen13/Gen14
-----------------------------------------------------------------
Advisory ID: 106
Released: Tue May 13 10:45:13 2025
Summary: Security update for go1.23-openssl
Type: security
Severity: moderate
References: 1216320,1229122,1234959,1236045,1236046,1236801,1238572,1240550,1245636,1245738,1245953,1246231,1247242,1249088,1249385,1252930,1252931,1252932,1252933,1252934,1252935,CVE-2024-45336,CVE-2024-45341,CVE-2024-56738,CVE-2025-22866,CVE-2025-22870,CVE-2025-22871,CVE-2025-54770,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664
This update for go1.23-openssl fixes the following issues:
Update to version 1.23.9 cut from the go1.23-fips-release
branch at the revision tagged go1.23.9-0-openssl-fips.
* Rebase to 1.23.9
go1.23.9 (released 2025-05-06) includes fixes to the runtime and
the linker.
* go#73091 cmd/link: linkname directive on userspace variable can override runtime variable
* go#73380 runtime, x/sys/unix: Connectx is broken on darwin/amd64
Update to version 1.23.8 cut from the go1.23-fips-release
branch at the revision tagged go1.23.8-1-openssl-fips.
* Rebase to 1.23.8
go1.23.8 (released 2025-04-01) includes security fixes to the
net/http package, as well as bug fixes to the runtime and the go
command. (bsc#1229122)
CVE-2025-22871:
* go#72010 go#71988 bsc#1240550 security: fix CVE-2025-22871 net/http: reject bare LF in chunked encoding
* go#72114 runtime: process hangs for mips hardware
* go#72871 runtime: cgo callback on extra M treated as external code after nested cgo callback returns
* go#72937 internal/godebugs: winsymlink and winreadlinkvolume have incorrect defaults for Go 1.22
Update to version 1.23.6 cut from the go1.23-fips-release
branch at the revision tagged go1.23.7-1-openssl-fips.
* Rebase to 1.23.7
go1.23.7 (released 2025-03-04) includes security fixes to the
net/http package, as well as bug fixes to cgo, the compiler, and
the reflect, runtime, and syscall packages. (bsc#1229122)
CVE-2025-22870:
* go#71985 go#71984 bsc#1238572 security: fix CVE-2025-22870 net/http, x/net/proxy, x/net/http/httpproxy: proxy bypass using IPv6 zone IDs
* go#71727 runtime: usleep computes wrong tv_nsec on s390x
* go#71839 runtime: recover added in range-over-func loop body doesn't stop panic propagation / segfaults printing error
* go#71848 os: spurious SIGCHILD on running child process
* go#71875 reflect: Value.Seq panicking on functional iterator methods
* go#71915 reflect: Value.Seq iteration value types not matching the type of given int types
* go#71962 runtime/cgo: does not build with -Wdeclaration-after-statement
Update to version 1.23.6 cut from the go1.23-fips-release
branch at the revision tagged go1.23.6-1-openssl-fips.
* Rebase to 1.23.6 (#267)
* Allow fetching from a fork of the Go repo
go1.23.6 (released 2025-02-04) includes security fixes to the
crypto/elliptic package, as well as bug fixes to the compiler and
the go command.
CVE-2025-22866:
* go#71423 go#71383 bsc#1236801 security: fix CVE-2025-22866 crypto/internal/fips140/nistec: p256NegCond is variable time on ppc64le
* go#71263 cmd/go/internal/modfetch/codehost: test fails with git 2.47.1
* go#71230 cmd/compile: broken write barrier
go1.23.5 (released 2025-01-16) includes security fixes to the
crypto/x509 and net/http packages, as well as bug fixes to the
compiler, the runtime, and the net package.
CVE-2024-45341 CVE-2024-45336:
* go#71208 go#71156 bsc#1236045 security: fix CVE-2024-45341 crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints
* go#71211 go#70530 bsc#1236046 security: fix CVE-2024-45336 net/http: sensitive headers incorrectly sent after cross-domain redirect
* go#69988 runtime: severe performance drop for cgo calls in go1.22.5
* go#70517 cmd/compile/internal/importer: flip enable alias to true
* go#70789 os: io.Copy(net.Conn, os.Stdin) on MacOS terminate immediately without waiting for input
* go#71104 crypto/tls: TestVerifyConnection/TLSv12 failures
* go#71147 internal/trace: TestTraceCPUProfile/Stress failures
Update to version 1.23.4 cut from the go1.23-fips-release
branch at the revision tagged go1.23.4-1-openssl-fips.
* Update to Go 1.23.4 (#250)
-----------------------------------------------------------------
Advisory ID: 109
Released: Thu May 15 11:36:36 2025
Summary: Security update for wget
Type: security
Severity: moderate
References: 1233593,1233594,1233773,CVE-2024-10524,CVE-2024-11595,CVE-2024-11596
This update for wget fixes the following issues:
- CVE-2024-10524: Drop support for shorthand URLs (bsc#1233773).
The following package changes have been done:
- file-magic-5.46-160000.2.2 added
- libtextstyle0-0.22.5-160000.2.2 added
- libtasn1-6-4.20.0-160000.3.2 added
- liblz1-1.15-160000.2.2 added
- libfuse3-3-3.16.2-160000.2.2 added
- envsubst-0.22.5-160000.2.2 added
- pigz-2.8-160000.2.2 added
- libpng16-16-1.6.44-160000.2.2 added
- liblastlog2-2-2.41.1-160000.2.2 added
- perl-base-5.42.0-160000.2.2 added
- libmagic1-5.46-160000.2.2 added
- libdw1-0.192-160000.2.2 added
- file-5.46-160000.2.2 added
- libfreetype6-2.13.3-160000.3.1 added
- zstd-1.5.7-160000.2.2 added
- gettext-runtime-0.22.5-160000.2.2 added
- cpio-2.15-160000.2.2 added
- libasm1-0.192-160000.2.2 added
- grub2-common-2.12-160000.3.1 added
- elfutils-0.192-160000.2.2 added
- grub2-i386-pc-2.12-160000.3.1 added
- grub2-2.12-160000.3.1 added
- util-linux-systemd-2.41.1-160000.2.2 added
- dracut-059+suse.700.g40f7c5c4-160000.1.1 added
- elemental-toolkit-2.3.1-160000.1.1 updated
- elemental-updater-2.3.0-160000.1.1 updated
- squashfs-4.6.1-160000.2.2 added
- elemental-2.3.0-160000.1.1 updated
More information about the sle-container-updates
mailing list