SUSE-CU-2026:178-1: Security update of suse/sl-micro/6.0/toolbox

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Jan 13 08:11:24 UTC 2026 

SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:178-1
Container Tags        : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.56 , suse/sl-micro/6.0/toolbox:latest
Container Release     : 9.56
Severity              : important
Type                  : security
References            : 1254297 1254400 1254401 1254662 1254878 1254997 1255731 1255732
                        1255733 1255734 CVE-2025-12084 CVE-2025-13601 CVE-2025-13836
                        CVE-2025-13837 CVE-2025-14087 CVE-2025-14512 CVE-2025-14524 CVE-2025-14819
                        CVE-2025-15079 CVE-2025-15224 
-----------------------------------------------------------------

The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 546
Released:    Thu Jan  8 16:18:54 2026
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1255731,1255732,1255733,1255734,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224
This update for curl fixes the following issues:

- CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
- CVE-2025-14819: libssh global knownhost override (bsc#1255732).
- CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733).
- CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).

-----------------------------------------------------------------
Advisory ID: 550
Released:    Thu Jan  8 17:00:18 2026
Summary:     Security update for glib2
Type:        security
Severity:    important
References:  1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512
This update for glib2 fixes the following issues:

- CVE-2025-13601: Fixed Integer overflow in in g_escape_uri_string() (bsc#1254297)
- CVE-2025-14087: Fixed buffer underflow in GVariant parser leads to heap corruption (bsc#1254662)
- CVE-2025-14512: Fixed Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow (bsc#1254878)


-----------------------------------------------------------------
Advisory ID: 552
Released:    Thu Jan  8 17:27:35 2026
Summary:     Security update for python311
Type:        security
Severity:    moderate
References:  1254400,1254401,1254997,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837
This update for python311 fixes the following issues:

- CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997)
- CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400)
- CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401)


The following package changes have been done:

- SL-Micro-release-6.0-25.62 updated
- curl-8.14.1-3.1 updated
- libcurl-mini4-8.14.1-3.1 updated
- libglib-2_0-0-2.76.2-11.1 updated
- libgmodule-2_0-0-2.76.2-11.1 updated
- libpython3_11-1_0-3.11.14-2.1 updated
- python311-base-3.11.14-2.1 updated
- skelcd-EULA-SL-Micro-2024.01.19-8.61 updated

More information about the sle-container-updates mailing list