SUSE-CU-2026:224-1: Security update of suse/sl-micro/6.0/toolbox
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Jan 15 08:13:01 UTC 2026
SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:224-1
Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.60 , suse/sl-micro/6.0/toolbox:latest
Container Release : 9.60
Severity : important
Type : security
References : 1255715 1256243 1256244 1256246 1256390 CVE-2025-68973
-----------------------------------------------------------------
The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 560
Released: Wed Jan 14 10:44:10 2026
Summary: Security update for gpg2
Type: security
Severity: important
References: 1255715,1256243,1256244,1256246,1256390,CVE-2025-68973
This update for gpg2 fixes the following issues:
- CVE-2025-68973: out-of-bounds write when processing specially crafted input in the armor parser can lead to memory corruption (bsc#1255715).
Other security fixes:
- gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures (bsc#1256246).
- gpg: Error out on unverified output for non-detached signatures (bsc#1256244).
- agent: Fix a memory leak (bsc#1256243).
- gpg: Deprecate the option --not-dash-escaped (bsc#1256390).
The following package changes have been done:
- SL-Micro-release-6.0-25.64 updated
- gpg2-2.4.4-6.1 updated
- skelcd-EULA-SL-Micro-2024.01.19-8.63 updated
More information about the sle-container-updates
mailing list