SUSE-IU-2026:120-1: Security update of suse/sl-micro/6.2/baremetal-os-container
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Jan 15 08:20:48 UTC 2026
SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:120-1
Image Tags : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-7.10 , suse/sl-micro/6.2/baremetal-os-container:latest
Image Release : 7.10
Severity : important
Type : security
References : 1229122 1232528 1233282 1236217 1244156 1244156 1244157 1244157
1244158 1255715 1255731 1255732 1255733 1255734 1256105 1256244
1256246 1256390 CVE-2024-52533 CVE-2024-9681 CVE-2025-0913 CVE-2025-0913
CVE-2025-14017 CVE-2025-14524 CVE-2025-14819 CVE-2025-15079 CVE-2025-15224
CVE-2025-22874 CVE-2025-4673 CVE-2025-4673 CVE-2025-68973
-----------------------------------------------------------------
The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 138
Released: Fri Jun 6 16:03:12 2025
Summary: Security update for go1.23
Type: security
Severity: important
References: 1229122,1232528,1244156,1244157,1255715,1256244,1256246,1256390,CVE-2024-9681,CVE-2025-0913,CVE-2025-4673,CVE-2025-68973
This update for go1.23 fixes the following issues:
go1.23.10 (released 2025-06-05) includes security fixes to the
net/http and os packages, as well as bug fixes to the linker.
(bsc#1229122 CVE-2025-0913 CVE-2025-4673)
* bsc#1244157 security: fix CVE-2025-0913 os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows
* bsc#1244156 security: fix CVE-2025-4673 net/http: sensitive headers not cleared on cross-origin redirect
* runtime/debug: BuildSetting does not document DefaultGODEBUG
* cmd/link: Go 1.24.3 and 1.23.9 regression - duplicated definition of symbol dlopen
-----------------------------------------------------------------
Advisory ID: 140
Released: Mon Jun 9 22:13:41 2025
Summary: Security update for go1.24
Type: security
Severity: important
References: 1233282,1236217,1244156,1244157,1244158,1255731,1255732,1255733,1255734,1256105,CVE-2024-52533,CVE-2025-0913,CVE-2025-14017,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224,CVE-2025-22874,CVE-2025-4673
This update for go1.24 fixes the following issues:
go1.24.4 (released 2025-06-05) includes security fixes to the
crypto/x509, net/http, and os packages, as well as bug fixes to
the linker, the go command, and the hash/maphash and os packages.
( bsc#1236217 go1.24 release tracking CVE-2025-22874 CVE-2025-0913 CVE-2025-4673)
* bsc#1244158 security: fix CVE-2025-22874 crypto/x509: ExtKeyUsageAny bypasses policy validation
* bsc#1244157 security: fix CVE-2025-0913 os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows
* bsc#1244156 security: fix CVE-2025-4673 net/http: sensitive headers not cleared on cross-origin redirect
* os: Root.Mkdir creates directories with zero permissions on OpenBSD
* hash/maphash: hashing channels with purego impl. of maphash.Comparable panics
* runtime/debug: BuildSetting does not document DefaultGODEBUG
* cmd/go: add fips140 module selection mechanism
* cmd/link: Go 1.24.3 and 1.23.9 regression - duplicated definition of symbol dlopen
The following package changes have been done:
- libcurl4-8.14.1-160000.4.1 updated
- gpg2-2.5.5-160000.3.1 updated
- container:suse-sl-micro-6.2-base-os-container-latest-a1ef5e1b63aa24f894ba9dd31c4425e0279531f245d52e824a86ca375eeac688-0 updated
More information about the sle-container-updates
mailing list