SUSE-IU-2026:143-1: Security update of suse/sl-micro/6.1/baremetal-os-container
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Jan 16 08:11:45 UTC 2026
SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:143-1
Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.49 , suse/sl-micro/6.1/baremetal-os-container:latest
Image Release : 7.49
Severity : important
Type : security
References : 1189788 1216091 1222044 1225451 1228434 1229106 1230267 1232458
1234752 1235598 1235636 1236384 1236481 1236820 1236939 1236983
1237044 1237172 1237587 1237949 1238315 1239012 1239543 1239809
1240132 1240529 1241463 1241826 1241857 1242987 1243279 1243457
1243887 1243901 1244042 1244105 1244710 1245220 1245452 1245496
1245672 1251511 1251679 1253581 1253901 1254079 1256105 614646
CVE-2025-14017 CVE-2025-22872 CVE-2025-47911 CVE-2025-47913 CVE-2025-47914
CVE-2025-58181 CVE-2025-58190
-----------------------------------------------------------------
The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 375
Released: Thu Jan 15 10:23:45 2026
Summary: Security update for elemental-toolkit, elemental-operator
Type: security
Severity: important
References: 1241826,1241857,1242987,1251511,1251679,1253581,1253901,1254079,CVE-2025-22872,CVE-2025-47911,CVE-2025-47913,CVE-2025-47914,CVE-2025-58181,CVE-2025-58190
This update for elemental-toolkit, elemental-operator fixes the following issues:
elemental-operator:
- Update to v1.7.4:
* Bump github.com/rancher-sandbox/go-tpm and its dependencies
This bump includes few CVE fixes:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
* Install yip config files in before-install step
* Revert 'Do not delete ManagedOSVersions by default'
* Set default channel variable names consistent with OS version
* Do not delete ManagedOSVersions by default
* Include -channel suffix to channel names
* OS channel: enable baremetal channel by default
elemental-toolkit:
- Update to v2.2.7:
* Bump toolkit build to go 1.24
* Bump golang.org/x/crypto library
This bumg includes few CVE fixes:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
* bsc#1253581 (CVE-2025-47913)
* bsc#1253901 (CVE-2025-58181)
* bsc#1254079 (CVE-2025-47914)
- Update to v2.2.5:
* Permissive mode for green selinux
* Adapt code and unit tests
* Minor change to lookup devices using blkid
-----------------------------------------------------------------
Advisory ID: 377
Released: Thu Jan 15 10:32:16 2026
Summary: Security update for curl
Type: security
Severity: important
References: 1189788,1216091,1222044,1225451,1228434,1229106,1230267,1232458,1234752,1235598,1235636,1236384,1236481,1236820,1236939,1236983,1237044,1237172,1237587,1237949,1238315,1239012,1239543,1239809,1240132,1240529,1241463,1243279,1243457,1243887,1243901,1244042,1244105,1244710,1245220,1245452,1245496,1245672,1256105,614646,CVE-2025-14017
This update for curl fixes the following issues:
- CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105).
The following package changes have been done:
- SL-Micro-release-6.1-slfo.1.12.5 updated
- libcurl4-8.14.1-slfo.1.1_5.1 updated
- elemental-register-1.7.4-slfo.1.1_1.1 updated
- elemental-support-1.7.4-slfo.1.1_1.1 updated
- elemental-toolkit-2.2.7-slfo.1.1_1.1 updated
- container:SL-Micro-base-container-2.2.1-5.69 updated
More information about the sle-container-updates
mailing list