SUSE-IU-2026:184-1: Security update of suse/sl-micro/6.2/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Jan 20 08:13:31 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:184-1
Image Tags        : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-7.13 , suse/sl-micro/6.2/baremetal-os-container:latest
Image Release     : 7.13
Severity          : important
Type              : security
References        : 1229122 1231354 1233285 1233287 1233292 1233358 1241964 1244156
                        1244157 1244459 1244573 1246080 1246559 1251789 1251931 1252095
                        1252431 1252992 1252993 1253098 1253389 1254395 1254889 1255024
                        CVE-2024-52530 CVE-2024-52531 CVE-2024-52532 CVE-2025-0913 CVE-2025-4673
-----------------------------------------------------------------

The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 154
Released:    Mon Jun 23 13:00:06 2025
Summary:     Security update for go1.23-openssl
Type:        security
Severity:    important
References:  1229122,1231354,1233285,1233287,1233292,1233358,1241964,1244156,1244157,1244459,1244573,1246080,1246559,1251789,1251931,1252095,1252431,1252992,1252993,1253098,1253389,1254395,1254889,1255024,CVE-2024-52530,CVE-2024-52531,CVE-2024-52532,CVE-2025-0913,CVE-2025-4673
This update for go1.23-openssl fixes the following issues:

Update to version 1.23.10 cut from the go1.23-fips-release
branch at the revision tagged go1.23.10-1-openssl-fips.
(jsc#SLE-18320)

  * Rebase to 1.23.10
  * Add ubi10, c10s targets to gating

go1.23.10 (released 2025-06-05) includes security fixes to the
net/http and os packages, as well as bug fixes to the linker.
( bsc#1229122 )

  CVE-2025-0913 CVE-2025-4673:

  * bsc#1244157 security: fix CVE-2025-0913 os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows
  * bsc#1244156 security: fix CVE-2025-4673 net/http: sensitive headers not cleared on cross-origin redirect
  * runtime/debug: BuildSetting does not document DefaultGODEBUG
  * cmd/link: Go 1.24.3 and 1.23.9 regression - duplicated definition of symbol dlopen



The following package changes have been done:

- selinux-policy-20250627+git345.3965b24b0-160000.1.1 updated
- selinux-policy-targeted-20250627+git345.3965b24b0-160000.1.1 updated

More information about the sle-container-updates mailing list