SUSE-IU-2026:5211-1: Security update of suse/sl-micro/6.1/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Jul 1 08:05:29 UTC 2026


SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:5211-1
Image Tags        : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.129 , suse/sl-micro/6.1/baremetal-os-container:latest
Image Release     : 7.129
Severity          : important
Type              : security
References        : 1229129 1240751 1244057 1244485 1249049 1249128 1252555 1253783
                        1253904 1254353 1256818 1257692 1258046 1258120 1258170 1258508
                        1262856 1263656 1263658 1266125 1266350 1268131 1268903 CVE-2024-24853
                        CVE-2025-12105 CVE-2025-22869 CVE-2025-31648 CVE-2025-32049 CVE-2025-47913
                        CVE-2025-47914 CVE-2025-52881 CVE-2025-58060 CVE-2025-58181 CVE-2025-58364
                        CVE-2025-58436 CVE-2025-6032 CVE-2025-61732 CVE-2025-61915 CVE-2025-68121
                        CVE-2025-9566 CVE-2026-11850 CVE-2026-2369 CVE-2026-2443 CVE-2026-2708
                        CVE-2026-34986 CVE-2026-39827 CVE-2026-39828 CVE-2026-39829 CVE-2026-39830
                        CVE-2026-39831 CVE-2026-39832 CVE-2026-39833 CVE-2026-39834 CVE-2026-39835
                        CVE-2026-42508 CVE-2026-42767 CVE-2026-46595 CVE-2026-46597 CVE-2026-46598
                        CVE-2026-5435 CVE-2026-6238 CVE-2026-9539 
-----------------------------------------------------------------

The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 599
Released:    Tue Jun 30 10:42:14 2026
Summary:     Security update for openssl-3
Type:        security
Severity:    moderate
References:  1244485,1256818,1257692,1266350,CVE-2025-61732,CVE-2025-68121,CVE-2026-42767
This update for openssl-3 fixes the following issue

- CVE-2026-42767: NULL Pointer Dereference in CRMF EncryptedValue Decryption (bsc#1266350).

-----------------------------------------------------------------
Advisory ID: 602
Released:    Tue Jun 30 11:20:36 2026
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1253904,1268131,CVE-2025-58181,CVE-2026-11850
This update for krb5 fixes the following issue

- CVE-2026-11850: integer underflow in berval2tl_data() leads to heap out-of-bounds read (bsc#1268131).

-----------------------------------------------------------------
Advisory ID: 600
Released:    Tue Jun 30 11:31:12 2026
Summary:     Security update for libslirp
Type:        security
Severity:    moderate
References:  1244057,1249049,1249128,1253783,1254353,1268903,CVE-2025-58060,CVE-2025-58364,CVE-2025-58436,CVE-2025-61915,CVE-2026-9539
This update for libslirp fixes the following issue

- CVE-2026-9539: TCP URG out of bounds heap read information leak (bsc#1268903).

-----------------------------------------------------------------
Advisory ID: 598
Released:    Tue Jun 30 11:31:12 2026
Summary:     Security update for podman
Type:        security
Severity:    important
References:  1229129,1258046,1262856,1266125,CVE-2024-24853,CVE-2025-22869,CVE-2025-31648,CVE-2025-47913,CVE-2025-47914,CVE-2025-52881,CVE-2025-6032,CVE-2025-9566,CVE-2026-34986,CVE-2026-39827,CVE-2026-39828,CVE-2026-39829,CVE-2026-39830,CVE-2026-39831,CVE-2026-39832,CVE-2026-39833,CVE-2026-39834,CVE-2026-39835,CVE-2026-42508,CVE-2026-46595,CVE-2026-46597,CVE-2026-46598
This update for podman fixes the following issues

- CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: crafted JWE input with a missing
  encrypted key can lead to a denial of service (bsc#1262856).
- CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
  (bsc#1266125).
- CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266125).
- CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266125).
- CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
  (bsc#1266125).
- CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
  (bsc#1266125).
- CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
  (bsc#1266125).
- CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266125).
- CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266125).
- CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266125).
- CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
  (bsc#1266125).
- CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
  (bsc#1266125).
- CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266125).
- CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266125).

-----------------------------------------------------------------
Advisory ID: 601
Released:    Tue Jun 30 11:54:13 2026
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1240751,1252555,1258120,1258170,1258508,1263656,1263658,CVE-2025-12105,CVE-2025-32049,CVE-2026-2369,CVE-2026-2443,CVE-2026-2708,CVE-2026-5435,CVE-2026-6238
This update for glibc fixes the following issues

- CVE-2026-5435: unchecked buffer writing in TSIG handling can lead to an out-of-bounds write (bsc#1263656).
- CVE-2026-6238: insufficient RDATA length validation can lead to application crashes or uninitialized memory disclosure
  (bsc#1263658).


The following package changes have been done:

- glibc-2.38-slfo.1.1_9.1 updated
- libopenssl3-3.1.4-slfo.1.1_11.1 updated
- SL-Micro-release-6.1-slfo.1.12.49 updated
- krb5-1.21.3-slfo.1.1_5.1 updated
- glibc-locale-base-2.38-slfo.1.1_9.1 updated
- libslirp0-4.8.0+2-slfo.1.1_2.1 updated
- podman-5.4.2-slfo.1.1_5.1 updated
- container:SL-Micro-base-container-2.2.1-5.148 updated


More information about the sle-container-updates mailing list