SUSE-IU-2026:5374-1: Security update of suse/sle-micro/5.5

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Jul 2 07:12:36 UTC 2026


SUSE Image Update Advisory: suse/sle-micro/5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:5374-1
Image Tags        : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.8.46 , suse/sle-micro/5.5:latest
Image Release     : 5.8.46
Severity          : important
Type              : security
References        : 1261900 1262856 1265450 1266125 1267189 1267823 1268322 CVE-2026-34986
                        CVE-2026-39829 CVE-2026-39830 CVE-2026-42508 CVE-2026-46598 CVE-2026-5704
                        CVE-2026-6893 
-----------------------------------------------------------------

The container suse/sle-micro/5.5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2691-1
Released:    Tue Jun 30 10:24:30 2026
Summary:     Security update for sg3_utils
Type:        security
Severity:    important
References:  1267823
This update for sg3_utils fixes the following issue

Update to version 1.47+16.aad0b411:

- sg_inq: --export output conformance for SCSI name string and ATA fields (bsc#1267823).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2714-1
Released:    Tue Jun 30 14:02:53 2026
Summary:     Security update for tar
Type:        security
Severity:    important
References:  1261900,1265450,1267189,CVE-2026-5704
This update for tar fixes the following issues

Security fixes:

- CVE-2026-5704: crafted archives can be used to to hide file injection (bsc#1261900).

Other fixes:

- Fix tar changing dir permissions temporarily even when using --no-overwrite-dir.
- Fix --dereference/-h not working properly after CVE-2025-45582 fix (bsc#1265450).
- Fix extraction failure for paths like 'a/./b' caused by the gnulib openat2
 implementation (bsc#1267189).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2715-1
Released:    Tue Jun 30 14:05:57 2026
Summary:     Security update for podman
Type:        security
Severity:    important
References:  1262856,1266125,CVE-2026-34986,CVE-2026-39829,CVE-2026-39830,CVE-2026-42508,CVE-2026-46598

This update for podman rebuilds it against the current go security release.

- CVE-2026-34986: Update github.com/go-jose/go-jose/v3+v4 dependency (bsc#1262856).
- CVE-2026-39829, CVE-2026-39830, CVE-2026-42508, CVE-2026-46598: Update golang.org/x/crypto/ssh dependency (bsc#1266125).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2721-1
Released:    Wed Jul  1 15:15:34 2026
Summary:     Security update for dracut
Type:        security
Severity:    important
References:  1268322,CVE-2026-6893
This update for dracut fixes the following issue

- CVE-2026-6893: Root code execution via DHCP options command injection (bsc#1268322).

Changes for dracut:

- Update to version 055+suse.402.g2720eea:
 * fix(network-legacy): sanitize DHCP values in dhclient-script.sh (bsc#1268322, CVE-2026-6893)
 * fix(network-legacy): add input validation to RFC 3442 route parser


The following package changes have been done:

- dracut-055+suse.402.g2720eea-150500.3.41.1 updated
- tar-1.34-150000.3.42.1 updated
- libsgutils2-1_47-2-1.47+16.aad0b411-150400.3.14.1 updated
- sg3_utils-1.47+16.aad0b411-150400.3.14.1 updated
- podman-4.9.5-150500.3.73.2 updated
- container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.290 updated


More information about the sle-container-updates mailing list