SUSE-IU-2026:5450-1: Security update of suse/sl-micro/6.2/base-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Sat Jul 4 07:30:55 UTC 2026


SUSE Image Update Advisory: suse/sl-micro/6.2/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:5450-1
Image Tags        : suse/sl-micro/6.2/base-os-container:2.3.1 , suse/sl-micro/6.2/base-os-container:2.3.1-8.25 , suse/sl-micro/6.2/base-os-container:latest
Image Release     : 8.25
Severity          : important
Type              : security
References        : 1245551 1248261 1251948 1254924 1259071 1260357 1261982 1261983
                        1262305 1263117 1263656 1263658 1267644 1267647 CVE-2026-5435
                        CVE-2026-6238 
-----------------------------------------------------------------

The container suse/sl-micro/6.2/base-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 1151
Released:    Fri Jul  3 10:55:00 2026
Summary:     Security update for systemd
Type:        security
Severity:    important
References:  1245551,1248261,1251948,1254924,1259071,1260357,1261982,1261983,1262305,1263117,1267644,1267647
This update for systemd fixes the following issues:

Changes in systemd:

- Better handle TLS allocation failure (bsc#1254924).
- Disable mounting `debugfs` by default (jsc#PED-8812).
- Import commit 9e8b5afe0fb2061f4a17a3022469dd62f2683960 (bsc#1267647 bsc#1267644 bsc#1262305 bsc#1263117).
- Move `systemd-pcrlock` out from the experimental sub-package to `udev` (bsc#1248261 jsc#PED-15946).
- Add a weak runtime dependency on `libtss2-tcti-device0` (bsc#1260357).
- Import commit 59336000ef7850eba0963c6a690ff3371c425929 (bsc#1261982 bsc#1261983).
- Add a weak runtime dependency on `polkit` (bsc#1259071).
- systemd-update-helper: fix the clean-state command only removing `$STATE_DIR/system` instead of `$STATE_DIR/`.
- systemd-update-helper: add `--root` option for testing convenience.
- systemd-update-helper: fix incorrect skipping of `systemctl disable` during package removal (bsc#1245551).
- systemd-update-helper: fix `do_install_units()` incorrectly returning 1 when no units need preset.
- systemd.spec: introduce `%bcond_without` docs to allow skipping man pages and `devel-doc`.
- systemd.spec: drop the `%{release}` number from the SBAT version (bsc#1251948).

-----------------------------------------------------------------
Advisory ID: 1157
Released:    Fri Jul  3 15:19:16 2026
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1263656,1263658,CVE-2026-5435,CVE-2026-6238
This update for glibc fixes the following issues

- CVE-2026-5435: unchecked buffer writing in TSIG handling can lead to an out-of-bounds write (bsc#1263656).
- CVE-2026-6238: insufficient RDATA length validation can lead to application crashes or uninitialized memory disclosure
  (bsc#1263658).


The following package changes have been done:

- glibc-2.40-160000.6.1 updated
- libudev1-257.13-160000.2.1 updated
- libsystemd0-257.13-160000.2.1 updated
- systemd-257.13-160000.2.1 updated
- udev-257.13-160000.2.1 updated
- glibc-gconv-modules-extra-2.40-160000.6.1 updated
- glibc-locale-base-2.40-160000.6.1 updated


More information about the sle-container-updates mailing list