SUSE-IU-2026:5508-1: Security update of suse/sl-micro/6.0/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Jul 7 07:06:12 UTC 2026


SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:5508-1
Image Tags        : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.201 , suse/sl-micro/6.0/baremetal-os-container:latest
Image Release     : 6.201
Severity          : moderate
Type              : security
References        : 1263656 1263658 CVE-2026-5435 CVE-2026-6238 
-----------------------------------------------------------------

The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 782
Released:    Mon Jul  6 11:55:13 2026
Summary:     Recommended update for kmod
Type:        recommended
Severity:    moderate
References:  
This update for kmod fixes the following issues:

- Use in-kernel decompression if available (jsc#PED-16303):
    * libkmod:
        + Add a separate function to load the file contents when it's needed.
          When it's not needed on the path of loading modules via finit_module(),
          there is no need to mmap the file.
        + Extract 2 functions to handle finit_module vs init_modules differences,
          with a fallback from the former to the latter.
        + Don't only set the type as direct, but also keep track of the compression being used.
        + When creating the context, read /sys/kernel/compression to check
          what's the compression type supported by the kernel.
        + Use kernel decompression when available
        + add fallback MODULE_INIT_COMPRESSED_FILE define

-----------------------------------------------------------------
Advisory ID: 784
Released:    Mon Jul  6 15:38:37 2026
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1263656,1263658,CVE-2026-5435,CVE-2026-6238
This update for glibc fixes the following issues

- CVE-2026-5435: unchecked buffer writing in TSIG handling can lead to an out-of-bounds write (bsc#1263656).
- CVE-2026-6238: insufficient RDATA length validation can lead to application crashes or uninitialized memory disclosure
  (bsc#1263658).


The following package changes have been done:

- glibc-2.38-14.1 updated
- libkmod2-30-12.1 updated
- SL-Micro-release-6.0-25.106 updated
- kmod-30-12.1 updated
- glibc-locale-base-2.38-14.1 updated
- container:SL-Micro-base-container-2.1.3-7.168 updated


More information about the sle-container-updates mailing list