SUSE-IU-2026:5508-1: Security update of suse/sl-micro/6.0/baremetal-os-container
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Jul 7 07:06:12 UTC 2026
SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:5508-1
Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.201 , suse/sl-micro/6.0/baremetal-os-container:latest
Image Release : 6.201
Severity : moderate
Type : security
References : 1263656 1263658 CVE-2026-5435 CVE-2026-6238
-----------------------------------------------------------------
The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 782
Released: Mon Jul 6 11:55:13 2026
Summary: Recommended update for kmod
Type: recommended
Severity: moderate
References:
This update for kmod fixes the following issues:
- Use in-kernel decompression if available (jsc#PED-16303):
* libkmod:
+ Add a separate function to load the file contents when it's needed.
When it's not needed on the path of loading modules via finit_module(),
there is no need to mmap the file.
+ Extract 2 functions to handle finit_module vs init_modules differences,
with a fallback from the former to the latter.
+ Don't only set the type as direct, but also keep track of the compression being used.
+ When creating the context, read /sys/kernel/compression to check
what's the compression type supported by the kernel.
+ Use kernel decompression when available
+ add fallback MODULE_INIT_COMPRESSED_FILE define
-----------------------------------------------------------------
Advisory ID: 784
Released: Mon Jul 6 15:38:37 2026
Summary: Security update for glibc
Type: security
Severity: moderate
References: 1263656,1263658,CVE-2026-5435,CVE-2026-6238
This update for glibc fixes the following issues
- CVE-2026-5435: unchecked buffer writing in TSIG handling can lead to an out-of-bounds write (bsc#1263656).
- CVE-2026-6238: insufficient RDATA length validation can lead to application crashes or uninitialized memory disclosure
(bsc#1263658).
The following package changes have been done:
- glibc-2.38-14.1 updated
- libkmod2-30-12.1 updated
- SL-Micro-release-6.0-25.106 updated
- kmod-30-12.1 updated
- glibc-locale-base-2.38-14.1 updated
- container:SL-Micro-base-container-2.1.3-7.168 updated
More information about the sle-container-updates
mailing list