SUSE-IU-2026:4103-1: Security update of suse/sl-micro/6.2/rt-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Jun 3 08:16:54 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.2/rt-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:4103-1
Image Tags        : suse/sl-micro/6.2/rt-os-container:2.3.0 , suse/sl-micro/6.2/rt-os-container:2.3.0-6.198 , suse/sl-micro/6.2/rt-os-container:latest
Image Release     : 6.198
Severity          : important
Type              : security
References        : 1254441 1262223 1264511 1264512 1264513 1264514 1264515 1265296
                        CVE-2025-10158 CVE-2026-29518 CVE-2026-41035 CVE-2026-43617 CVE-2026-43618
                        CVE-2026-43619 CVE-2026-43620 CVE-2026-45232 
-----------------------------------------------------------------

The container suse/sl-micro/6.2/rt-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 861
Released:    Tue Jun  2 09:22:47 2026
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  
This update for aaa_base fixes the following issues:

- Update to version 84.87+git20260529.c4391e5:
    * $status to $?
    * Simplifying the sh part too
    * Addressing review comments and simplifying a bit
    * Handle javas managed by libalternatives and by update-alternatives alike

-----------------------------------------------------------------
Advisory ID: 867
Released:    Tue Jun  2 11:13:41 2026
Summary:     Security update for rsync
Type:        security
Severity:    important
References:  1254441,1262223,1264511,1264512,1264513,1264514,1264515,1265296,CVE-2025-10158,CVE-2026-29518,CVE-2026-41035,CVE-2026-43617,CVE-2026-43618,CVE-2026-43619,CVE-2026-43620,CVE-2026-45232
This update for rsync fixes the following issues

- CVE-2025-10158: Out of bounds array access via negative index (bsc#1254441).
- CVE-2026-29518: Symlink-Race TOCTOU in Daemon (use chroot = no) (bsc#1264511).
- CVE-2026-41035: count of entries mismatch can lead to a use-after-free (bsc#1262223).
- CVE-2026-43617: Authorization Bypass via Hostname Resolution (bsc#1264515).
- CVE-2026-43618: Integer Overflow Information Disclosure (bsc#1264512).
- CVE-2026-43619: Symlink Race Condition via Path-Based Syscalls (bsc#1264514).
- CVE-2026-43620: Out-of-Bounds Array Read via recv_files() (bsc#1264513).
- CVE-2026-45232: Off-by-one stack OOB write in HTTP CONNECT proxy response parsing (bsc#1265296).


The following package changes have been done:

- aaa_base-84.87+git20260529.c4391e5-160000.1.1 updated
- rsync-3.4.1-160000.4.1 updated
- container:suse-sl-micro-6.2-baremetal-os-container-latest-294c5d9b643345a439fcde3de67b53f6dcd360d58587158aa244340c5fa72978-0 updated

More information about the sle-container-updates mailing list