SUSE-IU-2026:4242-1: Security update of suse/sle-micro/5.5

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Jun 5 07:11:17 UTC 2026 

SUSE Image Update Advisory: suse/sle-micro/5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:4242-1
Image Tags        : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.8.19 , suse/sle-micro/5.5:latest
Image Release     : 5.8.19
Severity          : important
Type              : security
References        : 1262395 1264706 1264707 1264708 1265349 1265360 CVE-2026-42307
                        CVE-2026-43961 CVE-2026-44656 CVE-2026-45130 CVE-2026-46483 
-----------------------------------------------------------------

The container suse/sle-micro/5.5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2236-1
Released:    Wed Jun  3 13:00:40 2026
Summary:     Security update for vim
Type:        security
Severity:    important
References:  1262395,1264706,1264707,1264708,1265349,1265360,CVE-2026-42307,CVE-2026-43961,CVE-2026-44656,CVE-2026-45130,CVE-2026-46483
This update for vim fixes the following issues

- CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin
  bundled with Vim (bsc#1264706).
- CVE-2026-43961: Vimscript Code Injection in netrw NetrwMarkFile() via crafted filename (bsc#1265349).
- CVE-2026-44656: Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's: find command-line
  completion (bsc#1264707).
- CVE-2026-45130: Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when
  loading a crafted spell file (.spl) with UTF-8 encoding active (bsc#1264708).
- CVE-2026-46483: command injection via ` tar#Vimuntar()` in `runtime/autoload/tar.vim` when decompressing `.tgz`
  archives on Unix-like systems (bsc#1265360).

Changes for vim:

- Update to v9.2.0530.
- Fix for incorrectly detecting scientific parameter files as bitbake recipies. (bsc#1262395)


The following package changes have been done:

- vim-data-common-9.2.0530-150500.20.52.1 updated
- vim-small-9.2.0530-150500.20.52.1 updated

More information about the sle-container-updates mailing list