SUSE-IU-2026:4250-1: Security update of suse/sle-micro/5.5

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Sat Jun 6 07:09:37 UTC 2026 

SUSE Image Update Advisory: suse/sle-micro/5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:4250-1
Image Tags        : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.8.20 , suse/sle-micro/5.5:latest
Image Release     : 5.8.20
Severity          : important
Type              : security
References        : 1262043 1264965 CVE-2026-33948 
-----------------------------------------------------------------

The container suse/sle-micro/5.5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:2277-1
Released:    Fri Jun  5 10:59:09 2026
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  1264965
This update for timezone fixes the following issues:

- Update to 2026b:
    * British Columbia moved to permanent -07 on 2026-03-09. (bsc#1264965)
    * Some more overflow bugs have been fixed in zic.
- Update to 2026a:
    * Moldova has used EU transition times since 2022.
    * The 'right' TZif files are no longer installed by default.
    * -DTZ_RUNTIME_LEAPS=0 disables runtime support for leap seconds.
    * TZif files are no longer limited to 50 bytes of abbreviations.
    * zic is no longer limited to 50 leap seconds.
    * Several integer overflow bugs have been fixed.
- Update to 2025c:
    * Update Baja California DST rules in 1953, 1961-1975
    * An unset TZ is no longer invalid when /etc/localtime is
      missing, and is abbreviated 'UTC' not '-00'. This reverts to 2024b behavior
    * tzset etc. are now more cautious about questionable TZ settings.
    * tzset etc. now treat ' ' like '_' in time zone abbreviations
    * tzfree now preserves errno, consistently with POSIX.1-2024 'free'.
    * zic has new options inspired by FreeBSD.
    * multiple changes visible to developers
- Use 'REDO=posix_right' to keep installing 'right' TZif files.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2283-1
Released:    Fri Jun  5 14:14:57 2026
Summary:     Security update for jq
Type:        security
Severity:    moderate
References:  1262043,CVE-2026-33948
This update for jq fixes the following issue

- CVE-2026-33948: CLI input parsing may allow validation bypass via embedded NUL bytes (bsc#1262043)


The following package changes have been done:

- timezone-2026b-150000.75.37.1 updated
- libjq1-1.6-150000.3.15.1 updated
- jq-1.6-150000.3.15.1 updated

More information about the sle-container-updates mailing list