SUSE-IU-2026:4468-1: Security update of suse/sl-micro/6.2/base-iso-image

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Jun 9 07:45:37 UTC 2026


SUSE Image Update Advisory: suse/sl-micro/6.2/base-iso-image
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:4468-1
Image Tags        : suse/sl-micro/6.2/base-iso-image:2.3.0 , suse/sl-micro/6.2/base-iso-image:2.3.0-7.89 , suse/sl-micro/6.2/base-iso-image:latest
Image Release     : 7.89
Severity          : important
Type              : security
References        : 1192869 1217580 1217584 1217585 1219458 1221482 1221940 1222849
                        1222992 1223423 1223424 1223425 1228041 1229069 1229272 1230007
                        1230596 1233699 1234027 1234128 1234665 1235029 1236282 1236282
                        1236670 1239883 1241661 1241661 1243317 1243767 1246965 1247779
                        1248842 1249237 1250091 1252025 1252525 1253245 1253245 1253741
                        1256436 1256766 1256766 1256822 1256822 1257005 1257005 1257521
                        1257976 1258163 1258163 1258167 1258167 1258319 1258663 1259681
                        1259682 1259687 1260078 1260078 1260082 1260082 1261206 1261206
                        1261639 1261726 1261728 1261734 1262216 1262223 1262288 1262464
                        1262464 1262465 1262465 1263989 CVE-2021-42380 CVE-2023-31315
                        CVE-2023-42363 CVE-2023-42364 CVE-2023-42365 CVE-2024-2961 CVE-2024-32487
                        CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2024-56826
                        CVE-2025-0395 CVE-2025-0395 CVE-2025-11411 CVE-2025-15281 CVE-2025-15281
                        CVE-2025-46394 CVE-2025-46394 CVE-2025-4802 CVE-2025-5278 CVE-2025-58050
                        CVE-2025-60876 CVE-2025-60876 CVE-2025-8058 CVE-2026-0861 CVE-2026-0861
                        CVE-2026-0915 CVE-2026-0915 CVE-2026-21620 CVE-2026-23941 CVE-2026-23942
                        CVE-2026-23943 CVE-2026-26080 CVE-2026-26081 CVE-2026-26157 CVE-2026-26157
                        CVE-2026-26158 CVE-2026-26158 CVE-2026-28808 CVE-2026-28810 CVE-2026-29004
                        CVE-2026-32144 CVE-2026-4046 CVE-2026-4046 CVE-2026-40706 CVE-2026-41035
                        CVE-2026-4437 CVE-2026-4437 CVE-2026-4438 CVE-2026-4438 CVE-2026-5450
                        CVE-2026-5450 CVE-2026-5928 CVE-2026-5928 
-----------------------------------------------------------------

The container suse/sl-micro/6.2/base-iso-image was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 7
Released:    Fri Oct 31 15:37:00 2025
Summary:     Recommended update for busybox
Type:        recommended
Severity:    moderate
References:  1222849,1247779,CVE-2024-32487
This update for busybox fixes the following issues:

- Fix adduser inside containers on an SELinux host (boo#1247779):
- Don't throw debug info away during build, let RPM separate it
  afterwards
- fix mkdir path to point to /usr/bin instead of /bin


-----------------------------------------------------------------
Advisory ID: 9
Released:    Mon Nov  3 11:23:57 2025
Summary:     Optional update for mcphost
Type:        feature
Severity:    moderate
References:  
This update for mcphost fixes the following issues:

This adds mcphost in release 0.31.1.

-----------------------------------------------------------------
Advisory ID: 32
Released:    Wed Nov 19 10:50:34 2025
Summary:     Recommended update for autofs
Type:        recommended
Severity:    important
References:  1221482,1221940,1222992,1223423,1223424,1223425,1228041,1250091,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602
This update for autofs fixes the following issues:

Changes in autofs:

- Modified NetworkManager-autofs: (bsc#1250091)
  * don't reload autofs.service on loopback interface changes
  * add --no-block option to request asynchronous behavior

-----------------------------------------------------------------
Advisory ID: 179
Released:    Thu Jan 22 17:45:35 2026
Summary:     Security update for busybox
Type:        security
Severity:    important
References:  1235029,1236670,1241661,1249237,1253245,CVE-2024-56826,CVE-2025-46394,CVE-2025-60876
This update for busybox fixes the following issues:

Security fixes:

- CVE-2025-60876: HTTP request header injection in wget (bsc#1253245).
- CVE-2025-46394: Fixed tar hidden files via escape sequence (bsc#1241661).

Other fixes:

- Set CONFIG_FIRST_SYSTEM_ID to 201 to avoid confclict (bsc#1236670)
- Fix unshare -mrpf sh core dump on  ppc64le (bsc#1249237)

-----------------------------------------------------------------
Advisory ID: 218
Released:    Thu Jan 29 18:44:57 2026
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1219458,1229069,1229272,1230007,1230596,1234027,1236282,1256436,1256766,1256822,1257005,CVE-2023-31315,CVE-2025-0395,CVE-2025-15281,CVE-2026-0861,CVE-2026-0915
This update for glibc fixes the following issues:

Security fixes:

- CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282).
- CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766).
- CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822).
- CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005).

Other fixes:

- NPTL: Optimize trylock for high cache contention workloads (bsc#1256436)

-----------------------------------------------------------------
Advisory ID: 224
Released:    Fri Jan 30 11:05:07 2026
Summary:     Security update for unbound
Type:        security
Severity:    moderate
References:  1233699,1234665,1236282,1252525,CVE-2025-0395,CVE-2025-11411
This update for unbound fixes the following issues:

Update to 1.24.1:

- CVE-2025-11411: Fixed possible domain hijacking attack (bsc#1252525).

-----------------------------------------------------------------
Advisory ID: 328
Released:    Fri Feb 27 14:15:21 2026
Summary:     Security update for haproxy
Type:        security
Severity:    moderate
References:  1234128,1239883,1243317,1257521,1257976,CVE-2025-4802,CVE-2026-26080,CVE-2026-26081
This update for haproxy fixes the following issues:

- Update to version 3.2.12+git0.6011f448e
- CVE-2026-26081: Fixed a DOS vulnerability in QUIC. (bsc#1257976)
- CVE-2026-26080: Fixed a DOS vulnerability in QUIC. (bsc#1257976)

-----------------------------------------------------------------
Advisory ID: 405
Released:    Wed Mar 18 16:29:19 2026
Summary:     Security update for busybox
Type:        security
Severity:    important
References:  1243767,1258163,1258167,CVE-2025-5278,CVE-2026-26157,CVE-2026-26158
This update for busybox fixes the following issues:

Changes in busybox:

- CVE-2026-26157: Fixed arbitrary file overwrite and potential code execution via incomplete path sanitization. (bsc#1258163)
- CVE-2026-26158: Fixed arbitrary file modification and privilege escalation via unvalidated tar archive entries. (bsc#1258167)

-----------------------------------------------------------------
Advisory ID: 516
Released:    Fri Apr 10 08:36:43 2026
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1252025,1258319,1260078,1260082,CVE-2026-4437,CVE-2026-4438
This update for glibc fixes the following issues:

Security fixes:

- CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078).
- CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082).

Other fixes:

- nss: Missing checks in __nss_configure_lookup, __nss_database_get (bsc#1258319).

-----------------------------------------------------------------
Advisory ID: 528
Released:    Fri Apr 10 20:29:30 2026
Summary:     Security update for pcre2
Type:        security
Severity:    moderate
References:  1248842,1253741,CVE-2025-58050
This update for pcre2 fixes the following issue:

- CVE-2025-58050: integer overflow leads to heap buffer overread in match_ref due to missing boundary restoration in SCS
  (bsc#1248842).

-----------------------------------------------------------------
Advisory ID: 597
Released:    Mon Apr 20 17:50:21 2026
Summary:     Recommended update for the initial kernel livepatch
Type:        recommended
Severity:    important
References:  1246965,1256766,1256822,1257005,CVE-2025-15281,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915


This update contains initial livepatches for the SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel update.


-----------------------------------------------------------------
Advisory ID: 619
Released:    Wed Apr 22 12:52:20 2026
Summary:     Security update for erlang
Type:        security
Severity:    important
References:  1192869,1217580,1217584,1217585,1241661,1253245,1258163,1258167,1258663,1259681,1259682,1259687,1261726,1261728,1261734,1262288,CVE-2021-42380,CVE-2023-42363,CVE-2023-42364,CVE-2023-42365,CVE-2025-46394,CVE-2025-60876,CVE-2026-21620,CVE-2026-23941,CVE-2026-23942,CVE-2026-23943,CVE-2026-26157,CVE-2026-26158,CVE-2026-28808,CVE-2026-28810,CVE-2026-32144
This update for erlang fixes the following issues:

Security issues fixed:

- CVE-2026-21620: improper isolation and compartmentalization can lead to TFTP relative path traversal and remote
  arbitrary reads/writes (bsc#1258663).
- CVE-2026-23941: improper handling of duplicate Content-Length headers in Erlang OTP can lead to HTTP request
  smuggling (bsc#1259687).
- CVE-2026-23942: improper limitation of a pathname to a restricted directory in the SFTP server can lead to path
  traversal (bsc#1259681).
- CVE-2026-23943: improper handling of highly compressed data in Erlang OTP ssh can lead to denial of service
  (bsc#1259682).
- CVE-2026-28808: incorrect authorization can lead to unauthenticated access to protected CGI scripts (bsc#1261728).
- CVE-2026-28810: predictable DNS transaction IDs can lead to DNS cache poisoning (bsc#1261726).
- CVE-2026-32144: missing signature verification can lead to OCSP authorization bypass and information disclosure
  (bsc#1261734).

Other updates and bugfixes:

- jinterface: allow to build determenistic OtpErlang.jar (bsc#1262288).

-----------------------------------------------------------------
Advisory ID: 659
Released:    Wed Apr 29 16:19:47 2026
Summary:     Security update for ntfs-3g_ntfsprogs
Type:        security
Severity:    important
References:  1260078,1260082,1262216,CVE-2026-40706,CVE-2026-4437,CVE-2026-4438
This update for ntfs-3g_ntfsprogs fixes the following issue:

- CVE-2026-40706: heap buffer overflow in ntfs_build_permissions_posix() in acls.c (bsc#1262216).

-----------------------------------------------------------------
Advisory ID: 708
Released:    Wed May  6 12:44:56 2026
Summary:     Recommended update for libselinux
Type:        recommended
Severity:    moderate
References:  1261639,1262223,CVE-2026-41035
This update for libselinux fixes the following issues:

- Backport commit 'libselinux: retain LIFO order for path substitutions' (bsc#1261639)
    * otherwise we can not add equivalencies that overload each other in the policy
    * libselinux: retain LIFO order for path substitutions

-----------------------------------------------------------------
Advisory ID: 710
Released:    Wed May  6 14:43:17 2026
Summary:     Recommended update for python-hatchling
Type:        recommended
Severity:    moderate
References:  1261206,1262464,1262465,CVE-2026-4046,CVE-2026-5450,CVE-2026-5928
This update for python-hatchling fixes the following issues:

Changes in python-hatchling:

- Convert to libalternatives on SLE-16-based and newer systems only

-----------------------------------------------------------------
Advisory ID: 735
Released:    Tue May 12 16:05:51 2026
Summary:     Recommended update for the initial kernel livepatch
Type:        recommended
Severity:    important
References:  1263989,CVE-2026-29004


This update contains initial livepatches for the SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel update.


-----------------------------------------------------------------
Advisory ID: 761
Released:    Mon May 18 07:38:10 2026
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1261206,1262464,1262465,CVE-2026-4046,CVE-2026-5450,CVE-2026-5928
This update for glibc fixes the following issues

- CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261206).
- CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width > 1024 (bsc#1262465).
- CVE-2026-5928: libio: ungetwc could be used to leak data on special conditions (bsc#1262464).


The following package changes have been done:

- compat-usrmerge-tools-84.87-160000.2.2 added
- system-user-root-20190513-160000.2.2 added
- filesystem-84.87-160000.2.2 added
- glibc-2.40-160000.5.1 added
- libsepol2-3.8.1-160000.2.2 added
- libpcre2-8-0-10.45-160000.3.1 added
- libcrypt1-4.4.38-160000.3.2 added
- libselinux1-3.8.1-160000.3.1 added
- busybox-1.37.0-160000.6.1 added
- container:suse-sl-micro-6.2-base-os-container-latest-0b1539c55c95ca31068a5a79fd22a8efbbe10be384985718e43b6dd10ae71a8e-0 updated


More information about the sle-container-updates mailing list