SUSE-CU-2026:5775-1: Security update of suse/sle-micro-rancher/5.4
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Jun 10 07:35:17 UTC 2026
SUSE Container Update Advisory: suse/sle-micro-rancher/5.4
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:5775-1
Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.123 , suse/sle-micro-rancher/5.4:latest
Container Release : 4.5.123
Severity : important
Type : security
References : 1257235 1261546 1261833 1262395 1264706 1264707 1264708 1265349
1265360 CVE-2026-24401 CVE-2026-34933 CVE-2026-39881 CVE-2026-42307
CVE-2026-43961 CVE-2026-44656 CVE-2026-45130 CVE-2026-46483
-----------------------------------------------------------------
The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2311-1
Released: Tue Jun 9 13:05:23 2026
Summary: Security update for avahi
Type: security
Severity: moderate
References: 1257235,1261546,CVE-2026-24401,CVE-2026-34933
This update for avahi fixes the following issue:
- CVE-2026-24401: uncontrolled recursion in `lookup_handle_cname` can crash the `avahi-daemon` (bsc#1257235).
- CVE-2026-34933: reachable assertion in `transport_flags_from_domain` can crash the `avahi-daemon` (bsc#1261546).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2313-1
Released: Tue Jun 9 14:50:30 2026
Summary: Security update for vim
Type: security
Severity: important
References: 1261833,1262395,1264706,1264707,1264708,1265349,1265360,CVE-2026-39881,CVE-2026-42307,CVE-2026-43961,CVE-2026-44656,CVE-2026-45130,CVE-2026-46483
This update for vim fixes the following issues
- CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes (bsc#1261833).
- CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin
bundled with Vim (bsc#1264706).
- CVE-2026-43961: Vimscript Code Injection in netrw NetrwMarkFile() via crafted filename (bsc#1265349).
- CVE-2026-44656: Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's: find command-line
completion (bsc#1264707).
- CVE-2026-45130: Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when
loading a crafted spell file (.spl) with UTF-8 encoding active (bsc#1264708).
- CVE-2026-46483: command injection via ` tar#Vimuntar()` in `runtime/autoload/tar.vim` when decompressing `.tgz`
archives on Unix-like systems (bsc#1265360).
Changes for vim:
- Update to v9.2.0530.
- Fix for incorrectly detecting scientific parameter files as bitbake recipies. (bsc#1262395)
The following package changes have been done:
- avahi-0.8-150400.7.31.2 updated
- libavahi-common3-0.8-150400.7.31.2 updated
- libavahi-core7-0.8-150400.7.31.2 updated
- vim-data-common-9.2.0530-150000.5.94.1 updated
- vim-small-9.2.0530-150000.5.94.1 updated
More information about the sle-container-updates
mailing list