SUSE-IU-2026:4505-1: Security update of suse/sl-micro/6.0/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Jun 12 07:35:30 UTC 2026


SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:4505-1
Image Tags        : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.188 , suse/sl-micro/6.0/baremetal-os-container:latest
Image Release     : 6.188
Severity          : important
Type              : security
References        : 1251679 1260277 1260277 1265921 1266187 1266789 1267168 1267168
                        1267197 CVE-2025-58190 CVE-2026-25680 CVE-2026-25680 CVE-2026-25681
                        CVE-2026-25681 CVE-2026-27136 CVE-2026-27136 CVE-2026-33186 CVE-2026-33186
                        CVE-2026-33814 CVE-2026-39821 CVE-2026-39827 CVE-2026-39828 CVE-2026-39829
                        CVE-2026-39830 CVE-2026-39831 CVE-2026-39832 CVE-2026-39833 CVE-2026-39834
                        CVE-2026-39835 CVE-2026-42502 CVE-2026-42502 CVE-2026-42506 CVE-2026-42506
                        CVE-2026-42508 CVE-2026-46595 CVE-2026-46597 CVE-2026-46598 
-----------------------------------------------------------------

The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 749
Released:    Wed Jun 10 10:12:23 2026
Summary:     Security update for elemental-toolkit
Type:        security
Severity:    important
References:  1260277,1266187,1267168,CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-33186,CVE-2026-39827,CVE-2026-39828,CVE-2026-39829,CVE-2026-39830,CVE-2026-39831,CVE-2026-39832,CVE-2026-39833,CVE-2026-39834,CVE-2026-39835,CVE-2026-42502,CVE-2026-42506,CVE-2026-42508,CVE-2026-46595,CVE-2026-46597,CVE-2026-46598
This update for elemental-toolkit fixes the following issue

- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-
  header (bsc#1260277).

Changes for elemental-toolkit:

- Update to version 2.1.6:
 * Bump golang.org/x/net to v0.55.0 (bsc#1267168)
 * Bump golang.org/x/crypto to v0.52.0 (bsc#1266187)
 * Update orange flavor
 * Install hugo from the OS repositories
 * Bump actions/upload-artifact to v7
 * Bump actions/cache to v5
 * Bump golangci/golangci-lint-action to v9
 * Bump github.com/spf13/cobra library
 * Bump github.com/jaypipes/ghw library
 * Bump github.com/bramvdbogaerde/go-scp library
 * Bump google.golang.org/grpc library (bsc#1260277 CVE-2026-33186)
 * Bump github.com/ulikunitz/xz library
 * Do not clean cache on PRs from forks

-----------------------------------------------------------------
Advisory ID: 750
Released:    Wed Jun 10 10:12:23 2026
Summary:     Security update for elemental-operator
Type:        security
Severity:    important
References:  1251679,1260277,1265921,1266789,1267168,1267197,CVE-2025-58190,CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-33186,CVE-2026-33814,CVE-2026-39821,CVE-2026-42502,CVE-2026-42506
This update for elemental-operator fixes the following issue

- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-
  header (bsc#1260277).

Changes for elemental-operator:

- Fix substitution
- Fix reference in labels
- Adapt labels to pass OBS container checks
- Update to version 1.6.11:
 * Bump unit test environment artifacts
 * Bump test environment tools in Makefile
 * Bump actions
 * Refresh auto-generated code (make run)
 * Bump controller generator to version 0.19
 * Bump golangci/golangci-lint-action
 * Bump google.golang.org/grpc library (bsc#1260277 CVE-2026-33186)
 * Update spec and Dockerfiles to use go1.25
 * Bump golang.org/x/net to v0.55.0, includes fixes for:
 - bsc#1266789 bsc#1265921 bsc#1267197 bsc#1267168 bsc#1251679
 * Update year in header
 * Remove labeler workflow


The following package changes have been done:

- elemental-register-1.6.11-1.1 updated
- elemental-support-1.6.11-1.1 updated
- elemental-toolkit-2.1.6-1.1 updated
- container:SL-Micro-base-container-2.1.3-7.154 updated


More information about the sle-container-updates mailing list