SUSE-IU-2026:4505-1: Security update of suse/sl-micro/6.0/baremetal-os-container
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Jun 12 07:35:30 UTC 2026
SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:4505-1
Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.188 , suse/sl-micro/6.0/baremetal-os-container:latest
Image Release : 6.188
Severity : important
Type : security
References : 1251679 1260277 1260277 1265921 1266187 1266789 1267168 1267168
1267197 CVE-2025-58190 CVE-2026-25680 CVE-2026-25680 CVE-2026-25681
CVE-2026-25681 CVE-2026-27136 CVE-2026-27136 CVE-2026-33186 CVE-2026-33186
CVE-2026-33814 CVE-2026-39821 CVE-2026-39827 CVE-2026-39828 CVE-2026-39829
CVE-2026-39830 CVE-2026-39831 CVE-2026-39832 CVE-2026-39833 CVE-2026-39834
CVE-2026-39835 CVE-2026-42502 CVE-2026-42502 CVE-2026-42506 CVE-2026-42506
CVE-2026-42508 CVE-2026-46595 CVE-2026-46597 CVE-2026-46598
-----------------------------------------------------------------
The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 749
Released: Wed Jun 10 10:12:23 2026
Summary: Security update for elemental-toolkit
Type: security
Severity: important
References: 1260277,1266187,1267168,CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-33186,CVE-2026-39827,CVE-2026-39828,CVE-2026-39829,CVE-2026-39830,CVE-2026-39831,CVE-2026-39832,CVE-2026-39833,CVE-2026-39834,CVE-2026-39835,CVE-2026-42502,CVE-2026-42506,CVE-2026-42508,CVE-2026-46595,CVE-2026-46597,CVE-2026-46598
This update for elemental-toolkit fixes the following issue
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-
header (bsc#1260277).
Changes for elemental-toolkit:
- Update to version 2.1.6:
* Bump golang.org/x/net to v0.55.0 (bsc#1267168)
* Bump golang.org/x/crypto to v0.52.0 (bsc#1266187)
* Update orange flavor
* Install hugo from the OS repositories
* Bump actions/upload-artifact to v7
* Bump actions/cache to v5
* Bump golangci/golangci-lint-action to v9
* Bump github.com/spf13/cobra library
* Bump github.com/jaypipes/ghw library
* Bump github.com/bramvdbogaerde/go-scp library
* Bump google.golang.org/grpc library (bsc#1260277 CVE-2026-33186)
* Bump github.com/ulikunitz/xz library
* Do not clean cache on PRs from forks
-----------------------------------------------------------------
Advisory ID: 750
Released: Wed Jun 10 10:12:23 2026
Summary: Security update for elemental-operator
Type: security
Severity: important
References: 1251679,1260277,1265921,1266789,1267168,1267197,CVE-2025-58190,CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-33186,CVE-2026-33814,CVE-2026-39821,CVE-2026-42502,CVE-2026-42506
This update for elemental-operator fixes the following issue
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-
header (bsc#1260277).
Changes for elemental-operator:
- Fix substitution
- Fix reference in labels
- Adapt labels to pass OBS container checks
- Update to version 1.6.11:
* Bump unit test environment artifacts
* Bump test environment tools in Makefile
* Bump actions
* Refresh auto-generated code (make run)
* Bump controller generator to version 0.19
* Bump golangci/golangci-lint-action
* Bump google.golang.org/grpc library (bsc#1260277 CVE-2026-33186)
* Update spec and Dockerfiles to use go1.25
* Bump golang.org/x/net to v0.55.0, includes fixes for:
- bsc#1266789 bsc#1265921 bsc#1267197 bsc#1267168 bsc#1251679
* Update year in header
* Remove labeler workflow
The following package changes have been done:
- elemental-register-1.6.11-1.1 updated
- elemental-support-1.6.11-1.1 updated
- elemental-toolkit-2.1.6-1.1 updated
- container:SL-Micro-base-container-2.1.3-7.154 updated
More information about the sle-container-updates
mailing list