SUSE-IU-2026:4527-1: Security update of suse/sl-micro/6.1/kvm-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Sat Jun 13 07:49:25 UTC 2026


SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:4527-1
Image Tags        : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.141 , suse/sl-micro/6.1/kvm-os-container:latest
Image Release     : 5.141
Severity          : important
Type              : security
References        : 1230698 1244485 1245878 1254227 1254430 1254431 1256816 1256817
                        1256818 1256819 1256820 1256821 1257144 1257496 1260277 1260446
                        1261678 1266340 1266341 1266342 1266344 1266349 1266353 1266355
                        1266356 1266357 CVE-2024-41996 CVE-2025-61726 CVE-2025-61727
                        CVE-2025-61728 CVE-2025-61729 CVE-2025-61730 CVE-2025-61731 CVE-2025-68119
                        CVE-2025-68121 CVE-2026-24515 CVE-2026-25210 CVE-2026-28390 CVE-2026-33186
                        CVE-2026-34180 CVE-2026-34182 CVE-2026-42766 CVE-2026-42770 CVE-2026-45445
                        CVE-2026-45446 CVE-2026-45447 CVE-2026-7383 CVE-2026-9076 
-----------------------------------------------------------------

The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 574
Released:    Thu Jun 11 11:43:01 2026
Summary:     Security update for elemental-system-agent
Type:        security
Severity:    important
References:  1244485,1245878,1254227,1254430,1254431,1256816,1256817,1256818,1256819,1256820,1256821,1260277,CVE-2025-61726,CVE-2025-61727,CVE-2025-61728,CVE-2025-61729,CVE-2025-61730,CVE-2025-61731,CVE-2025-68119,CVE-2025-68121,CVE-2026-33186
This update for elemental-system-agent fixes the following issue

- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-
  header (bsc#1260277).

Changes for elemental-system-agent:

- Update to version 0.3.16:
 * setup for immutable releases (#274)
 * align system-agent image publishing for signed releases (#270)
 * Bumo github.com/docker/cli to v29.2.0 and go.opentelemetry.io/otel to v1.43.0
 * run go mod tidy in /test folder
 * Bump google.golang.org/grpc from 1.75.0 to 1.79.3 (bsc#1260277 CVE-2026-33186)
 * Bump github.com/docker/cli in /test
 * export CATTLE_NODE_NAME if SYSTEM_UPGRADE_NODE_NAME is set
 * use correct prefix for system-agent binary (#273)
 * checksum validation (#271)
 * Add `validate` subcommand for configuration validation (#250)
 * Update CODEOWNERS
 * Pin GH Actions to commit sha
 * chore: bump sles to 15.7
 * Extend remote plan e2e tests
 * Fix agent restart issue and introduce constants
 * chore: bump go to v1.25
 * Setup e2e test infrastructure
 * chores(deps): Bump k8s dependencies
 * Define linter rules
 * Fix CI failures
 * Introduce an extended Makefile
 * Switch workflows to use name makefile
 * Replace dapper with multi stage builds
 * Remove dapper scripts
 * Add multiple improvements for ignore files
 * fix: remove umask command from the system-agent unit-file
 * fix-system-agent-umask
 * [1.34] bumped dependencies for 1.34 support (#242)
 * Bump K8s patch level to 1.33.5 and Go patch level to 1.24.6
 * fix: properly handle traps after unsuccessful SUC job execution
 * fix: do not unconditionally reset failure-counts
 * fix: remove resetFailureCountOnStartup, always reset failure counts on first start
 * un-rc wrangler and lasso
 * drop windows 2019 when running PR CI
- Update to version 0.3.13:
 * Bumped dependencies for k8s v1.33
 * Add delete for plan.File
 * fix dispatch
 * fix: add retry logic for one time instruction
 * Get UID/GID for current user in write file_test.go
 * Update secrets for dispatch
 * fix golangci
 * support k8s 1.32.2
 * Add GitHub App token generation and dispatch job for System Agent Upgrade workflow.
 * Add ResetFailureCountOnServiceRestart, if true reset plan failure count after each restart of the system-agent
 * Bump wharfie to v0.6.7
 * Add tests and update CI
 * Windows updates

-----------------------------------------------------------------
Advisory ID: 576
Released:    Thu Jun 11 14:50:14 2026
Summary:     Security update for openssl-3
Type:        security
Severity:    important
References:  1230698,1257144,1257496,1260446,1261678,1266340,1266341,1266342,1266344,1266349,1266353,1266355,1266356,1266357,CVE-2024-41996,CVE-2026-24515,CVE-2026-25210,CVE-2026-28390,CVE-2026-34180,CVE-2026-34182,CVE-2026-42766,CVE-2026-42770,CVE-2026-45445,CVE-2026-45446,CVE-2026-45447,CVE-2026-7383,CVE-2026-9076
This update for openssl-3 fixes the following issues

- CVE-2024-41996: DHEATATTACK: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol,
  when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698).
- CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion (bsc#1266340).
- CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption (bsc#1266341).
- CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with
  KeyTransportRecipientInfo (bsc#1261678).
- CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing (bsc#1266342).
- CVE-2026-34182: CMS AuthEnvelopedData Processing May Accept Forged Messages (bsc#1266344).
- CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption (bsc#1266349).
- CVE-2026-42770: FFC-DH Peer Validation Uses Attacker-Supplied q (bsc#1266353).
- CVE-2026-45445: AES-OCB IV Ignored on EVP_Cipher() Path (bsc#1266355).
- CVE-2026-45446: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes (bsc#1266356).
- CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify() (bsc#1266357).


The following package changes have been done:

- libopenssl3-3.1.4-slfo.1.1_10.1 updated
- SL-Micro-release-6.1-slfo.1.12.46 updated
- elemental-system-agent-0.3.16-slfo.1.1_1.1 updated
- container:SL-Micro-base-container-2.2.1-5.141 updated


More information about the sle-container-updates mailing list