SUSE-IU-2026:4529-1: Security update of suse/sl-micro/6.1/rt-os-container
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sat Jun 13 07:51:37 UTC 2026
SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:4529-1
Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.1 , suse/sl-micro/6.1/rt-os-container:2.2.1-5.133 , suse/sl-micro/6.1/rt-os-container:latest
Image Release : 5.133
Severity : important
Type : security
References : 1248988 1251679 1260277 1265921 1266789 1267168 1267197 CVE-2025-58190
CVE-2026-25680 CVE-2026-25681 CVE-2026-27136 CVE-2026-33186 CVE-2026-33814
CVE-2026-39821 CVE-2026-42502 CVE-2026-42506
-----------------------------------------------------------------
The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 571
Released: Wed Jun 10 09:45:47 2026
Summary: Security update for elemental-operator
Type: security
Severity: important
References: 1248988,1251679,1260277,1265921,1266789,1267168,1267197,CVE-2025-58190,CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-33186,CVE-2026-33814,CVE-2026-39821,CVE-2026-42502,CVE-2026-42506
This update for elemental-operator fixes the following issue
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-
header (bsc#1260277).
Changes for elemental-operator:
- Changes on top of v1.7.5:
* 41f54076 Fix reference in labels
* 3bdb9321 Adapt labels to pass OBS container checks
- Update to v1.7.5:
* ecfa8d9c Bump unit test environment artifacts
* 03803c72 Bump test environment tools in Makefile
* bc886323 Update auto-generated code (make generate)
* f4d26385 Bump controller generator to version 0.19
* a7fe515d Bump golangci/golangci-lint-action
* b45c5e56 Bump to Dockerfiles and spec to go1.25
* a7d78295 Bump google.golang.org/grpc library (bsc#1260277 CVE-2026-33186)
* 2c012c2e Bump golang.org/x/net to v0.55.0, includes fixes for:
- bsc#1266789 bsc#1265921 bsc#1267197 bsc#1267168 bsc#1251679
* 46e7c635 Update headers to 2026
The following package changes have been done:
- elemental-register-1.7.5-slfo.1.1_1.1 updated
- elemental-support-1.7.5-slfo.1.1_1.1 updated
- elemental-toolkit-2.2.9-slfo.1.1_1.1 updated
- container:SL-Micro-container-2.2.1-7.119 updated
More information about the sle-container-updates
mailing list