SUSE-IU-2026:4529-1: Security update of suse/sl-micro/6.1/rt-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Sat Jun 13 07:51:37 UTC 2026


SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:4529-1
Image Tags        : suse/sl-micro/6.1/rt-os-container:2.2.1 , suse/sl-micro/6.1/rt-os-container:2.2.1-5.133 , suse/sl-micro/6.1/rt-os-container:latest
Image Release     : 5.133
Severity          : important
Type              : security
References        : 1248988 1251679 1260277 1265921 1266789 1267168 1267197 CVE-2025-58190
                        CVE-2026-25680 CVE-2026-25681 CVE-2026-27136 CVE-2026-33186 CVE-2026-33814
                        CVE-2026-39821 CVE-2026-42502 CVE-2026-42506 
-----------------------------------------------------------------

The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 571
Released:    Wed Jun 10 09:45:47 2026
Summary:     Security update for elemental-operator
Type:        security
Severity:    important
References:  1248988,1251679,1260277,1265921,1266789,1267168,1267197,CVE-2025-58190,CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-33186,CVE-2026-33814,CVE-2026-39821,CVE-2026-42502,CVE-2026-42506
This update for elemental-operator fixes the following issue

- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-
  header (bsc#1260277).

Changes for elemental-operator:

- Changes on top of v1.7.5:
 * 41f54076 Fix reference in labels
 * 3bdb9321 Adapt labels to pass OBS container checks
- Update to v1.7.5:
 * ecfa8d9c Bump unit test environment artifacts
 * 03803c72 Bump test environment tools in Makefile
 * bc886323 Update auto-generated code (make generate)
 * f4d26385 Bump controller generator to version 0.19
 * a7fe515d Bump golangci/golangci-lint-action
 * b45c5e56 Bump to Dockerfiles and spec to go1.25
 * a7d78295 Bump google.golang.org/grpc library (bsc#1260277 CVE-2026-33186)
 * 2c012c2e Bump golang.org/x/net to v0.55.0, includes fixes for:
 - bsc#1266789 bsc#1265921 bsc#1267197 bsc#1267168 bsc#1251679
 * 46e7c635 Update headers to 2026


The following package changes have been done:

- elemental-register-1.7.5-slfo.1.1_1.1 updated
- elemental-support-1.7.5-slfo.1.1_1.1 updated
- elemental-toolkit-2.2.9-slfo.1.1_1.1 updated
- container:SL-Micro-container-2.2.1-7.119 updated


More information about the sle-container-updates mailing list