SUSE-IU-2026:4960-1: Security update of suse/sl-micro/6.2/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Jun 23 07:07:19 UTC 2026


SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:4960-1
Image Tags        : suse/sl-micro/6.2/baremetal-os-container:2.3.1 , suse/sl-micro/6.2/baremetal-os-container:2.3.1-8.20 , suse/sl-micro/6.2/baremetal-os-container:latest
Image Release     : 8.20
Severity          : moderate
Type              : security
References        : 1117217 1181400 1257235 1257312 1261546 1263855 1265304 1267212
                        CVE-2026-24401 CVE-2026-34933 
-----------------------------------------------------------------

The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 1031
Released:    Mon Jun 22 16:34:40 2026
Summary:     Security update for rpcbind
Type:        security
Severity:    moderate
References:  1117217,1181400,1267212
This update for rpcbind fixes the following issues

- Update to rpcbind 1.2.9 (bsc#1267212)
 https://lore.kernel.org/linux-nfs/5cad3ab4-d24a-45fa-b1e9-d57b2c47a5e4@redhat.com/
 * rpcinfo: stack buffer overflow in rpcinfo rpcbaddrlist()
 * rpcbind: Stop unauthenticated oversized allocation in PMAPPROC_CALLIT decode
 * rpcbind: fix memory leak in read_warmstart()
 * rpcbind: fix memory leaks in network_init()
 * rpcbind: fix memory leak in init_transport()
 * Added -v (print version and compile flags)
 * rpcinfo: Removed a number of 'old-style function definition' warnings
 * man/rpcbind: Update list of options
 * Comment out ListenStream=@/run/rpcbind.sock
 * [nfs/nfs-utils/rpcbind] rpcbind: avoid dereferencing NULL from realloc()
 * systemd/rpcbind.service.in: Add various hardenings options
 * man/rpcbind: Add Files section to manpage
 * Moved rpcbind.lock and default configs to /run instead of /var/run

-----------------------------------------------------------------
Advisory ID: 1026
Released:    Mon Jun 22 16:40:15 2026
Summary:     Security update for avahi
Type:        security
Severity:    moderate
References:  1257235,1261546,CVE-2026-24401,CVE-2026-34933
This update for avahi fixes the following issues:

- CVE-2026-34933: reachable assertion in `transport_flags_from_domain` can crash the `avahi-daemon` (bsc#1261546).
- CVE-2026-24401: unsolicited mDNS responses containing a recursive CNAME record can crash the `avahi-daemon`
  (bsc#1257235).

-----------------------------------------------------------------
Advisory ID: 1046
Released:    Mon Jun 22 17:08:35 2026
Summary:     Recommended update for nftables
Type:        recommended
Severity:    moderate
References:  1263855
This update for nftables fixes the following issues:

- fix a NULL pointer dereference crash which can occur when modification of firewall
  rules happens in parallel e.g. during Docker startup (bsc#1263855).

-----------------------------------------------------------------
Advisory ID: 1048
Released:    Mon Jun 22 17:16:50 2026
Summary:     Recommended update for open-vm-tools
Type:        recommended
Severity:    moderate
References:  1257312,1265304
This update for open-vm-tools fixes the following issues:

- Update to 13.1.0 release based on build 25218885 (bsc#1265304):
    * Support for GNOME Toolkit version 4
    * New release of the Salt-Minion integration script
    * Fallback to ignore systemd inhibitors during guest poweroff / reboot
    * Fix: vmware-vgauth-smoketest: no VGAuthLib.vmsg file
    * Fix: Inline comment breaks 'disable_vmware_customization' check
    * For a more complete description of what is new in this release:
      https://github.com/vmware/open-vm-tools/blob/stable-13.1.0/ReleaseNotes.md#whatsnew
      https://github.com/vmware/open-vm-tools/blob/stable-13.1.0/ReleaseNotes.md#resolved-issues
- Fix build with glibc 2.43 (bsc#1257312)


The following package changes have been done:

- libavahi-common3-0.8-160000.5.1 updated
- libavahi-core7-0.8-160000.5.1 updated
- libavahi-client3-0.8-160000.5.1 updated
- libnftables1-1.1.3-160000.3.1 updated
- avahi-0.8-160000.5.1 updated
- nftables-1.1.3-160000.3.1 updated
- rpcbind-1.2.9-160000.1.1 updated
- libvmtools0-13.1.0-160000.1.1 updated
- open-vm-tools-13.1.0-160000.1.1 updated


More information about the sle-container-updates mailing list