SUSE-IU-2026:1273-1: Security update of suse/sl-micro/6.1/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Mar 5 08:15:04 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:1273-1
Image Tags        : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.62 , suse/sl-micro/6.1/baremetal-os-container:latest
Image Release     : 7.62
Severity          : important
Type              : security
References        : 1225451 1233393 1234304 1240750 1240752 1240754 1240756 1240757
                        1241162 1241164 1241214 1241222 1241223 1241226 1241238 1241252
                        1241263 1241686 1241688 1246472 1250373 1250692 1250692 1257357
                        CVE-2025-2784 CVE-2025-32050 CVE-2025-32051 CVE-2025-32052 CVE-2025-32053
                        CVE-2025-32906 CVE-2025-32907 CVE-2025-32908 CVE-2025-32909 CVE-2025-32910
                        CVE-2025-32911 CVE-2025-32912 CVE-2025-32913 CVE-2025-32914 CVE-2025-41244
                        CVE-2025-41244 CVE-2025-46420 CVE-2025-46421 CVE-2025-7519 
-----------------------------------------------------------------

The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 158
Released:    Wed Jun 25 10:16:46 2025
Summary:     Security update for libsoup
Type:        security
Severity:    important
References:  1225451,1233393,1234304,1240750,1240752,1240754,1240756,1240757,1241162,1241164,1241214,1241222,1241223,1241226,1241238,1241252,1241263,1241686,1241688,1250373,1250692,CVE-2025-2784,CVE-2025-32050,CVE-2025-32051,CVE-2025-32052,CVE-2025-32053,CVE-2025-32906,CVE-2025-32907,CVE-2025-32908,CVE-2025-32909,CVE-2025-32910,CVE-2025-32911,CVE-2025-32912,CVE-2025-32913,CVE-2025-32914,CVE-2025-41244,CVE-2025-46420,CVE-2025-46421
This update for libsoup fixes the following issues:

- CVE-2025-2784: Fixed Heap buffer over-read in `skip_insignificant_space` 
  when sniffing content (bsc#1240750)
- CVE-2025-32050:Fixed Integer overflow in append_param_quoted (bsc#1240752)
- CVE-2025-32051:Fixed Segmentation fault when parsing malformed data URI (bsc#1240754)
- CVE-2025-32052:Fixed Heap buffer overflow in sniff_unknown() (bsc#1240756)
- CVE-2025-32053:Fixed Heap buffer overflows in sniff_feed_or_html() and
  skip_insignificant_space() (bsc#1240757)
- CVE-2025-32913:Fixed NULL pointer dereference in 
  soup_message_headers_get_content_disposition (bsc#1241162)
- CVE-2025-32914:Fixed out of bounds read  in `soup_multipart_new_from_message()` (bsc#1241164)
- CVE-2025-32912:Fixed NULL pointer dereference in SoupAuthDigest (bsc#1241214)
- CVE-2025-32907:Fixed excessive memory consumption in server when client requests
  a large amount of overlapping ranges in a single HTTP request (bsc#1241222)
- CVE-2025-32908:Fixed HTTP request leading to server crash due to HTTP/2 server not fully
  validating the values of pseudo-headers (bsc#1241223)
- CVE-2025-32909:Fixed NULL pointer dereference in the sniff_mp4 function in 
  soup-content-sniffer.c (bsc#1241226)
- CVE-2025-32911:Fixed Double free on soup_message_headers_get_content_disposition() 
  via 'params' (bsc#1241238)
- CVE-2025-32910:Fixed null pointer deference on client when server omits the 'realm' 
  parameter in an Unauthorized response with Digest authentication (bsc#1241252)
- CVE-2025-32906:Fixed Out of bounds reads in soup_headers_parse_request() (bsc#1241263)
- CVE-2025-46420:Fixed Memory leak on soup_header_parse_quality_list() via soup-headers.c (bsc#1241686)
- CVE-2025-46421:Fixed HTTP Authorization Header leak via an HTTP redirect (bsc#1241688) 

-----------------------------------------------------------------
Advisory ID: 425
Released:    Wed Mar  4 16:33:33 2026
Summary:     Recommended update for open-vm-tools
Type:        recommended
Severity:    moderate
References:  1246472,1250692,1257357,CVE-2025-41244,CVE-2025-7519
This update for open-vm-tools fixes the following issues:

- update to 13.0.10 based on build 25056151 (boo#1257357):
    * There are no new features in the open-vm-tools 13.0.10 release.
    * This is primarily a maintenance release that addresses a fix.
    * A minor enhancement has been made for Guest OS Customization.
    * The DeployPkg plugin has been updated to handle a new cloud-init error code that
      signals a recoverable error and allow cloud-init to finish running.


The following package changes have been done:

- libvmtools0-13.0.10-slfo.1.1_1.1 updated
- open-vm-tools-13.0.10-slfo.1.1_1.1 updated
- container:SL-Micro-base-container-2.2.1-5.83 updated

More information about the sle-container-updates mailing list