SUSE-IU-2026:1326-1: Security update of suse/sl-micro/6.0/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Sat Mar 7 08:07:22 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:1326-1
Image Tags        : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.133 , suse/sl-micro/6.0/baremetal-os-container:latest
Image Release     : 6.133
Severity          : moderate
Type              : security
References        : 1247850 1247858 1250553 1256804 1256805 1256807 1256808 1256809
                        1256810 1256811 1256812 1257593 1257594 1257595 CVE-2025-10911
                        CVE-2025-8732 CVE-2026-0989 CVE-2026-0990 CVE-2026-0992 CVE-2026-1757
-----------------------------------------------------------------

The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 608
Released:    Fri Mar  6 12:53:41 2026
Summary:     Security update for libxslt, libxml2
Type:        security
Severity:    moderate
References:  1247850,1247858,1250553,1256804,1256805,1256807,1256808,1256809,1256810,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2025-8732,CVE-2026-0989,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757
This update for libxslt, libxml2 fixes the following issues:

Changes in libxml2:

- CVE-2026-0990: call stack overflow may lead to application crash due to infinite recursion in
  `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811).
- CVE-2026-0992: excessive resource consumption when processing XML catalogs due to exponential behavior when handling
  `nextCatalog` elements (bsc#1256809, bsc#1256812).
- CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files
  (bsc#1247858).
- CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257594, bsc#1257595).
- CVE-2025-10911: parsing xsl nodes may lead to use-after-free with key data stored cross-RVT (bsc#1250553).


The following package changes have been done:

- libxml2-2-2.11.6-12.1 updated
- SL-Micro-release-6.0-25.72 updated
- libxslt1-1.1.38-8.1 updated
- container:SL-Micro-base-container-2.1.3-7.101 updated

More information about the sle-container-updates mailing list