SUSE-CU-2026:1415-1: Security update of suse/sl-micro/6.0/toolbox

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Sat Mar 7 08:16:03 UTC 2026 

SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:1415-1
Container Tags        : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.72 , suse/sl-micro/6.0/toolbox:latest
Container Release     : 9.72
Severity              : moderate
Type                  : security
References            : 1247850 1247858 1250553 1256804 1256805 1256807 1256808 1256809
                        1256810 1256811 1256812 1257593 1257594 1257595 CVE-2025-10911
                        CVE-2025-8732 CVE-2026-0989 CVE-2026-0990 CVE-2026-0992 CVE-2026-1757
-----------------------------------------------------------------

The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 608
Released:    Fri Mar  6 12:53:41 2026
Summary:     Security update for libxslt, libxml2
Type:        security
Severity:    moderate
References:  1247850,1247858,1250553,1256804,1256805,1256807,1256808,1256809,1256810,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2025-8732,CVE-2026-0989,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757
This update for libxslt, libxml2 fixes the following issues:

Changes in libxml2:

- CVE-2026-0990: call stack overflow may lead to application crash due to infinite recursion in
  `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811).
- CVE-2026-0992: excessive resource consumption when processing XML catalogs due to exponential behavior when handling
  `nextCatalog` elements (bsc#1256809, bsc#1256812).
- CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files
  (bsc#1247858).
- CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257594, bsc#1257595).
- CVE-2025-10911: parsing xsl nodes may lead to use-after-free with key data stored cross-RVT (bsc#1250553).


The following package changes have been done:

- SL-Micro-release-6.0-25.72 updated
- libxml2-2-2.11.6-12.1 updated
- skelcd-EULA-SL-Micro-2024.01.19-8.71 updated

More information about the sle-container-updates mailing list