SUSE-IU-2026:1331-1: Security update of suse/sl-micro/6.1/base-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Sat Mar 7 08:18:27 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:1331-1
Image Tags        : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.86 , suse/sl-micro/6.1/base-os-container:latest
Image Release     : 5.86
Severity          : moderate
Type              : security
References        : 1244554 1244555 1244557 1244580 1244700 1246296 1247850 1247858
                        1250553 1256804 1256805 1256807 1256808 1256809 1256810 1256811
                        1256812 1257593 1257594 1257595 CVE-2025-10911 CVE-2025-49794
                        CVE-2025-49795 CVE-2025-49796 CVE-2025-6021 CVE-2025-6170 CVE-2025-7425
                        CVE-2025-8732 CVE-2026-0989 CVE-2026-0990 CVE-2026-0992 CVE-2026-1757
-----------------------------------------------------------------

The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 429
Released:    Fri Mar  6 12:35:58 2026
Summary:     Security update for libxslt, libxml2
Type:        security
Severity:    moderate
References:  1244554,1244555,1244557,1244580,1244700,1246296,1247850,1247858,1250553,1256804,1256805,1256807,1256808,1256809,1256810,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2025-49794,CVE-2025-49795,CVE-2025-49796,CVE-2025-6021,CVE-2025-6170,CVE-2025-7425,CVE-2025-8732,CVE-2026-0989,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757
This update for libxslt, libxml2 fixes the following issues:

libxml2:

- CVE-2026-0990: call stack overflow leading to application crash 
  due to infinite recursion in `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811)

- CVE-2026-0992: excessive resource consumption when processing XML 
  catalogs due to exponential behavior when handling `<nextCatalog>` elements (bsc#1256808, bsc#1256809, bsc#1256812)

- CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247858, bsc#1247850)

- CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257593, bsc#1257594, bsc#1257595)

- CVE-2025-10911: use-after-free with key data stored cross-RVT (bsc#1250553)

- CVE-2026-0989: call stack exhaustion leading to application crash 
  due to RelaxNG parser not limiting the recursion depth when 
  resolving `<include>` directives (bsc#1256804, bsc#1256805, bsc#1256810)

libxslt:

- CVE-2025-10911 will be fixed on libxml2 side instead [bsc#1250553]


The following package changes have been done:

- libxml2-2-2.11.6-slfo.1.1_8.1 updated
- SL-Micro-release-6.1-slfo.1.12.14 updated
- container:suse-toolbox-image-1.0.0-5.15 updated

More information about the sle-container-updates mailing list