SUSE-CU-2026:1516-1: Security update of suse/sl-micro/6.0/toolbox

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Mar 10 08:19:33 UTC 2026 

SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:1516-1
Container Tags        : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.73 , suse/sl-micro/6.0/toolbox:latest
Container Release     : 9.73
Severity              : important
Type                  : security
References            : 1216378 1257029 1257031 1257041 1257042 1257044 1257046 1257108
                        1258392 CVE-2023-45853 CVE-2025-11468 CVE-2025-12781 CVE-2025-15282
                        CVE-2025-15366 CVE-2025-15367 CVE-2026-0672 CVE-2026-0865 CVE-2026-27171
-----------------------------------------------------------------

The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 610
Released:    Mon Mar  9 10:54:57 2026
Summary:     Security update for zlib
Type:        security
Severity:    moderate
References:  1216378,1258392,CVE-2023-45853,CVE-2026-27171
This update for zlib fixes the following issues:

- CVE-2026-27171: Fixed an infinite loop via the crc32_combine64 and crc32_combine_gen64 functions due to missing checks for negative lengths. (bsc#1258392)
- CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6. (bsc#1216378)

-----------------------------------------------------------------
Advisory ID: 611
Released:    Mon Mar  9 11:51:06 2026
Summary:     Security update for python311
Type:        security
Severity:    important
References:  1257029,1257031,1257041,1257042,1257044,1257046,1257108,CVE-2025-11468,CVE-2025-12781,CVE-2025-15282,CVE-2025-15366,CVE-2025-15367,CVE-2026-0672,CVE-2026-0865
This update for python311 fixes the following issues:

- CVE-2025-11468: preserving parens when folding comments in email headers. (bsc#1257029)
- CVE-2026-0672: rejects control characters in http cookies. (bsc#1257031)
- CVE-2026-0865: rejecting control characters in wsgiref.headers.Headers, which could be abused for injecting false HTTP headers. (bsc#1257042)
- CVE-2025-15366: basically the same as the previous patch for IMAP protocol. (bsc#1257044)
- CVE-2025-15282: basically the same as the previous patch for urllib library. (bsc#1257046)
- CVE-2025-15367: basically the same as the previous patch for poplib library. (bsc#1257041)
- CVE-2025-12781: fix decoding with non-standard Base64 alphabet (bsc#1257108)


The following package changes have been done:

- SL-Micro-release-6.0-25.73 updated
- libpython3_11-1_0-3.11.14-3.1 updated
- libz1-1.2.13-7.1 updated
- python311-base-3.11.14-3.1 updated
- skelcd-EULA-SL-Micro-2024.01.19-8.72 updated

More information about the sle-container-updates mailing list