SUSE-IU-2026:1508-1: Security update of suse/sl-micro/6.1/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Mar 19 16:00:49 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:1508-1
Image Tags        : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.74 , suse/sl-micro/6.1/baremetal-os-container:latest
Image Release     : 7.74
Severity          : moderate
Type              : security
References        : 1234959 1246602 1247519 1247520 1247522 1247884 1247885 1258229
                        1259051 1259377 1259385 CVE-2024-56738 CVE-2025-53906 CVE-2025-54349
                        CVE-2025-54350 CVE-2025-54351 CVE-2025-54389 CVE-2025-54409 CVE-2026-2219
                        CVE-2026-26269 CVE-2026-28417 CVE-2026-3731 
-----------------------------------------------------------------

The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 445
Released:    Wed Mar 18 14:45:32 2026
Summary:     Security update for vim
Type:        security
Severity:    moderate
References:  1234959,1246602,1258229,1259051,CVE-2024-56738,CVE-2025-53906,CVE-2026-26269,CVE-2026-28417
This update for vim fixes the following issues:

Update Vim to version 9.2.0110:

- CVE-2025-53906: malicious zip archive may cause a path traversal in Vim's zip (bsc#1246602).
- CVE-2026-26269: Netbeans specialKeys stack buffer overflow (bsc#1258229).
- CVE-2026-28417: crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051).

-----------------------------------------------------------------
Advisory ID: 448
Released:    Thu Mar 19 12:21:31 2026
Summary:     Security update for dpkg
Type:        security
Severity:    moderate
References:  1247519,1247520,1247522,1259385,CVE-2025-54349,CVE-2025-54350,CVE-2025-54351,CVE-2026-2219
This update for dpkg fixes the following issue:

- CVE-2026-2219: dpkg-deb: malformed .deb archives can cause a denial of service (bsc#1259385).

-----------------------------------------------------------------
Advisory ID: 449
Released:    Thu Mar 19 12:24:33 2026
Summary:     Security update for libssh
Type:        security
Severity:    moderate
References:  1247884,1247885,1259377,CVE-2025-54389,CVE-2025-54409,CVE-2026-3731
This update for libssh fixes the following issue:

- CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler (bsc#1259377).


The following package changes have been done:

- SL-Micro-release-6.1-slfo.1.12.18 updated
- libssh-config-0.10.6-slfo.1.1_5.1 updated
- libssh4-0.10.6-slfo.1.1_5.1 updated
- update-alternatives-1.22.0-slfo.1.1_3.1 updated
- vim-data-common-9.2.0110-slfo.1.1_1.1 updated
- vim-small-9.2.0110-slfo.1.1_1.1 updated
- container:SL-Micro-base-container-2.2.1-5.96 updated

More information about the sle-container-updates mailing list