SUSE-IU-2026:1520-1: Security update of suse/sl-micro/6.1/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Sat Mar 21 08:05:38 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:1520-1
Image Tags        : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.76 , suse/sl-micro/6.1/baremetal-os-container:latest
Image Release     : 7.76
Severity          : important
Type              : security
References        : 1252974 1254400 1254401 1254997 1257029 1257031 1257042 1257046
                        CVE-2025-11468 CVE-2025-12084 CVE-2025-13836 CVE-2025-13837 CVE-2025-15282
                        CVE-2025-6075 CVE-2026-0672 CVE-2026-0865 
-----------------------------------------------------------------

The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 453
Released:    Fri Mar 20 12:45:43 2026
Summary:     Security update for python311
Type:        security
Severity:    important
References:  1252974,1254400,1254401,1254997,1257029,1257031,1257042,1257046,CVE-2025-11468,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837,CVE-2025-15282,CVE-2025-6075,CVE-2026-0672,CVE-2026-0865
This update for python311 fixes the following issues:

Updated to Python 3.11.15:
  
- CVE-2025-6075: quadratic complexity in os.path.expandvars() (bsc#1252974).
- CVE-2025-11468: header injection with carefully crafted inputs (bsc#1257029).
- CVE-2025-12084: quadratic complexity in xml.minidom node ID cache clearing (bsc#1254997).
- CVE-2025-13836: potential memory denial of service in the http.client module (bsc#1254400).
- CVE-2025-13837: potential memory denial of service in the plistlib module (bsc#1254401).
- CVE-2025-15282: control characters in URL media types data (bsc#1257046).
- CVE-2026-0672: control characters in http.cookies.Morsel fields and values (bsc#1257031).
- CVE-2026-0865: C0 control characters within wsgiref.headers.Headers fields, values, and parameters (bsc#1257042).


The following package changes have been done:

- SL-Micro-release-6.1-slfo.1.12.19 updated
- python311-base-3.11.15-slfo.1.1_1.1 updated
- libpython3_11-1_0-3.11.15-slfo.1.1_1.1 updated
- python311-3.11.15-slfo.1.1_1.1 updated
- container:SL-Micro-base-container-2.2.1-5.98 updated

More information about the sle-container-updates mailing list