SUSE-IU-2026:1559-1: Security update of suse/sl-micro/6.0/kvm-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Mar 25 08:11:07 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:1559-1
Image Tags        : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.133 , suse/sl-micro/6.0/kvm-os-container:latest
Image Release     : 6.133
Severity          : important
Type              : security
References        : 1228081 1254293 1256427 1259418 1259650 1259697 CVE-2026-29111
                        CVE-2026-4105 
-----------------------------------------------------------------

The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 638
Released:    Tue Mar 24 10:27:18 2026
Summary:     Security update for systemd
Type:        security
Severity:    important
References:  1228081,1254293,1256427,1259418,1259650,1259697,CVE-2026-29111,CVE-2026-4105
This update for systemd fixes the following issues:

Security issues:

- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418).
- udev: check for invalid chars in various fields received from the kernel (bsc#1259697).

Non security issues:

- Name libsystemd-{shared,core} based on the major version of systemd and the
  package release number (bsc#1228081, bsc#1256427)
- detect-virt: bare-metal GCE only for x86 and i386 (bsc#1254293)

Changelog:

- a943e3ce2f machined: reject invalid class types when registering machines
- 71593f77db udev: fix review mixup
- 73a89810b4 udev-builtin-net-id: print cescaped bad attributes
- 0f360bfdc0 udev-builtin-net_id: do not assume the current interface name is ethX
- 40905232e2 udev: ensure tag parsing stays within bounds
- 7bce9026e3 udev: ensure there is space for trailing NUL before calling sprintf
- d018ac1ea3 udev: check for invalid chars in various fields received from the kernel
- aef6e11921 core/cgroup: avoid one unnecessary strjoina()
- cc7426f38a sd-json: fix off-by-one issue when updating parent for array elements
- 26a748f727 core: validate input cgroup path more prudently
- 99d8308fde core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs
- 8bbac1d508 detect-virt: bare-metal GCE only for x86 and i386


The following package changes have been done:

- libudev1-254.27-3.1 updated
- libsystemd0-254.27-3.1 updated
- SL-Micro-release-6.0-25.78 updated
- systemd-254.27-3.1 updated
- udev-254.27-3.1 updated
- container:SL-Micro-base-container-2.1.3-7.114 updated

More information about the sle-container-updates mailing list