SUSE-IU-2026:1561-1: Security update of suse/sl-micro/6.1/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Mar 25 08:17:32 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:1561-1
Image Tags        : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.78 , suse/sl-micro/6.1/baremetal-os-container:latest
Image Release     : 7.78
Severity          : important
Type              : security
References        : 1248438 1259418 1259650 1259697 CVE-2025-20053 CVE-2025-20109
                        CVE-2025-22839 CVE-2025-22840 CVE-2025-22889 CVE-2025-26403 CVE-2025-32086
                        CVE-2026-29111 CVE-2026-4105 
-----------------------------------------------------------------

The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 458
Released:    Tue Mar 24 10:38:06 2026
Summary:     Security update for systemd
Type:        security
Severity:    important
References:  1248438,1259418,1259650,1259697,CVE-2025-20053,CVE-2025-20109,CVE-2025-22839,CVE-2025-22840,CVE-2025-22889,CVE-2025-26403,CVE-2025-32086,CVE-2026-29111,CVE-2026-4105
This update for systemd fixes the following issues:

- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418).
- udev: check for invalid chars in various fields received from the kernel (bsc#1259697).  

Changelog:

- a943e3ce2f machined: reject invalid class types when registering machines 
- 71593f77db udev: fix review mixup
- 73a89810b4 udev-builtin-net-id: print cescaped bad attributes
- 0f360bfdc0 udev-builtin-net_id: do not assume the current interface name is ethX
- 40905232e2 udev: ensure tag parsing stays within bounds
- 7bce9026e3 udev: ensure there is space for trailing NUL before calling sprintf
- d018ac1ea3 udev: check for invalid chars in various fields received from the kernel
- aef6e11921 core/cgroup: avoid one unnecessary strjoina()
- cc7426f38a sd-json: fix off-by-one issue when updating parent for array elements
- 26a748f727 core: validate input cgroup path more prudently 
- 99d8308fde core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs


The following package changes have been done:

- libudev1-254.27-slfo.1.1_4.1 updated
- libsystemd0-254.27-slfo.1.1_4.1 updated
- SL-Micro-release-6.1-slfo.1.12.21 updated
- systemd-254.27-slfo.1.1_4.1 updated
- udev-254.27-slfo.1.1_4.1 updated
- container:SL-Micro-base-container-2.2.1-5.100 updated

More information about the sle-container-updates mailing list