SUSE-CU-2026:2050-1: Security update of suse/sle-micro/5.2/toolbox

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Mar 25 08:52:10 UTC 2026 

SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:2050-1
Container Tags        : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.261 , suse/sle-micro/5.2/toolbox:latest
Container Release     : 7.11.261
Severity              : important
Type                  : security
References            : 1259418 1259650 1259697 CVE-2026-29111 CVE-2026-4105 
-----------------------------------------------------------------

The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:990-1
Released:    Tue Mar 24 08:22:46 2026
Summary:     Security update for systemd
Type:        security
Severity:    important
References:  1259418,1259650,1259697,CVE-2026-29111,CVE-2026-4105
This update for systemd fixes the following issues:

- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418).
- udev: check for invalid chars in various fields received from the kernel (bsc#1259697).  

Changelog:

- 566517ffcb machined: reject invalid class types when registering machines
- abbdd89d78 udev: fix review mixup
- c9cedd26be udev-builtin-net-id: print cescaped bad attributes
- c0f4ec3db9 udev: ensure tag parsing stays within bounds
- 38afcb73cc udev: ensure there is space for trailing NUL before calling sprintf
- a64247de62 udev: check for invalid chars in various fields received from the kernel
- ecce32966e core/cgroup: avoid one unnecessary strjoina()
- 6abd2b5bd2 core: validate input cgroup path more prudently
- 2d7d93d6c1 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere


The following package changes have been done:

- libsystemd0-246.16-150300.7.65.1 updated
- libudev1-246.16-150300.7.65.1 updated

More information about the sle-container-updates mailing list