SUSE-CU-2026:4696-1: Security update of rancher/elemental-channel/sl-micro

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu May 7 07:16:10 UTC 2026 

SUSE Container Update Advisory: rancher/elemental-channel/sl-micro
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:4696-1
Container Tags        : rancher/elemental-channel/sl-micro:6.1-base , rancher/elemental-channel/sl-micro:6.1-base-12.1
Container Release     : 12.1
Severity              : important
Type                  : security
References            : 1240385 1243581 1244933 1246602 1246965 1248410 1248687 1256766
                        1256822 1257005 1258229 1258637 1259051 1260078 1260082 142461
                        544339 CVE-2025-15281 CVE-2025-46836 CVE-2025-53906 CVE-2025-8058
                        CVE-2026-0861 CVE-2026-0915 CVE-2026-26269 CVE-2026-26996 CVE-2026-28417
                        CVE-2026-4437 CVE-2026-4438 
-----------------------------------------------------------------

The container rancher/elemental-channel/sl-micro was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 417
Released:    Mon Mar  2 15:52:11 2026
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1240385,1244933,1246602,1246965,1256766,1256822,1257005,1258229,1259051,CVE-2025-15281,CVE-2025-53906,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915,CVE-2026-26269,CVE-2026-28417
This update for glibc fixes the following issues:

- CVE-2026-0861: inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766).
- CVE-2026-0915: uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822).
- CVE-2025-15281: uninitialized memory may cause the process abort (bsc#1257005).
- CVE-2025-8058: a malloc failure in regcomp function can lead to a double free (bsc#1246965).

-----------------------------------------------------------------
Advisory ID: 478
Released:    Thu Apr  9 13:38:10 2026
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1243581,1248410,1248687,1258637,1260078,1260082,142461,544339,CVE-2025-46836,CVE-2026-26996,CVE-2026-4437,CVE-2026-4438
This update for glibc fixes the following issues:

- CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078).
- CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082).


The following package changes have been done:

- glibc-2.38-slfo.1.1_7.1 updated
- container:suse-toolbox-image-1.0.0-5.50 updated

More information about the sle-container-updates mailing list