SUSE-CU-2026:4937-1: Security update of suse/sl-micro/6.0/toolbox

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Sat May 16 07:05:16 UTC 2026 

SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:4937-1
Container Tags        : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.109 , suse/sl-micro/6.0/toolbox:latest
Container Release     : 9.109
Severity              : important
Type                  : security
References            : 1241316 1253044 1254324 1261206 1262464 1262465 CVE-2024-58251
                        CVE-2026-4046 CVE-2026-5450 CVE-2026-5928 
-----------------------------------------------------------------

The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 710
Released:    Fri May 15 13:28:08 2026
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1261206,1262464,1262465,CVE-2026-4046,CVE-2026-5450,CVE-2026-5928
This update for glibc fixes the following issues

- CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261206).
- CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width > 1024 (bsc#1262465).
- CVE-2026-5928: libio: ungetwc could be used to leak data on special conditions (bsc#1262464).

-----------------------------------------------------------------
Advisory ID: 715
Released:    Fri May 15 16:11:23 2026
Summary:     Recommended update for libzypp, zypper, libsolv
Type:        recommended
Severity:    moderate
References:  1241316,1253044,1254324,CVE-2024-58251
This update for libzypp, zypper, libsolv fixes the following issues:

Changes in libsolv:

- update to version 0.7.37:
    * fix parsing of sha512 checksums in debian repositories
    * improve speed of dirpool_add_dir makeing parsing of filelists.xml twice as fast
    * fix parsing of recommands in the old Mandriva synthesis format

Changes in libzypp:

- update to version 17.38.8:
    * Mandatory signature verification plugin support (jsc#PED-11922)

Changes in zypper:

- update to version 1.14.97:
    * Add --filter-version-change to zypper lu.
      Adds filtering by version change significance to reduce noise in
      update listings. Supports levels: rebuild (hides rebuild-only changes) 
      and package (hides all release-only changes).


The following package changes have been done:

- SL-Micro-release-6.0-25.95 updated
- glibc-locale-base-2.38-13.1 updated
- glibc-locale-2.38-13.1 updated
- glibc-2.38-13.1 updated
- libsolv-tools-base-0.7.37-1.1 updated
- libzypp-17.38.8-1.1 updated
- skelcd-EULA-SL-Micro-2024.01.19-8.94 updated
- zypper-1.14.97-1.1 updated

More information about the sle-container-updates mailing list