SUSE-IU-2026:3453-1: Security update of suse/sl-micro/6.2/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed May 20 07:29:58 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:3453-1
Image Tags        : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-7.158 , suse/sl-micro/6.2/baremetal-os-container:latest
Image Release     : 7.158
Severity          : moderate
Type              : security
References        : 1253654 1254370 1261382 1262399 CVE-2026-34610 
-----------------------------------------------------------------

The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 789
Released:    Tue May 19 19:31:51 2026
Summary:     Security update for leancrypto
Type:        security
Severity:    moderate
References:  1253654,1254370,1261382,1262399,CVE-2026-34610
This update for leancrypto fixes the following issues

Security issue:

- CVE-2026-34610: The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant
  cryptographic algorithms. Prior to version 1.7.1, lc_x509_extract_name_segment() casts size_t vlen to uint8_t when
  stori (bsc#1261382).

Non security issues:

- gnutls Illegal instruction lc_kyber_768_kem_dec_selftest (bsc#1253654).
- gnutls: test pqc-hybrid-kx fails on Nehalem or older CPU (bsc#1254370).

Changes for leancrypto:

- Calculate the FIPS HMAC for the leancrypto and the leancrypto-fips
 libraries. (bsc#1262399)
- Fix build on kernel 7.0
- Pick fix for ABI issue in AVX2 assembly for Curve448 causing
 test failures when building with GCC 16.
- Update to 1.7.2:
 * Fix RDSEED counter
 * Process code by AI code checkers and apply suggested cosmetic fixes
 * Heap memory: always munlock all mlock'ed memory
 * Fix ChaCha20 on Apple compiled with XCode 26.4
 * Fix a potential crasher with Base64 and applied various fixes reported
 * Add X.509 certificate signing request (CSR) generator and parser
 * ML-DSA: add lc_dilithium_pk_from_sk API to derive the PK from a given SK
 * SLH-DSA: add lc_sphincs_pk_from_sk API to derive the PK from a given SK
 * ML-KEM: add lc_kyber_pk_from_sk API to derive the PK from a given SK
 * AES-CT: fix non-aligned data processing - reported
 * Apply suggestions from Claude code
 * X.509: Enforce path length restriction
- Update to 1.7.1
 * Offer a means to select the AES-C constant time / S-Box implementation via
 lc_init API
 * use the AES-C constant time implementation by default - it is about 3 times
 slower than the AES-C S-Box implementation, but more secure. As the
 leancrypto library is about secure by default, the CT implementation is
 just right. Furthermore, if a caller wants to have the faster AES-C S-Box,
 he can call lc_init(LC_INIT_AES_SBOX) at the beginning.
 * FIPS: mark only seeded DRBG instances as FIPS-approved
 * ASN.1: add lc_x509_cert_check_issuer_ca convenience function
 * Enable side-channel-resistant AES implementation (and thus enable
 respective Timecop tests)
 * Fix some side channel test failures (all failures are due to test case
 issues, and no real problems)
 * AARCH64: enable GCS support
 * Add PKCS#8 support for ML-DSA following RFC9881 including full support for
 the seed or full keys. The change adds OpenSSL interoperability testing as
 well. NOTE: The raw on-disk private key format that is generated with
 lc_x509_generate --create-keypair changed to comply with RFC9881.
 * Add PKCS#8 support for SLH-DSA. The change adds OpenSSL interoperability
 testing as well. NOTE: The raw on-disk private key format that is generated
 with lc_x509_generate --create-keypair changed to dump the raw key instead
 of wrapping it into a BIT STRING to comply with OpenSSL's format.
 * Provide full PKCS#7 interoperability with OpenSSL: OpenSSL artificially
 orders the parsing of the authenticated attributes. This implies that the
 message digest part of the authenticated attributes is parsed as last
 entry. This ordering is important for the signature generation and
 verification. Furthermore, for ML-DSA/SLH-DSA, the authenticated attributes
 are signed with the pure algorithm instead of the pre-hashed operation as
 suggested by RFC5652 section 9.2.
 * ML-KEM/DSA: add safety measures against compilers trying to reason about
 code they should not reason about. Derived from
 https://github.com/pq-code-package/ml[dsa|kem]-native/
 * ML-DSA: reduce amount of duplicate code compilation suggested
 * ML-DSA: fix bug in poly_uniform which, however, is unlikely to be triggered
 * ChaCha20: fix crasher when assembler support is not compiled
 * Add AES constant time C implementation accessible with the lc_aes_*ct
 references. Yet, it is about 3 times slower than the default C
 implementation. Thus is is only provided if somebody truly relies on a
 constant time implementation.
- Fix bsc#1254370, bsc#1253654 - AVX detection is wrong on older intel CPUs
- Update to 1.6.0:
 * ASN.1: use stack for small generator for small use cases
 * X.509: Updates required to support the shim boot loader
 * X.509: add lc_gmtime to convert Epoch to time format
 * ASN.1: added to Linux kernel (for 64 bit systems only)
 * Added AES-GCM and AES-XTS
 * Availability: remove assert() calls throughout the code - in case of a self
 test error, disable the algorithm. Instead of using assert, apply a centrally
 managed test manager that stores the test status. This implies that some
 initalization APIs like lc_hash_init, lc_sym_init, lc_hmac_init are changed
 such that they return an error code if self tests failed. Thus, the version
 is now changed as this is considered to be an ABI change. Although this
 sounds heavy, the test manager is relatively small and the runtime state
 should be smaller than the old approach considering the old approach uses one
 global 32 bit integer per self test to maintain the state. This is now
 replaced with a set of 32 bit atomic integers that hold a 3-bit field for
 each algorithm. This change also adds the API call of lc_rerun_one_selftest
 which allows triggering the reruning of a self test for one given algorithm.
 * FIPS: Rearchitect integrity test control value generator: The build process now
 uses the host's objcopy to extract the ELF sections of interest into a separate
 file, use a build_machine compiled version of sha3-256sum to generate the
 digest of it and reinsert it into the leancrypto-fips.so. This now allows
 cross-compilation with FIPS integrity test support. There is no functional
 change to leancrypto though.
 * Significant reduction of compilation units by almost half by not having
 global, but per-test compiled C files.
 * Linux kernel: add /proc/leancrypto
 * FIPS: Add negative testing support
 * Add SHAKE-512 and XDRBG-512 support
 * FIPS: Add FIPS indicator which implies that libleancrypto.so has the same
 functionality as libleancrypto-fips.so with the exception that the latter
 performs an integrity test.
 * ARMv9: fix BTI for ML-DSA
- Don't strip debug symbols
- Add Linux kernel module spec file


The following package changes have been done:

- libleancrypto1-1.7.2-160000.1.1 updated

More information about the sle-container-updates mailing list