SUSE-CU-2026:5071-1: Security update of suse/sl-micro/6.0/toolbox

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri May 22 07:07:20 UTC 2026 

SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:5071-1
Container Tags        : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.113 , suse/sl-micro/6.0/toolbox:latest
Container Release     : 9.113
Severity              : important
Type                  : security
References            : 1261280 1261606 1264965 CVE-2026-27456 CVE-2026-34743 
-----------------------------------------------------------------

The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 721
Released:    Thu May 21 13:18:17 2026
Summary:     Security update for util-linux
Type:        security
Severity:    moderate
References:  1261606,CVE-2026-27456
This update for util-linux fixes the following issue

- CVE-2026-27456: TOCTOU in the mount program when setting up loop devices (bsc#1261606).

-----------------------------------------------------------------
Advisory ID: 723
Released:    Thu May 21 14:03:57 2026
Summary:     Security update for xz
Type:        security
Severity:    important
References:  1261280,CVE-2026-34743
This update for xz fixes the following issue

- CVE-2026-34743: buffer overflow in lzma_index_append() (bsc#1261280).

-----------------------------------------------------------------
Advisory ID: 724
Released:    Thu May 21 14:21:53 2026
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  1264965
This update for timezone fixes the following issues:

- Update to 2026b:
    * British Columbia moved to permanent -07 on 2026-03-09. (bsc#1264965)
    * Some more overflow bugs have been fixed in zic.
- Update to 2026a:
    * Moldova has used EU transition times since 2022.
    * The 'right' TZif files are no longer installed by default.
    * -DTZ_RUNTIME_LEAPS=0 disables runtime support for leap seconds.
    * TZif files are no longer limited to 50 bytes of abbreviations.
    * zic is no longer limited to 50 leap seconds.
    * Several integer overflow bugs have been fixed.
- Update to 2025c:
    * Update Baja California DST rules in 1953, 1961-1975
    * An unset TZ is no longer invalid when /etc/localtime is
      missing, and is abbreviated 'UTC' not '-00'. This reverts to 2024b behavior
    * tzset etc. are now more cautious about questionable TZ settings.
    * tzset etc. now treat ' ' like '_' in time zone abbreviations
    * tzfree now preserves errno, consistently with POSIX.1-2024 'free'.
    * zic has new options inspired by FreeBSD.
    * multiple changes visible to developers
- Use 'REDO=posix_right' to keep installing 'right' TZif files.


The following package changes have been done:

- SL-Micro-release-6.0-25.98 updated
- libblkid1-2.39.3-7.1 updated
- libfdisk1-2.39.3-7.1 updated
- liblzma5-5.4.3-6.1 updated
- libmount1-2.39.3-7.1 updated
- libsmartcols1-2.39.3-7.1 updated
- libuuid1-2.39.3-7.1 updated
- skelcd-EULA-SL-Micro-2024.01.19-8.97 updated
- timezone-2026b-1.1 updated
- util-linux-2.39.3-7.1 updated
- xz-5.4.3-6.1 updated

More information about the sle-container-updates mailing list