SUSE-IU-2026:3748-1: Security update of suse/sl-micro/6.0/baremetal-os-container
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed May 27 07:07:02 UTC 2026
SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:3748-1
Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.177 , suse/sl-micro/6.0/baremetal-os-container:latest
Image Release : 6.177
Severity : important
Type : security
References : 1201840 1202970 1204538 1234100 1234101 1234102 1234103 1234104
1235475 1254441 1261206 1261280 1261606 1262223 1262223 1262464
1262465 1264511 1264512 1264513 1264514 1264515 1264965 1265296
CVE-2022-29154 CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087
CVE-2024-12088 CVE-2024-12747 CVE-2025-10158 CVE-2026-27456 CVE-2026-29518
CVE-2026-34743 CVE-2026-4046 CVE-2026-41035 CVE-2026-41035 CVE-2026-43617
CVE-2026-43618 CVE-2026-43619 CVE-2026-43620 CVE-2026-45232 CVE-2026-5450
CVE-2026-5928
-----------------------------------------------------------------
The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 708
Released: Fri May 15 12:45:40 2026
Summary: Security update for rsync
Type: security
Severity: important
References: 1262223,CVE-2026-41035
This update for rsync fixes the following issue
- CVE-2026-41035: count of entries mismatch can lead to a use-after-free (bsc#1262223).
-----------------------------------------------------------------
Advisory ID: 710
Released: Fri May 15 13:28:08 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1261206,1262464,1262465,CVE-2026-4046,CVE-2026-5450,CVE-2026-5928
This update for glibc fixes the following issues
- CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261206).
- CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width > 1024 (bsc#1262465).
- CVE-2026-5928: libio: ungetwc could be used to leak data on special conditions (bsc#1262464).
-----------------------------------------------------------------
Advisory ID: 720
Released: Thu May 21 13:04:19 2026
Summary: Security update for rsync
Type: security
Severity: important
References: 1201840,1202970,1204538,1234100,1234101,1234102,1234103,1234104,1235475,1254441,1262223,1264511,1264512,1264513,1264514,1264515,1265296,CVE-2022-29154,CVE-2024-12084,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747,CVE-2025-10158,CVE-2026-29518,CVE-2026-41035,CVE-2026-43617,CVE-2026-43618,CVE-2026-43619,CVE-2026-43620,CVE-2026-45232
This update for rsync fixes the following issues
Security issues:
- CVE-2026-29518: Symlink-Race TOCTOU in Daemon (bsc#1264511).
- CVE-2026-43617: Authorization Bypass via Hostname Resolution (bsc#1264515).
- CVE-2026-43618: Integer Overflow Information Disclosure (bsc#1264512).
- CVE-2026-43619: Symlink Race Condition via Path-Based Syscalls (bsc#1264514).
- CVE-2026-43620: Out-of-Bounds Array Read via recv_files() (bsc#1264513).
- CVE-2026-45232: Off-by-one stack OOB write in HTTP CONNECT proxy response parsing (bsc#1265296).
Non security issues:
- rsync --delay-updates never updates after interruption (bsc#1204538).
- Fix duplication of flag causing illegal hashkey failures.
-----------------------------------------------------------------
Advisory ID: 721
Released: Thu May 21 13:18:17 2026
Summary: Security update for util-linux
Type: security
Severity: moderate
References: 1261606,CVE-2026-27456
This update for util-linux fixes the following issue
- CVE-2026-27456: TOCTOU in the mount program when setting up loop devices (bsc#1261606).
-----------------------------------------------------------------
Advisory ID: 723
Released: Thu May 21 14:03:57 2026
Summary: Security update for xz
Type: security
Severity: important
References: 1261280,CVE-2026-34743
This update for xz fixes the following issue
- CVE-2026-34743: buffer overflow in lzma_index_append() (bsc#1261280).
-----------------------------------------------------------------
Advisory ID: 724
Released: Thu May 21 14:21:53 2026
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1264965
This update for timezone fixes the following issues:
- Update to 2026b:
* British Columbia moved to permanent -07 on 2026-03-09. (bsc#1264965)
* Some more overflow bugs have been fixed in zic.
- Update to 2026a:
* Moldova has used EU transition times since 2022.
* The 'right' TZif files are no longer installed by default.
* -DTZ_RUNTIME_LEAPS=0 disables runtime support for leap seconds.
* TZif files are no longer limited to 50 bytes of abbreviations.
* zic is no longer limited to 50 leap seconds.
* Several integer overflow bugs have been fixed.
- Update to 2025c:
* Update Baja California DST rules in 1953, 1961-1975
* An unset TZ is no longer invalid when /etc/localtime is
missing, and is abbreviated 'UTC' not '-00'. This reverts to 2024b behavior
* tzset etc. are now more cautious about questionable TZ settings.
* tzset etc. now treat ' ' like '_' in time zone abbreviations
* tzfree now preserves errno, consistently with POSIX.1-2024 'free'.
* zic has new options inspired by FreeBSD.
* multiple changes visible to developers
- Use 'REDO=posix_right' to keep installing 'right' TZif files.
The following package changes have been done:
- glibc-2.38-13.1 updated
- libuuid1-2.39.3-7.1 updated
- libsmartcols1-2.39.3-7.1 updated
- liblzma5-5.4.3-6.1 updated
- libblkid1-2.39.3-7.1 updated
- libfdisk1-2.39.3-7.1 updated
- libmount1-2.39.3-7.1 updated
- xz-5.4.3-6.1 updated
- util-linux-2.39.3-7.1 updated
- SL-Micro-release-6.0-25.100 updated
- util-linux-systemd-2.39.3-7.1 updated
- glibc-locale-base-2.38-13.1 updated
- rsync-3.2.7-7.1 updated
- timezone-2026b-1.1 updated
- container:SL-Micro-base-container-2.1.3-7.144 updated
More information about the sle-container-updates
mailing list