SUSE-IU-2026:3749-1: Security update of suse/sl-micro/6.0/base-os-container
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed May 27 07:08:58 UTC 2026
SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:3749-1
Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.144 , suse/sl-micro/6.0/base-os-container:latest
Image Release : 7.144
Severity : important
Type : security
References : 1201840 1202970 1204538 1204562 1234100 1234101 1234102 1234103
1234104 1234383 1235475 1243005 1248660 1254324 1254441 1261206
1261280 1261606 1262223 1262223 1262464 1262465 1264013 1264511
1264512 1264513 1264514 1264515 1265209 1265223 1265296 1265308
CVE-2022-29154 CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087
CVE-2024-12088 CVE-2024-12747 CVE-2024-58251 CVE-2025-10158 CVE-2025-54518
CVE-2026-27456 CVE-2026-29518 CVE-2026-34743 CVE-2026-4046 CVE-2026-41035
CVE-2026-41035 CVE-2026-43617 CVE-2026-43618 CVE-2026-43619 CVE-2026-43620
CVE-2026-44933 CVE-2026-45232 CVE-2026-46300 CVE-2026-46333 CVE-2026-5450
CVE-2026-5928
-----------------------------------------------------------------
The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 714
Released: Fri May 15 12:44:29 2026
Summary: Security update for iproute2
Type: security
Severity: low
References: 1204562,1234383,1243005,1248660,1254324,CVE-2024-58251
This update for iproute2 fixes the following issue
- CVE-2024-58251: denial of service via terminal escape sequences (bsc#1254324).
Changes for iproute2:
- support display of bound but unconnected sockets (bsc#1204562).
- avoid spurious cgroup warning (bsc#1234383).
- add post-6.4 follow-up fixes (bsc#1243005).
- devlink: support ipsec_crypto and ipsec_packet cap (bsc#1248660).
-----------------------------------------------------------------
Advisory ID: 708
Released: Fri May 15 12:45:40 2026
Summary: Security update for rsync
Type: security
Severity: important
References: 1262223,CVE-2026-41035
This update for rsync fixes the following issue
- CVE-2026-41035: count of entries mismatch can lead to a use-after-free (bsc#1262223).
-----------------------------------------------------------------
Advisory ID: 710
Released: Fri May 15 13:28:08 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1261206,1262464,1262465,CVE-2026-4046,CVE-2026-5450,CVE-2026-5928
This update for glibc fixes the following issues
- CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261206).
- CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width > 1024 (bsc#1262465).
- CVE-2026-5928: libio: ungetwc could be used to leak data on special conditions (bsc#1262464).
-----------------------------------------------------------------
Advisory ID: kernel-429
Released: Fri May 15 14:22:55 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1264013,1265209,CVE-2025-54518,CVE-2026-46300
The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache (bsc#1264013).
- CVE-2026-46300: net: skbuff: propagate shared-frag marker through pskb_copy() (bsc#1265209).
The following non security issue was fixed:
- io-wq: check that the predecessor is hashed in io_wq_remove_pending() (git-fixes).
-----------------------------------------------------------------
Advisory ID: 715
Released: Fri May 15 16:11:23 2026
Summary: Recommended update for libzypp, zypper, libsolv
Type: recommended
Severity: moderate
References:
This update for libzypp, zypper, libsolv fixes the following issues:
Changes in libsolv:
- update to version 0.7.37:
* fix parsing of sha512 checksums in debian repositories
* improve speed of dirpool_add_dir makeing parsing of filelists.xml twice as fast
* fix parsing of recommands in the old Mandriva synthesis format
Changes in libzypp:
- update to version 17.38.8:
* Mandatory signature verification plugin support (jsc#PED-11922)
Changes in zypper:
- update to version 1.14.97:
* Add --filter-version-change to zypper lu.
Adds filtering by version change significance to reduce noise in
update listings. Supports levels: rebuild (hides rebuild-only changes)
and package (hides all release-only changes).
-----------------------------------------------------------------
Advisory ID: kernel-433
Released: Tue May 19 20:07:04 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1265308,CVE-2026-46333
The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix one issue
- CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265308).
-----------------------------------------------------------------
Advisory ID: 720
Released: Thu May 21 13:04:19 2026
Summary: Security update for rsync
Type: security
Severity: important
References: 1201840,1202970,1204538,1234100,1234101,1234102,1234103,1234104,1235475,1254441,1262223,1264511,1264512,1264513,1264514,1264515,1265296,CVE-2022-29154,CVE-2024-12084,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747,CVE-2025-10158,CVE-2026-29518,CVE-2026-41035,CVE-2026-43617,CVE-2026-43618,CVE-2026-43619,CVE-2026-43620,CVE-2026-45232
This update for rsync fixes the following issues
Security issues:
- CVE-2026-29518: Symlink-Race TOCTOU in Daemon (bsc#1264511).
- CVE-2026-43617: Authorization Bypass via Hostname Resolution (bsc#1264515).
- CVE-2026-43618: Integer Overflow Information Disclosure (bsc#1264512).
- CVE-2026-43619: Symlink Race Condition via Path-Based Syscalls (bsc#1264514).
- CVE-2026-43620: Out-of-Bounds Array Read via recv_files() (bsc#1264513).
- CVE-2026-45232: Off-by-one stack OOB write in HTTP CONNECT proxy response parsing (bsc#1265296).
Non security issues:
- rsync --delay-updates never updates after interruption (bsc#1204538).
- Fix duplication of flag causing illegal hashkey failures.
-----------------------------------------------------------------
Advisory ID: 721
Released: Thu May 21 13:18:17 2026
Summary: Security update for util-linux
Type: security
Severity: moderate
References: 1261606,CVE-2026-27456
This update for util-linux fixes the following issue
- CVE-2026-27456: TOCTOU in the mount program when setting up loop devices (bsc#1261606).
-----------------------------------------------------------------
Advisory ID: 723
Released: Thu May 21 14:03:57 2026
Summary: Security update for xz
Type: security
Severity: important
References: 1261280,CVE-2026-34743
This update for xz fixes the following issue
- CVE-2026-34743: buffer overflow in lzma_index_append() (bsc#1261280).
-----------------------------------------------------------------
Advisory ID: 727
Released: Fri May 22 12:59:23 2026
Summary: Security update for libzypp
Type: security
Severity: important
References: 1265223,CVE-2026-44933
This update for libzypp fixes the following issue
- CVE-2026-44933: scan of the Mandatory signature verification plugin support (bsc#1265223).
The following package changes have been done:
- glibc-2.38-13.1 updated
- libuuid1-2.39.3-7.1 updated
- libsmartcols1-2.39.3-7.1 updated
- liblzma5-5.4.3-6.1 updated
- libblkid1-2.39.3-7.1 updated
- libfdisk1-2.39.3-7.1 updated
- libmount1-2.39.3-7.1 updated
- xz-5.4.3-6.1 updated
- util-linux-2.39.3-7.1 updated
- SL-Micro-release-6.0-25.100 updated
- util-linux-systemd-2.39.3-7.1 updated
- kernel-default-6.4.0-45.1 updated
- iproute2-6.4-1.1 updated
- glibc-locale-base-2.38-13.1 updated
- rsync-3.2.7-7.1 updated
- libsolv-tools-base-0.7.37-1.1 updated
- libzypp-17.38.9-1.1 updated
- zypper-1.14.97-1.1 updated
- container:suse-toolbox-image-1.0.0-9.115 updated
More information about the sle-container-updates
mailing list