SUSE-IU-2026:3753-1: Security update of suse/sl-micro/6.1/base-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed May 27 07:23:15 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:3753-1
Image Tags        : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.131 , suse/sl-micro/6.1/base-os-container:latest
Image Release     : 5.131
Severity          : important
Type              : security
References        : 1196933 1204562 1206608 1207543 1208928 1224386 1232351 1234383
                        1241284 1243005 1244003 1244011 1244325 1244449 1244937 1245551
                        1245667 1246011 1246025 1248356 1248501 1248660 1249657 1250224
                        1251827 1252318 1253223 1254324 1254425 1254441 1254563 1255027
                        1261606 1262223 1262223 1264013 1264511 1264512 1264513 1264514
                        1264515 1265209 1265223 1265296 1265308 CVE-2024-58251 CVE-2025-10158
                        CVE-2025-11561 CVE-2025-54518 CVE-2026-27456 CVE-2026-29518 CVE-2026-41035
                        CVE-2026-41035 CVE-2026-43617 CVE-2026-43618 CVE-2026-43619 CVE-2026-43620
                        CVE-2026-44933 CVE-2026-45232 CVE-2026-46300 CVE-2026-46333 
-----------------------------------------------------------------

The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 527
Released:    Fri May 15 11:43:59 2026
Summary:     Security update for rsync
Type:        security
Severity:    important
References:  1244325,1251827,1262223,CVE-2025-11561,CVE-2026-41035
This update for rsync fixes the following issue

- CVE-2026-41035: count of entries mismatch can lead to a use-after-free (bsc#1262223).

-----------------------------------------------------------------
Advisory ID: kernel-429
Released:    Fri May 15 14:22:55 2026
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1264013,1265209,CVE-2025-54518,CVE-2026-46300

The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache (bsc#1264013).
- CVE-2026-46300: net: skbuff: propagate shared-frag marker through pskb_copy() (bsc#1265209).

The following non security issue was fixed:

- io-wq: check that the predecessor is hashed in io_wq_remove_pending() (git-fixes).

-----------------------------------------------------------------
Advisory ID: kernel-433
Released:    Tue May 19 20:07:04 2026
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1265308,CVE-2026-46333

The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix one issue

- CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265308).

-----------------------------------------------------------------
Advisory ID: 537
Released:    Wed May 20 13:02:46 2026
Summary:     Security update for iproute2
Type:        security
Severity:    low
References:  1204562,1224386,1234383,1243005,1244449,1245551,1248356,1248501,1248660,1254324,1254563,CVE-2024-58251
This update for iproute2 fixes the following issue

- CVE-2024-58251: denial of service via terminal escape sequences (bsc#1254324).

Changes for iproute2:

- support display of bound but unconnected sockets (bsc#1204562).
- avoid spurious cgroup warning (bsc#1234383).
- add post-6.4 follow-up fixes (bsc#1243005).
- devlink: support ipsec_crypto and ipsec_packet cap (bsc#1248660).

-----------------------------------------------------------------
Advisory ID: 538
Released:    Thu May 21 11:23:01 2026
Summary:     Security update for libsolv, libzypp, zypper
Type:        security
Severity:    important
References:  1253223,1265223,CVE-2026-44933
This update for libsolv, libzypp, zypper fixes the following issues:

- CVE-2026-44933: prevent configured scripts from escaping the sigcheck directory (bsc#1265223)

Changes in libsolv:

- update to version 0.7.37:  
    * fix parsing of sha512 checksums in debian repositories
    * improve speed of dirpool_add_dir makeing parsing of filelists.xml twice as fast
    * fix parsing of recommands in the old Mandriva synthesis format

Changes in libzypp:

- update to version 17.38.9:
    * Mandatory signature verification plugin support (jsc#PED-11922)

Changes in zypper:

- update to version 1.14.97:
  *  Add --filter-version-change to zypper lu.
     Adds filtering by version change significance to reduce noise in update listings. 
     Supports levels: rebuild (hides rebuild-only changes) and package (hides all release-only changes).


-----------------------------------------------------------------
Advisory ID: 539
Released:    Thu May 21 13:22:07 2026
Summary:     Security update for rsync
Type:        security
Severity:    important
References:  1254441,1255027,1262223,1264511,1264512,1264513,1264514,1264515,1265296,CVE-2025-10158,CVE-2026-29518,CVE-2026-41035,CVE-2026-43617,CVE-2026-43618,CVE-2026-43619,CVE-2026-43620,CVE-2026-45232
This update for rsync fixes the following issues

- CVE-2026-29518: Symlink-Race TOCTOU in Daemon (bsc#1264511).
- CVE-2026-43617: Authorization Bypass via Hostname Resolution (bsc#1264515).
- CVE-2026-43618: Integer Overflow Information Disclosure (bsc#1264512).
- CVE-2026-43619: Symlink Race Condition via Path-Based Syscalls (bsc#1264514).
- CVE-2026-43620: Out-of-Bounds Array Read via recv_files() (bsc#1264513).
- CVE-2026-45232: Off-by-one stack OOB write in HTTP CONNECT proxy response parsing (bsc#1265296).

-----------------------------------------------------------------
Advisory ID: 540
Released:    Thu May 21 14:40:13 2026
Summary:     Security update for util-linux
Type:        security
Severity:    moderate
References:  1196933,1206608,1207543,1208928,1232351,1241284,1244003,1244011,1244937,1245667,1246011,1246025,1249657,1250224,1252318,1254425,1261606,CVE-2026-27456
This update for util-linux fixes the following issue

- CVE-2026-27456: TOCTOU in the mount program when setting up loop devices (bsc#1261606).


The following package changes have been done:

- glibc-2.38-slfo.1.1_8.1 updated
- libuuid1-2.40.4-slfo.1.1_6.1 updated
- libsmartcols1-2.40.4-slfo.1.1_6.1 updated
- liblzma5-5.4.3-slfo.1.1_3.1 updated
- libblkid1-2.40.4-slfo.1.1_6.1 updated
- libmount1-2.40.4-slfo.1.1_6.1 updated
- libfdisk1-2.40.4-slfo.1.1_6.1 updated
- xz-5.4.3-slfo.1.1_3.1 updated
- util-linux-2.40.4-slfo.1.1_6.1 updated
- SL-Micro-release-6.1-slfo.1.12.43 updated
- util-linux-systemd-2.40.4-slfo.1.1_6.1 updated
- kernel-default-6.4.0-45.1 updated
- iproute2-6.4-slfo.1.1_1.1 updated
- glibc-locale-base-2.38-slfo.1.1_8.1 updated
- rsync-3.3.0-slfo.1.1_6.1 updated
- libsolv-tools-base-0.7.37-slfo.1.1_1.1 updated
- libzypp-17.38.9-slfo.1.1_1.1 updated
- zypper-1.14.97-slfo.1.1_1.1 updated
- container:suse-toolbox-image-1.0.0-5.59 updated

More information about the sle-container-updates mailing list