SUSE-IU-2026:3770-1: Security update of suse/sle-micro/5.5

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu May 28 07:18:40 UTC 2026 

SUSE Image Update Advisory: suse/sle-micro/5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:3770-1
Image Tags        : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.8.16 , suse/sle-micro/5.5:latest
Image Release     : 5.8.16
Severity          : important
Type              : security
References        : 1234100 1234101 1234102 1234103 1234104 1235475 1254441 1262223
                        1264511 1264512 1264513 1264515 1265296 CVE-2024-12084 CVE-2024-12085
                        CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747 CVE-2025-10158
                        CVE-2026-29518 CVE-2026-41035 CVE-2026-43617 CVE-2026-43618 CVE-2026-43620
                        CVE-2026-45232 
-----------------------------------------------------------------

The container suse/sle-micro/5.5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2082-1
Released:    Wed May 27 07:55:07 2026
Summary:     Security update for podman
Type:        security
Severity:    important
References:  

This update for podman rebuilds it against the current go security release.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2083-1
Released:    Wed May 27 09:55:43 2026
Summary:     Security update for rsync
Type:        security
Severity:    important
References:  1234100,1234101,1234102,1234103,1234104,1235475,1254441,1262223,1264511,1264512,1264513,1264515,1265296,CVE-2024-12084,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747,CVE-2025-10158,CVE-2026-29518,CVE-2026-41035,CVE-2026-43617,CVE-2026-43618,CVE-2026-43620,CVE-2026-45232
This update for rsync fixes the following issues

- CVE-2026-29518: Symlink-Race TOCTOU in Daemon (bsc#1264511).
- CVE-2026-41035: count of entries mismatch can lead to a use-after-free (bsc#1262223).
- CVE-2026-43617: Authorization Bypass via Hostname Resolution (bsc#1264515).
- CVE-2026-43618: Integer Overflow Information Disclosure (bsc#1264512).
- CVE-2026-43620: Out-of-Bounds Array Read via recv_files() (bsc#1264513).
- CVE-2026-45232: Off-by-one stack OOB write in HTTP CONNECT proxy response parsing (bsc#1265296).


The following package changes have been done:

- rsync-3.2.3-150400.3.31.1 updated
- podman-4.9.5-150500.3.69.1 updated
- container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.277 updated

More information about the sle-container-updates mailing list