SUSE-IU-2026:3927-1: Security update of suse/sl-micro/6.0/kvm-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri May 29 07:08:06 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:3927-1
Image Tags        : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.161 , suse/sl-micro/6.0/kvm-os-container:latest
Image Release     : 6.161
Severity          : important
Type              : security
References        : 1255400 1256484 1258509 1259079 1259080 1262089 CVE-2025-14876
                        CVE-2026-0665 CVE-2026-2243 CVE-2026-3195 CVE-2026-3196 CVE-2026-3842
-----------------------------------------------------------------

The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 731
Released:    Thu May 28 16:52:19 2026
Summary:     Security update for qemu
Type:        security
Severity:    important
References:  1255400,1256484,1258509,1259079,1259080,1262089,CVE-2025-14876,CVE-2026-0665,CVE-2026-2243,CVE-2026-3195,CVE-2026-3196,CVE-2026-3842
This update for qemu fixes the following issues

- CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto (bsc#1255400).
- CVE-2026-0665: out-of-bounds heap access can lead to a denial of service or potential memory corruption (bsc#1256484).
- CVE-2026-2243: incorrect bounds check leads to heap out-of-bounds read and a 12-byte information leak when processing
  specially crafted VMDK files (bsc#1258509).
- CVE-2026-3195: heap buffer overflow when reading input audio in the virtio-snd device input callback due to
  insufficient checks in `virtio_snd_pcm_in_cb` (bsc#1259080).
- CVE-2026-3196: integer overflow in the virtio-snd device via PCM_INFO requests from the guest leads to unbounded
  memory allocation and host denial-of-service (bsc#1259079).
- CVE-2026-3842: hyperv/syndbg: missing mapped-length guard after cpu_physical_memory_map causes host OOB write
  (bsc#1262089).


The following package changes have been done:

- qemu-guest-agent-8.2.10-3.1 updated

More information about the sle-container-updates mailing list