SUSE-IU-2025:933-1: Security update of suse-sles-15-sp6-chost-byos-v20250408-hvm-ssd-x86_64
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Apr 10 07:02:28 UTC 2025
SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20250408-hvm-ssd-x86_64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:933-1
Image Tags : suse-sles-15-sp6-chost-byos-v20250408-hvm-ssd-x86_64:20250408
Image Release :
Severity : important
Type : security
References : 1027519 1219354 1223330 1227316 1233307 1233796 1234015 1234452
1234798 1235751 1236643 1236779 1236826 1236886 1236982 1237294
1237367 1237692 1237695 1238043 1238879 1239185 1239322 1239465
1239663 1240009 1240343 1240414 CVE-2024-11168 CVE-2024-23650
CVE-2024-29018 CVE-2024-41110 CVE-2025-1713 CVE-2025-22868 CVE-2025-22869
CVE-2025-27363 CVE-2025-27516 CVE-2025-31115
-----------------------------------------------------------------
The container suse-sles-15-sp6-chost-byos-v20250408-hvm-ssd-x86_64 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:997-1
Released: Mon Mar 24 18:52:00 2025
Summary: Recommended update for openssh
Type: recommended
Severity: moderate
References: 1236826
This update for openssh fixes the following issue:
- Fix ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2
due to gssapi proposal not being correctly initialized (bsc#1236826).
The problem was introduced in the rebase of the patch for 9.6p1
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:998-1
Released: Tue Mar 25 03:07:02 2025
Summary: Security update for freetype2
Type: security
Severity: important
References: 1239465,CVE-2025-27363
This update for freetype2 fixes the following issues:
- CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font
subglyph structures related to TrueType GX and variable font files (bsc#1239465).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1004-1
Released: Tue Mar 25 09:42:38 2025
Summary: Security update for python-Jinja2
Type: security
Severity: moderate
References: 1238879,CVE-2025-27516
This update for python-Jinja2 fixes the following issues:
- CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method (bsc#1238879)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1016-1
Released: Tue Mar 25 15:59:05 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1234015,1236643,1236886
This update for systemd fixes the following issues:
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- journald: close runtime journals before their parent directory removed
- journald: reset runtime seqnum data when flushing to system journal (bsc#1236886)
- Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643)
It is likely an oversight from when systemd-userdb was migrated from the
experimental package to the main one.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1035-1
Released: Thu Mar 27 10:34:01 2025
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1236779,1237294
This update for suse-build-key fixes the following issues:
- Changed and extented the SUSE Linux Enterprise 15 and 16 signing keys to use
SHA256 GPG UIDs instead of SHA1. (bsc#1237294 bsc#1236779 jsc#PED-12321)
- gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc
- gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc
- suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1046-1
Released: Thu Mar 27 18:51:27 2025
Summary: Recommended update for gettext-runtime
Type: recommended
Severity: moderate
References: 1227316
This update for gettext-runtime fixes the following issue:
- Fix crash while handling po files with malformed header and
process them properly (bsc#1227316).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1048-1
Released: Fri Mar 28 14:04:16 2025
Summary: Recommended update for cpupower
Type: recommended
Severity: moderate
References:
This update for cpupower fixes the following issues:
- For latest changelog entries, please look up the changelog of
a kernel-FLAVOR or kernel-source with the exact same version and
release build number.
* rpm -q --changelog kernel-source |grep 'turbostat\|intel-speed-select|cpupower'
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1056-1
Released: Fri Mar 28 18:06:22 2025
Summary: Security update for python3
Type: security
Severity: moderate
References: 1233307,CVE-2024-11168
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1062-1
Released: Mon Mar 31 10:45:08 2025
Summary: Security update for docker, docker-stable
Type: security
Severity: important
References: 1237367,1239185,1239322,CVE-2024-23650,CVE-2024-29018,CVE-2024-41110,CVE-2025-22868,CVE-2025-22869
This update for docker, docker-stable fixes the following issues:
- CVE-2025-22868: Fixed unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239185).
- CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239322).
Other fixes:
- Make container-selinux requirement conditional on selinux-policy (bsc#1237367)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1071-1
Released: Mon Mar 31 16:42:30 2025
Summary: Recommended update for dracut
Type: recommended
Severity: moderate
References: 1236982,1237695
This update for dracut fixes the following issue:
- Version update 059+suse.557.gccd6ab94
* fix(iscsi) make sure services are shut down when switching root (bsc#1237695).
* fix(iscsi) don't require network setup for qedi.
* fix(network-legacy) do not require pgrep when using wicked (bsc#1236982).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1130-1
Released: Thu Apr 3 15:08:55 2025
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: important
References: 1234798,1240009,1240343
This update for ca-certificates-mozilla fixes the following issues:
Update to 2.74 state of Mozilla SSL root CAs:
- Removed:
* SwissSign Silver CA - G2
- Added:
* D-TRUST BR Root CA 2 2023
* D-TRUST EV Root CA 2 2023
Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798):
- Removed:
* SecureSign RootCA11
* Security Communication RootCA3
- Added:
* TWCA CYBER Root CA
* TWCA Global Root CA G2
* SecureSign Root CA12
* SecureSign Root CA14
* SecureSign Root CA15
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1134-1
Released: Thu Apr 3 16:17:44 2025
Summary: Security update for apparmor
Type: security
Severity: moderate
References: 1234452
This update for apparmor fixes the following issue:
- Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1137-1
Released: Thu Apr 3 17:11:02 2025
Summary: Security update for xz
Type: security
Severity: important
References: 1240414,CVE-2025-31115
This update for xz fixes the following issues:
- CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1145-1
Released: Mon Apr 7 06:41:42 2025
Summary: Recommended update for hwinfo
Type: recommended
Severity: moderate
References: 1223330,1239663
This update for hwinfo fixes the following issues:
- Avoid reporting of spurious usb storage devices (bsc#1223330)
- Do not overdo usb device de-duplication (bsc#1239663)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1161-1
Released: Mon Apr 7 17:29:45 2025
Summary: Recommended update for vim
Type: recommended
Severity: moderate
References: 1235751
This update for vim fixes the following issues:
- Regression patch to fix (bsc#1235751).
- Version update 9.1.1176
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1162-1
Released: Mon Apr 7 18:08:47 2025
Summary: Security update for xen
Type: security
Severity: moderate
References: 1027519,1219354,1233796,1237692,1238043,CVE-2025-1713
This update for xen fixes the following issues:
- CVE-2025-1713: Fixed potential deadlock with VT-d and legacy PCI device pass-through (bsc#1238043)
Other fixes:
- Xen channels and domU console (bsc#1219354)
- Fixed attempting to start guest vm's libxl fills disk with errors (bsc#1237692)
- Xen call trace and APIC Error found after reboot operation on AMD machines
(bsc#1233796).
- Upstream bug fixes (bsc#1027519).
The following package changes have been done:
- apparmor-abstractions-3.1.7-150600.5.3.2 updated
- apparmor-parser-3.1.7-150600.5.3.2 updated
- ca-certificates-mozilla-2.74-150200.38.1 updated
- cpupower-6.4.0-150600.4.3.1 updated
- docker-27.5.1_ce-150000.218.1 updated
- dracut-059+suse.557.gccd6ab94-150600.3.20.2 updated
- gettext-runtime-0.21.1-150600.3.3.2 updated
- hwinfo-21.87-150500.3.6.1 updated
- libapparmor1-3.1.7-150600.5.3.2 updated
- libcpupower1-6.4.0-150600.4.3.1 updated
- libfreetype6-2.10.4-150000.4.18.1 updated
- liblzma5-5.4.1-150600.3.3.1 updated
- libpython3_6m1_0-3.6.15-150300.10.84.1 updated
- libsystemd0-254.24-150600.4.28.1 updated
- libtextstyle0-0.21.1-150600.3.3.2 updated
- libudev1-254.24-150600.4.28.1 updated
- openssh-clients-9.6p1-150600.6.18.4 updated
- openssh-common-9.6p1-150600.6.18.4 updated
- openssh-server-9.6p1-150600.6.18.4 updated
- openssh-9.6p1-150600.6.18.4 updated
- python3-Jinja2-2.10.1-150000.3.21.1 updated
- python3-base-3.6.15-150300.10.84.1 updated
- python3-3.6.15-150300.10.84.1 updated
- suse-build-key-12.0-150000.8.58.1 updated
- systemd-254.24-150600.4.28.1 updated
- udev-254.24-150600.4.28.1 updated
- vim-data-common-9.1.1176-150500.20.24.2 updated
- vim-9.1.1176-150500.20.24.2 updated
- xen-libs-4.18.4_06-150600.3.20.1 updated
- xen-tools-domU-4.18.4_06-150600.3.20.1 updated
- xz-5.4.1-150600.3.3.1 updated
More information about the sle-container-updates
mailing list