SUSE-CU-2025:2511-1: Security update of suse/sle-micro/5.3/toolbox

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Apr 16 07:10:57 UTC 2025 

SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:2511-1
Container Tags        : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.115 , suse/sle-micro/5.3/toolbox:latest
Container Release     : 6.11.115
Severity              : important
Type                  : security
References            : 1235481 1236033 1239618 1240343 CVE-2024-8176 
-----------------------------------------------------------------

The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1201-1
Released:    Fri Apr 11 12:15:58 2025
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1239618,CVE-2024-8176
This update for expat fixes the following issues:

- CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused 
  by stack overflow by resolving use of recursion (bsc#1239618)

Other fixes:
- version update to 2.7.1 (jsc#PED-12500)
     Bug fixes:
       #980 #989  Restore event pointer behavior from Expat 2.6.4
                    (that the fix to CVE-2024-8176 changed in 2.7.0);
                    affected API functions are:
                    - XML_GetCurrentByteCount
                    - XML_GetCurrentByteIndex
                    - XML_GetCurrentColumnNumber
                    - XML_GetCurrentLineNumber
                    - XML_GetInputContext
     Other changes:
       #976 #977  Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}'
                    with Automake that were missing from 2.7.0 release tarballs
       #983 #984  Fix printf format specifiers for 32bit Emscripten
            #992  docs: Promote OpenSSF Best Practices self-certification
            #978  tests/benchmark: Resolve mistaken double close
            #986  Address compiler warnings
       #990 #993  Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
                    to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
                    for what these numbers do
        Infrastructure:
            #982  CI: Start running Perl XML::Parser integration tests
            #987  CI: Enforce Clang Static Analyzer clean code
            #991  CI: Re-enable warning clang-analyzer-valist.Uninitialized
                    for clang-tidy
            #981  CI: Cover compilation with musl
       #983 #984  CI: Cover compilation with 32bit Emscripten
       #976 #977  CI: Protect against fuzzer files missing from future
                    release archives

- version update to 2.7.0
       #935 #937  Autotools: Make generated CMake files look for
                    libexpat. at SO_MAJOR@.dylib on macOS
            #925  Autotools: Sync CMake templates with CMake 3.29
  #945 #962 #966  CMake: Drop support for CMake <3.13
            #942  CMake: Small fuzzing related improvements
            #921  docs: Add missing documentation of error code
                    XML_ERROR_NOT_STARTED that was introduced with 2.6.4
            #941  docs: Document need for C++11 compiler for use from C++
            #959  tests/benchmark: Fix a (harmless) TOCTTOU
            #944  Windows: Fix installer target location of file xmlwf.xml
                    for CMake
            #953  Windows: Address warning -Wunknown-warning-option
                    about -Wno-pedantic-ms-format from LLVM MinGW
            #971  Address Cppcheck warnings
       #969 #970  Mass-migrate links from http:// to https://
    #947 #958 ..
       #974 #975  Document changes since the previous release
       #974 #975  Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
                    to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
                    for what these numbers do

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1217-1
Released:    Sun Apr 13 12:16:40 2025
Summary:     Recommended update for ca-certificates-mozilla
Type:        recommended
Severity:    important
References:  1240343
This update for ca-certificates-mozilla fixes the following issues:

- Reenable the distrusted certs for now. as these only
  distrust 'new issued' certs starting after a certain date,
  while old certs should still work. (bsc#1240343)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1242-1
Released:    Mon Apr 14 12:43:18 2025
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1235481,1236033
This update for aaa_base fixes the following issues:

- SP6 logrotate and rcsyslog binary (bsc#1236033)
- Update detection for systemd in rc.status
- Mountpoint for cgroup changed with cgroup2
- If a user switches the login shell respect the already set PATH
  environment (bsc#1235481)


The following package changes have been done:

- aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated
- ca-certificates-mozilla-2.74-150200.41.1 updated
- libexpat1-2.7.1-150400.3.28.1 updated

More information about the sle-container-updates mailing list