SUSE-CU-2025:2546-1: Security update of suse/ltss/sle12.5/sles12sp5

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Apr 16 19:56:55 UTC 2025 

SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:2546-1
Container Tags        : suse/ltss/sle12.5/sles12sp5:8.5.71 , suse/ltss/sle12.5/sles12sp5:latest
Container Release     : 8.5.71
Severity              : important
Type                  : security
References            : 1188018 1191399 1196637 1200170 1205957 1228809 1231211 1239618
                        CVE-2024-8176 
-----------------------------------------------------------------

The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1290-1
Released:    Wed Apr 16 09:38:34 2025
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1188018,1191399,1196637,1200170,1205957,1228809,1231211
This update for systemd fixes the following issues:

- basic/hashmap: add cleanup of memory pools
- core: add valgrind helper for daemon-reexec
- sd-bus: fix a memory leak in message_new_reply()
- sd-bus: unify three code-paths which free struct bus_container
- bus-message: use structured initialization to avoid use of unitialized memory
- Add patches (bsc#1231211)
- Don't try to restart the udev socket units anymore (bsc#1228809)
  There's currently no way to restart a socket activable service and its socket
  units 'atomically' and safely.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1295-1
Released:    Wed Apr 16 09:53:51 2025
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1239618,CVE-2024-8176
This update for expat fixes the following issues:
- CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused 
  by stack overflow by resolving use of recursion (bsc#1239618)

Other fixes:
- version update to 2.7.1 (jsc#PED-12500)
     Bug fixes:
       #980 #989  Restore event pointer behavior from Expat 2.6.4
                    (that the fix to CVE-2024-8176 changed in 2.7.0);
                    affected API functions are:
                    - XML_GetCurrentByteCount
                    - XML_GetCurrentByteIndex
                    - XML_GetCurrentColumnNumber
                    - XML_GetCurrentLineNumber
                    - XML_GetInputContext
     Other changes:
       #976 #977  Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}'
                    with Automake that were missing from 2.7.0 release tarballs
       #983 #984  Fix printf format specifiers for 32bit Emscripten
            #992  docs: Promote OpenSSF Best Practices self-certification
            #978  tests/benchmark: Resolve mistaken double close
            #986  Address compiler warnings
       #990 #993  Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
                    to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
                    for what these numbers do
        Infrastructure:
            #982  CI: Start running Perl XML::Parser integration tests
            #987  CI: Enforce Clang Static Analyzer clean code
            #991  CI: Re-enable warning clang-analyzer-valist.Uninitialized
                    for clang-tidy
            #981  CI: Cover compilation with musl
       #983 #984  CI: Cover compilation with 32bit Emscripten
       #976 #977  CI: Protect against fuzzer files missing from future
                    release archives

- version update to 2.7.0
       #935 #937  Autotools: Make generated CMake files look for
                    libexpat. at SO_MAJOR@.dylib on macOS
            #925  Autotools: Sync CMake templates with CMake 3.29
  #945 #962 #966  CMake: Drop support for CMake <3.13
            #942  CMake: Small fuzzing related improvements
            #921  docs: Add missing documentation of error code
                    XML_ERROR_NOT_STARTED that was introduced with 2.6.4
            #941  docs: Document need for C++11 compiler for use from C++
            #959  tests/benchmark: Fix a (harmless) TOCTTOU
            #944  Windows: Fix installer target location of file xmlwf.xml
                    for CMake
            #953  Windows: Address warning -Wunknown-warning-option
                    about -Wno-pedantic-ms-format from LLVM MinGW
            #971  Address Cppcheck warnings
       #969 #970  Mass-migrate links from http:// to https://
    #947 #958 ..
       #974 #975  Document changes since the previous release
       #974 #975  Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
                    to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
                    for what these numbers do


The following package changes have been done:

- libexpat1-2.7.1-21.43.1 updated
- libsystemd0-228-157.66.1 updated
- libudev1-228-157.66.1 updated

More information about the sle-container-updates mailing list