SUSE-CU-2025:2535-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Apr 16 20:06:04 UTC 2025
SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:2535-1
Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.30 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
Container Release : 17.8.30
Severity : important
Type : security
References : 1234128 1234713 1235481 1236033 1237374 1239618 1239883 1240343
CVE-2024-8176
-----------------------------------------------------------------
The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1198-1
Released: Fri Apr 11 09:46:09 2025
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1234128,1234713,1239883
This update for glibc fixes the following issues:
- Fix the lost wakeup from a bug in signal stealing (bsc#1234128)
- Mark functions in libc_nonshared.a as hidden (bsc#1239883)
- Bump minimal kernel version to 4.3 to enable use of direct socketcalls
on x86-32 and s390x (bsc#1234713)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1201-1
Released: Fri Apr 11 12:15:58 2025
Summary: Security update for expat
Type: security
Severity: important
References: 1239618,CVE-2024-8176
This update for expat fixes the following issues:
- CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused
by stack overflow by resolving use of recursion (bsc#1239618)
Other fixes:
- version update to 2.7.1 (jsc#PED-12500)
Bug fixes:
#980 #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
#976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}'
with Automake that were missing from 2.7.0 release tarballs
#983 #984 Fix printf format specifiers for 32bit Emscripten
#992 docs: Promote OpenSSF Best Practices self-certification
#978 tests/benchmark: Resolve mistaken double close
#986 Address compiler warnings
#990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
#982 CI: Start running Perl XML::Parser integration tests
#987 CI: Enforce Clang Static Analyzer clean code
#991 CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
#981 CI: Cover compilation with musl
#983 #984 CI: Cover compilation with 32bit Emscripten
#976 #977 CI: Protect against fuzzer files missing from future
release archives
- version update to 2.7.0
#935 #937 Autotools: Make generated CMake files look for
libexpat. at SO_MAJOR@.dylib on macOS
#925 Autotools: Sync CMake templates with CMake 3.29
#945 #962 #966 CMake: Drop support for CMake <3.13
#942 CMake: Small fuzzing related improvements
#921 docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
#941 docs: Document need for C++11 compiler for use from C++
#959 tests/benchmark: Fix a (harmless) TOCTTOU
#944 Windows: Fix installer target location of file xmlwf.xml
for CMake
#953 Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
#971 Address Cppcheck warnings
#969 #970 Mass-migrate links from http:// to https://
#947 #958 ..
#974 #975 Document changes since the previous release
#974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1217-1
Released: Sun Apr 13 12:16:40 2025
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: important
References: 1240343
This update for ca-certificates-mozilla fixes the following issues:
- Reenable the distrusted certs for now. as these only
distrust 'new issued' certs starting after a certain date,
while old certs should still work. (bsc#1240343)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1235-1
Released: Mon Apr 14 11:00:13 2025
Summary: Recommended update for kernel-firmware
Type: recommended
Severity: moderate
References:
This update for kernel-firmware fixes the following issues:
- Add QAT 420xx (CPM2.2) firmware, retrieved from commit 4308879ea4fa (jsc#PED-12499):
- Update to version 20250205 (git commit 429bdd620eb1):
* amdgpu: DMCUB update for DCN401
* ath12k: WCN7850 hw2.0: update board-2.bin
* ath12k: QCN9274 hw2.0: update to WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1
* ath12k: QCN9274 hw2.0: update board-2.bin
* ath11k: WCN6750 hw1.0: update board-2.bin
* ath11k: QCN9074 hw1.0: update to WLAN.HK.2.9.0.1-02146-QCAHKSWPL_SILICONZ-1
* ath11k: QCA6698AQ hw2.1: add to WLAN.HSP.1.1-04479-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1
* ath11k: QCA6698AQ hw2.1: add board-2.bin
* ath11k: QCA6390 hw2.0: update board-2.bin
* ath11k: QCA2066 hw2.1: update to WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.6
* ath11k: QCA2066 hw2.1: update board-2.bin
* ath11k: IPQ8074 hw2.0: update to WLAN.HK.2.9.0.1-02146-QCAHKSWPL_SILICONZ-1
* ath11k: IPQ6018 hw1.0: update to WLAN.HK.2.7.0.1-02409-QCAHKSWPL_SILICONZ-1
* copy-firmware: Fix 'No such file or directory' error.
* ath11k: add device-specific firmware for QCM6490 boards
* qca: add more WCN3950 1.3 NVM files
* qca: add firmware for WCN3950 chips
* qca: move QCA6390 firmware to separate section
* qca: restore licence information for WCN399x firmware
* amdgpu: DMCUB updates for various ASICs
* amdgpu: DMCUB updates forvarious AMDGPU ASICs
* qca: Update Bluetooth WCN6750 1.1.0-00476 firmware to 1.1.3-00069
* qcom:x1e80100: Support for Lenovo T14s G6 Qualcomm platform
* qcom:x1e80100: Support for Lenovo T14s G6 Qualcomm platform
- Update aliases from 6.13
- Update to version 20250129 (git commit 211fbc287a0b):
* linux-firmware: Update FW files for MRVL SD8997 chips
* i915: Update Xe2LPD DMC to v2.27
* qca: Update Bluetooth WCN6856 firmware 2.1.0-00642 to 2.1.0-00650
* rtl_bt: Update RTL8852B BT USB FW to 0x049B_5037
* amdgpu: Update ISP FW for isp v4.1.1
* trivial: contrib: wrap the process in try/except to catch server issues
* trivial: contrib: use python-magic to detect encoding of emails
* QCA: Add Bluetooth firmware for QCA6698
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1242-1
Released: Mon Apr 14 12:43:18 2025
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1235481,1236033
This update for aaa_base fixes the following issues:
- SP6 logrotate and rcsyslog binary (bsc#1236033)
- Update detection for systemd in rc.status
- Mountpoint for cgroup changed with cgroup2
- If a user switches the login shell respect the already set PATH
environment (bsc#1235481)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1245-1
Released: Mon Apr 14 13:31:49 2025
Summary: Recommended update for pkg-config
Type: recommended
Severity: moderate
References: 1237374
This update for rsync fixes the following issues:
- Security scan found old glib in pkg-config (bsc#1237374).
- This update for pkg-config changes attribute to the author who actually
makes the change
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated
- ca-certificates-mozilla-2.74-150200.41.1 updated
- glibc-locale-base-2.38-150600.14.26.1 updated
- glibc-2.38-150600.14.26.1 updated
- kernel-firmware-bnx2-20250205-150600.3.15.1 updated
- kernel-firmware-chelsio-20250205-150600.3.15.1 updated
- kernel-firmware-i915-20250205-150600.3.15.1 updated
- kernel-firmware-intel-20250205-150600.3.15.1 updated
- kernel-firmware-liquidio-20250205-150600.3.15.1 updated
- kernel-firmware-marvell-20250205-150600.3.15.1 updated
- kernel-firmware-mediatek-20250205-150600.3.15.1 updated
- kernel-firmware-mellanox-20250205-150600.3.15.1 updated
- kernel-firmware-network-20250205-150600.3.15.1 updated
- kernel-firmware-platform-20250205-150600.3.15.1 updated
- kernel-firmware-qlogic-20250205-150600.3.15.1 updated
- kernel-firmware-realtek-20250205-150600.3.15.1 updated
- kernel-firmware-usb-network-20250205-150600.3.15.1 updated
- libexpat1-2.7.1-150400.3.28.1 updated
- pkg-config-0.29.2-150600.15.6.3 updated
More information about the sle-container-updates
mailing list