SUSE-CU-2025:2628-1: Security update of suse/manager/5.0/x86_64/proxy-httpd
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Apr 17 07:13:26 UTC 2025
SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-httpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:2628-1
Container Tags : suse/manager/5.0/x86_64/proxy-httpd:5.0.4 , suse/manager/5.0/x86_64/proxy-httpd:5.0.4.7.14.1 , suse/manager/5.0/x86_64/proxy-httpd:latest
Container Release : 7.14.1
Severity : important
Type : security
References : 1221505 1225287 1226273 1227118 1227859 1231983 1233307 1233500
1234015 1234033 1234202 1234226 1234442 1234452 1235527 1235696
1235825 1235853 1235970 1236011 1236118 1236136 1236166 1236234
1236268 1236323 1236601 1236625 1236643 1236678 1236707 1236771
1236886 1237060 1237363 1237370 1237374 1237374 1237403 1237418
1237535 1237685 1237694 1238924 1239618 1239826 1240414 1240960
CVE-2024-11168 CVE-2024-13176 CVE-2024-56171 CVE-2024-8176 CVE-2025-23392
CVE-2025-24928 CVE-2025-27113 CVE-2025-31115
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/proxy-httpd was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:613-1
Released: Fri Feb 21 11:37:54 2025
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1236136,1236771,CVE-2024-13176
This update for openssl-1_1 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136).
Other bugfixes:
- Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:746-1
Released: Fri Feb 28 17:10:22 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113
This update for libxml2 fixes the following issues:
- CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c
(bsc#1237363).
- CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370).
- CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:794-1
Released: Thu Mar 6 07:59:29 2025
Summary: Recommended update for pkg-config
Type: recommended
Severity: important
References: 1237374
This update for pkg-config fixes the following issues:
- Build with system GLib instead of bundled GLib (bsc#1237374).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:878-1
Released: Mon Mar 17 10:22:57 2025
Summary: Recommended update for python3-dmidecode
Type: recommended
Severity: moderate
References: 1237685
This update for python3-dmidecode fixes the following issue:
- Fix invalid log level error. (bsc#1237685)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1016-1
Released: Tue Mar 25 15:59:05 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1234015,1236643,1236886
This update for systemd fixes the following issues:
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- journald: close runtime journals before their parent directory removed
- journald: reset runtime seqnum data when flushing to system journal (bsc#1236886)
- Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643)
It is likely an oversight from when systemd-userdb was migrated from the
experimental package to the main one.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1056-1
Released: Fri Mar 28 18:06:22 2025
Summary: Security update for python3
Type: security
Severity: moderate
References: 1233307,CVE-2024-11168
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1134-1
Released: Thu Apr 3 16:17:44 2025
Summary: Security update for apparmor
Type: security
Severity: moderate
References: 1234452
This update for apparmor fixes the following issue:
- Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1137-1
Released: Thu Apr 3 17:11:02 2025
Summary: Security update for xz
Type: security
Severity: important
References: 1240414,CVE-2025-31115
This update for xz fixes the following issues:
- CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1201-1
Released: Fri Apr 11 12:15:58 2025
Summary: Security update for expat
Type: security
Severity: important
References: 1239618,CVE-2024-8176
This update for expat fixes the following issues:
- CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused
by stack overflow by resolving use of recursion (bsc#1239618)
Other fixes:
- version update to 2.7.1 (jsc#PED-12500)
Bug fixes:
#980 #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
#976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}'
with Automake that were missing from 2.7.0 release tarballs
#983 #984 Fix printf format specifiers for 32bit Emscripten
#992 docs: Promote OpenSSF Best Practices self-certification
#978 tests/benchmark: Resolve mistaken double close
#986 Address compiler warnings
#990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
#982 CI: Start running Perl XML::Parser integration tests
#987 CI: Enforce Clang Static Analyzer clean code
#991 CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
#981 CI: Cover compilation with musl
#983 #984 CI: Cover compilation with 32bit Emscripten
#976 #977 CI: Protect against fuzzer files missing from future
release archives
- version update to 2.7.0
#935 #937 Autotools: Make generated CMake files look for
libexpat. at SO_MAJOR@.dylib on macOS
#925 Autotools: Sync CMake templates with CMake 3.29
#945 #962 #966 CMake: Drop support for CMake <3.13
#942 CMake: Small fuzzing related improvements
#921 docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
#941 docs: Document need for C++11 compiler for use from C++
#959 tests/benchmark: Fix a (harmless) TOCTTOU
#944 Windows: Fix installer target location of file xmlwf.xml
for CMake
#953 Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
#971 Address Cppcheck warnings
#969 #970 Mass-migrate links from http:// to https://
#947 #958 ..
#974 #975 Document changes since the previous release
#974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1245-1
Released: Mon Apr 14 13:31:49 2025
Summary: Recommended update for pkg-config
Type: recommended
Severity: moderate
References: 1237374
This update for rsync fixes the following issues:
- Security scan found old glib in pkg-config (bsc#1237374).
- This update for pkg-config changes attribute to the author who actually
makes the change
-----------------------------------------------------------------
Advisory ID: SUSE-Manager-5.0-2025-1297
Released: Wed Apr 16 09:57:14 2025
Summary: Security update for Multi-Linux Manager 5.0: Server, Proxy and Retail Server
Type: security
Severity: moderate
References: 1221505,1225287,1226273,1227118,1227859,1231983,1233500,1234033,1234202,1234226,1234442,1235527,1235696,1235825,1235853,1235970,1236011,1236118,1236166,1236234,1236268,1236323,1236601,1236625,1236678,1236707,1237060,1237403,1237535,1237694,1238924,1239826,1240960,CVE-2025-23392
Security update for Multi-Linux Manager 5.0: Server, Proxy and Retail Branch Server:
This is a codestream only update
The following package changes have been done:
- libapparmor1-3.1.7-150600.5.3.2 updated
- libexpat1-2.7.1-150400.3.28.1 updated
- libopenssl1_1-1.1.1w-150600.5.12.2 updated
- pkg-config-0.29.2-150600.15.6.3 updated
- release-notes-susemanager-proxy-5.0.4-150600.11.23.2 updated
- xz-5.4.1-150600.3.3.1 updated
- libsystemd0-254.24-150600.4.28.1 updated
- python3-base-3.6.15-150300.10.84.1 updated
- libpython3_6m1_0-3.6.15-150300.10.84.1 updated
- python3-3.6.15-150300.10.84.1 updated
- python3-uyuni-common-libs-5.0.6-150600.2.6.5 updated
- systemd-254.24-150600.4.28.1 updated
- python3-libxml2-2.10.3-150500.5.23.1 updated
- python3-dmidecode-3.12.3-150400.24.1 updated
- spacewalk-backend-5.0.12-150600.4.12.10 updated
- python3-spacewalk-client-tools-5.0.9-150600.4.9.11 updated
- spacewalk-client-tools-5.0.9-150600.4.9.11 updated
- susemanager-tftpsync-recv-5.0.2-150600.3.3.5 updated
More information about the sle-container-updates
mailing list