SUSE-CU-2025:2636-1: Security update of suse/manager/5.0/x86_64/server-migration-14-16
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Apr 17 07:14:06 UTC 2025
SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-migration-14-16
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:2636-1
Container Tags : suse/manager/5.0/x86_64/server-migration-14-16:5.0.4 , suse/manager/5.0/x86_64/server-migration-14-16:5.0.4.7.14.1 , suse/manager/5.0/x86_64/server-migration-14-16:latest
Container Release : 7.14.1
Severity : important
Type : security
References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 1227637
1229228 1233307 1233752 1234015 1234128 1234313 1234713 1234765
1235873 1236136 1236136 1236165 1236282 1236460 1236619 1236643
1236771 1236858 1236886 1236960 1237093 1237093 1237093 1237363
1237370 1237418 1238591 1239625 1239637 1239883 1240414 CVE-2022-49043
CVE-2023-40403 CVE-2024-11168 CVE-2024-13176 CVE-2024-13176 CVE-2024-55549
CVE-2024-56171 CVE-2025-0395 CVE-2025-1094 CVE-2025-1094 CVE-2025-1094
CVE-2025-24528 CVE-2025-24855 CVE-2025-24928 CVE-2025-27113 CVE-2025-31115
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/server-migration-14-16 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:348-1
Released: Tue Feb 4 08:10:23 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1236460,CVE-2022-49043
This update for libxml2 fixes the following issues:
- CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:358-1
Released: Wed Feb 5 10:06:22 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1235873
This update for permissions fixes the following issues:
- Version update 20240826:
* permissions: remove legacy and nonsensical entries.
* permissions: remove traceroute entry.
* permissions: remove outdated sudo directories.
* permissions: remove legacy RPM directory entries.
* permissions: remove some static /var/spool/* dirs.
* permissions: remove unnecessary static dirs and devices (bsc#1235873).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:401-1
Released: Mon Feb 10 10:38:28 2025
Summary: Security update for crypto-policies, krb5
Type: security
Severity: moderate
References: 1236619,CVE-2025-24528
This update for crypto-policies and krb5 fixes the following issues:
Security issue fixed:
- CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619).
Feature addition:
- Add crypto-policies support; (jsc#PED-12018)
* The default krb5.conf has been updated to include config
snippets in the krb5.conf.d directory, where crypto-policies
drops its.
- Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018);
* This key derivation function is used by AES256-CTS-HMAC-SHA1-96
and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active
directory. If these encryption types are allowed or not in
FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:430-1
Released: Tue Feb 11 15:13:32 2025
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1236136,CVE-2024-13176
This update for openssl-3 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:501-1
Released: Thu Feb 13 10:53:21 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1236960
This update for permissions fixes the following issues:
- Version update 20240826.
- Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:547-1
Released: Fri Feb 14 08:26:30 2025
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1229228,1233752,1234313,1234765
This update for systemd fixes the following issues:
- Fix agetty failing to open credentials directory (bsc#1229228)
- stdio-bridge: fix polled fds
- hwdb: comment out the entry for Logitech MX Keys for Mac
- core/unit-serialize: fix serialization of markers
- locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged
- core: fix assert when AddDependencyUnitFiles is called with invalid parameter
- Fix systemd-network recommending libidn2-devel (bsc#1234765)
- tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:582-1
Released: Tue Feb 18 15:55:29 2025
Summary: Security update for glibc
Type: security
Severity: low
References: 1236282,CVE-2025-0395
This update for glibc fixes the following issues:
- CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:613-1
Released: Fri Feb 21 11:37:54 2025
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1236136,1236771,CVE-2024-13176
This update for openssl-1_1 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136).
Other bugfixes:
- Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:616-1
Released: Fri Feb 21 11:42:35 2025
Summary: Security update for postgresql17
Type: security
Severity: important
References: 1237093,CVE-2025-1094
This update for postgresql17 fixes the following issues:
Upgrade to 17.4:
- CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:626-1
Released: Fri Feb 21 12:18:09 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1236858
This update for crypto-policies fixes the following issue:
- Remove dangling symlink for the libreswan config (bsc#1236858).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:631-1
Released: Fri Feb 21 15:09:01 2025
Summary: Security update for postgresql14
Type: security
Severity: important
References: 1237093,CVE-2025-1094
This update for postgresql14 fixes the following issues:
Upgrade to 14.17:
- CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:635-1
Released: Fri Feb 21 15:13:08 2025
Summary: Security update for postgresql16
Type: security
Severity: important
References: 1237093,CVE-2025-1094
This update for postgresql16 fixes the following issues:
Upgrade to 16.8:
- CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:746-1
Released: Fri Feb 28 17:10:22 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113
This update for libxml2 fixes the following issues:
- CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c
(bsc#1237363).
- CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370).
- CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:832-1
Released: Tue Mar 11 09:56:30 2025
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References:
This update for timezone fixes the following issues:
- Update to 2025a:
* Paraguay adopts permanent -03 starting spring 2024
* Improve pre-1991 data for the Philippines
* Etc/Unknown is now reserved
* Improve historical data for Mexico, Mongolia, and Portugal
* System V names are now obsolescent
* The main data form now uses %z
* The code now conforms to RFC 8536 for early timestamps
* Support POSIX.1-2024, which removes asctime_r and ctime_r
* Assume POSIX.2-1992 or later for shell scripts
* SUPPORT_C89 now defaults to 1
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:915-1
Released: Wed Mar 19 08:04:05 2025
Summary: Recommended update for libgcrypt
Type: recommended
Severity: moderate
References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942
This update for libgcrypt fixes the following issues:
- FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939]
- FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939]
- FIPS: Disable setting the library in non-FIPS mode [bsc#1220893]
- FIPS: Disallow rsa < 2048 [bsc#1225941]
* Mark RSA operations with keysize < 2048 as non-approved in the SLI
- FIPS: Service level indicator for libgcrypt [bsc#1225939]
- FIPS: Consider deprecate sha1 [bsc#1225942]
* In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will
transition at the end of 2030. Mark SHA1 as non-approved in SLI.
- FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936]
* cipher: Do not run RSA encryption selftest by default
- FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG
for the whole length entropy buffer in FIPS mode. [bsc#1220893]
- FIPS: Set the FSM into error state if Jitter RNG is returning an
error code to the caller when an health test error occurs when
random bytes are requested through the jent_read_entropy_safe()
function. [bsc#1220895]
- FIPS: Replace the built-in jitter rng with standalone version
* Remove the internal jitterentropy copy [bsc#1220896]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:969-1
Released: Thu Mar 20 14:28:47 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1227637,1236165
This update for crypto-policies fixes the following issues:
- Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637).
- tolerate fips dracut module presence w/o FIPS
* Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode
(bsc#1236165).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1016-1
Released: Tue Mar 25 15:59:05 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1234015,1236643,1236886
This update for systemd fixes the following issues:
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- journald: close runtime journals before their parent directory removed
- journald: reset runtime seqnum data when flushing to system journal (bsc#1236886)
- Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643)
It is likely an oversight from when systemd-userdb was migrated from the
experimental package to the main one.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1056-1
Released: Fri Mar 28 18:06:22 2025
Summary: Security update for python3
Type: security
Severity: moderate
References: 1233307,CVE-2024-11168
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1125-1
Released: Thu Apr 3 13:49:28 2025
Summary: Security update for libxslt
Type: security
Severity: important
References: 1238591,1239625,1239637,CVE-2023-40403,CVE-2024-55549,CVE-2025-24855
This update for libxslt fixes the following issues:
- CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591)
- CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637)
- CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1137-1
Released: Thu Apr 3 17:11:02 2025
Summary: Security update for xz
Type: security
Severity: important
References: 1240414,CVE-2025-31115
This update for xz fixes the following issues:
- CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1198-1
Released: Fri Apr 11 09:46:09 2025
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1234128,1234713,1239883
This update for glibc fixes the following issues:
- Fix the lost wakeup from a bug in signal stealing (bsc#1234128)
- Mark functions in libc_nonshared.a as hidden (bsc#1239883)
- Bump minimal kernel version to 4.3 to enable use of direct socketcalls
on x86-32 and s390x (bsc#1234713)
The following package changes have been done:
- crypto-policies-20230920.570ea89-150600.3.9.2 updated
- glibc-2.38-150600.14.23.1 updated
- liblzma5-5.4.1-150600.3.3.1 updated
- libxml2-2-2.10.3-150500.5.23.1 updated
- libopenssl3-3.1.4-150600.5.24.1 updated
- libgcrypt20-1.10.3-150600.3.3.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated
- krb5-1.20.1-150600.11.8.1 updated
- permissions-20240826-150600.10.18.2 updated
- timezone-2025a-150600.91.3.1 updated
- libsystemd0-254.24-150600.4.28.1 updated
- glibc-locale-base-2.38-150600.14.26.1 updated
- libopenssl1_1-1.1.1w-150600.5.12.2 updated
- libpq5-17.4-150600.13.10.1 updated
- libxslt1-1.1.34-150400.3.6.1 updated
- glibc-locale-2.38-150600.14.26.1 updated
- libpython3_6m1_0-3.6.15-150300.10.84.1 updated
- python3-base-3.6.15-150300.10.84.1 updated
- postgresql14-14.17-150600.16.14.1 updated
- postgresql16-16.8-150600.16.15.1 updated
- postgresql14-server-14.17-150600.16.14.1 updated
- postgresql16-server-16.8-150600.16.15.1 updated
- postgresql16-contrib-16.8-150600.16.15.1 updated
- postgresql14-contrib-14.17-150600.16.14.1 updated
- container:suse-manager-5.0-init-5.0.4-5.0.4-7.12.15 added
- container:suse-manager-5.0-init-5.0.3-5.0.3-7.9.5 removed
More information about the sle-container-updates
mailing list