SUSE-CU-2025:2652-1: Security update of suse/sle-micro/5.5/toolbox
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Apr 17 15:27:59 UTC 2025
SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:2652-1
Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.20 , suse/sle-micro/5.5/toolbox:latest
Container Release : 3.12.20
Severity : important
Type : security
References : 1183663 1193173 1211547 1213291 1214713 1216049 1216146 1216147
1216150 1216151 1216228 1216229 1216230 1216231 1216232 1216233
1216241 1216388 1216522 1216827 1217287 1218201 1218282 1218324
1218812 1218814 1219241 1219639 1222021 1222650 1222896 1227127
1228265 1230371 1231396 1231423 1231838 1233307 1233726 1234798
1235481 1235751 1236033 1236779 1237294 1239618 1240009 1240343
1240343 CVE-2024-11168 CVE-2024-8176
-----------------------------------------------------------------
The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1035-1
Released: Thu Mar 27 10:34:01 2025
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1236779,1237294
This update for suse-build-key fixes the following issues:
- Changed and extented the SUSE Linux Enterprise 15 and 16 signing keys to use
SHA256 GPG UIDs instead of SHA1. (bsc#1237294 bsc#1236779 jsc#PED-12321)
- gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc
- gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc
- suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1056-1
Released: Fri Mar 28 18:06:22 2025
Summary: Security update for python3
Type: security
Severity: moderate
References: 1233307,CVE-2024-11168
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1130-1
Released: Thu Apr 3 15:08:55 2025
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: important
References: 1234798,1240009,1240343
This update for ca-certificates-mozilla fixes the following issues:
Update to 2.74 state of Mozilla SSL root CAs:
- Removed:
* SwissSign Silver CA - G2
- Added:
* D-TRUST BR Root CA 2 2023
* D-TRUST EV Root CA 2 2023
Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798):
- Removed:
* SecureSign RootCA11
* Security Communication RootCA3
- Added:
* TWCA CYBER Root CA
* TWCA Global Root CA G2
* SecureSign Root CA12
* SecureSign Root CA14
* SecureSign Root CA15
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1161-1
Released: Mon Apr 7 17:29:45 2025
Summary: Recommended update for vim
Type: recommended
Severity: moderate
References: 1235751
This update for vim fixes the following issues:
- Regression patch to fix (bsc#1235751).
- Version update 9.1.1176
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1166-1
Released: Tue Apr 8 11:37:17 2025
Summary: Recommended update for gdb
Type: recommended
Severity: moderate
References:
This update for gdb fixes the following issues:
- Implemented support for new IBM Z generation (jsc#PED-10305).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1191-1
Released: Thu Apr 10 06:57:45 2025
Summary: Recommended update for supportutils
Type: recommended
Severity: moderate
References: 1183663,1193173,1211547,1213291,1214713,1216049,1216146,1216147,1216150,1216151,1216228,1216229,1216230,1216231,1216232,1216233,1216241,1216388,1216522,1216827,1217287,1218201,1218282,1218324,1218812,1218814,1219241,1219639,1222021,1222650,1222896,1227127,1228265,1230371,1231396,1231423,1231838,1233726
This update for supportutils fixes the following issues:
- Version update 3.2.10, bugfixing.
+ Collect firewalld configuration
+ Ignore tasks/threads to prevent collecting duplicate data (bsc#1230371).
+ openldap2_5 support for SLES (bsc#1231838).
+ Added dbus_info for dbus.txt (bsc#1222650).
+ Map running PIDs to RPM package owner aiding BPF program detection (bsc#1222896, bsc#1213291, PED-8221).
+ Corrected display issues (bsc#1231396, bsc#1217287).
+ NFS takes too long, showmount times out (bsc#1231423).
+ Merged sle15 and master branches (bsc#1233726, PED-11669).
+ Extended scaling for performance (bsc#1214713).
+ Corrected SLE Micro version (bsc#1219241).
+ Check nvidida-persistenced state (bsc#1219639).
+ Corrected podman .ID error (bsc#1218812).
+ Remove duplicate non-root podman users (bsc#1218814).
+ Fixed smart disk error (bsc#1218282).
+ Fixed ipvsadm logic error (bsc#1218324).
+ Correctly detects Xen Dom0 (bsc#1218201).
+ Inhibit the conversion of port numbers to port names for network files.
+ powerpc: collect rtas_errd.log and lp_diag.log log files.
+ Get list of pam.d files.
+ Provides long listing for /etc/sssd/sssd.conf (bsc#1211547).
+ Optimize lsof usage (bsc#1183663).
+ Added mokutil commands for secureboot.
+ ipset - List entries for all sets.
+ Added nvme-stas configuration to nvme.txt (bsc#1216049).
+ Collects zypp history file (bsc#1216522).
+ Collect HA related rpm package versions in ha.txt
+ Change -x OPTION to really be exclude only
+ Fixed kernel and added user live patching (PED-4524).
+ Fixed plugins creating empty files (bsc#1216388).
+ Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173).
+ Added supportutils to current (PED-4456).
+ Changed config directory to /etc/supportutuils for all conf and header.txt (bsc#1216232).
+ Fixed supportconfig using external test command (bsc#1216150) and kdump,
analyzevmcore errors (bsc#1216146).
+ Support has been removed for scplugin.rc, use supportconfig.rc (bsc#1216241).
+ Remove check_service function from supportconfig.rc (bsc#1216231).
+ Removed older versions of SLES_VER (bsc#1216147).
+ Added timed command to fs-files.txt (bsc#1216827).
+ Cron and At are replaced with systemd.timer (bsc#1216229).
+ Offers apparmor or selinux based on configuration (bsc#1216233).
+ Filted proc access errors (bsc#1216151).
+ Remove all SuSE-release references (bsc#1216228).
+ Remove references to /etc/init.d (bsc#1216230).
+ Add capability in supportconfig to insert configs in summary.xml from command line option (bsc#1222021).
+ file sanitizing improvement request for boot (bsc#1227127).
+ Add 'read_values -s' output to supportconfig on s390x (bsc#1228265).
+ Usability enhancement for supportconfig (PED-8211).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1201-1
Released: Fri Apr 11 12:15:58 2025
Summary: Security update for expat
Type: security
Severity: important
References: 1239618,CVE-2024-8176
This update for expat fixes the following issues:
- CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused
by stack overflow by resolving use of recursion (bsc#1239618)
Other fixes:
- version update to 2.7.1 (jsc#PED-12500)
Bug fixes:
#980 #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
#976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}'
with Automake that were missing from 2.7.0 release tarballs
#983 #984 Fix printf format specifiers for 32bit Emscripten
#992 docs: Promote OpenSSF Best Practices self-certification
#978 tests/benchmark: Resolve mistaken double close
#986 Address compiler warnings
#990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
#982 CI: Start running Perl XML::Parser integration tests
#987 CI: Enforce Clang Static Analyzer clean code
#991 CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
#981 CI: Cover compilation with musl
#983 #984 CI: Cover compilation with 32bit Emscripten
#976 #977 CI: Protect against fuzzer files missing from future
release archives
- version update to 2.7.0
#935 #937 Autotools: Make generated CMake files look for
libexpat. at SO_MAJOR@.dylib on macOS
#925 Autotools: Sync CMake templates with CMake 3.29
#945 #962 #966 CMake: Drop support for CMake <3.13
#942 CMake: Small fuzzing related improvements
#921 docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
#941 docs: Document need for C++11 compiler for use from C++
#959 tests/benchmark: Fix a (harmless) TOCTTOU
#944 Windows: Fix installer target location of file xmlwf.xml
for CMake
#953 Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
#971 Address Cppcheck warnings
#969 #970 Mass-migrate links from http:// to https://
#947 #958 ..
#974 #975 Document changes since the previous release
#974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1217-1
Released: Sun Apr 13 12:16:40 2025
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: important
References: 1240343
This update for ca-certificates-mozilla fixes the following issues:
- Reenable the distrusted certs for now. as these only
distrust 'new issued' certs starting after a certain date,
while old certs should still work. (bsc#1240343)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1242-1
Released: Mon Apr 14 12:43:18 2025
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1235481,1236033
This update for aaa_base fixes the following issues:
- SP6 logrotate and rcsyslog binary (bsc#1236033)
- Update detection for systemd in rc.status
- Mountpoint for cgroup changed with cgroup2
- If a user switches the login shell respect the already set PATH
environment (bsc#1235481)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1292-1
Released: Wed Apr 16 09:49:17 2025
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References:
This update for timezone fixes the following issues:
- Version update 2025b
* New zone for Aysen Region in Chile (America/Coyhaique) which
moves from -04/-03 to -03
- Refresh patches for philippines historical data and china tzdata
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated
- ca-certificates-mozilla-2.74-150200.41.1 updated
- gdb-14.2-150400.15.23.1 updated
- libexpat1-2.7.1-150400.3.28.1 updated
- libpython3_6m1_0-3.6.15-150300.10.84.1 updated
- python3-base-3.6.15-150300.10.84.1 updated
- supportutils-3.2.10-150300.7.35.36.4 updated
- suse-build-key-12.0-150000.8.58.1 updated
- timezone-2025b-150000.75.34.2 updated
- vim-data-common-9.1.1176-150500.20.24.2 updated
- vim-9.1.1176-150500.20.24.2 updated
More information about the sle-container-updates
mailing list