SUSE-IU-2025:1188-1: Security update of suse/sl-micro/6.0/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Apr 23 14:00:34 UTC 2025 

SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:1188-1
Image Tags        : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.17 , suse/sl-micro/6.0/baremetal-os-container:latest
Image Release     : 6.17
Severity          : important
Type              : security
References        : 1238591 1239330 1239625 1239637 CVE-2023-40403 CVE-2024-55549
                        CVE-2024-6104 CVE-2025-22869 CVE-2025-24855 CVE-2025-27144 
-----------------------------------------------------------------

The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 292
Released:    Tue Apr 22 16:17:16 2025
Summary:     Security update for podman
Type:        security
Severity:    important
References:  1239330,CVE-2024-6104,CVE-2025-22869,CVE-2025-27144
This update for podman fixes the following issues:

- CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239330).

-----------------------------------------------------------------
Advisory ID: 297
Released:    Wed Apr 23 15:11:10 2025
Summary:     Security update for libxslt
Type:        security
Severity:    important
References:  1238591,1239625,1239637,CVE-2023-40403,CVE-2024-55549,CVE-2025-24855
This update for libxslt fixes the following issues:

* CVE-2025-24855: Fix use-after-free of XPath context node (bsc#1239625) 
* CVE-2024-55549: Fix UAF related to excluded namespaces (bsc#1239637)
* CVE-2023-40403: Make generate-id() deterministic (bsc#1238591)


The following package changes have been done:

- libxml2-2-2.11.6-7.1 updated
- SL-Micro-release-6.0-25.17 updated
- elemental-register-1.6.8-2.1 updated
- elemental-support-1.6.8-2.1 updated
- libxslt1-1.1.38-4.1 updated
- podman-4.9.5-4.1 updated
- container:SL-Micro-base-container-2.1.3-6.14 updated

More information about the sle-container-updates mailing list