From sle-container-updates at lists.suse.com Fri Aug 1 07:04:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Aug 2025 09:04:54 +0200 (CEST) Subject: SUSE-IU-2025:2254-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250801070454.70598FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2254-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.65 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.65 Severity : important Type : security References : 1243226 1243767 CVE-2025-5278 CVE-2025-6018 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 401 Released: Tue Jul 29 16:09:33 2025 Summary: Security update for pam-config Type: security Severity: important References: 1243226,CVE-2025-6018 This update for pam-config fixes the following issues: - CVE-2025-6018: Stop adding pam_env in AUTH stack, and be sure to put this module at the really end of the SESSION stack. (bsc#1243226) ----------------------------------------------------------------- Advisory ID: 405 Released: Thu Jul 31 11:41:53 2025 Summary: Security update for coreutils Type: security Severity: moderate References: 1243767,CVE-2025-5278 This update for coreutils fixes the following issues: - CVE-2025-5278: Fixed heap buffer under-read ledaing to a crash or leak sensitive data (bsc#1243767) The following package changes have been done: - coreutils-9.4-5.1 updated - pam-config-2.11-2.1 updated - container:SL-Micro-base-container-2.1.3-7.34 updated From sle-container-updates at lists.suse.com Fri Aug 1 07:05:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Aug 2025 09:05:39 +0200 (CEST) Subject: SUSE-IU-2025:2255-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20250801070539.D1221FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2255-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.34 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.34 Severity : moderate Type : security References : 1243767 CVE-2025-5278 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 405 Released: Thu Jul 31 11:41:53 2025 Summary: Security update for coreutils Type: security Severity: moderate References: 1243767,CVE-2025-5278 This update for coreutils fixes the following issues: - CVE-2025-5278: Fixed heap buffer under-read ledaing to a crash or leak sensitive data (bsc#1243767) The following package changes have been done: - coreutils-9.4-5.1 updated - container:suse-toolbox-image-1.0.0-9.19 updated From sle-container-updates at lists.suse.com Fri Aug 1 07:06:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Aug 2025 09:06:31 +0200 (CEST) Subject: SUSE-IU-2025:2256-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250801070631.DF4C5FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2256-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.58 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.58 Severity : moderate Type : security References : 1243767 CVE-2025-5278 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 405 Released: Thu Jul 31 11:41:53 2025 Summary: Security update for coreutils Type: security Severity: moderate References: 1243767,CVE-2025-5278 This update for coreutils fixes the following issues: - CVE-2025-5278: Fixed heap buffer under-read ledaing to a crash or leak sensitive data (bsc#1243767) The following package changes have been done: - coreutils-9.4-5.1 updated - container:SL-Micro-base-container-2.1.3-7.34 updated From sle-container-updates at lists.suse.com Fri Aug 1 07:07:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Aug 2025 09:07:26 +0200 (CEST) Subject: SUSE-IU-2025:2257-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250801070726.67075FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2257-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.67 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.67 Severity : moderate Type : security References : 1243767 CVE-2025-5278 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 405 Released: Thu Jul 31 11:41:53 2025 Summary: Security update for coreutils Type: security Severity: moderate References: 1243767,CVE-2025-5278 This update for coreutils fixes the following issues: - CVE-2025-5278: Fixed heap buffer under-read ledaing to a crash or leak sensitive data (bsc#1243767) The following package changes have been done: - coreutils-9.4-5.1 updated - container:SL-Micro-container-2.1.3-6.65 updated From sle-container-updates at lists.suse.com Fri Aug 1 07:09:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Aug 2025 09:09:05 +0200 (CEST) Subject: SUSE-CU-2025:5781-1: Security update of suse/sl-micro/6.0/toolbox Message-ID: <20250801070905.2C402FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5781-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.19 , suse/sl-micro/6.0/toolbox:latest Container Release : 9.19 Severity : moderate Type : security References : 1243767 CVE-2025-5278 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 405 Released: Thu Jul 31 11:41:53 2025 Summary: Security update for coreutils Type: security Severity: moderate References: 1243767,CVE-2025-5278 This update for coreutils fixes the following issues: - CVE-2025-5278: Fixed heap buffer under-read ledaing to a crash or leak sensitive data (bsc#1243767) The following package changes have been done: - coreutils-9.4-5.1 updated From sle-container-updates at lists.suse.com Fri Aug 1 07:16:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Aug 2025 09:16:54 +0200 (CEST) Subject: SUSE-CU-2025:5786-1: Security update of bci/spack Message-ID: <20250801071654.32BCEFF1E@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5786-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.30 Container Release : 11.30 Severity : moderate Type : security References : 1233012 1244270 1244272 1244273 1244279 1244336 CVE-2025-5914 CVE-2025-5915 CVE-2025-5916 CVE-2025-5917 CVE-2025-5918 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2566-1 Released: Thu Jul 31 09:18:44 2025 Summary: Security update for libarchive Type: security Severity: moderate References: 1244270,1244272,1244273,1244279,1244336,CVE-2025-5914,CVE-2025-5915,CVE-2025-5916,CVE-2025-5917,CVE-2025-5918 This update for libarchive fixes the following issues: - CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272) - CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c (bsc#1244273) - CVE-2025-5916: Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270) - CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244336) - CVE-2025-5918: Fixed reading past EOF may be triggered for piped file streams (bsc#1244279) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2573-1 Released: Thu Jul 31 11:15:06 2025 Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six Type: recommended Severity: moderate References: 1233012 This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) The following package changes have been done: - libarchive13-3.7.2-150600.3.17.1 updated - python3-cffi-1.13.2-150200.3.5.1 updated From sle-container-updates at lists.suse.com Fri Aug 1 07:17:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Aug 2025 09:17:07 +0200 (CEST) Subject: SUSE-CU-2025:5787-1: Recommended update of suse/389-ds Message-ID: <20250801071707.A4FBFFF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5787-1 Container Tags : suse/389-ds:2.5 , suse/389-ds:2.5.3 , suse/389-ds:2.5.3-61.31 , suse/389-ds:latest Container Release : 61.31 Severity : moderate Type : recommended References : 1233012 1233012 1233012 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2572-1 Released: Thu Jul 31 11:11:10 2025 Summary: Recommended update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp Type: recommended Severity: moderate References: 1233012 This update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2573-1 Released: Thu Jul 31 11:15:06 2025 Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six Type: recommended Severity: moderate References: 1233012 This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2574-1 Released: Thu Jul 31 11:19:37 2025 Summary: Recommended update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools Type: recommended Severity: moderate References: 1233012 This update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) The following package changes have been done: - python3-six-1.14.0-150200.15.1 updated - python3-packaging-21.3-150200.3.6.1 updated - python3-cffi-1.13.2-150200.3.5.1 updated - python3-setuptools-44.1.1-150400.9.15.1 updated - python3-wheel-0.32.3-150100.6.8.1 updated - python3-cryptography-3.3.2-150400.26.1 updated From sle-container-updates at lists.suse.com Fri Aug 1 07:17:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Aug 2025 09:17:30 +0200 (CEST) Subject: SUSE-CU-2025:5790-1: Recommended update of bci/kiwi Message-ID: <20250801071730.9DE69FF1E@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5790-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-17.6 , bci/kiwi:latest Container Release : 17.6 Severity : moderate Type : recommended References : 1233012 1233012 1233012 1246566 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2549-1 Released: Wed Jul 30 11:09:09 2025 Summary: Recommended update for qemu Type: recommended Severity: moderate References: 1246566 This update for qemu fixes the following issues: - [roms] seabios: include 'pciinit: don't misalign large BARs' (bsc#1246566) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2572-1 Released: Thu Jul 31 11:11:10 2025 Summary: Recommended update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp Type: recommended Severity: moderate References: 1233012 This update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2573-1 Released: Thu Jul 31 11:15:06 2025 Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six Type: recommended Severity: moderate References: 1233012 This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2574-1 Released: Thu Jul 31 11:19:37 2025 Summary: Recommended update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools Type: recommended Severity: moderate References: 1233012 This update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) The following package changes have been done: - python3-six-1.14.0-150200.15.1 updated - qemu-vmsr-helper-9.2.4-150700.3.8.1 updated - qemu-pr-helper-9.2.4-150700.3.8.1 updated - qemu-img-9.2.4-150700.3.8.1 updated - python3-packaging-21.3-150200.3.6.1 updated - python3-setuptools-44.1.1-150400.9.15.1 updated - python3-pip-20.0.2-150400.23.1 updated - qemu-tools-9.2.4-150700.3.8.1 updated - python3-cffi-1.13.2-150200.3.5.1 updated - python3-py-1.10.0-150100.5.15.1 updated - python3-cryptography-3.3.2-150400.26.1 updated - python3-pyOpenSSL-21.0.0-150400.10.1 updated From sle-container-updates at lists.suse.com Fri Aug 1 07:18:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Aug 2025 09:18:03 +0200 (CEST) Subject: SUSE-CU-2025:5796-1: Recommended update of bci/python Message-ID: <20250801071803.2FE79FF1E@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5796-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-72.10 Container Release : 72.10 Severity : moderate Type : recommended References : 1233012 1233012 1233012 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2572-1 Released: Thu Jul 31 11:11:10 2025 Summary: Recommended update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp Type: recommended Severity: moderate References: 1233012 This update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2573-1 Released: Thu Jul 31 11:15:06 2025 Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six Type: recommended Severity: moderate References: 1233012 This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2574-1 Released: Thu Jul 31 11:19:37 2025 Summary: Recommended update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools Type: recommended Severity: moderate References: 1233012 This update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) The following package changes have been done: - python3-six-1.14.0-150200.15.1 updated - python3-packaging-21.3-150200.3.6.1 updated - python3-setuptools-44.1.1-150400.9.15.1 updated - python3-pip-20.0.2-150400.23.1 updated - python3-wheel-0.32.3-150100.6.8.1 updated From sle-container-updates at lists.suse.com Fri Aug 1 07:18:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Aug 2025 09:18:17 +0200 (CEST) Subject: SUSE-CU-2025:5799-1: Security update of suse/samba-client Message-ID: <20250801071817.796B0FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5799-1 Container Tags : suse/samba-client:4.21 , suse/samba-client:4.21 , suse/samba-client:4.21-63.1 , suse/samba-client:latest Container Release : 63.1 Severity : moderate Type : security References : 1244270 1244272 1244273 1244279 1244336 CVE-2025-5914 CVE-2025-5915 CVE-2025-5916 CVE-2025-5917 CVE-2025-5918 ----------------------------------------------------------------- The container suse/samba-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2566-1 Released: Thu Jul 31 09:18:44 2025 Summary: Security update for libarchive Type: security Severity: moderate References: 1244270,1244272,1244273,1244279,1244336,CVE-2025-5914,CVE-2025-5915,CVE-2025-5916,CVE-2025-5917,CVE-2025-5918 This update for libarchive fixes the following issues: - CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272) - CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c (bsc#1244273) - CVE-2025-5916: Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270) - CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244336) - CVE-2025-5918: Fixed reading past EOF may be triggered for piped file streams (bsc#1244279) The following package changes have been done: - libarchive13-3.7.2-150600.3.17.1 updated - container:suse-sle15-15.7-4232c2790095361d6776af20382c431e7222f9956d773c3790d57cf7e94a7911-0 updated From sle-container-updates at lists.suse.com Fri Aug 1 07:18:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Aug 2025 09:18:23 +0200 (CEST) Subject: SUSE-CU-2025:5800-1: Security update of suse/samba-server Message-ID: <20250801071823.7BD6EFF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5800-1 Container Tags : suse/samba-server:4.21 , suse/samba-server:4.21 , suse/samba-server:4.21-63.1 , suse/samba-server:latest Container Release : 63.1 Severity : moderate Type : security References : 1244270 1244272 1244273 1244279 1244336 CVE-2025-5914 CVE-2025-5915 CVE-2025-5916 CVE-2025-5917 CVE-2025-5918 ----------------------------------------------------------------- The container suse/samba-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2566-1 Released: Thu Jul 31 09:18:44 2025 Summary: Security update for libarchive Type: security Severity: moderate References: 1244270,1244272,1244273,1244279,1244336,CVE-2025-5914,CVE-2025-5915,CVE-2025-5916,CVE-2025-5917,CVE-2025-5918 This update for libarchive fixes the following issues: - CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272) - CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c (bsc#1244273) - CVE-2025-5916: Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270) - CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244336) - CVE-2025-5918: Fixed reading past EOF may be triggered for piped file streams (bsc#1244279) The following package changes have been done: - libarchive13-3.7.2-150600.3.17.1 updated - container:suse-sle15-15.7-4232c2790095361d6776af20382c431e7222f9956d773c3790d57cf7e94a7911-0 updated From sle-container-updates at lists.suse.com Fri Aug 1 07:18:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Aug 2025 09:18:29 +0200 (CEST) Subject: SUSE-CU-2025:5801-1: Security update of suse/samba-toolbox Message-ID: <20250801071829.63CD2FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5801-1 Container Tags : suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21-63.1 , suse/samba-toolbox:latest Container Release : 63.1 Severity : moderate Type : security References : 1244270 1244272 1244273 1244279 1244336 CVE-2025-5914 CVE-2025-5915 CVE-2025-5916 CVE-2025-5917 CVE-2025-5918 ----------------------------------------------------------------- The container suse/samba-toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2566-1 Released: Thu Jul 31 09:18:44 2025 Summary: Security update for libarchive Type: security Severity: moderate References: 1244270,1244272,1244273,1244279,1244336,CVE-2025-5914,CVE-2025-5915,CVE-2025-5916,CVE-2025-5917,CVE-2025-5918 This update for libarchive fixes the following issues: - CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272) - CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c (bsc#1244273) - CVE-2025-5916: Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270) - CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244336) - CVE-2025-5918: Fixed reading past EOF may be triggered for piped file streams (bsc#1244279) The following package changes have been done: - libarchive13-3.7.2-150600.3.17.1 updated - container:suse-sle15-15.7-4232c2790095361d6776af20382c431e7222f9956d773c3790d57cf7e94a7911-0 updated From sle-container-updates at lists.suse.com Fri Aug 1 07:18:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Aug 2025 09:18:42 +0200 (CEST) Subject: SUSE-CU-2025:5802-1: Security update of bci/spack Message-ID: <20250801071842.2C118FF1E@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5802-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-14.11 , bci/spack:latest Container Release : 14.11 Severity : moderate Type : security References : 1233012 1244270 1244272 1244273 1244279 1244336 CVE-2025-5914 CVE-2025-5915 CVE-2025-5916 CVE-2025-5917 CVE-2025-5918 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2566-1 Released: Thu Jul 31 09:18:44 2025 Summary: Security update for libarchive Type: security Severity: moderate References: 1244270,1244272,1244273,1244279,1244336,CVE-2025-5914,CVE-2025-5915,CVE-2025-5916,CVE-2025-5917,CVE-2025-5918 This update for libarchive fixes the following issues: - CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272) - CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c (bsc#1244273) - CVE-2025-5916: Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270) - CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244336) - CVE-2025-5918: Fixed reading past EOF may be triggered for piped file streams (bsc#1244279) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2573-1 Released: Thu Jul 31 11:15:06 2025 Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six Type: recommended Severity: moderate References: 1233012 This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) The following package changes have been done: - libarchive13-3.7.2-150600.3.17.1 updated - python3-cffi-1.13.2-150200.3.5.1 updated From sle-container-updates at lists.suse.com Fri Aug 1 07:20:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Aug 2025 09:20:31 +0200 (CEST) Subject: SUSE-CU-2025:5807-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20250801072031.DFEF9FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5807-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16 , suse/manager/4.3/proxy-httpd:4.3.16.9.67.7 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.67.7 Severity : moderate Type : recommended References : 1233012 1233012 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2573-1 Released: Thu Jul 31 11:15:06 2025 Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six Type: recommended Severity: moderate References: 1233012 This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2574-1 Released: Thu Jul 31 11:19:37 2025 Summary: Recommended update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools Type: recommended Severity: moderate References: 1233012 This update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) The following package changes have been done: - python3-six-1.14.0-150200.15.1 updated - python3-packaging-21.3-150200.3.6.1 updated - python3-cffi-1.13.2-150200.3.5.1 updated - python3-setuptools-44.1.1-150400.9.15.1 updated - python3-cryptography-3.3.2-150400.26.1 updated - python3-pyOpenSSL-21.0.0-150400.10.1 updated From sle-container-updates at lists.suse.com Fri Aug 1 07:25:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Aug 2025 09:25:01 +0200 (CEST) Subject: SUSE-CU-2025:5812-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20250801072501.BA177FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5812-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.16 , suse/manager/4.3/proxy-tftpd:4.3.16.9.57.6 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.57.6 Severity : moderate Type : recommended References : 1233012 1233012 1233012 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2572-1 Released: Thu Jul 31 11:11:10 2025 Summary: Recommended update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp Type: recommended Severity: moderate References: 1233012 This update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2573-1 Released: Thu Jul 31 11:15:06 2025 Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six Type: recommended Severity: moderate References: 1233012 This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2574-1 Released: Thu Jul 31 11:19:37 2025 Summary: Recommended update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools Type: recommended Severity: moderate References: 1233012 This update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) The following package changes have been done: - python3-six-1.14.0-150200.15.1 updated - python3-packaging-21.3-150200.3.6.1 updated - python3-cffi-1.13.2-150200.3.5.1 updated - python3-py-1.10.0-150100.5.15.1 updated - python3-setuptools-44.1.1-150400.9.15.1 updated - python3-cryptography-3.3.2-150400.26.1 updated - python3-pyOpenSSL-21.0.0-150400.10.1 updated From sle-container-updates at lists.suse.com Sat Aug 2 07:04:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 2 Aug 2025 09:04:48 +0200 (CEST) Subject: SUSE-IU-2025:2260-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250802070448.74523FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2260-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.191 , suse/sle-micro/base-5.5:latest Image Release : 5.8.191 Severity : important Type : security References : 1206051 1221829 1233551 1234480 1234863 1236104 1236333 1238160 1239644 1242417 1244523 1245217 1245431 1246000 1246029 1246037 1246045 1246073 1246186 1246287 1246555 CVE-2022-49138 CVE-2022-49770 CVE-2023-52923 CVE-2023-52927 CVE-2024-26643 CVE-2024-53057 CVE-2024-53164 CVE-2024-57947 CVE-2025-37797 CVE-2025-38079 CVE-2025-38181 CVE-2025-38200 CVE-2025-38206 CVE-2025-38212 CVE-2025-38213 CVE-2025-38257 CVE-2025-38289 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2588-1 Released: Fri Aug 1 14:35:14 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1206051,1221829,1233551,1234480,1234863,1236104,1236333,1238160,1239644,1242417,1244523,1245217,1245431,1246000,1246029,1246037,1246045,1246073,1246186,1246287,1246555,CVE-2022-49138,CVE-2022-49770,CVE-2023-52923,CVE-2023-52927,CVE-2024-26643,CVE-2024-53057,CVE-2024-53164,CVE-2024-57947,CVE-2025-37797,CVE-2025-38079,CVE-2025-38181,CVE-2025-38200,CVE-2025-38206,CVE-2025-38212,CVE-2025-38213,CVE-2025-38257,CVE-2025-38289 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104). - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217). - CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037). - CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186). - CVE-2025-38289: scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1246287). The following non-security bugs were fixed: - Revert 'hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).' - Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race' - Revert 'mm/hugetlb: unshare page tables during VMA split, not before' - bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (bsc#1244523). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480 bsc#1246555). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2590-1 Released: Fri Aug 1 15:13:35 2025 Summary: Recommended update for elemental-toolkit Type: recommended Severity: moderate References: This update for elemental-toolkit fixes the following issues: - Adapt code and unit tests - Update KVM and ginkgo setup - Bump GHA upload-artifact - Remove test-deps - Copyright changes in all files - Added git binary to elemental-bin stage and remove step for go mod download, as some 3rd party packages are no longer available. The dependencies are already vendored so build wil leverage the same. - Minor change to lookup devices using blkid and updating the upgradeSpec if needed. This may be needed when running elemental upgrade in multipathd systems. The following package changes have been done: - kernel-default-5.14.21-150500.55.116.1 updated - elemental-toolkit-1.1.7-150500.3.9.1 updated From sle-container-updates at lists.suse.com Sat Aug 2 07:05:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 2 Aug 2025 09:05:50 +0200 (CEST) Subject: SUSE-IU-2025:2261-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250802070550.15B9AFF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2261-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.365 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.365 Severity : important Type : security References : 1206051 1221829 1233551 1234480 1234863 1236104 1236333 1238160 1239644 1242417 1244523 1245217 1245431 1246000 1246029 1246037 1246045 1246073 1246186 1246287 1246555 CVE-2022-49138 CVE-2022-49770 CVE-2023-52923 CVE-2023-52927 CVE-2024-26643 CVE-2024-53057 CVE-2024-53164 CVE-2024-57947 CVE-2025-37797 CVE-2025-38079 CVE-2025-38181 CVE-2025-38200 CVE-2025-38206 CVE-2025-38212 CVE-2025-38213 CVE-2025-38257 CVE-2025-38289 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2588-1 Released: Fri Aug 1 14:35:14 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1206051,1221829,1233551,1234480,1234863,1236104,1236333,1238160,1239644,1242417,1244523,1245217,1245431,1246000,1246029,1246037,1246045,1246073,1246186,1246287,1246555,CVE-2022-49138,CVE-2022-49770,CVE-2023-52923,CVE-2023-52927,CVE-2024-26643,CVE-2024-53057,CVE-2024-53164,CVE-2024-57947,CVE-2025-37797,CVE-2025-38079,CVE-2025-38181,CVE-2025-38200,CVE-2025-38206,CVE-2025-38212,CVE-2025-38213,CVE-2025-38257,CVE-2025-38289 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104). - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217). - CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037). - CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186). - CVE-2025-38289: scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1246287). The following non-security bugs were fixed: - Revert 'hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).' - Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race' - Revert 'mm/hugetlb: unshare page tables during VMA split, not before' - bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (bsc#1244523). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480 bsc#1246555). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2590-1 Released: Fri Aug 1 15:13:35 2025 Summary: Recommended update for elemental-toolkit Type: recommended Severity: moderate References: This update for elemental-toolkit fixes the following issues: - Adapt code and unit tests - Update KVM and ginkgo setup - Bump GHA upload-artifact - Remove test-deps - Copyright changes in all files - Added git binary to elemental-bin stage and remove step for go mod download, as some 3rd party packages are no longer available. The dependencies are already vendored so build wil leverage the same. - Minor change to lookup devices using blkid and updating the upgradeSpec if needed. This may be needed when running elemental upgrade in multipathd systems. The following package changes have been done: - kernel-default-base-5.14.21-150500.55.116.1.150500.6.55.1 updated - elemental-toolkit-1.1.7-150500.3.9.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.191 updated From sle-container-updates at lists.suse.com Sat Aug 2 07:07:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 2 Aug 2025 09:07:34 +0200 (CEST) Subject: SUSE-IU-2025:2262-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20250802070734.6846AFF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2262-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.448 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.448 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2590-1 Released: Fri Aug 1 15:13:35 2025 Summary: Recommended update for elemental-toolkit Type: recommended Severity: moderate References: This update for elemental-toolkit fixes the following issues: - Adapt code and unit tests - Update KVM and ginkgo setup - Bump GHA upload-artifact - Remove test-deps - Copyright changes in all files - Added git binary to elemental-bin stage and remove step for go mod download, as some 3rd party packages are no longer available. The dependencies are already vendored so build wil leverage the same. - Minor change to lookup devices using blkid and updating the upgradeSpec if needed. This may be needed when running elemental upgrade in multipathd systems. The following package changes have been done: - elemental-toolkit-1.1.7-150500.3.9.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.341 updated From sle-container-updates at lists.suse.com Sat Aug 2 07:09:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 2 Aug 2025 09:09:12 +0200 (CEST) Subject: SUSE-IU-2025:2263-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20250802070912.4FCDEFF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2263-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.341 , suse/sle-micro/5.5:latest Image Release : 5.5.341 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2590-1 Released: Fri Aug 1 15:13:35 2025 Summary: Recommended update for elemental-toolkit Type: recommended Severity: moderate References: This update for elemental-toolkit fixes the following issues: - Adapt code and unit tests - Update KVM and ginkgo setup - Bump GHA upload-artifact - Remove test-deps - Copyright changes in all files - Added git binary to elemental-bin stage and remove step for go mod download, as some 3rd party packages are no longer available. The dependencies are already vendored so build wil leverage the same. - Minor change to lookup devices using blkid and updating the upgradeSpec if needed. This may be needed when running elemental upgrade in multipathd systems. The following package changes have been done: - elemental-toolkit-1.1.7-150500.3.9.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.191 updated From sle-container-updates at lists.suse.com Sat Aug 2 07:15:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 2 Aug 2025 09:15:12 +0200 (CEST) Subject: SUSE-CU-2025:5817-1: Recommended update of bci/golang Message-ID: <20250802071512.DA44AFF1E@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5817-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-72.1 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-72.1 Container Release : 72.1 Severity : important Type : recommended References : 1230959 1231748 1232326 1246428 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl-3-devel-3.2.3-150700.5.15.1 updated From sle-container-updates at lists.suse.com Sat Aug 2 07:15:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 2 Aug 2025 09:15:16 +0200 (CEST) Subject: SUSE-CU-2025:5818-1: Recommended update of bci/bci-micro-fips Message-ID: <20250802071516.1D8FCFF1E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5818-1 Container Tags : bci/bci-micro-fips:15.7 , bci/bci-micro-fips:15.7-7.1 , bci/bci-micro-fips:latest Container Release : 7.1 Severity : important Type : recommended References : 1230959 1231748 1232326 1246428 ----------------------------------------------------------------- The container bci/bci-micro-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated From sle-container-updates at lists.suse.com Sat Aug 2 07:16:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 2 Aug 2025 09:16:08 +0200 (CEST) Subject: SUSE-CU-2025:5824-1: Security update of bci/php-apache Message-ID: <20250802071608.84BE4FF1E@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5824-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.3.23 , bci/php-apache:8.3.23-12.1 , bci/php-apache:latest Container Release : 12.1 Severity : important Type : security References : 1246232 1246233 1246267 1246299 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-6395 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2595-1 Released: Fri Aug 1 17:13:59 2025 Summary: Security update for gnutls Type: security Severity: important References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) The following package changes have been done: - libgnutls30-3.8.3-150600.4.9.1 updated From sle-container-updates at lists.suse.com Sat Aug 2 07:16:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 2 Aug 2025 09:16:47 +0200 (CEST) Subject: SUSE-CU-2025:5829-1: Security update of suse/samba-client Message-ID: <20250802071647.E87ACFF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5829-1 Container Tags : suse/samba-client:4.21 , suse/samba-client:4.21 , suse/samba-client:4.21-64.1 , suse/samba-client:latest Container Release : 64.1 Severity : important Type : security References : 1230959 1231748 1232326 1246232 1246233 1246267 1246299 1246428 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-6395 ----------------------------------------------------------------- The container suse/samba-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2595-1 Released: Fri Aug 1 17:13:59 2025 Summary: Security update for gnutls Type: security Severity: important References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - libgnutls30-3.8.3-150600.4.9.1 updated From sle-container-updates at lists.suse.com Sat Aug 2 07:16:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 2 Aug 2025 09:16:53 +0200 (CEST) Subject: SUSE-CU-2025:5830-1: Security update of suse/samba-server Message-ID: <20250802071653.B9A4BFF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5830-1 Container Tags : suse/samba-server:4.21 , suse/samba-server:4.21 , suse/samba-server:4.21-64.1 , suse/samba-server:latest Container Release : 64.1 Severity : important Type : security References : 1230959 1231748 1232326 1246232 1246233 1246267 1246299 1246428 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-6395 ----------------------------------------------------------------- The container suse/samba-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2595-1 Released: Fri Aug 1 17:13:59 2025 Summary: Security update for gnutls Type: security Severity: important References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - libgnutls30-3.8.3-150600.4.9.1 updated From sle-container-updates at lists.suse.com Sat Aug 2 07:16:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 2 Aug 2025 09:16:59 +0200 (CEST) Subject: SUSE-CU-2025:5831-1: Security update of suse/samba-toolbox Message-ID: <20250802071659.C6D25FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5831-1 Container Tags : suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21-64.1 , suse/samba-toolbox:latest Container Release : 64.1 Severity : important Type : security References : 1230959 1231748 1232326 1246232 1246233 1246267 1246299 1246428 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-6395 ----------------------------------------------------------------- The container suse/samba-toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2595-1 Released: Fri Aug 1 17:13:59 2025 Summary: Security update for gnutls Type: security Severity: important References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - libgnutls30-3.8.3-150600.4.9.1 updated From sle-container-updates at lists.suse.com Sat Aug 2 07:17:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 2 Aug 2025 09:17:23 +0200 (CEST) Subject: SUSE-CU-2025:5833-1: Security update of bci/spack Message-ID: <20250802071723.33D54FF1E@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5833-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-15.1 , bci/spack:latest Container Release : 15.1 Severity : important Type : security References : 1230959 1231748 1232326 1246232 1246233 1246267 1246299 1246428 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-6395 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2595-1 Released: Fri Aug 1 17:13:59 2025 Summary: Security update for gnutls Type: security Severity: important References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libgnutls30-3.8.3-150600.4.9.1 updated - libopenssl-3-devel-3.2.3-150700.5.15.1 updated From sle-container-updates at lists.suse.com Tue Aug 5 07:05:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 09:05:23 +0200 (CEST) Subject: SUSE-IU-2025:2264-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250805070523.75731FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2264-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.192 , suse/sle-micro/base-5.5:latest Image Release : 5.8.192 Severity : important Type : security References : 1243935 1246597 CVE-2025-4598 CVE-2025-6965 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2675-1 Released: Mon Aug 4 15:53:48 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1243935,CVE-2025-4598 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). The following package changes have been done: - libudev1-249.17-150400.8.49.2 updated - libsystemd0-249.17-150400.8.49.2 updated - systemd-249.17-150400.8.49.2 updated - systemd-sysvinit-249.17-150400.8.49.2 updated - udev-249.17-150400.8.49.2 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated From sle-container-updates at lists.suse.com Tue Aug 5 07:06:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 09:06:17 +0200 (CEST) Subject: SUSE-IU-2025:2265-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250805070617.7BBADFF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2265-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.367 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.367 Severity : important Type : security References : 1243935 1246597 CVE-2025-4598 CVE-2025-6965 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2675-1 Released: Mon Aug 4 15:53:48 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1243935,CVE-2025-4598 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). The following package changes have been done: - libudev1-249.17-150400.8.49.2 updated - libsystemd0-249.17-150400.8.49.2 updated - systemd-249.17-150400.8.49.2 updated - udev-249.17-150400.8.49.2 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.192 updated From sle-container-updates at lists.suse.com Tue Aug 5 07:07:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 09:07:41 +0200 (CEST) Subject: SUSE-IU-2025:2266-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250805070741.96BB3FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2266-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.451 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.451 Severity : important Type : security References : 1243935 1246597 CVE-2025-4598 CVE-2025-6965 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2675-1 Released: Mon Aug 4 15:53:48 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1243935,CVE-2025-4598 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). The following package changes have been done: - libudev1-249.17-150400.8.49.2 updated - libsystemd0-249.17-150400.8.49.2 updated - systemd-249.17-150400.8.49.2 updated - udev-249.17-150400.8.49.2 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.343 updated From sle-container-updates at lists.suse.com Tue Aug 5 07:08:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 09:08:54 +0200 (CEST) Subject: SUSE-IU-2025:2267-1: Security update of suse/sle-micro/5.5 Message-ID: <20250805070854.1EBE9FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2267-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.343 , suse/sle-micro/5.5:latest Image Release : 5.5.343 Severity : important Type : security References : 1243935 1246597 CVE-2025-4598 CVE-2025-6965 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2675-1 Released: Mon Aug 4 15:53:48 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1243935,CVE-2025-4598 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). The following package changes have been done: - libudev1-249.17-150400.8.49.2 updated - libsystemd0-249.17-150400.8.49.2 updated - systemd-249.17-150400.8.49.2 updated - systemd-sysvinit-249.17-150400.8.49.2 updated - udev-249.17-150400.8.49.2 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.192 updated From sle-container-updates at lists.suse.com Tue Aug 5 07:18:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 09:18:18 +0200 (CEST) Subject: SUSE-CU-2025:5844-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250805071818.AF0C6FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5844-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.167 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.167 Severity : important Type : security References : 1243935 1246296 1246597 CVE-2025-4598 CVE-2025-6965 CVE-2025-7425 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2620-1 Released: Mon Aug 4 09:42:43 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2675-1 Released: Mon Aug 4 15:53:48 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1243935,CVE-2025-4598 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - libsystemd0-249.17-150400.8.49.2 updated - libudev1-249.17-150400.8.49.2 updated - libxml2-2-2.9.14-150400.5.47.1 updated From sle-container-updates at lists.suse.com Tue Aug 5 07:20:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 09:20:48 +0200 (CEST) Subject: SUSE-CU-2025:5845-1: Security update of suse/sle-micro-rancher/5.4 Message-ID: <20250805072048.15EADFF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5845-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.34 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.34 Severity : important Type : security References : 1246296 CVE-2025-7425 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2620-1 Released: Mon Aug 4 09:42:43 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.9.14-150400.5.47.1 updated From sle-container-updates at lists.suse.com Tue Aug 5 07:20:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 09:20:48 +0200 (CEST) Subject: SUSE-CU-2025:5846-1: Security update of suse/sle-micro-rancher/5.4 Message-ID: <20250805072048.EC7F5FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5846-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.35 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.35 Severity : important Type : security References : 1243935 1246597 CVE-2025-4598 CVE-2025-6965 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2675-1 Released: Mon Aug 4 15:53:48 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1243935,CVE-2025-4598 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - libsystemd0-249.17-150400.8.49.2 updated - libudev1-249.17-150400.8.49.2 updated - systemd-sysvinit-249.17-150400.8.49.2 updated - systemd-249.17-150400.8.49.2 updated - udev-249.17-150400.8.49.2 updated From sle-container-updates at lists.suse.com Tue Aug 5 07:22:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 09:22:28 +0200 (CEST) Subject: SUSE-CU-2025:5847-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250805072228.153D8FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5847-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.166 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.166 Severity : important Type : security References : 1246296 CVE-2025-7425 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2620-1 Released: Mon Aug 4 09:42:43 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.9.14-150400.5.47.1 updated From sle-container-updates at lists.suse.com Tue Aug 5 07:22:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 09:22:28 +0200 (CEST) Subject: SUSE-CU-2025:5848-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250805072228.ED27EFF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5848-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.167 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.167 Severity : important Type : security References : 1243935 1246597 CVE-2025-4598 CVE-2025-6965 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2675-1 Released: Mon Aug 4 15:53:48 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1243935,CVE-2025-4598 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - libsystemd0-249.17-150400.8.49.2 updated - libudev1-249.17-150400.8.49.2 updated From sle-container-updates at lists.suse.com Tue Aug 5 07:23:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 09:23:45 +0200 (CEST) Subject: SUSE-CU-2025:5849-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20250805072345.7C93BFF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5849-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.69 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.69 Severity : important Type : security References : 1243935 1246597 CVE-2025-4598 CVE-2025-6965 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2675-1 Released: Mon Aug 4 15:53:48 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1243935,CVE-2025-4598 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - libsystemd0-249.17-150400.8.49.2 updated - libudev1-249.17-150400.8.49.2 updated From sle-container-updates at lists.suse.com Tue Aug 5 07:24:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 09:24:19 +0200 (CEST) Subject: SUSE-CU-2025:5850-1: Recommended update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20250805072419.2B70DFF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5850-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.115 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.115 Severity : important Type : recommended References : 1246221 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2645-1 Released: Mon Aug 4 11:08:45 2025 Summary: Recommended update for pam Type: recommended Severity: important References: 1246221 This update for pam fixes the following issues: - pam_unix: Set an arbitrary upper limit for the maximum file descriptor number (bsc#1246221) The following package changes have been done: - pam-1.1.8-24.74.1 updated From sle-container-updates at lists.suse.com Tue Aug 5 07:32:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 09:32:25 +0200 (CEST) Subject: SUSE-CU-2025:5860-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250805073225.DB9D5FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5860-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.86 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.86 Severity : important Type : security References : 1246597 CVE-2025-6965 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated From sle-container-updates at lists.suse.com Tue Aug 5 07:36:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 09:36:41 +0200 (CEST) Subject: SUSE-CU-2025:5871-1: Security update of bci/python Message-ID: <20250805073641.1E52BFF1E@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5871-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.11 , bci/python:3.12.11-72.6 Container Release : 72.6 Severity : important Type : security References : 1246597 CVE-2025-6965 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - container:registry.suse.com-bci-bci-base-15.6-6bdf253035dd8fecb088ab00a2657579bbea790e1632561a2ace364896c84a3e-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 07:39:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 09:39:30 +0200 (CEST) Subject: SUSE-CU-2025:5873-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250805073930.A979CFF1E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5873-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.45.5 Container Release : 45.5 Severity : important Type : security References : 1246597 CVE-2025-6965 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - container:registry.suse.com-bci-bci-base-15.6-6bdf253035dd8fecb088ab00a2657579bbea790e1632561a2ace364896c84a3e-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 07:40:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 09:40:24 +0200 (CEST) Subject: SUSE-CU-2025:5874-1: Recommended update of suse/sle15 Message-ID: <20250805074024.265B9FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5874-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.23.17 , suse/sle15:15.6 , suse/sle15:15.6.47.23.17 Container Release : 47.23.17 Severity : moderate Type : recommended References : 1230267 1243279 1243457 1243486 1244042 1244710 1245220 1245452 1245496 1245672 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2558-1 Released: Wed Jul 30 22:14:27 2025 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: 1230267,1243279,1243457,1243486,1244042,1244710,1245220,1245452,1245496,1245672 This update for libsolv fixes the following issues: - Allow easy migration from SLE Micro 5.5 + SUMA to SL Micro 6.1+MLM (bsc#1243457). - implement color filtering when adding update targets. - support orderwithrequires dependencies in susedata.xml. - Fix SEGV in MediaDISK handler (bsc#1245452). - Fix evaluation of libproxy results (bsc#1244710). - Enhancements regarding mirror handling during repo refresh. Adapt to libzypp API changes (bsc#1230267). - Explicitly selecting DownloadAsNeeded also selects the classic_rpmtrans backend. - Enhancements with mirror handling during repo refresh, needs zypper 1.14.91. - Fix autotestcase when ZYPP_FULLLOG=1 (bsc#1244042) There was no testcase written for the very first solver run. - zypper does not allow distinctions between install and upgrade in %postinstall (bsc#1243279). - Ignore DeltaRpm download errors, in case of a failure the full rpm is downloaded (bsc#1245672). - Improve fix for incorrect filesize handling and download data exceeded errors on HTTP responses (bsc#1245220). - sh: Reset solver options after command (bsc#1245496). - BuildRequires: Now %{libsolv_devel_package} greater or equal to 0.7.34 is required (bsc#1243486). The following package changes have been done: - libsolv-tools-base-0.7.34-150600.8.17.2 updated - libzypp-17.37.10-150600.3.74.1 updated - zypper-1.14.92-150600.10.46.2 updated From sle-container-updates at lists.suse.com Tue Aug 5 07:40:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 09:40:25 +0200 (CEST) Subject: SUSE-CU-2025:5875-1: Security update of suse/sle15 Message-ID: <20250805074025.29E6BFF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5875-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.23.18 , suse/sle15:15.6 , suse/sle15:15.6.47.23.18 Container Release : 47.23.18 Severity : important Type : security References : 1246597 CVE-2025-6965 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated From sle-container-updates at lists.suse.com Tue Aug 5 07:41:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 09:41:38 +0200 (CEST) Subject: SUSE-CU-2025:5876-1: Security update of bci/spack Message-ID: <20250805074138.6660DFF1E@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5876-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.31 Container Release : 11.31 Severity : important Type : security References : 1246232 1246233 1246267 1246299 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-6395 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2595-1 Released: Fri Aug 1 17:13:59 2025 Summary: Security update for gnutls Type: security Severity: important References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) The following package changes have been done: - libgnutls30-3.8.3-150600.4.9.1 updated From sle-container-updates at lists.suse.com Tue Aug 5 07:41:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 09:41:40 +0200 (CEST) Subject: SUSE-CU-2025:5878-1: Security update of bci/spack Message-ID: <20250805074140.0D7E4FF1E@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5878-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.34 Container Release : 11.34 Severity : important Type : security References : 1246597 CVE-2025-6965 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - container:registry.suse.com-bci-bci-base-15.6-6bdf253035dd8fecb088ab00a2657579bbea790e1632561a2ace364896c84a3e-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 07:41:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 09:41:54 +0200 (CEST) Subject: SUSE-CU-2025:5880-1: Recommended update of suse/389-ds Message-ID: <20250805074154.14B3EFF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5880-1 Container Tags : suse/389-ds:2.5 , suse/389-ds:2.5.3 , suse/389-ds:2.5.3-62.4 , suse/389-ds:latest Container Release : 62.4 Severity : important Type : recommended References : 1230959 1231748 1232326 1246428 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - openssl-3-3.2.3-150700.5.15.1 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 07:42:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 09:42:32 +0200 (CEST) Subject: SUSE-CU-2025:5887-1: Security update of suse/bind Message-ID: <20250805074232.74BC9FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/bind ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5887-1 Container Tags : suse/bind:9 , suse/bind:9.20 , suse/bind:9.20.11 , suse/bind:9.20.11-65.3 , suse/bind:latest Container Release : 65.3 Severity : important Type : security References : 1230959 1231748 1232326 1246296 1246428 CVE-2025-7425 ----------------------------------------------------------------- The container suse/bind was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2617-1 Released: Mon Aug 4 09:04:59 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.12.10-150700.4.6.1 updated - libopenssl3-3.2.3-150700.5.15.1 updated - container:registry.suse.com-bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 07:42:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 09:42:39 +0200 (CEST) Subject: SUSE-CU-2025:5889-1: Security update of suse/cosign Message-ID: <20250805074239.11668FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/cosign ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5889-1 Container Tags : suse/cosign:2 , suse/cosign:2.5 , suse/cosign:2.5.3 , suse/cosign:2.5.3-13.5 , suse/cosign:latest Container Release : 13.5 Severity : important Type : security References : 1246597 1246725 CVE-2025-46569 CVE-2025-6965 ----------------------------------------------------------------- The container suse/cosign was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2592-1 Released: Fri Aug 1 16:43:59 2025 Summary: Security update for cosign Type: security Severity: important References: 1246725,CVE-2025-46569 This update for cosign fixes the following issues: Update to version 2.5.3 (jsc#SLE-23879): - CVE-2025-46569: Fixed OPA server Data API HTTP path injection of Rego (bsc#1246725) Changelog: Update to 2.5.3: - Add signing-config create command (#4280) - Allow multiple services to be specified for trusted-root create (#4285) - force when copying the latest image to overwrite (#4298) - Fix cert verification logic for trusted-root/SCTs (#4294) - Fix lint error for types package (#4295) - feat: Add OCI 1.1+ experimental support to tree (#4205) - Add validity period end for trusted-root create (#4271) - avoid double-loading trustedroot from file (#4264) Update to 2.5.2: - Do not load trusted root when CT env key is set - docs: improve doc for --no-upload option (#4206) Update to 2.5.1: - Add Rekor v2 support for trusted-root create (#4242) - Add baseUrl and Uri to trusted-root create command - Upgrade to TUF v2 client with trusted root - Don't verify SCT for a private PKI cert (#4225) - Bump TSA library to relax EKU chain validation rules (#4219) - Bump sigstore-go to pick up log index=0 fix (#4162) - remove unused recursive flag on attest command (#4187) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) The following package changes have been done: - cosign-2.5.3-150400.3.30.1 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - container:suse-sle15-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:22:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:22:48 +0200 (CEST) Subject: SUSE-CU-2025:5889-1: Security update of suse/cosign Message-ID: <20250805112248.2493AFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/cosign ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5889-1 Container Tags : suse/cosign:2 , suse/cosign:2.5 , suse/cosign:2.5.3 , suse/cosign:2.5.3-13.5 , suse/cosign:latest Container Release : 13.5 Severity : important Type : security References : 1246597 1246725 CVE-2025-46569 CVE-2025-6965 ----------------------------------------------------------------- The container suse/cosign was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2592-1 Released: Fri Aug 1 16:43:59 2025 Summary: Security update for cosign Type: security Severity: important References: 1246725,CVE-2025-46569 This update for cosign fixes the following issues: Update to version 2.5.3 (jsc#SLE-23879): - CVE-2025-46569: Fixed OPA server Data API HTTP path injection of Rego (bsc#1246725) Changelog: Update to 2.5.3: - Add signing-config create command (#4280) - Allow multiple services to be specified for trusted-root create (#4285) - force when copying the latest image to overwrite (#4298) - Fix cert verification logic for trusted-root/SCTs (#4294) - Fix lint error for types package (#4295) - feat: Add OCI 1.1+ experimental support to tree (#4205) - Add validity period end for trusted-root create (#4271) - avoid double-loading trustedroot from file (#4264) Update to 2.5.2: - Do not load trusted root when CT env key is set - docs: improve doc for --no-upload option (#4206) Update to 2.5.1: - Add Rekor v2 support for trusted-root create (#4242) - Add baseUrl and Uri to trusted-root create command - Upgrade to TUF v2 client with trusted root - Don't verify SCT for a private PKI cert (#4225) - Bump TSA library to relax EKU chain validation rules (#4219) - Bump sigstore-go to pick up log index=0 fix (#4162) - remove unused recursive flag on attest command (#4187) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) The following package changes have been done: - cosign-2.5.3-150400.3.30.1 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - container:suse-sle15-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:22:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:22:51 +0200 (CEST) Subject: SUSE-CU-2025:5890-1: Recommended update of suse/registry Message-ID: <20250805112251.E17EDFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5890-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-6.2 , suse/registry:latest Container Release : 6.2 Severity : important Type : recommended References : 1230959 1231748 1232326 1246428 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - openssl-3-3.2.3-150700.5.15.1 updated - container:bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:22:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:22:52 +0200 (CEST) Subject: SUSE-CU-2025:5891-1: Security update of suse/registry Message-ID: <20250805112252.BA7EFFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5891-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-6.3 , suse/registry:latest Container Release : 6.3 Severity : important Type : security References : 1246169 1246302 1246303 1246305 1246306 1246307 1246477 CVE-2024-42516 CVE-2024-43204 CVE-2024-47252 CVE-2025-23048 CVE-2025-49630 CVE-2025-49812 CVE-2025-53020 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2685-1 Released: Mon Aug 4 17:08:00 2025 Summary: Security update for apache2 Type: security Severity: important References: 1246169,1246302,1246303,1246305,1246306,1246307,1246477,CVE-2024-42516,CVE-2024-43204,CVE-2024-47252,CVE-2025-23048,CVE-2025-49630,CVE-2025-49812,CVE-2025-53020 This update for apache2 fixes the following issues: - CVE-2024-42516: Fixed HTTP response splitting. (bsc#1246477) - CVE-2024-43204: Fixed a SSRF when mod_proxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. (bsc#1246305) - CVE-2024-47252: Fixed insufficient escaping of user-supplied data in mod_ssl allows an untrusted SSL/TLS client to insert escape characters into log file. (bsc#1246303) - CVE-2025-23048: Fixed access control bypass by trusted clients through TLS 1.3 session resumption in some mod_ssl configurations. (bsc#1246302) - CVE-2025-49630: Fixed denial of service can be triggered by untrusted clients causing an assertion in mod_proxy_http2. (bsc#1246307) - CVE-2025-49812: Fixed Opossum Attack Application Layer Desynchronization using Opportunistic TLS. (bsc#1246169) - CVE-2025-53020: Fixed HTTP/2 denial of service due to late release of memory after effective lifetime. (bsc#1246306) The following package changes have been done: - apache2-utils-2.4.62-150700.4.3.1 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:23:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:23:33 +0200 (CEST) Subject: SUSE-CU-2025:5899-1: Recommended update of bci/gcc Message-ID: <20250805112333.72B20FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5899-1 Container Tags : bci/gcc:14 , bci/gcc:14.2 , bci/gcc:14.2-11.3 , bci/gcc:latest Container Release : 11.3 Severity : important Type : recommended References : 1230959 1231748 1232326 1246428 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:23:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:23:39 +0200 (CEST) Subject: SUSE-CU-2025:5900-1: Recommended update of suse/git Message-ID: <20250805112339.0547EFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5900-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-63.4 , suse/git:latest Container Release : 63.4 Severity : important Type : recommended References : 1230959 1231748 1232326 1246428 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - container:suse-sle15-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:23:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:23:48 +0200 (CEST) Subject: SUSE-CU-2025:5902-1: Recommended update of bci/golang Message-ID: <20250805112348.39261FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5902-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.11 , bci/golang:1.23.11-2.72.3 , bci/golang:oldstable , bci/golang:oldstable-2.72.3 Container Release : 72.3 Severity : important Type : recommended References : 1230959 1231748 1232326 1246428 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:24:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:24:06 +0200 (CEST) Subject: SUSE-CU-2025:5905-1: Recommended update of bci/golang Message-ID: <20250805112406.51354FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5905-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.5 , bci/golang:1.24.5-1.72.3 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.72.3 Container Release : 72.3 Severity : important Type : recommended References : 1230959 1231748 1232326 1246428 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:24:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:24:15 +0200 (CEST) Subject: SUSE-CU-2025:5906-1: Recommended update of bci/golang Message-ID: <20250805112415.56ABDFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5906-1 Container Tags : bci/golang:1.24-openssl , bci/golang:1.24.3-openssl , bci/golang:1.24.3-openssl-72.1 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-72.1 Container Release : 72.1 Severity : important Type : recommended References : 1230959 1231748 1232326 1246428 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl-3-devel-3.2.3-150700.5.15.1 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:24:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:24:20 +0200 (CEST) Subject: SUSE-CU-2025:5908-1: Recommended update of suse/helm Message-ID: <20250805112420.B32BCFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5908-1 Container Tags : suse/helm:3 , suse/helm:3.18 , suse/helm:3.18.3 , suse/helm:3.18.3-63.4 , suse/helm:latest Container Release : 63.4 Severity : important Type : recommended References : 1230959 1231748 1232326 1246428 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - openssl-3-3.2.3-150700.5.15.1 updated - container:suse-sle15-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:24:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:24:30 +0200 (CEST) Subject: SUSE-CU-2025:5910-1: Recommended update of bci/bci-init Message-ID: <20250805112430.67F98FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5910-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-42.3 , bci/bci-init:latest Container Release : 42.3 Severity : important Type : recommended References : 1230959 1231748 1232326 1246428 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:24:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:24:34 +0200 (CEST) Subject: SUSE-CU-2025:5911-1: Recommended update of suse/kea Message-ID: <20250805112434.BA610FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/kea ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5911-1 Container Tags : suse/kea:2.6 , suse/kea:2.6-62.3 , suse/kea:latest Container Release : 62.3 Severity : important Type : recommended References : 1230959 1231748 1232326 1246428 ----------------------------------------------------------------- The container suse/kea was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:24:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:24:48 +0200 (CEST) Subject: SUSE-CU-2025:5912-1: Security update of bci/kiwi Message-ID: <20250805112448.411C1FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5912-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-18.2 , bci/kiwi:latest Container Release : 18.2 Severity : important Type : security References : 1246232 1246233 1246267 1246296 1246299 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-6395 CVE-2025-7425 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2595-1 Released: Fri Aug 1 17:13:59 2025 Summary: Security update for gnutls Type: security Severity: important References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2617-1 Released: Mon Aug 4 09:04:59 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-tools-2.12.10-150700.4.6.1 updated - libgnutls30-3.8.3-150600.4.9.1 updated - libxml2-devel-2.12.10-150700.4.6.1 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:24:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:24:49 +0200 (CEST) Subject: SUSE-CU-2025:5913-1: Security update of bci/kiwi Message-ID: <20250805112449.258E6FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5913-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-18.5 , bci/kiwi:latest Container Release : 18.5 Severity : important Type : security References : 1213796 1230267 1230959 1231748 1232326 1243279 1243457 1243486 1244042 1244710 1245220 1245452 1245496 1245672 1246428 1246575 1246584 1246595 1246598 CVE-2025-30749 CVE-2025-30754 CVE-2025-50059 CVE-2025-50106 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2558-1 Released: Wed Jul 30 22:14:27 2025 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: 1230267,1243279,1243457,1243486,1244042,1244710,1245220,1245452,1245496,1245672 This update for libsolv fixes the following issues: - Allow easy migration from SLE Micro 5.5 + SUMA to SL Micro 6.1+MLM (bsc#1243457). - implement color filtering when adding update targets. - support orderwithrequires dependencies in susedata.xml. - Fix SEGV in MediaDISK handler (bsc#1245452). - Fix evaluation of libproxy results (bsc#1244710). - Enhancements regarding mirror handling during repo refresh. Adapt to libzypp API changes (bsc#1230267). - Explicitly selecting DownloadAsNeeded also selects the classic_rpmtrans backend. - Enhancements with mirror handling during repo refresh, needs zypper 1.14.91. - Fix autotestcase when ZYPP_FULLLOG=1 (bsc#1244042) There was no testcase written for the very first solver run. - zypper does not allow distinctions between install and upgrade in %postinstall (bsc#1243279). - Ignore DeltaRpm download errors, in case of a failure the full rpm is downloaded (bsc#1245672). - Improve fix for incorrect filesize handling and download data exceeded errors on HTTP responses (bsc#1245220). - sh: Reset solver options after command (bsc#1245496). - BuildRequires: Now %{libsolv_devel_package} greater or equal to 0.7.34 is required (bsc#1243486). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2657-1 Released: Mon Aug 4 12:34:32 2025 Summary: Security update for java-21-openjdk Type: security Severity: important References: 1213796,1246575,1246584,1246595,1246598,CVE-2025-30749,CVE-2025-30754,CVE-2025-50059,CVE-2025-50106 This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.8+9 (July 2025 CPU): Security fixes: - CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595) - CVE-2025-30754: incomplete handshake may lead to weakening TLS protections (bsc#1246598) - CVE-2025-50059: Improve HTTP client header handling (bsc#1246575) - CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584) Other fixes: - Allow compilation of openjdk for 40 years (bsc#1213796) Changelog: + JDK-6956385: URLConnection.getLastModified() leaks file handles for jar:file and file: URLs + JDK-8051591: Test javax/swing/JTabbedPane/8007563/Test8007563.java fails + JDK-8136895: Writer not closed with disk full error, file resource leaked + JDK-8180450: secondary_super_cache does not scale well + JDK-8183348: Better cleanup for jdk/test/sun/security/pkcs12/P12SecretKey.java + JDK-8200566: DistributionPointFetcher fails to fetch CRLs if the DistributionPoints field contains more than one DistributionPoint and the first one fails + JDK-8202100: Merge vm/share/InMemoryJavaCompiler w/ jdk/test/lib/compiler/InMemoryJavaCompiler + JDK-8210471: GZIPInputStream constructor could leak an un-end()ed Inflater + JDK-8211400: nsk.share.gc.Memory::getArrayLength returns wrong value + JDK-8220213: com/sun/jndi/dns/ConfigTests/Timeout.java failed intermittent + JDK-8249831: Test sun/security/mscapi/nonUniqueAliases/ /NonUniqueAliases.java is marked with @ignore + JDK-8253440: serviceability/sa/TestJhsdbJstackLineNumbers.java failed with 'Didn't find enough line numbers' + JDK-8256211: assert fired in java/net/httpclient/DependentPromiseActionsTest (infrequent) + JDK-8258483: [TESTBUG] gtest CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is too small + JDK-8267174: Many test files have the wrong Copyright header + JDK-8270269: Desktop.browse method fails if earlier CoInitialize call as COINIT_MULTITHREADED + JDK-8276995: Bug in jdk.jfr.event.gc.collection.TestSystemGC + JDK-8279016: JFR Leak Profiler is broken with Shenandoah + JDK-8280991: [XWayland] No displayChanged event after setDisplayMode call + JDK-8281511: java/net/ipv6tests/UdpTest.java fails with checkTime failed + JDK-8282726: java/net/vthread/BlockingSocketOps.java timeout/hang intermittently on Windows + JDK-8286204: [Accessibility,macOS,VoiceOver] VoiceOver reads the spinner value 10 as 1 when user iterates to 10 for the first time on macOS + JDK-8286789: Test forceEarlyReturn002.java timed out + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit access thread fields from native + JDK-8294155: Exception thrown before awaitAndCheck hangs PassFailJFrame + JDK-8295804: javax/swing/JFileChooser/ /JFileChooserSetLocationTest.java failed with 'setLocation() is not working properly' + JDK-8297692: Avoid sending per-region GCPhaseParallel JFR events in G1ScanCollectionSetRegionClosure + JDK-8303770: Remove Baltimore root certificate expiring in May 2025 + JDK-8305010: Test vmTestbase/nsk/jvmti/scenarios/sampling/ /SP05/sp05t003/TestDescription.java timed out: thread not suspended + JDK-8307318: Test serviceability/sa/ /ClhsdbCDSJstackPrintAll.java failed: ArrayIndexOutOfBoundsException + JDK-8307824: Clean up Finalizable.java and finalize terminology in vmTestbase/nsk/share + JDK-8308033: The jcmd thread dump related tests should test virtual threads + JDK-8308966: Add intrinsic for float/double modulo for x86 AVX2 and AVX512 + JDK-8309667: TLS handshake fails because of ConcurrentModificationException in PKCS12KeyStore .engineGetEntry + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8309978: [x64] Fix useless padding + JDK-8310066: Improve test coverage for JVMTI GetThreadState on carrier and mounted vthread + JDK-8310525: DynamicLauncher for JDP test needs to try harder to find a free port + JDK-8310643: Misformatted copyright messages in FFM + JDK-8312246: NPE when HSDB visits bad oop + JDK-8312475: org.jline.util.PumpReader signed byte problem + JDK-8313290: Misleading exception message from STS.Subtask::get when task forked after shutdown + JDK-8313430: [JVMCI] fatal error: Never compilable: in JVMCI shutdown + JDK-8313654: Test WaitNotifySuspendedVThreadTest.java timed out + JDK-8314056: Remove runtime platform check from frem/drem + JDK-8314136: Test java/net/httpclient/CancelRequestTest.java failed: WARNING: tracker for HttpClientImpl(42) has outstanding operations + JDK-8314236: Overflow in Collections.rotate + JDK-8314319: LogCompilation doesn't reset lateInlining when it encounters a failure. + JDK-8314840: 3 gc/epsilon tests ignore external vm options + JDK-8314842: zgc/genzgc tests ignore vm flags + JDK-8315128: jdk/jfr/event/runtime/ /TestResidentSetSizeEvent.java fails with 'The size should be less than or equal to peak' + JDK-8315484: java/awt/dnd/RejectDragDropActionTest.java timed out + JDK-8315669: Open source several Swing PopupMenu related tests + JDK-8315742: Open source several Swing Scroll related tests + JDK-8315827: Kitchensink.java and RenaissanceStressTest.java time out with jvmti module errors + JDK-8315871: Opensource five more Swing regression tests + JDK-8315876: Open source several Swing CSS related tests + JDK-8315951: Open source several Swing HTMLEditorKit related tests + JDK-8315981: Opensource five more random Swing tests + JDK-8316061: Open source several Swing RootPane and Slider related tests + JDK-8316324: Opensource five miscellaneous Swing tests + JDK-8316388: Opensource five Swing component related regression tests + JDK-8316452: java/lang/instrument/modules/ /AppendToClassPathModuleTest.java ignores VM flags + JDK-8316497: ColorConvertOp - typo for non-ICC conversions needs one-line fix + JDK-8316580: HttpClient with StructuredTaskScope does not close when a task fails + JDK-8316629: j.text.DateFormatSymbols setZoneStrings() exception is unhelpful + JDK-8317264: Pattern.Bound has `static` fields that should be `static final`. + JDK-8318509: x86 count_positives intrinsic broken for -XX:AVX3Threshold=0 + JDK-8318636: Add jcmd to print annotated process memory map + JDK-8318700: MacOS Zero cannot run gtests due to wrong JVM path + JDK-8318811: Compiler directives parser swallows a character after line comments + JDK-8318915: Enhance checks in BigDecimal.toPlainString() + JDK-8319439: Move BufferNode from PtrQueue files to new files + JDK-8319572: Test jdk/incubator/vector/LoadJsvmlTest.java ignores VM flags + JDK-8319690: [AArch64] C2 compilation hits offset_ok_for_immed: assert 'c2 compiler bug' + JDK-8320687: sun.jvmstat.monitor.MonitoredHost .getMonitoredHost() throws unexpected exceptions when invoked concurrently + JDK-8320948: NPE due to unreported compiler error + JDK-8321204: C2: assert(false) failed: node should be in igvn hash table + JDK-8321479: java -D-D crashes + JDK-8321931: memory_swap_current_in_bytes reports 0 as 'unlimited' + JDK-8322141: SequenceInputStream.transferTo should not return as soon as Long.MAX_VALUE bytes have been transferred + JDK-8322475: Extend printing for System.map + JDK-8323795: jcmd Compiler.codecache should print total size of code cache + JDK-8324345: Stack overflow during C2 compilation when splitting memory phi + JDK-8324678: Replace NULL with nullptr in HotSpot gtests + JDK-8324681: Replace NULL with nullptr in HotSpot jtreg test native code files + JDK-8324799: Use correct extension for C++ test headers + JDK-8324880: Rename get_stack_trace.h + JDK-8325055: Rename Injector.h + JDK-8325180: Rename jvmti_FollowRefObjects.h + JDK-8325347: Rename native_thread.h + JDK-8325367: Rename nsk_list.h + JDK-8325435: [macos] Menu or JPopupMenu not closed when main window is resized + JDK-8325456: Rename nsk_mutex.h + JDK-8325458: Rename mlvmJvmtiUtils.h + JDK-8325680: Uninitialised memory in deleteGSSCB of GSSLibStub.c:179 + JDK-8325682: Rename nsk_strace.h + JDK-8325910: Rename jnihelper.h + JDK-8326090: Rename jvmti_aod.h + JDK-8326389: [test] improve assertEquals failure output + JDK-8326524: Rename agent_common.h + JDK-8326586: Improve Speed of System.map + JDK-8327071: [Testbug] g-tests for cgroup leave files in /tmp on linux + JDK-8327169: serviceability/dcmd/vm/SystemMapTest.java and SystemDumpMapTest.java may fail after JDK-8326586 + JDK-8327370: (ch) sun.nio.ch.Poller.register throws AssertionError + JDK-8327461: KeyStore getEntry is not thread-safe + JDK-8328107: Shenandoah/C2: TestVerifyLoopOptimizations test failure + JDK-8328301: Convert Applet test ManualHTMLDataFlavorTest.java to main program + JDK-8328482: Convert and Open source few manual applet test to main based + JDK-8328484: Convert and Opensource few JFileChooser applet test to main + JDK-8328648: Remove applet usage from JFileChooser tests bug4150029 + JDK-8328670: Automate and open source few closed manual applet test + JDK-8328673: Convert closed text/html/CSS manual applet test to main + JDK-8328864: NullPointerException in sun.security.jca.ProviderList.getService() + JDK-8329261: G1: interpreter post-barrier x86 code asserts index size of wrong buffer + JDK-8329729: java/util/Properties/StoreReproducibilityTest.java times out + JDK-8330106: C2: VectorInsertNode::make() shouldn't call ConINode::make() directly + JDK-8330158: C2: Loop strip mining uses ABS with min int + JDK-8330534: Update nsk/jdwp tests to use driver instead of othervm + JDK-8330598: java/net/httpclient/Http1ChunkedTest.java fails with java.util.MissingFormatArgumentException: Format specifier '%s' + JDK-8330936: [ubsan] exclude function BilinearInterp and ShapeSINextSpan in libawt java2d from ubsan checks + JDK-8331088: Incorrect TraceLoopPredicate output + JDK-8331735: UpcallLinker::on_exit races with GC when copying frame anchor + JDK-8332252: Clean up vmTestbase/vm/share + JDK-8332506: SIGFPE In ObjectSynchronizer::is_async_deflation_needed() + JDK-8332631: Update nsk.share.jpda.BindServer to don't use finalization + JDK-8332641: Update nsk.share.jpda.Jdb to don't use finalization + JDK-8332880: JFR GCHelper class recognizes 'Archive' regions as valid + JDK-8332921: Ctrl+C does not call shutdown hooks after JLine upgrade + JDK-8333013: Update vmTestbase/nsk/share/LocalProcess.java to don't use finalization + JDK-8333117: Remove support of remote and manual debuggee launchers + JDK-8333680: com/sun/tools/attach/BasicTests.java fails with 'SocketException: Permission denied: connect' + JDK-8333805: Replaying compilation with null static final fields results in a crash + JDK-8333890: Fatal error in auto-vectorizer with float16 kernel. + JDK-8334644: Automate javax/print/attribute/PageRangesException.java + JDK-8334780: Crash: assert(h_array_list.not_null()) failed: invariant + JDK-8334895: OpenJDK fails to configure on linux aarch64 when CDS is disabled after JDK-8331942 + JDK-8335181: Incorrect handling of HTTP/2 GOAWAY frames in HttpClient + JDK-8335643: serviceability/dcmd/vm tests fail for ZGC after JDK-8322475 + JDK-8335662: [AArch64] C1: guarantee(val < (1ULL << nbits)) failed: Field too big for insn + JDK-8335684: Test ThreadCpuTime.java should pause like ThreadCpuTimeArray.java + JDK-8335710: serviceability/dcmd/vm/SystemDumpMapTest.java and SystemMapTest.java fail on Linux Alpine after 8322475 + JDK-8335836: serviceability/jvmti/StartPhase/AllowedFunctions/ /AllowedFunctions.java fails with unexpected exit code: 112 + JDK-8335860: compiler/vectorization/ /TestFloat16VectorConvChain.java fails with non-standard AVX/SSE settings + JDK-8336042: Caller/callee param size mismatch in deoptimization causes crash + JDK-8336499: Failure when creating non-CRT RSA private keys in SunPKCS11 + JDK-8336587: failure_handler lldb command times out on macosx-aarch64 core file + JDK-8336827: compiler/vectorization/ /TestFloat16VectorConvChain.java timeouts on ppc64 platforms after JDK-8335860 + JDK-8337221: CompileFramework: test library to conveniently compile java and jasm sources for fuzzing + JDK-8337299: vmTestbase/nsk/jdb/stop_at/stop_at002/ /stop_at002.java failure goes undetected + JDK-8337681: PNGImageWriter uses much more memory than necessary + JDK-8337795: Type annotation attached to incorrect type during class reading + JDK-8337958: Out-of-bounds array access in secondary_super_cache + JDK-8337981: ShenandoahHeap::is_in should check for alive regions + JDK-8337998: CompletionFailure in getEnclosingType attaching type annotations + JDK-8338010: WB_IsFrameDeoptimized miss ResourceMark + JDK-8338064: Give better error for ConcurrentHashTable corruption + JDK-8338136: Hotspot should support multiple large page sizes on Windows + JDK-8338154: Fix -Wzero-as-null-pointer-constant warnings in gtest framework + JDK-8338202: Shenandoah: Improve handshake closure labels + JDK-8338314: JFR: Split JFRCheckpoint VM operation + JDK-8339148: Make os::Linux::active_processor_count() public + JDK-8339288: Improve diagnostic logging runtime/cds/DeterministicDump.java + JDK-8339300: CollectorPolicy.young_scaled_initial_ergo_vm gtest fails on ppc64 based platforms + JDK-8339538: Wrong timeout computations in DnsClient + JDK-8339639: Opensource few AWT PopupMenu tests + JDK-8339678: Update runtime/condy tests to be executed with VM flags + JDK-8339727: Open source several AWT focus tests - series 1 + JDK-8339769: Incorrect error message during startup if working directory does not exist + JDK-8339794: Open source closed choice tests #1 + JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract + JDK-8339836: Open source several AWT Mouse tests - Batch 1 + JDK-8339842: Open source several AWT focus tests - series 2 + JDK-8339895: Open source several AWT focus tests - series 3 + JDK-8339906: Open source several AWT focus tests - series 4 + JDK-8339935: Open source several AWT focus tests - series 5 + JDK-8339982: Open source several AWT Mouse tests - Batch 2 + JDK-8339984: Open source AWT MenuItem related tests + JDK-8339995: Open source several AWT focus tests - series 6 + JDK-8340024: In ClassReader, extract a constant for the superclass supertype_index + JDK-8340077: Open source few Checkbox tests - Set2 + JDK-8340084: Open source AWT Frame related tests + JDK-8340143: Open source several Java2D rendering loop tests. + JDK-8340146: ZGC: TestAllocateHeapAt.java should not run with UseLargePages + JDK-8340164: Open source few Component tests - Set1 + JDK-8340173: Open source some Component/Panel/EventQueue tests - Set2 + JDK-8340176: Replace usage of -noclassgc with -Xnoclassgc in test/jdk/java/lang/management/MemoryMXBean/LowMemoryTest2.java + JDK-8340193: Open source several AWT Dialog tests - Batch 1 + JDK-8340228: Open source couple more miscellaneous AWT tests + JDK-8340271: Open source several AWT Robot tests + JDK-8340279: Open source several AWT Dialog tests - Batch 2 + JDK-8340332: Open source mixed AWT tests - Set3 + JDK-8340366: Open source several AWT Dialog tests - Batch 3 + JDK-8340367: Opensource few AWT image tests + JDK-8340393: Open source closed choice tests #2 + JDK-8340407: Open source a few more Component related tests + JDK-8340417: Open source some MenuBar tests - Set1 + JDK-8340432: Open source some MenuBar tests - Set2 + JDK-8340433: Open source closed choice tests #3 + JDK-8340437: Open source few more AWT Frame related tests + JDK-8340458: Open source additional Component tests (part 2) + JDK-8340555: Open source DnD tests - Set4 + JDK-8340560: Open Source several AWT/2D font and rendering tests + JDK-8340605: Open source several AWT PopupMenu tests + JDK-8340621: Open source several AWT List tests + JDK-8340625: Open source additional Component tests (part 3) + JDK-8340639: Open source few more AWT List tests + JDK-8340713: Open source DnD tests - Set5 + JDK-8340784: Remove PassFailJFrame constructor with screenshots + JDK-8340790: Open source several AWT Dialog tests - Batch 4 + JDK-8340809: Open source few more AWT PopupMenu tests + JDK-8340874: Open source some of the AWT Geometry/Button tests + JDK-8340907: Open source closed frame tests # 2 + JDK-8340966: Open source few Checkbox and Cursor tests - Set1 + JDK-8340967: Open source few Cursor tests - Set2 + JDK-8340978: Open source few DnD tests - Set6 + JDK-8340985: Open source some Desktop related tests + JDK-8341000: Open source some of the AWT Window tests + JDK-8341004: Open source AWT FileDialog related tests + JDK-8341072: Open source several AWT Canvas and Rectangle related tests + JDK-8341128: open source some 2d graphics tests + JDK-8341148: Open source several Choice related tests + JDK-8341162: Open source some of the AWT window test + JDK-8341170: Open source several Choice related tests (part 2) + JDK-8341177: Opensource few List and a Window test + JDK-8341191: Open source few more AWT FileDialog tests + JDK-8341239: Open source closed frame tests # 3 + JDK-8341257: Open source few DND tests - Set1 + JDK-8341258: Open source few various AWT tests - Set1 + JDK-8341278: Open source few TrayIcon tests - Set7 + JDK-8341298: Open source more AWT window tests + JDK-8341373: Open source closed frame tests # 4 + JDK-8341378: Open source few TrayIcon tests - Set8 + JDK-8341447: Open source closed frame tests # 5 + JDK-8341535: sun/awt/font/TestDevTransform.java fails with RuntimeException: Different rendering + JDK-8341637: java/net/Socket/UdpSocket.java fails with 'java.net.BindException: Address already in use' (macos-aarch64) + JDK-8341779: [REDO BACKPORT] type annotations are not visible to javac plugins across compilation boundaries (JDK-8225377) + JDK-8341972: java/awt/dnd/DnDRemoveFocusOwnerCrashTest.java timed out after JDK-8341257 + JDK-8342075: HttpClient: improve HTTP/2 flow control checks + JDK-8342376: More reliable OOM handling in ExceptionDuringDumpAtObjectsInitPhase test + JDK-8342524: Use latch in AbstractButton/bug6298940.java instead of delay + JDK-8342633: javax/management/security/ /HashedPasswordFileTest.java creates tmp file in src dir + JDK-8342958: Use jvmArgs consistently in microbenchmarks + JDK-8343019: Primitive caches must use boxed instances from the archive + JDK-8343037: Missing @since tag on JColorChooser.showDialog overload + JDK-8343103: Enable debug logging for vmTestbase/nsk/jvmti/ /scenarios/sampling/SP05/sp05t003/TestDescription.java + JDK-8343124: Tests fails with java.lang.IllegalAccessException: class com.sun.javatest.regtest.agent.MainWrapper$MainTask cannot access + JDK-8343144: UpcallLinker::on_entry racingly clears pending exception with GC safepoints + JDK-8343170: java/awt/Cursor/JPanelCursorTest/ /JPanelCursorTest.java does not show the default cursor + JDK-8343224: print/Dialog/PaperSizeError.java fails with MediaSizeName is not A4: A4 + JDK-8343342: java/io/File/GetXSpace.java fails on Windows with CD-ROM drive + JDK-8343345: Use -jvmArgsPrepend when running microbenchmarks in RunTests.gmk + JDK-8343529: serviceability/sa/ClhsdbWhere.java fails AssertionFailure: Corrupted constant pool + JDK-8343754: Problemlist jdk/jfr/event/oldobject/TestShenandoah.java after JDK-8279016 + JDK-8343855: HTTP/2 ConnectionWindowUpdateSender may miss some unprocessed DataFrames from closed streams + JDK-8343891: Test javax/swing/JTabbedPane/ /TestJTabbedPaneBackgroundColor.java failed + JDK-8343936: Adjust timeout in test javax/management/monitor/DerivedGaugeMonitorTest.java + JDK-8344316: security/auth/callback/TextCallbackHandler/ /Password.java make runnable with JTReg and add the UI + JDK-8344346: java/net/httpclient/ShutdownNow.java fails with java.lang.AssertionError: client was still running, but exited after further delay: timeout should be adjusted + JDK-8344361: Restore null return for invalid services from legacy providers + JDK-8344414: ZGC: Another division by zero in rule_major_allocation_rate + JDK-8344925: translet-name ignored when package-name is also set + JDK-8345133: Test sun/security/tools/jarsigner/ /TsacertOptionTest.java failed: Warning found in stdout + JDK-8345134: Test sun/security/tools/jarsigner/ /ConciseJarsigner.java failed: unable to find valid certification path to requested target + JDK-8345146: [PPC64] Make intrinsic conversions between bit representations of half precision values and floats + JDK-8345341: Fix incorrect log message in JDI stop002t test + JDK-8345357: test/jdk/javax/swing/JRadioButton/8033699/ /bug8033699.java fails in ubuntu22.04 + JDK-8345447: test/jdk/javax/swing/JToolBar/4529206/ /bug4529206.java fails in ubuntu22.04 + JDK-8345547: test/jdk/javax/swing/text/DefaultEditorKit/ /4278839/bug4278839.java fails in ubuntu22.04 + JDK-8345598: Upgrade NSS binaries for interop tests + JDK-8345625: Better HTTP connections + JDK-8345728: [Accessibility,macOS,Screen Magnifier]: JCheckbox unchecked state does not magnify but works for checked state + JDK-8345838: Remove the appcds/javaldr/AnonVmClassesDuringDump.java test + JDK-8346049: jdk/test/lib/security/timestamp/TsaServer.java warnings + JDK-8346082: Output JVMTI agent information in hserr files + JDK-8346264: 'Total compile time' counter should include time spent in failing/bailout compiles + JDK-8346581: JRadioButton/ButtonGroupFocusTest.java fails in CI on Linux + JDK-8346888: [ubsan] block.cpp:1617:30: runtime error: 9.97582e+36 is outside the range of representable values of type 'int' + JDK-8347000: Bug in com/sun/net/httpserver/bugs/B6361557.java test + JDK-8347019: Test javax/swing/JRadioButton/8033699/ /bug8033699.java still fails: Focus is not on Radio Button Single as Expected + JDK-8347083: Incomplete logging in nsk/jvmti/ /ResourceExhausted/resexhausted00* tests + JDK-8347126: gc/stress/TestStressG1Uncommit.java gets OOM-killed + JDK-8347173: java/net/DatagramSocket/ /InterruptibleDatagramSocket.java fails with virtual thread factory + JDK-8347286: (fs) Remove some extensions from java/nio/file/Files/probeContentType/Basic.java + JDK-8347296: WinInstallerUiTest fails in local test runs if the path to test work directory is longer that regular + JDK-8347373: HTTP/2 flow control checks may count unprocessed data twice + JDK-8347506: Compatible OCSP readtimeout property with OCSP timeout + JDK-8347596: Update HSS/LMS public key encoding + JDK-8347629: Test FailOverDirectExecutionControlTest.java fails with -Xcomp + JDK-8347995: Race condition in jdk/java/net/httpclient/ /offline/FixedResponseHttpClient.java + JDK-8348107: test/jdk/java/net/httpclient/ /HttpsTunnelAuthTest.java fails intermittently + JDK-8348110: Update LCMS to 2.17 + JDK-8348299: Update List/ItemEventTest/ItemEventTest.java + JDK-8348323: Corrupted timezone string in JVM crash log + JDK-8348596: Update FreeType to 2.13.3 + JDK-8348597: Update HarfBuzz to 10.4.0 + JDK-8348598: Update Libpng to 1.6.47 + JDK-8348600: Update PipeWire to 1.3.81 + JDK-8348865: JButton/bug4796987.java never runs because Windows XP is unavailable + JDK-8348936: [Accessibility,macOS,VoiceOver] VoiceOver doesn't announce untick on toggling the checkbox with 'space' key on macOS + JDK-8348989: Better Glyph drawing + JDK-8349111: Enhance Swing supports + JDK-8349200: [JMH] time.format.ZonedDateTimeFormatterBenchmark fails + JDK-8349348: Refactor ClassLoaderDeadlock.sh and Deadlock.sh to run fully in java + JDK-8349358: [JMH] Cannot access class jdk.internal.vm.ContinuationScope + JDK-8349492: Update sun/security/pkcs12/ /KeytoolOpensslInteropTest.java to use a recent Openssl version + JDK-8349501: Relocate supporting classes in security/testlibrary to test/lib/jdk tree + JDK-8349594: Enhance TLS protocol support + JDK-8349623: [ASAN] Gtest os_linux.glibc_mallinfo_wrapper_vm fails + JDK-8349637: Integer.numberOfLeadingZeros outputs incorrectly in certain cases + JDK-8349751: AIX build failure after upgrade pipewire to 1.3.81 + JDK-8350201: Out of bounds access on Linux aarch64 in os::print_register_info + JDK-8350211: CTW: Attempt to preload all classes in constant pool + JDK-8350224: Test javax/swing/JComboBox/ /TestComboBoxComponentRendering.java fails in ubuntu 23.x and later + JDK-8350260: Improve HTML instruction formatting in PassFailJFrame + JDK-8350313: Include timings for leaving safepoint in safepoint logging + JDK-8350383: Test: add more test case for string compare (UL case) + JDK-8350386: Test TestCodeCacheFull.java fails with option -XX:-UseCodeCacheFlushing + JDK-8350412: [21u] AArch64: Ambiguous frame layout leads to incorrect traces in JFR + JDK-8350483: AArch64: turn on signum intrinsics by default on Ampere CPUs + JDK-8350498: Remove two Camerfirma root CA certificates + JDK-8350546: Several java/net/InetAddress tests fails UnknownHostException + JDK-8350616: Skip ValidateHazardPtrsClosure in non-debug builds + JDK-8350650: Bump update version for OpenJDK: jdk-21.0.8 + JDK-8350682: [JMH] vector.IndexInRangeBenchmark failed with IndexOutOfBoundsException for size=1024 + JDK-8350786: Some java/lang jtreg tests miss requires vm.hasJFR + JDK-8350924: javax/swing/JMenu/4213634/bug4213634.java fails + JDK-8350991: Improve HTTP client header handling + JDK-8351086: (fc) Make java/nio/channels/FileChannel/ /BlockDeviceSize.java test manual + JDK-8351500: G1: NUMA migrations cause crashes in region allocation + JDK-8351665: Remove unused UseNUMA in os_aix.cpp + JDK-8351933: Inaccurate masking of TC subfield decrement in ForkJoinPool + JDK-8352076: [21u] Problem list tests that fail in 21 and would be fixed by 8309622 + JDK-8352109: java/awt/Desktop/MailTest.java fails in platforms where Action.MAIL is not supported + JDK-8352302: Test sun/security/tools/jarsigner/ /TimestampCheck.java is failing + JDK-8352512: TestVectorZeroCount: counter not reset between iterations + JDK-8352676: Opensource JMenu tests - series1 + JDK-8352680: Opensource few misc swing tests + JDK-8352684: Opensource JInternalFrame tests - series1 + JDK-8352706: httpclient HeadTest does not run on HTTP2 + JDK-8352716: (tz) Update Timezone Data to 2025b + JDK-8352908: Open source several swing tests batch1 + JDK-8352942: jdk/jfr/startupargs/TestMemoryOptions.java fails with 32-bit build + JDK-8353070: Clean up and open source couple AWT Graphics related tests (Part 1) + JDK-8353138: Screen capture for test TaskbarPositionTest.java, failure case + JDK-8353190: Use '/native' Run Option for TestAvailableProcessors Execution + JDK-8353237: [AArch64] Incorrect result of VectorizedHashCode intrinsic on Cortex-A53 + JDK-8353320: Open source more Swing text tests + JDK-8353446: Open source several AWT Menu tests - Batch 2 + JDK-8353475: Open source two Swing DefaultCaret tests + JDK-8353685: Open some JComboBox bugs 4 + JDK-8353709: Debug symbols bundle should contain full debug files when building --with-external-symbols-in-bundles=public + JDK-8353787: Increased number of SHA-384-Digest java.util.jar.Attributes$Name instances leading to higher memory footprint + JDK-8353942: Open source Swing Tests - Set 5 + JDK-8354255: [jittester] Remove TempDir debug output + JDK-8354530: AIX: sporadic unexpected errno when calling setsockopt in Net.joinOrDrop + JDK-8354554: Open source several clipboard tests batch1 + JDK-8354802: MAX_SECS definition is unused in os_linux + JDK-8354893: [REDO BACKPORT] javac crashes while adding type annotations to the return type of a constructor (JDK-8320001) + JDK-8355498: [AIX] Adapt code for C++ VLA rule + JDK-8356053: Test java/awt/Toolkit/Headless/ /HeadlessToolkit.java fails by timeout + JDK-8356096: ISO 4217 Amendment 179 Update + JDK-8356571: Re-enable -Wtype-limits for GCC in LCMS + JDK-8357105: C2: compilation fails with 'assert(false) failed: empty program detected during loop optimization' + JDK-8357193: [VS 2022 17.14] Warning C5287 in debugInit.c: enum type mismatch during build + JDK-8359170: Add 2 TLS and 2 CS Sectigo roots + JDK-8360147: Better Glyph drawing redux + JDK-8360406: [21u] Disable logic for attaching type annotations to class files until 8359336 is fixed + JDK-8361672: [21u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.8 The following package changes have been done: - libxml2-2-2.12.10-150700.4.6.1 updated - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - libsolv-tools-base-0.7.34-150600.8.17.2 updated - libzypp-17.37.10-150600.3.74.1 updated - zypper-1.14.92-150600.10.46.2 updated - openssl-3-3.2.3-150700.5.15.1 updated - java-21-openjdk-headless-21.0.8.0-150600.3.15.1 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:25:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:25:04 +0200 (CEST) Subject: SUSE-CU-2025:5916-1: Security update of suse/nginx Message-ID: <20250805112504.2DB1FFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5916-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-62.4 , suse/nginx:latest Container Release : 62.4 Severity : important Type : security References : 1230959 1231748 1232326 1246296 1246428 CVE-2025-7425 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2617-1 Released: Mon Aug 4 09:04:59 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.12.10-150700.4.6.1 updated - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:25:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:25:12 +0200 (CEST) Subject: SUSE-CU-2025:5917-1: Recommended update of bci/nodejs Message-ID: <20250805112512.B7F81FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5917-1 Container Tags : bci/node:22 , bci/node:22.15.1 , bci/node:22.15.1-10.3 , bci/node:latest , bci/nodejs:22 , bci/nodejs:22.15.1 , bci/nodejs:22.15.1-10.3 , bci/nodejs:latest Container Release : 10.3 Severity : important Type : recommended References : 1230959 1231748 1232326 1246428 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:25:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:25:22 +0200 (CEST) Subject: SUSE-CU-2025:5918-1: Security update of bci/openjdk-devel Message-ID: <20250805112522.26B07FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5918-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.16.0 , bci/openjdk-devel:17.0.16.0-8.4 Container Release : 8.4 Severity : important Type : security References : 1230959 1231748 1232326 1246428 1246575 1246584 1246595 1246598 CVE-2025-30749 CVE-2025-30754 CVE-2025-50059 CVE-2025-50106 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2667-1 Released: Mon Aug 4 14:37:23 2025 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1246575,1246584,1246595,1246598,CVE-2025-30749,CVE-2025-30754,CVE-2025-50059,CVE-2025-50106 This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.16+8 (July 2025 CPU): - CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595) - CVE-2025-30754: incomplete handshake may lead to weakening TLS protections (bsc#1246598) - CVE-2025-50059: Improve HTTP client header handling (bsc#1246575) - CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584) Changelog: + JDK-4850101: Setting mnemonic to VK_F4 underlines the letter S in a button. + JDK-5074006: Swing JOptionPane shows tag as a string after newline + JDK-6956385: URLConnection.getLastModified() leaks file handles for jar:file and file: URLs + JDK-8024624: [TEST_BUG] [macosx] CTRL+RIGHT(LEFT) doesn't move selection on next cell in JTable on Aqua L&F + JDK-8042134: JOptionPane bungles HTML messages + JDK-8051591: Test javax/swing/JTabbedPane/8007563/Test8007563.java fails + JDK-8077371: Binary files in JAXP test should be removed + JDK-8183348: Better cleanup for jdk/test/sun/security/pkcs12/P12SecretKey.java + JDK-8196465: javax/swing/JComboBox/8182031/ComboPopupTest.java fails on Linux + JDK-8202100: Merge vm/share/InMemoryJavaCompiler w/ jdk/test/lib/compiler/InMemoryJavaCompiler + JDK-8211400: nsk.share.gc.Memory::getArrayLength returns wrong value + JDK-8218474: JComboBox display issue with GTKLookAndFeel + JDK-8224267: JOptionPane message string with 5000+ newlines produces StackOverflowError + JDK-8249831: Test sun/security/mscapi/nonUniqueAliases/ /NonUniqueAliases.java is marked with @ignore + JDK-8251505: Use of types in compiler shared code should be consistent. + JDK-8253440: serviceability/sa/TestJhsdbJstackLineNumbers.java failed with 'Didn't find enough line numbers' + JDK-8254786: java/net/httpclient/CancelRequestTest.java failing intermittently + JDK-8256211: assert fired in java/net/httpclient/DependentPromiseActionsTest (infrequent) + JDK-8258483: [TESTBUG] gtest CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is too small + JDK-8269516: AArch64: Assembler cleanups + JDK-8271419: Refactor test code for modifying CDS archive contents + JDK-8276995: Bug in jdk.jfr.event.gc.collection.TestSystemGC + JDK-8277983: Remove unused fields from sun.net.www.protocol.jar.JarURLConnection + JDK-8279884: Use better file for cygwin source permission check + JDK-8279894: javax/swing/JInternalFrame/8020708/bug8020708.java timeouts on Windows 11 + JDK-8280468: Crashes in getConfigColormap, getConfigVisualId, XVisualIDFromVisual on Linux + JDK-8280820: Clean up bug8033699 and bug8075609.java tests: regtesthelpers aren't used + JDK-8280991: [XWayland] No displayChanged event after setDisplayMode call + JDK-8281511: java/net/ipv6tests/UdpTest.java fails with checkTime failed + JDK-8282863: java/awt/FullScreen/FullscreenWindowProps/ /FullscreenWindowProps.java fails on Windows 10 with HiDPI screen + JDK-8286204: [Accessibility,macOS,VoiceOver] VoiceOver reads the spinner value 10 as 1 when user iterates to 10 for the first time on macOS + JDK-8286789: Test forceEarlyReturn002.java timed out + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit access thread fields from native + JDK-8286925: Move JSON parser used in JFR tests to test library + JDK-8287352: DockerTestUtils::execute shows incorrect elapsed time + JDK-8287801: Fix test-bugs related to stress flags + JDK-8288707: javax/swing/JToolBar/4529206/bug4529206.java: setFloating does not work correctly + JDK-8290162: Reset recursion counter missed in fix of JDK-8224267 + JDK-8292064: Convert java/lang/management/MemoryMXBean shell tests to java version + JDK-8293503: gc/metaspace/TestMetaspacePerfCounters.java #Epsilon-64 failed assertGreaterThanOrEqual: expected MMM >= NNN + JDK-8294038: Remove 'Classpath' exception from javax/swing tests + JDK-8294155: Exception thrown before awaitAndCheck hangs PassFailJFrame + JDK-8295470: Update openjdk.java.net => openjdk.org URLs in test code + JDK-8295670: Remove duplication in java/util/Formatter/Basic*.java + JDK-8295804: javax/swing/JFileChooser/JFileChooserSetLocationTest.java failed with 'setLocation() is not working properly' + JDK-8296072: CertAttrSet::encode and DerEncoder::derEncode should write into DerOutputStream + JDK-8296167: test/langtools/tools/jdeps/jdkinternals/ /ShowReplacement.java failing after JDK-8296072 + JDK-8296920: Regression Test DialogOrient.java fails on MacOS + JDK-8297173: usageTicks and totalTicks should be volatile to ensure that different threads get the latest ticks + JDK-8297242: Use-after-free during library unloading on Linux + JDK-8298061: vmTestbase/nsk/sysdict/vm/stress/btree/btree012/ /btree012.java failed with 'fatal error: refcount has gone to zero' + JDK-8298147: Clang warns about pointless comparisons + JDK-8298248: Limit sscanf output width in cgroup file parsers + JDK-8298709: Fix typos in src/java.desktop/ and various test classes of client component + JDK-8298730: Refactor subsystem_file_line_contents and add docs and tests + JDK-8300645: Handle julong values in logging of GET_CONTAINER_INFO macros + JDK-8300658: memory_and_swap_limit() reporting wrong values on systems with swapaccount=0 + JDK-8302226: failure_handler native.core should wait for coredump to finish + JDK-8303549: [AIX] TestNativeStack.java is failing with exit value 1 + JDK-8303770: Remove Baltimore root certificate expiring in May 2025 + JDK-8305010: Test vmTestbase/nsk/jvmti/scenarios/sampling/ /SP05/sp05t003/TestDescription.java timed out: thread not suspended + JDK-8305578: X11GraphicsDevice.pGetBounds() is slow in remote X11 sessions + JDK-8306997: C2: 'malformed control flow' assert due to missing safepoint on backedge with a switch + JDK-8307318: Test serviceability/sa/ClhsdbCDSJstackPrintAll.java failed: ArrayIndexOutOfBoundsException + JDK-8308875: java/awt/Toolkit/GetScreenInsetsCustomGC/ /GetScreenInsetsCustomGC.java failed with 'Cannot invoke 'sun.awt.X11GraphicsDevice.getInsets()' because 'device' is null' + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8310525: DynamicLauncher for JDP test needs to try harder to find a free port + JDK-8312246: NPE when HSDB visits bad oop + JDK-8314120: Add tests for FileDescriptor.sync + JDK-8314236: Overflow in Collections.rotate + JDK-8314246: javax/swing/JToolBar/4529206/bug4529206.java fails intermittently on Linux + JDK-8314320: Mark runtime/CommandLine/ tests as flagless + JDK-8314828: Mark 3 jcmd command-line options test as vm.flagless + JDK-8315484: java/awt/dnd/RejectDragDropActionTest.java timed out + JDK-8315669: Open source several Swing PopupMenu related tests + JDK-8315721: CloseRace.java#id0 fails transiently on libgraal + JDK-8315742: Open source several Swing Scroll related tests + JDK-8315871: Opensource five more Swing regression tests + JDK-8315876: Open source several Swing CSS related tests + JDK-8315951: Open source several Swing HTMLEditorKit related tests + JDK-8315981: Opensource five more random Swing tests + JDK-8316061: Open source several Swing RootPane and Slider related tests + JDK-8316156: ByteArrayInputStream.transferTo causes MaxDirectMemorySize overflow + JDK-8316228: jcmd tests are broken by 8314828 + JDK-8316324: Opensource five miscellaneous Swing tests + JDK-8316388: Opensource five Swing component related regression tests + JDK-8316451: 6 java/lang/instrument/PremainClass tests ignore VM flags + JDK-8316452: java/lang/instrument/modules/ /AppendToClassPathModuleTest.java ignores VM flags + JDK-8316460: 4 javax/management tests ignore VM flags + JDK-8316497: ColorConvertOp - typo for non-ICC conversions needs one-line fix + JDK-8316629: j.text.DateFormatSymbols setZoneStrings() exception is unhelpful + JDK-8318700: MacOS Zero cannot run gtests due to wrong JVM path + JDK-8318915: Enhance checks in BigDecimal.toPlainString() + JDK-8318962: Update ProcessTools javadoc with suggestions in 8315097 + JDK-8319572: Test jdk/incubator/vector/LoadJsvmlTest.java ignores VM flags + JDK-8319578: Few java/lang/instrument ignore test.java.opts and accept test.vm.opts only + JDK-8319690: [AArch64] C2 compilation hits offset_ok_for_immed: assert 'c2 compiler bug' + JDK-8320682: [AArch64] C1 compilation fails with 'Field too big for insn' + JDK-8320687: sun.jvmstat.monitor.MonitoredHost .getMonitoredHost() throws unexpected exceptions when invoked concurrently + JDK-8321204: C2: assert(false) failed: node should be in igvn hash table + JDK-8321479: java -D-D crashes + JDK-8321509: False positive in get_trampoline fast path causes crash + JDK-8321713: Harmonize executeTestJvm with create[Limited]TestJavaProcessBuilder + JDK-8321718: ProcessTools.executeProcess calls waitFor before logging + JDK-8321931: memory_swap_current_in_bytes reports 0 as 'unlimited' + JDK-8325435: [macos] Menu or JPopupMenu not closed when main window is resized + JDK-8325680: Uninitialised memory in deleteGSSCB of GSSLibStub.c:179 + JDK-8325682: Rename nsk_strace.h + JDK-8326389: [test] improve assertEquals failure output + JDK-8328301: Convert Applet test ManualHTMLDataFlavorTest.java to main program + JDK-8328482: Convert and Open source few manual applet test to main based + JDK-8328484: Convert and Opensource few JFileChooser applet test to main + JDK-8328648: Remove applet usage from JFileChooser tests bug4150029 + JDK-8328670: Automate and open source few closed manual applet test + JDK-8328673: Convert closed text/html/CSS manual applet test to main + JDK-8329261: G1: interpreter post-barrier x86 code asserts index size of wrong buffer + JDK-8330534: Update nsk/jdwp tests to use driver instead of othervm + JDK-8330598: java/net/httpclient/Http1ChunkedTest.java fails with java.util.MissingFormatArgumentException: Format specifier '%s' + JDK-8331735: UpcallLinker::on_exit races with GC when copying frame anchor + JDK-8333117: Remove support of remote and manual debuggee launchers + JDK-8333680: com/sun/tools/attach/BasicTests.java fails with 'SocketException: Permission denied: connect' + JDK-8334560: [PPC64]: postalloc_expand_java_dynamic_call_sched does not copy all fields + JDK-8334644: Automate javax/print/attribute/PageRangesException.java + JDK-8334780: Crash: assert(h_array_list.not_null()) failed: invariant + JDK-8334895: OpenJDK fails to configure on linux aarch64 when CDS is disabled after JDK-8331942 + JDK-8335662: [AArch64] C1: guarantee(val < (1ULL << nbits)) failed: Field too big for insn + JDK-8335684: Test ThreadCpuTime.java should pause like ThreadCpuTimeArray.java + JDK-8335836: serviceability/jvmti/StartPhase/AllowedFunctions/ /AllowedFunctions.java fails with unexpected exit code: 112 + JDK-8336587: failure_handler lldb command times out on macosx-aarch64 core file + JDK-8337221: CompileFramework: test library to conveniently compile java and jasm sources for fuzzing + JDK-8337299: vmTestbase/nsk/jdb/stop_at/stop_at002/ /stop_at002.java failure goes undetected + JDK-8338154: Fix -Wzero-as-null-pointer-constant warnings in gtest framework + JDK-8339148: Make os::Linux::active_processor_count() public + JDK-8339300: CollectorPolicy.young_scaled_initial_ergo_vm gtest fails on ppc64 based platforms + JDK-8339639: Opensource few AWT PopupMenu tests + JDK-8339678: Update runtime/condy tests to be executed with VM flags + JDK-8339727: Open source several AWT focus tests - series 1 + JDK-8339794: Open source closed choice tests #1 + JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract + JDK-8339836: Open source several AWT Mouse tests - Batch 1 + JDK-8339842: Open source several AWT focus tests - series 2 + JDK-8339895: Open source several AWT focus tests - series 3 + JDK-8339906: Open source several AWT focus tests - series 4 + JDK-8339935: Open source several AWT focus tests - series 5 + JDK-8339982: Open source several AWT Mouse tests - Batch 2 + JDK-8339984: Open source AWT MenuItem related tests + JDK-8339995: Open source several AWT focus tests - series 6 + JDK-8340077: Open source few Checkbox tests - Set2 + JDK-8340084: Open source AWT Frame related tests + JDK-8340143: Open source several Java2D rendering loop tests. + JDK-8340164: Open source few Component tests - Set1 + JDK-8340173: Open source some Component/Panel/EventQueue tests - Set2 + JDK-8340176: Replace usage of -noclassgc with -Xnoclassgc in test/jdk/java/lang/management/MemoryMXBean/LowMemoryTest2.java + JDK-8340193: Open source several AWT Dialog tests - Batch 1 + JDK-8340228: Open source couple more miscellaneous AWT tests + JDK-8340271: Open source several AWT Robot tests + JDK-8340279: Open source several AWT Dialog tests - Batch 2 + JDK-8340332: Open source mixed AWT tests - Set3 + JDK-8340366: Open source several AWT Dialog tests - Batch 3 + JDK-8340367: Opensource few AWT image tests + JDK-8340393: Open source closed choice tests #2 + JDK-8340407: Open source a few more Component related tests + JDK-8340417: Open source some MenuBar tests - Set1 + JDK-8340432: Open source some MenuBar tests - Set2 + JDK-8340433: Open source closed choice tests #3 + JDK-8340437: Open source few more AWT Frame related tests + JDK-8340458: Open source additional Component tests (part 2) + JDK-8340555: Open source DnD tests - Set4 + JDK-8340560: Open Source several AWT/2D font and rendering tests + JDK-8340605: Open source several AWT PopupMenu tests + JDK-8340621: Open source several AWT List tests + JDK-8340625: Open source additional Component tests (part 3) + JDK-8340639: Open source few more AWT List tests + JDK-8340713: Open source DnD tests - Set5 + JDK-8340784: Remove PassFailJFrame constructor with screenshots + JDK-8340790: Open source several AWT Dialog tests - Batch 4 + JDK-8340809: Open source few more AWT PopupMenu tests + JDK-8340874: Open source some of the AWT Geometry/Button tests + JDK-8340907: Open source closed frame tests # 2 + JDK-8340966: Open source few Checkbox and Cursor tests - Set1 + JDK-8340967: Open source few Cursor tests - Set2 + JDK-8340978: Open source few DnD tests - Set6 + JDK-8340985: Open source some Desktop related tests + JDK-8341000: Open source some of the AWT Window tests + JDK-8341004: Open source AWT FileDialog related tests + JDK-8341072: Open source several AWT Canvas and Rectangle related tests + JDK-8341128: open source some 2d graphics tests + JDK-8341148: Open source several Choice related tests + JDK-8341162: Open source some of the AWT window test + JDK-8341170: Open source several Choice related tests (part 2) + JDK-8341177: Opensource few List and a Window test + JDK-8341191: Open source few more AWT FileDialog tests + JDK-8341239: Open source closed frame tests # 3 + JDK-8341257: Open source few DND tests - Set1 + JDK-8341258: Open source few various AWT tests - Set1 + JDK-8341278: Open source few TrayIcon tests - Set7 + JDK-8341298: Open source more AWT window tests + JDK-8341373: Open source closed frame tests # 4 + JDK-8341378: Open source few TrayIcon tests - Set8 + JDK-8341447: Open source closed frame tests # 5 + JDK-8341535: sun/awt/font/TestDevTransform.java fails with RuntimeException: Different rendering + JDK-8341637: java/net/Socket/UdpSocket.java fails with 'java.net.BindException: Address already in use' (macos-aarch64) + JDK-8341972: java/awt/dnd/DnDRemoveFocusOwnerCrashTest.java timed out after JDK-8341257 + JDK-8342376: More reliable OOM handling in ExceptionDuringDumpAtObjectsInitPhase test + JDK-8342524: Use latch in AbstractButton/bug6298940.java instead of delay + JDK-8342633: javax/management/security/ /HashedPasswordFileTest.java creates tmp file in src dir + JDK-8343037: Missing @since tag on JColorChooser.showDialog overload + JDK-8343103: Enable debug logging for vmTestbase/nsk/jvmti/ /scenarios/sampling/SP05/sp05t003/TestDescription.java + JDK-8343124: Tests fails with java.lang.IllegalAccessException: class com.sun.javatest.regtest.agent.MainWrapper$MainTask cannot access + JDK-8343170: java/awt/Cursor/JPanelCursorTest/ /JPanelCursorTest.java does not show the default cursor + JDK-8343205: CompileBroker::possibly_add_compiler_threads excessively polls available memory + JDK-8343529: serviceability/sa/ClhsdbWhere.java fails AssertionFailure: Corrupted constant pool + JDK-8343891: Test javax/swing/JTabbedPane/ /TestJTabbedPaneBackgroundColor.java failed + JDK-8343936: Adjust timeout in test javax/management/monitor/DerivedGaugeMonitorTest.java + JDK-8344316: security/auth/callback/TextCallbackHandler/ /Password.java make runnable with JTReg and add the UI + JDK-8344361: Restore null return for invalid services from legacy providers + JDK-8345133: Test sun/security/tools/jarsigner/ /TsacertOptionTest.java failed: Warning found in stdout + JDK-8345134: Test sun/security/tools/jarsigner/ /ConciseJarsigner.java failed: unable to find valid certification path to requested target + JDK-8345357: test/jdk/javax/swing/JRadioButton/8033699/ /bug8033699.java fails in ubuntu22.04 + JDK-8345447: test/jdk/javax/swing/JToolBar/4529206/ /bug4529206.java fails in ubuntu22.04 + JDK-8345547: test/jdk/javax/swing/text/DefaultEditorKit/ /4278839/bug4278839.java fails in ubuntu22.04 + JDK-8345598: Upgrade NSS binaries for interop tests + JDK-8345625: Better HTTP connections + JDK-8345728: [Accessibility,macOS,Screen Magnifier]: JCheckbox unchecked state does not magnify but works for checked tate + JDK-8345838: Remove the appcds/javaldr/AnonVmClassesDuringDump.java test + JDK-8346049: jdk/test/lib/security/timestamp/TsaServer.java warnings + JDK-8346581: JRadioButton/ButtonGroupFocusTest.java fails in CI on Linux + JDK-8347000: Bug in com/sun/net/httpserver/bugs/B6361557.java test + JDK-8347019: Test javax/swing/JRadioButton/8033699/ /bug8033699.java still fails: Focus is not on Radio Button Single as Expected + JDK-8347083: Incomplete logging in nsk/jvmti/ResourceExhausted/resexhausted00* tests + JDK-8347126: gc/stress/TestStressG1Uncommit.java gets OOM-killed + JDK-8347267: [macOS]: UnixOperatingSystem.c:67:40: runtime error: division by zero + JDK-8347286: (fs) Remove some extensions from java/nio/file/Files/probeContentType/Basic.java + JDK-8347576: Error output in libjsound has non matching format strings + JDK-8347629: Test FailOverDirectExecutionControlTest.java fails with -Xcomp + JDK-8347911: Limit the length of inflated text chunks + JDK-8347995: Race condition in jdk/java/net/httpclient/ /offline/FixedResponseHttpClient.java + JDK-8348107: test/jdk/java/net/httpclient/ /HttpsTunnelAuthTest.java fails intermittently + JDK-8348110: Update LCMS to 2.17 + JDK-8348299: Update List/ItemEventTest/ItemEventTest.java + JDK-8348596: Update FreeType to 2.13.3 + JDK-8348597: Update HarfBuzz to 10.4.0 + JDK-8348598: Update Libpng to 1.6.47 + JDK-8348600: Update PipeWire to 1.3.81 + JDK-8348865: JButton/bug4796987.java never runs because Windows XP is unavailable + JDK-8348936: [Accessibility,macOS,VoiceOver] VoiceOver doesn't announce untick on toggling the checkbox with 'space' key on macOS + JDK-8348989: Better Glyph drawing + JDK-8349039: Adjust exception No type named in database + JDK-8349111: Enhance Swing supports + JDK-8349200: [JMH] time.format.ZonedDateTimeFormatterBenchmark fails + JDK-8349348: Refactor ClassLoaderDeadlock.sh and Deadlock.sh to run fully in java + JDK-8349492: Update sun/security/pkcs12/ /KeytoolOpensslInteropTest.java to use a recent Openssl version + JDK-8349501: Relocate supporting classes in security/testlibrary to test/lib/jdk tree + JDK-8349594: Enhance TLS protocol support + JDK-8349751: AIX build failure after upgrade pipewire to 1.3.81 + JDK-8349974: [JMH,17u] MaskQueryOperationsBenchmark fails java.lang.NoClassDefFoundError + JDK-8350211: CTW: Attempt to preload all classes in constant pool + JDK-8350224: Test javax/swing/JComboBox/ /TestComboBoxComponentRendering.java fails in ubuntu 23.x and later + JDK-8350260: Improve HTML instruction formatting in PassFailJFrame + JDK-8350383: Test: add more test case for string compare (UL case) + JDK-8350386: Test TestCodeCacheFull.java fails with option -XX:-UseCodeCacheFlushing + JDK-8350412: [21u] AArch64: Ambiguous frame layout leads to incorrect traces in JFR + JDK-8350498: Remove two Camerfirma root CA certificates + JDK-8350540: [17u,11u] B8312065.java fails Network is unreachable + JDK-8350546: Several java/net/InetAddress tests fails UnknownHostException + JDK-8350616: Skip ValidateHazardPtrsClosure in non-debug builds + JDK-8350651: Bump update version for OpenJDK: jdk-17.0.16 + JDK-8350924: javax/swing/JMenu/4213634/bug4213634.java fails + JDK-8350991: Improve HTTP client header handling + JDK-8351086: (fc) Make java/nio/channels/FileChannel/BlockDeviceSize.java test manual + JDK-8352076: [21u] Problem list tests that fail in 21 and would be fixed by 8309622 + JDK-8352109: java/awt/Desktop/MailTest.java fails in platforms where Action.MAIL is not supported + JDK-8352302: Test sun/security/tools/jarsigner/TimestampCheck.java is failing + JDK-8352649: [17u] guarantee(is_result_safe || is_in_asgct()) failed inside AsyncGetCallTrace + JDK-8352676: Opensource JMenu tests - series1 + JDK-8352680: Opensource few misc swing tests + JDK-8352684: Opensource JInternalFrame tests - series1 + JDK-8352706: httpclient HeadTest does not run on HTTP2 + JDK-8352716: (tz) Update Timezone Data to 2025b + JDK-8352908: Open source several swing tests batch1 + JDK-8352942: jdk/jfr/startupargs/TestMemoryOptions.java fails with 32-bit build + JDK-8353070: Clean up and open source couple AWT Graphics related tests (Part 1) + JDK-8353138: Screen capture for test TaskbarPositionTest.java, failure case + JDK-8353320: Open source more Swing text tests + JDK-8353446: Open source several AWT Menu tests - Batch 2 + JDK-8353475: Open source two Swing DefaultCaret tests + JDK-8353685: Open some JComboBox bugs 4 + JDK-8353709: Debug symbols bundle should contain full debug files when building --with-external-symbols-in-bundles=public + JDK-8353714: [17u] Backport of 8347740 incomplete + JDK-8353942: Open source Swing Tests - Set 5 + JDK-8354554: Open source several clipboard tests batch1 + JDK-8356053: Test java/awt/Toolkit/Headless/ /HeadlessToolkit.java fails by timeout + JDK-8356096: ISO 4217 Amendment 179 Update + JDK-8356571: Re-enable -Wtype-limits for GCC in LCMS + JDK-8357105: C2: compilation fails with 'assert(false) failed: empty program detected during loop optimization' + JDK-8357193: [VS 2022 17.14] Warning C5287 in debugInit.c: enum type mismatch during build + JDK-8359170: Add 2 TLS and 2 CS Sectigo roots + JDK-8360147: Better Glyph drawing redux + JDK-8361674: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.16 The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - openssl-3-3.2.3-150700.5.15.1 updated - java-17-openjdk-headless-17.0.16.0-150400.3.57.1 updated - java-17-openjdk-17.0.16.0-150400.3.57.1 updated - java-17-openjdk-devel-17.0.16.0-150400.3.57.1 updated - container:bci-openjdk-17-15.7.17-8.4 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:25:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:25:32 +0200 (CEST) Subject: SUSE-CU-2025:5919-1: Security update of bci/openjdk-devel Message-ID: <20250805112532.0EF11FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5919-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.8.0 , bci/openjdk-devel:21.0.8.0-11.4 , bci/openjdk-devel:latest Container Release : 11.4 Severity : important Type : security References : 1213796 1230959 1231748 1232326 1246428 1246575 1246584 1246595 1246598 CVE-2025-30749 CVE-2025-30754 CVE-2025-50059 CVE-2025-50106 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2657-1 Released: Mon Aug 4 12:34:32 2025 Summary: Security update for java-21-openjdk Type: security Severity: important References: 1213796,1246575,1246584,1246595,1246598,CVE-2025-30749,CVE-2025-30754,CVE-2025-50059,CVE-2025-50106 This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.8+9 (July 2025 CPU): Security fixes: - CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595) - CVE-2025-30754: incomplete handshake may lead to weakening TLS protections (bsc#1246598) - CVE-2025-50059: Improve HTTP client header handling (bsc#1246575) - CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584) Other fixes: - Allow compilation of openjdk for 40 years (bsc#1213796) Changelog: + JDK-6956385: URLConnection.getLastModified() leaks file handles for jar:file and file: URLs + JDK-8051591: Test javax/swing/JTabbedPane/8007563/Test8007563.java fails + JDK-8136895: Writer not closed with disk full error, file resource leaked + JDK-8180450: secondary_super_cache does not scale well + JDK-8183348: Better cleanup for jdk/test/sun/security/pkcs12/P12SecretKey.java + JDK-8200566: DistributionPointFetcher fails to fetch CRLs if the DistributionPoints field contains more than one DistributionPoint and the first one fails + JDK-8202100: Merge vm/share/InMemoryJavaCompiler w/ jdk/test/lib/compiler/InMemoryJavaCompiler + JDK-8210471: GZIPInputStream constructor could leak an un-end()ed Inflater + JDK-8211400: nsk.share.gc.Memory::getArrayLength returns wrong value + JDK-8220213: com/sun/jndi/dns/ConfigTests/Timeout.java failed intermittent + JDK-8249831: Test sun/security/mscapi/nonUniqueAliases/ /NonUniqueAliases.java is marked with @ignore + JDK-8253440: serviceability/sa/TestJhsdbJstackLineNumbers.java failed with 'Didn't find enough line numbers' + JDK-8256211: assert fired in java/net/httpclient/DependentPromiseActionsTest (infrequent) + JDK-8258483: [TESTBUG] gtest CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is too small + JDK-8267174: Many test files have the wrong Copyright header + JDK-8270269: Desktop.browse method fails if earlier CoInitialize call as COINIT_MULTITHREADED + JDK-8276995: Bug in jdk.jfr.event.gc.collection.TestSystemGC + JDK-8279016: JFR Leak Profiler is broken with Shenandoah + JDK-8280991: [XWayland] No displayChanged event after setDisplayMode call + JDK-8281511: java/net/ipv6tests/UdpTest.java fails with checkTime failed + JDK-8282726: java/net/vthread/BlockingSocketOps.java timeout/hang intermittently on Windows + JDK-8286204: [Accessibility,macOS,VoiceOver] VoiceOver reads the spinner value 10 as 1 when user iterates to 10 for the first time on macOS + JDK-8286789: Test forceEarlyReturn002.java timed out + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit access thread fields from native + JDK-8294155: Exception thrown before awaitAndCheck hangs PassFailJFrame + JDK-8295804: javax/swing/JFileChooser/ /JFileChooserSetLocationTest.java failed with 'setLocation() is not working properly' + JDK-8297692: Avoid sending per-region GCPhaseParallel JFR events in G1ScanCollectionSetRegionClosure + JDK-8303770: Remove Baltimore root certificate expiring in May 2025 + JDK-8305010: Test vmTestbase/nsk/jvmti/scenarios/sampling/ /SP05/sp05t003/TestDescription.java timed out: thread not suspended + JDK-8307318: Test serviceability/sa/ /ClhsdbCDSJstackPrintAll.java failed: ArrayIndexOutOfBoundsException + JDK-8307824: Clean up Finalizable.java and finalize terminology in vmTestbase/nsk/share + JDK-8308033: The jcmd thread dump related tests should test virtual threads + JDK-8308966: Add intrinsic for float/double modulo for x86 AVX2 and AVX512 + JDK-8309667: TLS handshake fails because of ConcurrentModificationException in PKCS12KeyStore .engineGetEntry + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8309978: [x64] Fix useless padding + JDK-8310066: Improve test coverage for JVMTI GetThreadState on carrier and mounted vthread + JDK-8310525: DynamicLauncher for JDP test needs to try harder to find a free port + JDK-8310643: Misformatted copyright messages in FFM + JDK-8312246: NPE when HSDB visits bad oop + JDK-8312475: org.jline.util.PumpReader signed byte problem + JDK-8313290: Misleading exception message from STS.Subtask::get when task forked after shutdown + JDK-8313430: [JVMCI] fatal error: Never compilable: in JVMCI shutdown + JDK-8313654: Test WaitNotifySuspendedVThreadTest.java timed out + JDK-8314056: Remove runtime platform check from frem/drem + JDK-8314136: Test java/net/httpclient/CancelRequestTest.java failed: WARNING: tracker for HttpClientImpl(42) has outstanding operations + JDK-8314236: Overflow in Collections.rotate + JDK-8314319: LogCompilation doesn't reset lateInlining when it encounters a failure. + JDK-8314840: 3 gc/epsilon tests ignore external vm options + JDK-8314842: zgc/genzgc tests ignore vm flags + JDK-8315128: jdk/jfr/event/runtime/ /TestResidentSetSizeEvent.java fails with 'The size should be less than or equal to peak' + JDK-8315484: java/awt/dnd/RejectDragDropActionTest.java timed out + JDK-8315669: Open source several Swing PopupMenu related tests + JDK-8315742: Open source several Swing Scroll related tests + JDK-8315827: Kitchensink.java and RenaissanceStressTest.java time out with jvmti module errors + JDK-8315871: Opensource five more Swing regression tests + JDK-8315876: Open source several Swing CSS related tests + JDK-8315951: Open source several Swing HTMLEditorKit related tests + JDK-8315981: Opensource five more random Swing tests + JDK-8316061: Open source several Swing RootPane and Slider related tests + JDK-8316324: Opensource five miscellaneous Swing tests + JDK-8316388: Opensource five Swing component related regression tests + JDK-8316452: java/lang/instrument/modules/ /AppendToClassPathModuleTest.java ignores VM flags + JDK-8316497: ColorConvertOp - typo for non-ICC conversions needs one-line fix + JDK-8316580: HttpClient with StructuredTaskScope does not close when a task fails + JDK-8316629: j.text.DateFormatSymbols setZoneStrings() exception is unhelpful + JDK-8317264: Pattern.Bound has `static` fields that should be `static final`. + JDK-8318509: x86 count_positives intrinsic broken for -XX:AVX3Threshold=0 + JDK-8318636: Add jcmd to print annotated process memory map + JDK-8318700: MacOS Zero cannot run gtests due to wrong JVM path + JDK-8318811: Compiler directives parser swallows a character after line comments + JDK-8318915: Enhance checks in BigDecimal.toPlainString() + JDK-8319439: Move BufferNode from PtrQueue files to new files + JDK-8319572: Test jdk/incubator/vector/LoadJsvmlTest.java ignores VM flags + JDK-8319690: [AArch64] C2 compilation hits offset_ok_for_immed: assert 'c2 compiler bug' + JDK-8320687: sun.jvmstat.monitor.MonitoredHost .getMonitoredHost() throws unexpected exceptions when invoked concurrently + JDK-8320948: NPE due to unreported compiler error + JDK-8321204: C2: assert(false) failed: node should be in igvn hash table + JDK-8321479: java -D-D crashes + JDK-8321931: memory_swap_current_in_bytes reports 0 as 'unlimited' + JDK-8322141: SequenceInputStream.transferTo should not return as soon as Long.MAX_VALUE bytes have been transferred + JDK-8322475: Extend printing for System.map + JDK-8323795: jcmd Compiler.codecache should print total size of code cache + JDK-8324345: Stack overflow during C2 compilation when splitting memory phi + JDK-8324678: Replace NULL with nullptr in HotSpot gtests + JDK-8324681: Replace NULL with nullptr in HotSpot jtreg test native code files + JDK-8324799: Use correct extension for C++ test headers + JDK-8324880: Rename get_stack_trace.h + JDK-8325055: Rename Injector.h + JDK-8325180: Rename jvmti_FollowRefObjects.h + JDK-8325347: Rename native_thread.h + JDK-8325367: Rename nsk_list.h + JDK-8325435: [macos] Menu or JPopupMenu not closed when main window is resized + JDK-8325456: Rename nsk_mutex.h + JDK-8325458: Rename mlvmJvmtiUtils.h + JDK-8325680: Uninitialised memory in deleteGSSCB of GSSLibStub.c:179 + JDK-8325682: Rename nsk_strace.h + JDK-8325910: Rename jnihelper.h + JDK-8326090: Rename jvmti_aod.h + JDK-8326389: [test] improve assertEquals failure output + JDK-8326524: Rename agent_common.h + JDK-8326586: Improve Speed of System.map + JDK-8327071: [Testbug] g-tests for cgroup leave files in /tmp on linux + JDK-8327169: serviceability/dcmd/vm/SystemMapTest.java and SystemDumpMapTest.java may fail after JDK-8326586 + JDK-8327370: (ch) sun.nio.ch.Poller.register throws AssertionError + JDK-8327461: KeyStore getEntry is not thread-safe + JDK-8328107: Shenandoah/C2: TestVerifyLoopOptimizations test failure + JDK-8328301: Convert Applet test ManualHTMLDataFlavorTest.java to main program + JDK-8328482: Convert and Open source few manual applet test to main based + JDK-8328484: Convert and Opensource few JFileChooser applet test to main + JDK-8328648: Remove applet usage from JFileChooser tests bug4150029 + JDK-8328670: Automate and open source few closed manual applet test + JDK-8328673: Convert closed text/html/CSS manual applet test to main + JDK-8328864: NullPointerException in sun.security.jca.ProviderList.getService() + JDK-8329261: G1: interpreter post-barrier x86 code asserts index size of wrong buffer + JDK-8329729: java/util/Properties/StoreReproducibilityTest.java times out + JDK-8330106: C2: VectorInsertNode::make() shouldn't call ConINode::make() directly + JDK-8330158: C2: Loop strip mining uses ABS with min int + JDK-8330534: Update nsk/jdwp tests to use driver instead of othervm + JDK-8330598: java/net/httpclient/Http1ChunkedTest.java fails with java.util.MissingFormatArgumentException: Format specifier '%s' + JDK-8330936: [ubsan] exclude function BilinearInterp and ShapeSINextSpan in libawt java2d from ubsan checks + JDK-8331088: Incorrect TraceLoopPredicate output + JDK-8331735: UpcallLinker::on_exit races with GC when copying frame anchor + JDK-8332252: Clean up vmTestbase/vm/share + JDK-8332506: SIGFPE In ObjectSynchronizer::is_async_deflation_needed() + JDK-8332631: Update nsk.share.jpda.BindServer to don't use finalization + JDK-8332641: Update nsk.share.jpda.Jdb to don't use finalization + JDK-8332880: JFR GCHelper class recognizes 'Archive' regions as valid + JDK-8332921: Ctrl+C does not call shutdown hooks after JLine upgrade + JDK-8333013: Update vmTestbase/nsk/share/LocalProcess.java to don't use finalization + JDK-8333117: Remove support of remote and manual debuggee launchers + JDK-8333680: com/sun/tools/attach/BasicTests.java fails with 'SocketException: Permission denied: connect' + JDK-8333805: Replaying compilation with null static final fields results in a crash + JDK-8333890: Fatal error in auto-vectorizer with float16 kernel. + JDK-8334644: Automate javax/print/attribute/PageRangesException.java + JDK-8334780: Crash: assert(h_array_list.not_null()) failed: invariant + JDK-8334895: OpenJDK fails to configure on linux aarch64 when CDS is disabled after JDK-8331942 + JDK-8335181: Incorrect handling of HTTP/2 GOAWAY frames in HttpClient + JDK-8335643: serviceability/dcmd/vm tests fail for ZGC after JDK-8322475 + JDK-8335662: [AArch64] C1: guarantee(val < (1ULL << nbits)) failed: Field too big for insn + JDK-8335684: Test ThreadCpuTime.java should pause like ThreadCpuTimeArray.java + JDK-8335710: serviceability/dcmd/vm/SystemDumpMapTest.java and SystemMapTest.java fail on Linux Alpine after 8322475 + JDK-8335836: serviceability/jvmti/StartPhase/AllowedFunctions/ /AllowedFunctions.java fails with unexpected exit code: 112 + JDK-8335860: compiler/vectorization/ /TestFloat16VectorConvChain.java fails with non-standard AVX/SSE settings + JDK-8336042: Caller/callee param size mismatch in deoptimization causes crash + JDK-8336499: Failure when creating non-CRT RSA private keys in SunPKCS11 + JDK-8336587: failure_handler lldb command times out on macosx-aarch64 core file + JDK-8336827: compiler/vectorization/ /TestFloat16VectorConvChain.java timeouts on ppc64 platforms after JDK-8335860 + JDK-8337221: CompileFramework: test library to conveniently compile java and jasm sources for fuzzing + JDK-8337299: vmTestbase/nsk/jdb/stop_at/stop_at002/ /stop_at002.java failure goes undetected + JDK-8337681: PNGImageWriter uses much more memory than necessary + JDK-8337795: Type annotation attached to incorrect type during class reading + JDK-8337958: Out-of-bounds array access in secondary_super_cache + JDK-8337981: ShenandoahHeap::is_in should check for alive regions + JDK-8337998: CompletionFailure in getEnclosingType attaching type annotations + JDK-8338010: WB_IsFrameDeoptimized miss ResourceMark + JDK-8338064: Give better error for ConcurrentHashTable corruption + JDK-8338136: Hotspot should support multiple large page sizes on Windows + JDK-8338154: Fix -Wzero-as-null-pointer-constant warnings in gtest framework + JDK-8338202: Shenandoah: Improve handshake closure labels + JDK-8338314: JFR: Split JFRCheckpoint VM operation + JDK-8339148: Make os::Linux::active_processor_count() public + JDK-8339288: Improve diagnostic logging runtime/cds/DeterministicDump.java + JDK-8339300: CollectorPolicy.young_scaled_initial_ergo_vm gtest fails on ppc64 based platforms + JDK-8339538: Wrong timeout computations in DnsClient + JDK-8339639: Opensource few AWT PopupMenu tests + JDK-8339678: Update runtime/condy tests to be executed with VM flags + JDK-8339727: Open source several AWT focus tests - series 1 + JDK-8339769: Incorrect error message during startup if working directory does not exist + JDK-8339794: Open source closed choice tests #1 + JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract + JDK-8339836: Open source several AWT Mouse tests - Batch 1 + JDK-8339842: Open source several AWT focus tests - series 2 + JDK-8339895: Open source several AWT focus tests - series 3 + JDK-8339906: Open source several AWT focus tests - series 4 + JDK-8339935: Open source several AWT focus tests - series 5 + JDK-8339982: Open source several AWT Mouse tests - Batch 2 + JDK-8339984: Open source AWT MenuItem related tests + JDK-8339995: Open source several AWT focus tests - series 6 + JDK-8340024: In ClassReader, extract a constant for the superclass supertype_index + JDK-8340077: Open source few Checkbox tests - Set2 + JDK-8340084: Open source AWT Frame related tests + JDK-8340143: Open source several Java2D rendering loop tests. + JDK-8340146: ZGC: TestAllocateHeapAt.java should not run with UseLargePages + JDK-8340164: Open source few Component tests - Set1 + JDK-8340173: Open source some Component/Panel/EventQueue tests - Set2 + JDK-8340176: Replace usage of -noclassgc with -Xnoclassgc in test/jdk/java/lang/management/MemoryMXBean/LowMemoryTest2.java + JDK-8340193: Open source several AWT Dialog tests - Batch 1 + JDK-8340228: Open source couple more miscellaneous AWT tests + JDK-8340271: Open source several AWT Robot tests + JDK-8340279: Open source several AWT Dialog tests - Batch 2 + JDK-8340332: Open source mixed AWT tests - Set3 + JDK-8340366: Open source several AWT Dialog tests - Batch 3 + JDK-8340367: Opensource few AWT image tests + JDK-8340393: Open source closed choice tests #2 + JDK-8340407: Open source a few more Component related tests + JDK-8340417: Open source some MenuBar tests - Set1 + JDK-8340432: Open source some MenuBar tests - Set2 + JDK-8340433: Open source closed choice tests #3 + JDK-8340437: Open source few more AWT Frame related tests + JDK-8340458: Open source additional Component tests (part 2) + JDK-8340555: Open source DnD tests - Set4 + JDK-8340560: Open Source several AWT/2D font and rendering tests + JDK-8340605: Open source several AWT PopupMenu tests + JDK-8340621: Open source several AWT List tests + JDK-8340625: Open source additional Component tests (part 3) + JDK-8340639: Open source few more AWT List tests + JDK-8340713: Open source DnD tests - Set5 + JDK-8340784: Remove PassFailJFrame constructor with screenshots + JDK-8340790: Open source several AWT Dialog tests - Batch 4 + JDK-8340809: Open source few more AWT PopupMenu tests + JDK-8340874: Open source some of the AWT Geometry/Button tests + JDK-8340907: Open source closed frame tests # 2 + JDK-8340966: Open source few Checkbox and Cursor tests - Set1 + JDK-8340967: Open source few Cursor tests - Set2 + JDK-8340978: Open source few DnD tests - Set6 + JDK-8340985: Open source some Desktop related tests + JDK-8341000: Open source some of the AWT Window tests + JDK-8341004: Open source AWT FileDialog related tests + JDK-8341072: Open source several AWT Canvas and Rectangle related tests + JDK-8341128: open source some 2d graphics tests + JDK-8341148: Open source several Choice related tests + JDK-8341162: Open source some of the AWT window test + JDK-8341170: Open source several Choice related tests (part 2) + JDK-8341177: Opensource few List and a Window test + JDK-8341191: Open source few more AWT FileDialog tests + JDK-8341239: Open source closed frame tests # 3 + JDK-8341257: Open source few DND tests - Set1 + JDK-8341258: Open source few various AWT tests - Set1 + JDK-8341278: Open source few TrayIcon tests - Set7 + JDK-8341298: Open source more AWT window tests + JDK-8341373: Open source closed frame tests # 4 + JDK-8341378: Open source few TrayIcon tests - Set8 + JDK-8341447: Open source closed frame tests # 5 + JDK-8341535: sun/awt/font/TestDevTransform.java fails with RuntimeException: Different rendering + JDK-8341637: java/net/Socket/UdpSocket.java fails with 'java.net.BindException: Address already in use' (macos-aarch64) + JDK-8341779: [REDO BACKPORT] type annotations are not visible to javac plugins across compilation boundaries (JDK-8225377) + JDK-8341972: java/awt/dnd/DnDRemoveFocusOwnerCrashTest.java timed out after JDK-8341257 + JDK-8342075: HttpClient: improve HTTP/2 flow control checks + JDK-8342376: More reliable OOM handling in ExceptionDuringDumpAtObjectsInitPhase test + JDK-8342524: Use latch in AbstractButton/bug6298940.java instead of delay + JDK-8342633: javax/management/security/ /HashedPasswordFileTest.java creates tmp file in src dir + JDK-8342958: Use jvmArgs consistently in microbenchmarks + JDK-8343019: Primitive caches must use boxed instances from the archive + JDK-8343037: Missing @since tag on JColorChooser.showDialog overload + JDK-8343103: Enable debug logging for vmTestbase/nsk/jvmti/ /scenarios/sampling/SP05/sp05t003/TestDescription.java + JDK-8343124: Tests fails with java.lang.IllegalAccessException: class com.sun.javatest.regtest.agent.MainWrapper$MainTask cannot access + JDK-8343144: UpcallLinker::on_entry racingly clears pending exception with GC safepoints + JDK-8343170: java/awt/Cursor/JPanelCursorTest/ /JPanelCursorTest.java does not show the default cursor + JDK-8343224: print/Dialog/PaperSizeError.java fails with MediaSizeName is not A4: A4 + JDK-8343342: java/io/File/GetXSpace.java fails on Windows with CD-ROM drive + JDK-8343345: Use -jvmArgsPrepend when running microbenchmarks in RunTests.gmk + JDK-8343529: serviceability/sa/ClhsdbWhere.java fails AssertionFailure: Corrupted constant pool + JDK-8343754: Problemlist jdk/jfr/event/oldobject/TestShenandoah.java after JDK-8279016 + JDK-8343855: HTTP/2 ConnectionWindowUpdateSender may miss some unprocessed DataFrames from closed streams + JDK-8343891: Test javax/swing/JTabbedPane/ /TestJTabbedPaneBackgroundColor.java failed + JDK-8343936: Adjust timeout in test javax/management/monitor/DerivedGaugeMonitorTest.java + JDK-8344316: security/auth/callback/TextCallbackHandler/ /Password.java make runnable with JTReg and add the UI + JDK-8344346: java/net/httpclient/ShutdownNow.java fails with java.lang.AssertionError: client was still running, but exited after further delay: timeout should be adjusted + JDK-8344361: Restore null return for invalid services from legacy providers + JDK-8344414: ZGC: Another division by zero in rule_major_allocation_rate + JDK-8344925: translet-name ignored when package-name is also set + JDK-8345133: Test sun/security/tools/jarsigner/ /TsacertOptionTest.java failed: Warning found in stdout + JDK-8345134: Test sun/security/tools/jarsigner/ /ConciseJarsigner.java failed: unable to find valid certification path to requested target + JDK-8345146: [PPC64] Make intrinsic conversions between bit representations of half precision values and floats + JDK-8345341: Fix incorrect log message in JDI stop002t test + JDK-8345357: test/jdk/javax/swing/JRadioButton/8033699/ /bug8033699.java fails in ubuntu22.04 + JDK-8345447: test/jdk/javax/swing/JToolBar/4529206/ /bug4529206.java fails in ubuntu22.04 + JDK-8345547: test/jdk/javax/swing/text/DefaultEditorKit/ /4278839/bug4278839.java fails in ubuntu22.04 + JDK-8345598: Upgrade NSS binaries for interop tests + JDK-8345625: Better HTTP connections + JDK-8345728: [Accessibility,macOS,Screen Magnifier]: JCheckbox unchecked state does not magnify but works for checked state + JDK-8345838: Remove the appcds/javaldr/AnonVmClassesDuringDump.java test + JDK-8346049: jdk/test/lib/security/timestamp/TsaServer.java warnings + JDK-8346082: Output JVMTI agent information in hserr files + JDK-8346264: 'Total compile time' counter should include time spent in failing/bailout compiles + JDK-8346581: JRadioButton/ButtonGroupFocusTest.java fails in CI on Linux + JDK-8346888: [ubsan] block.cpp:1617:30: runtime error: 9.97582e+36 is outside the range of representable values of type 'int' + JDK-8347000: Bug in com/sun/net/httpserver/bugs/B6361557.java test + JDK-8347019: Test javax/swing/JRadioButton/8033699/ /bug8033699.java still fails: Focus is not on Radio Button Single as Expected + JDK-8347083: Incomplete logging in nsk/jvmti/ /ResourceExhausted/resexhausted00* tests + JDK-8347126: gc/stress/TestStressG1Uncommit.java gets OOM-killed + JDK-8347173: java/net/DatagramSocket/ /InterruptibleDatagramSocket.java fails with virtual thread factory + JDK-8347286: (fs) Remove some extensions from java/nio/file/Files/probeContentType/Basic.java + JDK-8347296: WinInstallerUiTest fails in local test runs if the path to test work directory is longer that regular + JDK-8347373: HTTP/2 flow control checks may count unprocessed data twice + JDK-8347506: Compatible OCSP readtimeout property with OCSP timeout + JDK-8347596: Update HSS/LMS public key encoding + JDK-8347629: Test FailOverDirectExecutionControlTest.java fails with -Xcomp + JDK-8347995: Race condition in jdk/java/net/httpclient/ /offline/FixedResponseHttpClient.java + JDK-8348107: test/jdk/java/net/httpclient/ /HttpsTunnelAuthTest.java fails intermittently + JDK-8348110: Update LCMS to 2.17 + JDK-8348299: Update List/ItemEventTest/ItemEventTest.java + JDK-8348323: Corrupted timezone string in JVM crash log + JDK-8348596: Update FreeType to 2.13.3 + JDK-8348597: Update HarfBuzz to 10.4.0 + JDK-8348598: Update Libpng to 1.6.47 + JDK-8348600: Update PipeWire to 1.3.81 + JDK-8348865: JButton/bug4796987.java never runs because Windows XP is unavailable + JDK-8348936: [Accessibility,macOS,VoiceOver] VoiceOver doesn't announce untick on toggling the checkbox with 'space' key on macOS + JDK-8348989: Better Glyph drawing + JDK-8349111: Enhance Swing supports + JDK-8349200: [JMH] time.format.ZonedDateTimeFormatterBenchmark fails + JDK-8349348: Refactor ClassLoaderDeadlock.sh and Deadlock.sh to run fully in java + JDK-8349358: [JMH] Cannot access class jdk.internal.vm.ContinuationScope + JDK-8349492: Update sun/security/pkcs12/ /KeytoolOpensslInteropTest.java to use a recent Openssl version + JDK-8349501: Relocate supporting classes in security/testlibrary to test/lib/jdk tree + JDK-8349594: Enhance TLS protocol support + JDK-8349623: [ASAN] Gtest os_linux.glibc_mallinfo_wrapper_vm fails + JDK-8349637: Integer.numberOfLeadingZeros outputs incorrectly in certain cases + JDK-8349751: AIX build failure after upgrade pipewire to 1.3.81 + JDK-8350201: Out of bounds access on Linux aarch64 in os::print_register_info + JDK-8350211: CTW: Attempt to preload all classes in constant pool + JDK-8350224: Test javax/swing/JComboBox/ /TestComboBoxComponentRendering.java fails in ubuntu 23.x and later + JDK-8350260: Improve HTML instruction formatting in PassFailJFrame + JDK-8350313: Include timings for leaving safepoint in safepoint logging + JDK-8350383: Test: add more test case for string compare (UL case) + JDK-8350386: Test TestCodeCacheFull.java fails with option -XX:-UseCodeCacheFlushing + JDK-8350412: [21u] AArch64: Ambiguous frame layout leads to incorrect traces in JFR + JDK-8350483: AArch64: turn on signum intrinsics by default on Ampere CPUs + JDK-8350498: Remove two Camerfirma root CA certificates + JDK-8350546: Several java/net/InetAddress tests fails UnknownHostException + JDK-8350616: Skip ValidateHazardPtrsClosure in non-debug builds + JDK-8350650: Bump update version for OpenJDK: jdk-21.0.8 + JDK-8350682: [JMH] vector.IndexInRangeBenchmark failed with IndexOutOfBoundsException for size=1024 + JDK-8350786: Some java/lang jtreg tests miss requires vm.hasJFR + JDK-8350924: javax/swing/JMenu/4213634/bug4213634.java fails + JDK-8350991: Improve HTTP client header handling + JDK-8351086: (fc) Make java/nio/channels/FileChannel/ /BlockDeviceSize.java test manual + JDK-8351500: G1: NUMA migrations cause crashes in region allocation + JDK-8351665: Remove unused UseNUMA in os_aix.cpp + JDK-8351933: Inaccurate masking of TC subfield decrement in ForkJoinPool + JDK-8352076: [21u] Problem list tests that fail in 21 and would be fixed by 8309622 + JDK-8352109: java/awt/Desktop/MailTest.java fails in platforms where Action.MAIL is not supported + JDK-8352302: Test sun/security/tools/jarsigner/ /TimestampCheck.java is failing + JDK-8352512: TestVectorZeroCount: counter not reset between iterations + JDK-8352676: Opensource JMenu tests - series1 + JDK-8352680: Opensource few misc swing tests + JDK-8352684: Opensource JInternalFrame tests - series1 + JDK-8352706: httpclient HeadTest does not run on HTTP2 + JDK-8352716: (tz) Update Timezone Data to 2025b + JDK-8352908: Open source several swing tests batch1 + JDK-8352942: jdk/jfr/startupargs/TestMemoryOptions.java fails with 32-bit build + JDK-8353070: Clean up and open source couple AWT Graphics related tests (Part 1) + JDK-8353138: Screen capture for test TaskbarPositionTest.java, failure case + JDK-8353190: Use '/native' Run Option for TestAvailableProcessors Execution + JDK-8353237: [AArch64] Incorrect result of VectorizedHashCode intrinsic on Cortex-A53 + JDK-8353320: Open source more Swing text tests + JDK-8353446: Open source several AWT Menu tests - Batch 2 + JDK-8353475: Open source two Swing DefaultCaret tests + JDK-8353685: Open some JComboBox bugs 4 + JDK-8353709: Debug symbols bundle should contain full debug files when building --with-external-symbols-in-bundles=public + JDK-8353787: Increased number of SHA-384-Digest java.util.jar.Attributes$Name instances leading to higher memory footprint + JDK-8353942: Open source Swing Tests - Set 5 + JDK-8354255: [jittester] Remove TempDir debug output + JDK-8354530: AIX: sporadic unexpected errno when calling setsockopt in Net.joinOrDrop + JDK-8354554: Open source several clipboard tests batch1 + JDK-8354802: MAX_SECS definition is unused in os_linux + JDK-8354893: [REDO BACKPORT] javac crashes while adding type annotations to the return type of a constructor (JDK-8320001) + JDK-8355498: [AIX] Adapt code for C++ VLA rule + JDK-8356053: Test java/awt/Toolkit/Headless/ /HeadlessToolkit.java fails by timeout + JDK-8356096: ISO 4217 Amendment 179 Update + JDK-8356571: Re-enable -Wtype-limits for GCC in LCMS + JDK-8357105: C2: compilation fails with 'assert(false) failed: empty program detected during loop optimization' + JDK-8357193: [VS 2022 17.14] Warning C5287 in debugInit.c: enum type mismatch during build + JDK-8359170: Add 2 TLS and 2 CS Sectigo roots + JDK-8360147: Better Glyph drawing redux + JDK-8360406: [21u] Disable logic for attaching type annotations to class files until 8359336 is fixed + JDK-8361672: [21u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.8 The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - openssl-3-3.2.3-150700.5.15.1 updated - java-21-openjdk-headless-21.0.8.0-150600.3.15.1 updated - java-21-openjdk-21.0.8.0-150600.3.15.1 updated - java-21-openjdk-devel-21.0.8.0-150600.3.15.1 updated - container:bci-openjdk-21-15.7.21-11.4 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:25:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:25:42 +0200 (CEST) Subject: SUSE-CU-2025:5920-1: Security update of suse/pcp Message-ID: <20250805112542.38FECFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5920-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-62.6 , suse/pcp:latest Container Release : 62.6 Severity : important Type : security References : 1230959 1231748 1232326 1246296 1246428 CVE-2025-7425 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2617-1 Released: Mon Aug 4 09:04:59 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.12.10-150700.4.6.1 updated - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - container:bci-bci-init-15.7-d67e8846cd79c9be11b8ee033b5a98cfba530a2f994e608771f1594599f54840-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:25:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:25:51 +0200 (CEST) Subject: SUSE-CU-2025:5921-1: Security update of bci/php-apache Message-ID: <20250805112551.BBAA0FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5921-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.3.23 , bci/php-apache:8.3.23-12.5 , bci/php-apache:latest Container Release : 12.5 Severity : important Type : security References : 1230959 1231748 1232326 1246169 1246296 1246302 1246303 1246305 1246306 1246307 1246428 1246477 CVE-2024-42516 CVE-2024-43204 CVE-2024-47252 CVE-2025-23048 CVE-2025-49630 CVE-2025-49812 CVE-2025-53020 CVE-2025-7425 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2617-1 Released: Mon Aug 4 09:04:59 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2685-1 Released: Mon Aug 4 17:08:00 2025 Summary: Security update for apache2 Type: security Severity: important References: 1246169,1246302,1246303,1246305,1246306,1246307,1246477,CVE-2024-42516,CVE-2024-43204,CVE-2024-47252,CVE-2025-23048,CVE-2025-49630,CVE-2025-49812,CVE-2025-53020 This update for apache2 fixes the following issues: - CVE-2024-42516: Fixed HTTP response splitting. (bsc#1246477) - CVE-2024-43204: Fixed a SSRF when mod_proxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. (bsc#1246305) - CVE-2024-47252: Fixed insufficient escaping of user-supplied data in mod_ssl allows an untrusted SSL/TLS client to insert escape characters into log file. (bsc#1246303) - CVE-2025-23048: Fixed access control bypass by trusted clients through TLS 1.3 session resumption in some mod_ssl configurations. (bsc#1246302) - CVE-2025-49630: Fixed denial of service can be triggered by untrusted clients causing an assertion in mod_proxy_http2. (bsc#1246307) - CVE-2025-49812: Fixed Opossum Attack Application Layer Desynchronization using Opportunistic TLS. (bsc#1246169) - CVE-2025-53020: Fixed HTTP/2 denial of service due to late release of memory after effective lifetime. (bsc#1246306) The following package changes have been done: - libxml2-2-2.12.10-150700.4.6.1 updated - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - apache2-prefork-2.4.62-150700.4.3.1 updated - apache2-2.4.62-150700.4.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:26:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:26:00 +0200 (CEST) Subject: SUSE-CU-2025:5922-1: Security update of bci/php-fpm Message-ID: <20250805112600.01F69FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5922-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.3.23 , bci/php-fpm:8.3.23-12.2 , bci/php-fpm:latest Container Release : 12.2 Severity : important Type : security References : 1246232 1246233 1246267 1246299 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-6395 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2595-1 Released: Fri Aug 1 17:13:59 2025 Summary: Security update for gnutls Type: security Severity: important References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) The following package changes have been done: - libgnutls30-3.8.3-150600.4.9.1 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:26:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:26:00 +0200 (CEST) Subject: SUSE-CU-2025:5923-1: Security update of bci/php-fpm Message-ID: <20250805112600.B2122FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5923-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.3.23 , bci/php-fpm:8.3.23-12.4 , bci/php-fpm:latest Container Release : 12.4 Severity : important Type : security References : 1230959 1231748 1232326 1246296 1246428 CVE-2025-7425 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2617-1 Released: Mon Aug 4 09:04:59 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.12.10-150700.4.6.1 updated - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:51:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:51:20 +0200 (CEST) Subject: SUSE-CU-2025:5923-1: Security update of bci/php-fpm Message-ID: <20250805115120.676A8FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5923-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.3.23 , bci/php-fpm:8.3.23-12.4 , bci/php-fpm:latest Container Release : 12.4 Severity : important Type : security References : 1230959 1231748 1232326 1246296 1246428 CVE-2025-7425 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2617-1 Released: Mon Aug 4 09:04:59 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.12.10-150700.4.6.1 updated - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:51:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:51:28 +0200 (CEST) Subject: SUSE-CU-2025:5924-1: Security update of bci/php Message-ID: <20250805115128.2E1EFFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5924-1 Container Tags : bci/php:8 , bci/php:8.3.23 , bci/php:8.3.23-12.2 , bci/php:latest Container Release : 12.2 Severity : important Type : security References : 1246232 1246233 1246267 1246299 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-6395 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2595-1 Released: Fri Aug 1 17:13:59 2025 Summary: Security update for gnutls Type: security Severity: important References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) The following package changes have been done: - libgnutls30-3.8.3-150600.4.9.1 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:51:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:51:28 +0200 (CEST) Subject: SUSE-CU-2025:5925-1: Security update of bci/php Message-ID: <20250805115128.EF8C9FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5925-1 Container Tags : bci/php:8 , bci/php:8.3.23 , bci/php:8.3.23-12.3 , bci/php:latest Container Release : 12.3 Severity : important Type : security References : 1230959 1231748 1232326 1246296 1246428 CVE-2025-7425 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2617-1 Released: Mon Aug 4 09:04:59 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.12.10-150700.4.6.1 updated - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:51:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:51:35 +0200 (CEST) Subject: SUSE-CU-2025:5926-1: Security update of suse/postgres Message-ID: <20250805115135.6865AFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5926-1 Container Tags : suse/postgres:16 , suse/postgres:16.9 , suse/postgres:16.9 , suse/postgres:16.9-74.4 Container Release : 74.4 Severity : important Type : security References : 1230959 1231748 1232326 1246296 1246428 CVE-2025-7425 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2617-1 Released: Mon Aug 4 09:04:59 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.12.10-150700.4.6.1 updated - libopenssl3-3.2.3-150700.5.15.1 updated - container:suse-sle15-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:51:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:51:41 +0200 (CEST) Subject: SUSE-CU-2025:5927-1: Security update of suse/postgres Message-ID: <20250805115141.7CC94FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5927-1 Container Tags : suse/postgres:17 , suse/postgres:17.5 , suse/postgres:17.5 , suse/postgres:17.5-64.4 , suse/postgres:latest Container Release : 64.4 Severity : important Type : security References : 1230959 1231748 1232326 1246296 1246428 CVE-2025-7425 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2617-1 Released: Mon Aug 4 09:04:59 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.12.10-150700.4.6.1 updated - libopenssl3-3.2.3-150700.5.15.1 updated - container:suse-sle15-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:51:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:51:51 +0200 (CEST) Subject: SUSE-CU-2025:5929-1: Recommended update of bci/python Message-ID: <20250805115151.7B408FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5929-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.13 , bci/python:3.11.13-74.3 Container Release : 74.3 Severity : important Type : recommended References : 1230959 1231748 1232326 1246428 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - openssl-3-3.2.3-150700.5.15.1 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:52:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:52:02 +0200 (CEST) Subject: SUSE-CU-2025:5931-1: Recommended update of bci/python Message-ID: <20250805115202.4B299FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5931-1 Container Tags : bci/python:3 , bci/python:3.13 , bci/python:3.13.5 , bci/python:3.13.5-76.3 , bci/python:latest Container Release : 76.3 Severity : important Type : recommended References : 1230959 1231748 1232326 1246428 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - openssl-3-3.2.3-150700.5.15.1 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:52:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:52:12 +0200 (CEST) Subject: SUSE-CU-2025:5933-1: Recommended update of bci/python Message-ID: <20250805115212.8181AFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5933-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-73.3 Container Release : 73.3 Severity : important Type : recommended References : 1230959 1231748 1232326 1246428 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - openssl-3-3.2.3-150700.5.15.1 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:52:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:52:16 +0200 (CEST) Subject: SUSE-CU-2025:5934-1: Recommended update of suse/mariadb-client Message-ID: <20250805115216.4F57BFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5934-1 Container Tags : suse/mariadb-client:11.4 , suse/mariadb-client:11.4.5 , suse/mariadb-client:11.4.5-63.3 , suse/mariadb-client:latest Container Release : 63.3 Severity : important Type : recommended References : 1230959 1231748 1232326 1246428 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - container:suse-sle15-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:52:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:52:21 +0200 (CEST) Subject: SUSE-CU-2025:5935-1: Security update of suse/mariadb Message-ID: <20250805115221.949ADFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5935-1 Container Tags : suse/mariadb:11.4 , suse/mariadb:11.4.5 , suse/mariadb:11.4.5-63.4 , suse/mariadb:latest Container Release : 63.4 Severity : important Type : security References : 1230959 1231748 1232326 1246296 1246428 CVE-2025-7425 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2617-1 Released: Mon Aug 4 09:04:59 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.12.10-150700.4.6.1 updated - libopenssl3-3.2.3-150700.5.15.1 updated - openssl-3-3.2.3-150700.5.15.1 updated - container:suse-sle15-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:52:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:52:30 +0200 (CEST) Subject: SUSE-CU-2025:5936-1: Security update of suse/rmt-server Message-ID: <20250805115230.5AFE3FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5936-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.23 , suse/rmt-server:2.23-73.4 , suse/rmt-server:latest Container Release : 73.4 Severity : important Type : security References : 1230959 1231748 1232326 1246296 1246428 CVE-2025-7425 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2617-1 Released: Mon Aug 4 09:04:59 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.12.10-150700.4.6.1 updated - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:52:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:52:39 +0200 (CEST) Subject: SUSE-CU-2025:5937-1: Security update of bci/ruby Message-ID: <20250805115239.4BC73FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5937-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-13.3 Container Release : 13.3 Severity : important Type : security References : 1230959 1231748 1232326 1246428 1246597 CVE-2025-6965 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - sqlite3-devel-3.50.2-150000.3.33.1 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:52:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:52:48 +0200 (CEST) Subject: SUSE-CU-2025:5938-1: Security update of bci/ruby Message-ID: <20250805115248.34D40FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5938-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-12.3 , bci/ruby:latest Container Release : 12.3 Severity : important Type : security References : 1230959 1231748 1232326 1246428 1246597 CVE-2025-6965 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - sqlite3-devel-3.50.2-150000.3.33.1 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:52:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:52:55 +0200 (CEST) Subject: SUSE-CU-2025:5939-1: Recommended update of bci/rust Message-ID: <20250805115255.BAEDBFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5939-1 Container Tags : bci/rust:1.87 , bci/rust:1.87.0 , bci/rust:1.87.0-2.3.2 , bci/rust:oldstable , bci/rust:oldstable-2.3.2 Container Release : 3.2 Severity : important Type : recommended References : 1230959 1231748 1232326 1246428 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:53:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:53:04 +0200 (CEST) Subject: SUSE-CU-2025:5940-1: Recommended update of bci/rust Message-ID: <20250805115304.3C863FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5940-1 Container Tags : bci/rust:1.88 , bci/rust:1.88.0 , bci/rust:1.88.0-1.3.2 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.3.2 Container Release : 3.2 Severity : important Type : recommended References : 1230959 1231748 1232326 1246428 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:53:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:53:10 +0200 (CEST) Subject: SUSE-CU-2025:5941-1: Security update of suse/samba-client Message-ID: <20250805115310.25154FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5941-1 Container Tags : suse/samba-client:4.21 , suse/samba-client:4.21 , suse/samba-client:4.21-64.4 , suse/samba-client:latest Container Release : 64.4 Severity : important Type : security References : 1246296 CVE-2025-7425 ----------------------------------------------------------------- The container suse/samba-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2617-1 Released: Mon Aug 4 09:04:59 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.12.10-150700.4.6.1 updated - container:suse-sle15-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:53:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:53:15 +0200 (CEST) Subject: SUSE-CU-2025:5942-1: Security update of suse/samba-server Message-ID: <20250805115315.74916FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5942-1 Container Tags : suse/samba-server:4.21 , suse/samba-server:4.21 , suse/samba-server:4.21-64.4 , suse/samba-server:latest Container Release : 64.4 Severity : important Type : security References : 1246296 CVE-2025-7425 ----------------------------------------------------------------- The container suse/samba-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2617-1 Released: Mon Aug 4 09:04:59 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.12.10-150700.4.6.1 updated - container:suse-sle15-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:53:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:53:21 +0200 (CEST) Subject: SUSE-CU-2025:5943-1: Security update of suse/samba-toolbox Message-ID: <20250805115321.152A8FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5943-1 Container Tags : suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21-64.4 , suse/samba-toolbox:latest Container Release : 64.4 Severity : important Type : security References : 1246296 CVE-2025-7425 ----------------------------------------------------------------- The container suse/samba-toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2617-1 Released: Mon Aug 4 09:04:59 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.12.10-150700.4.6.1 updated - container:suse-sle15-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:53:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:53:31 +0200 (CEST) Subject: SUSE-CU-2025:5944-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250805115331.84EE2FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5944-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-42.4 , bci/bci-sle15-kernel-module-devel:latest Container Release : 42.4 Severity : important Type : security References : 1230959 1231748 1232326 1246296 1246428 CVE-2025-7425 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2617-1 Released: Mon Aug 4 09:04:59 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.12.10-150700.4.6.1 updated - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - openssl-3-3.2.3-150700.5.15.1 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:53:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:53:39 +0200 (CEST) Subject: SUSE-CU-2025:5945-1: Security update of suse/sle15 Message-ID: <20250805115339.9802CFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5945-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-5.8.19 , bci/bci-base:latest , suse/sle15:15.7 , suse/sle15:15.7-5.8.19 , suse/sle15:latest Container Release : 5.8.19 Severity : important Type : security References : 1230267 1230959 1231748 1232326 1243279 1243457 1243486 1244042 1244710 1245220 1245452 1245496 1245672 1246296 1246428 CVE-2025-7425 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2558-1 Released: Wed Jul 30 22:14:27 2025 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: 1230267,1243279,1243457,1243486,1244042,1244710,1245220,1245452,1245496,1245672 This update for libsolv fixes the following issues: - Allow easy migration from SLE Micro 5.5 + SUMA to SL Micro 6.1+MLM (bsc#1243457). - implement color filtering when adding update targets. - support orderwithrequires dependencies in susedata.xml. - Fix SEGV in MediaDISK handler (bsc#1245452). - Fix evaluation of libproxy results (bsc#1244710). - Enhancements regarding mirror handling during repo refresh. Adapt to libzypp API changes (bsc#1230267). - Explicitly selecting DownloadAsNeeded also selects the classic_rpmtrans backend. - Enhancements with mirror handling during repo refresh, needs zypper 1.14.91. - Fix autotestcase when ZYPP_FULLLOG=1 (bsc#1244042) There was no testcase written for the very first solver run. - zypper does not allow distinctions between install and upgrade in %postinstall (bsc#1243279). - Ignore DeltaRpm download errors, in case of a failure the full rpm is downloaded (bsc#1245672). - Improve fix for incorrect filesize handling and download data exceeded errors on HTTP responses (bsc#1245220). - sh: Reset solver options after command (bsc#1245496). - BuildRequires: Now %{libsolv_devel_package} greater or equal to 0.7.34 is required (bsc#1243486). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2617-1 Released: Mon Aug 4 09:04:59 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - libopenssl3-3.2.3-150700.5.15.1 updated - libsolv-tools-base-0.7.34-150600.8.17.2 updated - libxml2-2-2.12.10-150700.4.6.1 updated - libzypp-17.37.10-150600.3.74.1 updated - openssl-3-3.2.3-150700.5.15.1 updated - zypper-1.14.92-150600.10.46.2 updated From sle-container-updates at lists.suse.com Tue Aug 5 11:53:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 13:53:43 +0200 (CEST) Subject: SUSE-CU-2025:5946-1: Recommended update of suse/stunnel Message-ID: <20250805115343.B0C14FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5946-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-63.3 , suse/stunnel:latest Container Release : 63.3 Severity : important Type : recommended References : 1230959 1231748 1232326 1246428 ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - container:suse-sle15-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 12:03:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 14:03:02 +0200 (CEST) Subject: SUSE-CU-2025:5946-1: Recommended update of suse/stunnel Message-ID: <20250805120302.B0A25FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5946-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-63.3 , suse/stunnel:latest Container Release : 63.3 Severity : important Type : recommended References : 1230959 1231748 1232326 1246428 ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - container:suse-sle15-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 12:03:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 14:03:07 +0200 (CEST) Subject: SUSE-CU-2025:5947-1: Security update of suse/valkey Message-ID: <20250805120307.C111BFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5947-1 Container Tags : suse/valkey:8 , suse/valkey:8.0 , suse/valkey:8.0.2 , suse/valkey:8.0.2-63.2 , suse/valkey:latest Container Release : 63.2 Severity : important Type : security References : 1230959 1231748 1232326 1246058 1246059 1246428 CVE-2025-32023 CVE-2025-48367 ----------------------------------------------------------------- The container suse/valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2594-1 Released: Fri Aug 1 17:13:15 2025 Summary: Security update for valkey Type: security Severity: important References: 1246058,1246059,CVE-2025-32023,CVE-2025-48367 This update for valkey fixes the following issues: - CVE-2025-32023: Fixed an out-of-bounds write when working with HyperLogLog commands that can lead to remote code execution. (bsc#1246059) - CVE-2025-48367: Fixed unauthenticated connection causing repeated IP protocol erros that can lead to client starvation and DoS. (bsc#1246058) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - valkey-8.0.2-150700.3.8.1 updated - container:registry.suse.com-bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 12:03:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 14:03:10 +0200 (CEST) Subject: SUSE-CU-2025:5948-1: Recommended update of suse/kiosk/xorg-client Message-ID: <20250805120310.244A0FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5948-1 Container Tags : suse/kiosk/xorg-client:21 , suse/kiosk/xorg-client:21-64.3 , suse/kiosk/xorg-client:latest Container Release : 64.3 Severity : important Type : recommended References : 1230959 1231748 1232326 1246428 ----------------------------------------------------------------- The container suse/kiosk/xorg-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) The following package changes have been done: - libopenssl3-3.2.3-150700.5.15.1 updated - container:suse-sle15-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 12:03:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 14:03:16 +0200 (CEST) Subject: SUSE-CU-2025:5949-1: Security update of suse/kiosk/xorg Message-ID: <20250805120316.3A57EFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5949-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-65.5 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 65.5 Severity : important Type : security References : 1230959 1231748 1232326 1246296 1246428 1246737 1246763 CVE-2025-7425 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2617-1 Released: Mon Aug 4 09:04:59 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2660-1 Released: Mon Aug 4 13:14:41 2025 Summary: Recommended update for alsa-ucm-conf Type: recommended Severity: important References: 1246737,1246763 This update for alsa-ucm-conf fixes the following issues: - Drop previous patches that caused regressions (bsc#1246737, bsc#1246763); - Keep the ACP-7 enablement patch meanwhile; The following package changes have been done: - alsa-ucm-conf-1.2.10-150600.3.8.1 updated - libxml2-2-2.12.10-150700.4.6.1 updated - libopenssl3-3.2.3-150700.5.15.1 updated - container:suse-sle15-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 updated From sle-container-updates at lists.suse.com Tue Aug 5 12:04:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 14:04:51 +0200 (CEST) Subject: SUSE-CU-2025:5950-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20250805120451.461F5FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5950-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16 , suse/manager/4.3/proxy-httpd:4.3.16.9.67.10 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.67.10 Severity : important Type : security References : 1243935 1246169 1246296 1246302 1246303 1246305 1246306 1246307 1246477 CVE-2024-42516 CVE-2024-43204 CVE-2024-47252 CVE-2025-23048 CVE-2025-4598 CVE-2025-49630 CVE-2025-49812 CVE-2025-53020 CVE-2025-7425 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2620-1 Released: Mon Aug 4 09:42:43 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2675-1 Released: Mon Aug 4 15:53:48 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1243935,CVE-2025-4598 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2682-1 Released: Mon Aug 4 17:05:33 2025 Summary: Security update for apache2 Type: security Severity: important References: 1246169,1246302,1246303,1246305,1246306,1246307,1246477,CVE-2024-42516,CVE-2024-43204,CVE-2024-47252,CVE-2025-23048,CVE-2025-49630,CVE-2025-49812,CVE-2025-53020 This update for apache2 fixes the following issues: - CVE-2024-42516: Fixed HTTP response splitting. (bsc#1246477) - CVE-2024-43204: Fixed a SSRF when mod_proxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. (bsc#1246305) - CVE-2024-47252: Fixed insufficient escaping of user-supplied data in mod_ssl allows an untrusted SSL/TLS client to insert escape characters into log file. (bsc#1246303) - CVE-2025-23048: Fixed access control bypass by trusted clients through TLS 1.3 session resumption in some mod_ssl configurations. (bsc#1246302) - CVE-2025-49630: Fixed denial of service can be triggered by untrusted clients causing an assertion in mod_proxy_http2. (bsc#1246307) - CVE-2025-49812: Fixed Opossum Attack Application Layer Desynchronization using Opportunistic TLS. (bsc#1246169) - CVE-2025-53020: Fixed HTTP/2 denial of service due to late release of memory after effective lifetime. (bsc#1246306) The following package changes have been done: - libxml2-2-2.9.14-150400.5.47.1 updated - apache2-utils-2.4.51-150400.6.46.1 updated - systemd-249.17-150400.8.49.2 updated - python3-libxml2-2.9.14-150400.5.47.1 updated - apache2-2.4.51-150400.6.46.1 updated - apache2-prefork-2.4.51-150400.6.46.1 updated - container:sles15-ltss-image-15.4.0-2.62 updated From sle-container-updates at lists.suse.com Tue Aug 5 12:04:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 14:04:52 +0200 (CEST) Subject: SUSE-CU-2025:5951-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20250805120452.1EB6AFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5951-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16 , suse/manager/4.3/proxy-httpd:4.3.16.9.67.11 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.67.11 Severity : important Type : security References : 1246597 CVE-2025-6965 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) The following package changes have been done: - libudev1-249.17-150400.8.49.2 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - libsystemd0-249.17-150400.8.49.2 updated - container:sles15-ltss-image-15.4.0-2.63 updated From sle-container-updates at lists.suse.com Tue Aug 5 12:05:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 14:05:55 +0200 (CEST) Subject: SUSE-CU-2025:5952-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250805120556.00CCDFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5952-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.16 , suse/manager/4.3/proxy-salt-broker:4.3.16.9.57.10 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.57.10 Severity : important Type : security References : 1246296 CVE-2025-7425 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2620-1 Released: Mon Aug 4 09:42:43 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.9.14-150400.5.47.1 updated - container:sles15-ltss-image-15.4.0-2.62 updated From sle-container-updates at lists.suse.com Tue Aug 5 12:05:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 14:05:56 +0200 (CEST) Subject: SUSE-CU-2025:5953-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250805120556.C9345FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5953-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.16 , suse/manager/4.3/proxy-salt-broker:4.3.16.9.57.11 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.57.11 Severity : important Type : security References : 1243935 1246597 CVE-2025-4598 CVE-2025-6965 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2675-1 Released: Mon Aug 4 15:53:48 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1243935,CVE-2025-4598 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). The following package changes have been done: - libudev1-249.17-150400.8.49.2 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - libsystemd0-249.17-150400.8.49.2 updated - container:sles15-ltss-image-15.4.0-2.63 updated From sle-container-updates at lists.suse.com Tue Aug 5 12:06:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 14:06:59 +0200 (CEST) Subject: SUSE-CU-2025:5954-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20250805120659.18117FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5954-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.16 , suse/manager/4.3/proxy-squid:4.3.16.9.66.8 , suse/manager/4.3/proxy-squid:latest Container Release : 9.66.8 Severity : important Type : security References : 1246296 CVE-2025-7425 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2620-1 Released: Mon Aug 4 09:42:43 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.9.14-150400.5.47.1 updated - container:sles15-ltss-image-15.4.0-2.62 updated From sle-container-updates at lists.suse.com Tue Aug 5 12:07:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 14:07:00 +0200 (CEST) Subject: SUSE-CU-2025:5955-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20250805120700.0CAF3FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5955-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.16 , suse/manager/4.3/proxy-squid:4.3.16.9.66.9 , suse/manager/4.3/proxy-squid:latest Container Release : 9.66.9 Severity : important Type : security References : 1246597 CVE-2025-6965 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - container:sles15-ltss-image-15.4.0-2.63 updated From sle-container-updates at lists.suse.com Tue Aug 5 12:08:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 14:08:06 +0200 (CEST) Subject: SUSE-CU-2025:5957-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20250805120806.084F0FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5957-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.16 , suse/manager/4.3/proxy-ssh:4.3.16.9.57.9 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.57.9 Severity : important Type : security References : 1243935 1246597 CVE-2025-4598 CVE-2025-6965 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2675-1 Released: Mon Aug 4 15:53:48 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1243935,CVE-2025-4598 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). The following package changes have been done: - libudev1-249.17-150400.8.49.2 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - libsystemd0-249.17-150400.8.49.2 updated - container:sles15-ltss-image-15.4.0-2.63 updated From sle-container-updates at lists.suse.com Tue Aug 5 12:09:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 14:09:11 +0200 (CEST) Subject: SUSE-CU-2025:5959-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20250805120911.7C9F9FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5959-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.16 , suse/manager/4.3/proxy-tftpd:4.3.16.9.57.10 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.57.10 Severity : important Type : security References : 1246597 CVE-2025-6965 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - container:sles15-ltss-image-15.4.0-2.63 updated From sle-container-updates at lists.suse.com Tue Aug 5 12:12:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 14:12:34 +0200 (CEST) Subject: SUSE-CU-2025:5960-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250805121234.446DFFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5960-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.155 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.155 Severity : important Type : security References : 1246296 CVE-2025-7425 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2621-1 Released: Mon Aug 4 09:43:34 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.9.7-150000.3.85.1 updated From sle-container-updates at lists.suse.com Tue Aug 5 12:12:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 14:12:35 +0200 (CEST) Subject: SUSE-CU-2025:5961-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250805121235.2388DFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5961-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.156 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.156 Severity : important Type : security References : 1246597 CVE-2025-6965 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated From sle-container-updates at lists.suse.com Tue Aug 5 12:17:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 14:17:41 +0200 (CEST) Subject: SUSE-CU-2025:5964-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250805121741.74AA4FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5964-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.157 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.157 Severity : important Type : security References : 1246296 CVE-2025-7425 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2621-1 Released: Mon Aug 4 09:43:34 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.9.7-150000.3.85.1 updated From sle-container-updates at lists.suse.com Tue Aug 5 12:17:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Aug 2025 14:17:42 +0200 (CEST) Subject: SUSE-CU-2025:5965-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250805121742.5F67CFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5965-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.158 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.158 Severity : important Type : security References : 1246597 CVE-2025-6965 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated From sle-container-updates at lists.suse.com Wed Aug 6 07:04:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 6 Aug 2025 09:04:41 +0200 (CEST) Subject: SUSE-IU-2025:2268-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250806070441.6FA9BFF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2268-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.193 , suse/sle-micro/base-5.5:latest Image Release : 5.8.193 Severity : moderate Type : security References : 1234959 CVE-2024-56738 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2706-1 Released: Tue Aug 5 12:08:28 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1234959,CVE-2024-56738 This update for grub2 fixes the following issues: - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959) The following package changes have been done: - grub2-2.06-150500.29.53.1 updated - grub2-i386-pc-2.06-150500.29.53.1 updated - grub2-x86_64-efi-2.06-150500.29.53.1 updated From sle-container-updates at lists.suse.com Thu Aug 7 07:03:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Aug 2025 09:03:24 +0200 (CEST) Subject: SUSE-CU-2025:5971-1: Recommended update of containers/milvus Message-ID: <20250807070324.49FC4FF2D@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5971-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.161 Container Release : 7.161 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 The following package changes have been done: - libsystemd0-254.27-150600.4.43.3 updated - container:registry.suse.com-bci-bci-base-15.6-6bdf253035dd8fecb088ab00a2657579bbea790e1632561a2ace364896c84a3e-0 updated - container:registry.suse.com-bci-bci-micro-15.6-592385970a14eee93496c33b7487ee31b306e6dcc3d2aa7a07be02c120d6bccb-0 updated From sle-container-updates at lists.suse.com Thu Aug 7 07:03:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Aug 2025 09:03:30 +0200 (CEST) Subject: SUSE-CU-2025:5972-1: Security update of containers/open-webui-pipelines Message-ID: <20250807070330.B847BFF2D@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui-pipelines ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5972-1 Container Tags : containers/open-webui-pipelines:0 , containers/open-webui-pipelines:0.20250329.151219 , containers/open-webui-pipelines:0.20250329.151219-6.1 Container Release : 6.1 Severity : important Type : security References : 1174673 1177864 1181994 1188006 1190858 1196647 1196647 1198176 1198752 1199079 1199467 1200800 1201680 1202868 1206212 1206622 1210617 1214248 1216862 1220356 1226469 1227525 1227547 1234798 1240009 1240343 1240343 CVE-2021-46828 CVE-2023-30608 CVE-2024-37891 CVE-2024-5569 ----------------------------------------------------------------- The container containers/open-webui-pipelines was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2148-1 Released: Thu Aug 6 13:36:17 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1174673 This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3274-1 Released: Fri Oct 1 10:34:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1190858 This update for ca-certificates-mozilla fixes the following issues: - remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires September 30th 2021 and openssl certificate chain handling does not handle this correctly in openssl 1.0.2 and older. (bsc#1190858) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3382-1 Released: Tue Oct 12 14:30:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: This update for ca-certificates-mozilla fixes the following issues: - A new sub-package for minimal base containers (jsc#SLE-22162) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3395-1 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1181994,1188006,1199079,1202868 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4502-1 Released: Tue Nov 21 12:14:58 2023 Summary: Feature update for python3 Type: feature Severity: low References: This feature update for python3 packages adds the following: - Second batch of new python-3.11 packages (jsc#PED-68) Updates to previosly released python 3.11 packages: - python-urllib3 to 2.0.7 - python-Sphinx to 7.2.6 - python-pytest to 7.4.2 - python-hypothesis to 6.82.7 - python-sphinxcontrib-serializinghtml to 1.1.9 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1637-1 Released: Tue May 14 14:22:14 2024 Summary: Recommended update for google-cloud SDK Type: recommended Severity: moderate References: 1210617,CVE-2023-30608 This update for google-cloud SDK fixes the following issues: - Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697) - Bellow 5 binaries Obsolete the python3.6 counterpart: python311-google-resumable-media python311-google-api-core python311-google-cloud-storage python311-google-cloud-core python311-googleapis-common-protos - Regular python311 updates (without Obsoletes): python-google-auth python-grpcio python-sqlparse - New python311 packages: libcrc32c python-google-cloud-appengine-logging python-google-cloud-artifact-registry python-google-cloud-audit-log python-google-cloud-build python-google-cloud-compute python-google-cloud-dns python-google-cloud-domains python-google-cloud-iam python-google-cloud-kms-inventory python-google-cloud-kms python-google-cloud-logging python-google-cloud-run python-google-cloud-secret-manager python-google-cloud-service-directory python-google-cloud-spanner python-google-cloud-vpc-access python-google-crc32c python-grpc-google-iam-v1 python-grpcio-status python-proto-plus In python-sqlparse this security issue was fixed: CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2320-1 Released: Mon Jul 8 13:13:54 2024 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1226469,CVE-2024-37891 This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header not stripped during cross-origin redirects (bsc#1226469). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2397-1 Released: Thu Jul 11 04:04:33 2024 Summary: Security update for python-zipp Type: security Severity: low References: 1227547,CVE-2024-5569 This update for python-zipp fixes the following issues: - CVE-2024-5569: Fixed DoS vulnerability when processing a specially crafted zip file (bsc#1227547). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) The following package changes have been done: - libsqlite3-0-3.50.1-150600.1.1 added - libtirpc-netconfig-1.3.4-150300.3.23.1 added - ca-certificates-mozilla-2.74-150200.41.1 added - libtirpc3-1.3.4-150300.3.23.1 added - libnsl2-1.2.0-2.44 added - python311-3.11.13-150600.3.30.1 added - python311-zipp-3.17.0-150600.3.3.1 added - python311-wrapt-1.16.0-150600.1.13 added - python311-idna-3.8-150600.1.13 added - python311-charset-normalizer-3.3.2-150600.1.13 added - python311-certifi-2024.7.4-150600.1.44 added - python311-protobuf-5.29.3-150600.3.2 added - python311-importlib-metadata-7.1.0-150600.1.13 added - python311-Deprecated-1.2.14-150400.10.7.2 added - python311-opentelemetry-exporter-otlp-proto-common-1.33.1-150600.1.1 added - python311-bcrypt-4.3.0-150600.1.3 added - python311-requests-2.32.3-150600.1.12 added - python311-opentelemetry-exporter-otlp-proto-http-1.33.1-150600.1.1 added - python311-typing_extensions-4.13.0-150600.1.1 added - python311-pycparser-2.21-150400.12.7.2 added - python311-cffi-1.17.0-150600.1.15 added - python311-opentelemetry-proto-1.33.1-150600.1.1 added - python311-googleapis-common-protos-1.63.2-150600.1.18 added - python311-opentelemetry-api-1.33.1-150600.1.1 added - python311-cryptography-43.0.1-150600.1.25 added - python311-opentelemetry-semantic-conventions-0.54b1-150600.1.1 added - python311-pyOpenSSL-24.2.1-150600.1.11 added - python311-opentelemetry-sdk-1.33.1-150600.1.1 added - python311-urllib3-2.0.7-150400.7.18.1 added - container:registry.suse.com-bci-bci-micro-15.6-592385970a14eee93496c33b7487ee31b306e6dcc3d2aa7a07be02c120d6bccb-0 updated From sle-container-updates at lists.suse.com Thu Aug 7 07:07:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Aug 2025 09:07:37 +0200 (CEST) Subject: SUSE-CU-2025:5973-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250807070737.1B321FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5973-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.87 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.87 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 The following package changes have been done: - libsystemd0-254.27-150600.4.43.3 updated - libudev1-254.27-150600.4.43.3 updated - systemd-254.27-150600.4.43.3 updated - udev-254.27-150600.4.43.3 updated From sle-container-updates at lists.suse.com Thu Aug 7 07:08:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Aug 2025 09:08:22 +0200 (CEST) Subject: SUSE-CU-2025:5974-1: Recommended update of bci/bci-init Message-ID: <20250807070822.DBA2DFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5974-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.45.7 Container Release : 45.7 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 The following package changes have been done: - libsystemd0-254.27-150600.4.43.3 updated - systemd-254.27-150600.4.43.3 updated From sle-container-updates at lists.suse.com Thu Aug 7 07:09:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Aug 2025 09:09:06 +0200 (CEST) Subject: SUSE-CU-2025:5975-1: Recommended update of bci/nodejs Message-ID: <20250807070906.AF67EFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5975-1 Container Tags : bci/node:20 , bci/node:20.19.2 , bci/node:20.19.2-55.6 , bci/nodejs:20 , bci/nodejs:20.19.2 , bci/nodejs:20.19.2-55.6 Container Release : 55.6 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 The following package changes have been done: - libsystemd0-254.27-150600.4.43.3 updated From sle-container-updates at lists.suse.com Thu Aug 7 07:09:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Aug 2025 09:09:57 +0200 (CEST) Subject: SUSE-CU-2025:5977-1: Recommended update of bci/python Message-ID: <20250807070957.330A3FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5977-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.11 , bci/python:3.12.11-72.7 Container Release : 72.7 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 The following package changes have been done: - libsystemd0-254.27-150600.4.43.3 updated From sle-container-updates at lists.suse.com Thu Aug 7 07:10:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Aug 2025 09:10:30 +0200 (CEST) Subject: SUSE-CU-2025:5978-1: Recommended update of suse/mariadb Message-ID: <20250807071030.5A1AAFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5978-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.11 , suse/mariadb:10.11.11-70.7 Container Release : 70.7 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 The following package changes have been done: - libsystemd0-254.27-150600.4.43.3 updated - container:suse-sle15-15.6-6bdf253035dd8fecb088ab00a2657579bbea790e1632561a2ace364896c84a3e-0 updated - container:registry.suse.com-bci-bci-micro-15.6-592385970a14eee93496c33b7487ee31b306e6dcc3d2aa7a07be02c120d6bccb-0 updated From sle-container-updates at lists.suse.com Thu Aug 7 07:12:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Aug 2025 09:12:18 +0200 (CEST) Subject: SUSE-CU-2025:5979-1: Recommended update of suse/sle15 Message-ID: <20250807071218.B8BE4FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5979-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.23.19 , suse/sle15:15.6 , suse/sle15:15.6.47.23.19 Container Release : 47.23.19 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 The following package changes have been done: - libudev1-254.27-150600.4.43.3 updated From sle-container-updates at lists.suse.com Thu Aug 7 07:13:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Aug 2025 09:13:14 +0200 (CEST) Subject: SUSE-CU-2025:5980-1: Recommended update of bci/spack Message-ID: <20250807071314.0A5E2FF1E@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5980-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.35 Container Release : 11.35 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 The following package changes have been done: - libsystemd0-254.27-150600.4.43.3 updated From sle-container-updates at lists.suse.com Thu Aug 7 07:13:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Aug 2025 09:13:41 +0200 (CEST) Subject: SUSE-CU-2025:5983-1: Recommended update of suse/bind Message-ID: <20250807071341.C224EFF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/bind ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5983-1 Container Tags : suse/bind:9 , suse/bind:9.20 , suse/bind:9.20.11 , suse/bind:9.20.11-65.8 , suse/bind:latest Container Release : 65.8 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/bind was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - container:suse-sle15-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Thu Aug 7 07:13:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Aug 2025 09:13:47 +0200 (CEST) Subject: SUSE-CU-2025:5984-1: Recommended update of suse/registry Message-ID: <20250807071347.03A00FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5984-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-7.2 , suse/registry:latest Container Release : 7.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated From sle-container-updates at lists.suse.com Thu Aug 7 07:14:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Aug 2025 09:14:13 +0200 (CEST) Subject: SUSE-CU-2025:5987-1: Recommended update of bci/bci-init Message-ID: <20250807071413.5DC72FF1E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5987-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-42.4 , bci/bci-init:latest Container Release : 42.4 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 The following package changes have been done: - libsystemd0-254.27-150600.4.43.3 updated - systemd-254.27-150600.4.43.3 updated From sle-container-updates at lists.suse.com Thu Aug 7 07:14:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Aug 2025 09:14:19 +0200 (CEST) Subject: SUSE-CU-2025:5988-1: Security update of suse/kiosk/firefox-esr Message-ID: <20250807071419.BF723FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5988-1 Container Tags : suse/kiosk/firefox-esr:140.1 , suse/kiosk/firefox-esr:140.1-64.6 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 64.6 Severity : important Type : security References : 1230959 1231748 1232326 1246232 1246233 1246267 1246296 1246299 1246428 1246597 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-6395 CVE-2025-6965 CVE-2025-7425 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2595-1 Released: Fri Aug 1 17:13:59 2025 Summary: Security update for gnutls Type: security Severity: important References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2617-1 Released: Mon Aug 4 09:04:59 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - libudev1-254.27-150600.4.43.3 updated - libxml2-2-2.12.10-150700.4.6.1 updated - libopenssl3-3.2.3-150700.5.15.1 updated - libsystemd0-254.27-150600.4.43.3 updated - libgnutls30-3.8.3-150600.4.9.1 updated - container:suse-sle15-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 updated From sle-container-updates at lists.suse.com Thu Aug 7 07:14:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Aug 2025 09:14:21 +0200 (CEST) Subject: SUSE-CU-2025:5989-1: Security update of suse/kiosk/firefox-esr Message-ID: <20250807071421.EC8F4FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5989-1 Container Tags : suse/kiosk/firefox-esr:140.1 , suse/kiosk/firefox-esr:140.1-64.8 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 64.8 Severity : moderate Type : security References : 1221107 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:suse-sle15-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Thu Aug 7 07:14:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Aug 2025 09:14:26 +0200 (CEST) Subject: SUSE-CU-2025:5990-1: Security update of bci/bci-minimal Message-ID: <20250807071426.A5B6CFF1E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5990-1 Container Tags : bci/bci-minimal:15.7 , bci/bci-minimal:15.7-13.2 , bci/bci-minimal:latest Container Release : 13.2 Severity : moderate Type : security References : 1221107 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). The following package changes have been done: - libgcrypt20-1.11.0-150700.5.7.1 updated From sle-container-updates at lists.suse.com Thu Aug 7 07:14:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Aug 2025 09:14:34 +0200 (CEST) Subject: SUSE-CU-2025:5991-1: Security update of suse/kiosk/pulseaudio Message-ID: <20250807071434.CC466FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/pulseaudio ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5991-1 Container Tags : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-63.2 , suse/kiosk/pulseaudio:latest Container Release : 63.2 Severity : important Type : security References : 1189495 1191175 1216752 1218686 1221107 1222259 1230959 1231748 1232326 1246296 1246428 1246934 CVE-2021-3521 CVE-2024-2236 CVE-2025-7425 ----------------------------------------------------------------- The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:614-1 Released: Mon Feb 26 11:31:18 2024 Summary: Recommended update for rpm Type: recommended Severity: important References: 1216752 This update for rpm fixes the following issues: - backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1091-1 Released: Tue Apr 2 12:18:46 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1206-1 Released: Thu Apr 11 12:56:24 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1222259 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1557-1 Released: Wed May 8 11:42:34 2024 Summary: Security update for rpm Type: security Severity: moderate References: 1189495,1191175,1218686,CVE-2021-3521 This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2617-1 Released: Mon Aug 4 09:04:59 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libudev1-254.27-150600.4.43.3 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - libxml2-2-2.12.10-150700.4.6.1 updated - libopenssl3-3.2.3-150700.5.15.1 updated - libsystemd0-254.27-150600.4.43.3 updated - rpm-ndb-4.14.3-150400.59.16.1 added - systemd-254.27-150600.4.43.3 updated - udev-254.27-150600.4.43.3 updated - container:suse-sle15-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 added - container:registry.suse.com-bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 added - container:registry.suse.com-bci-bci-base-15.7-4232c2790095361d6776af20382c431e7222f9956d773c3790d57cf7e94a7911-0 removed - libopenssl-3-fips-provider-3.2.3-150700.5.10.1 removed - patterns-base-fips-20200124-150700.36.1 removed From sle-container-updates at lists.suse.com Thu Aug 7 07:14:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Aug 2025 09:14:42 +0200 (CEST) Subject: SUSE-CU-2025:5992-1: Security update of suse/sle15 Message-ID: <20250807071442.29825FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5992-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-5.8.21 , bci/bci-base:latest , suse/sle15:15.7 , suse/sle15:15.7-5.8.21 , suse/sle15:latest Container Release : 5.8.21 Severity : important Type : security References : 1246597 CVE-2025-6965 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - libudev1-254.27-150600.4.43.3 updated From sle-container-updates at lists.suse.com Thu Aug 7 07:14:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Aug 2025 09:14:52 +0200 (CEST) Subject: SUSE-CU-2025:5993-1: Security update of bci/spack Message-ID: <20250807071452.C9180FF1E@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5993-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-15.5 , bci/spack:latest Container Release : 15.5 Severity : important Type : security References : 1246296 CVE-2025-7425 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2617-1 Released: Mon Aug 4 09:04:59 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 The following package changes have been done: - libxml2-2-2.12.10-150700.4.6.1 updated - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - openssl-3-3.2.3-150700.5.15.1 updated - libsystemd0-254.27-150600.4.43.3 updated - container:registry.suse.com-bci-bci-base-15.7-2ff8503d8d2e2055bb38690ca06e159fd70e571b0c0109de6415e9318b59f587-0 updated From sle-container-updates at lists.suse.com Thu Aug 7 07:14:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Aug 2025 09:14:55 +0200 (CEST) Subject: SUSE-CU-2025:5994-1: Recommended update of suse/kiosk/xorg-client Message-ID: <20250807071455.46168FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5994-1 Container Tags : suse/kiosk/xorg-client:21 , suse/kiosk/xorg-client:21-64.4 , suse/kiosk/xorg-client:latest Container Release : 64.4 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/kiosk/xorg-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 The following package changes have been done: - libsystemd0-254.27-150600.4.43.3 updated From sle-container-updates at lists.suse.com Thu Aug 7 07:15:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Aug 2025 09:15:01 +0200 (CEST) Subject: SUSE-CU-2025:5995-1: Recommended update of suse/kiosk/xorg Message-ID: <20250807071501.2EEB3FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:5995-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-65.6 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 65.6 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 The following package changes have been done: - libudev1-254.27-150600.4.43.3 updated - libsystemd0-254.27-150600.4.43.3 updated - systemd-254.27-150600.4.43.3 updated - udev-254.27-150600.4.43.3 updated From sle-container-updates at lists.suse.com Fri Aug 8 07:03:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 Aug 2025 09:03:37 +0200 (CEST) Subject: SUSE-CU-2025:6002-1: Recommended update of containers/milvus Message-ID: <20250808070337.E90F3FF2D@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6002-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.163 Container Release : 7.163 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - container:registry.suse.com-bci-bci-base-15.6-005770759dcf00d155a6a603323da3e031fdf5f080aa25f945a31477a5127659-0 updated From sle-container-updates at lists.suse.com Fri Aug 8 07:05:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 Aug 2025 09:05:14 +0200 (CEST) Subject: SUSE-CU-2025:6003-1: Recommended update of containers/ollama Message-ID: <20250808070514.23B88FF2D@maintenance.suse.de> SUSE Container Update Advisory: containers/ollama ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6003-1 Container Tags : containers/ollama:0 , containers/ollama:0.6.8 , containers/ollama:0.6.8-10.48 Container Release : 10.48 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/ollama was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - container:registry.suse.com-bci-bci-base-15.6-005770759dcf00d155a6a603323da3e031fdf5f080aa25f945a31477a5127659-0 updated - container:registry.suse.com-bci-bci-micro-15.6-592385970a14eee93496c33b7487ee31b306e6dcc3d2aa7a07be02c120d6bccb-0 updated From sle-container-updates at lists.suse.com Fri Aug 8 07:07:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 Aug 2025 09:07:05 +0200 (CEST) Subject: SUSE-CU-2025:6004-1: Security update of containers/open-webui Message-ID: <20250808070705.4691AFF2D@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6004-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.9 , containers/open-webui:0.6.9-11.8 Container Release : 11.8 Severity : important Type : security References : 1244061 1244705 1246232 1246233 1246267 1246299 1247249 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-4435 CVE-2025-6069 CVE-2025-6395 CVE-2025-8194 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2595-1 Released: Fri Aug 1 17:13:59 2025 Summary: Security update for gnutls Type: security Severity: important References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2717-1 Released: Wed Aug 6 15:39:46 2025 Summary: Security update for python311 Type: security Severity: important References: 1244061,1244705,1247249,CVE-2025-4435,CVE-2025-6069,CVE-2025-8194 This update for python311 fixes the following issues: - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249). - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705). - CVE-2025-4435: Fixed Tarfile extracting filtered members when errorlevel=0 (bsc#1244061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libsqlite3-0-3.50.1-150600.1.1 updated - libudev1-254.27-150600.4.43.3 updated - libsystemd0-254.27-150600.4.43.3 updated - libgnutls30-3.8.3-150600.4.9.1 updated - libpython3_11-1_0-3.11.13-150600.3.35.1 updated - python311-base-3.11.13-150600.3.35.1 updated - python311-3.11.13-150600.3.35.2 updated - python311-numpy1-1.26.4-150600.1.50 updated - python311-devel-3.11.13-150600.3.35.1 updated - python311-certifi-2024.7.4-150600.1.46 updated - python311-cchardet-2.1.19-150600.1.42 updated - python311-scipy-1.14.1-150600.1.51 updated - python311-pandas-2.2.3-150600.1.54 updated - python311-scikit-learn-1.5.1-150600.1.53 updated - python311-open-webui-0.6.9-150600.2.19 updated - container:registry.suse.com-bci-bci-base-15.6-005770759dcf00d155a6a603323da3e031fdf5f080aa25f945a31477a5127659-0 updated - container:registry.suse.com-bci-bci-micro-15.6-592385970a14eee93496c33b7487ee31b306e6dcc3d2aa7a07be02c120d6bccb-0 added - libopenssl-3-fips-provider-3.1.4-150600.5.33.1 removed - patterns-base-fips-20200124-150600.32.6.1 removed From sle-container-updates at lists.suse.com Fri Aug 8 07:07:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 Aug 2025 09:07:13 +0200 (CEST) Subject: SUSE-CU-2025:6005-1: Security update of containers/open-webui-pipelines Message-ID: <20250808070713.1F6B0FF2D@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui-pipelines ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6005-1 Container Tags : containers/open-webui-pipelines:0 , containers/open-webui-pipelines:0.20250329.151219 , containers/open-webui-pipelines:0.20250329.151219-6.3 Container Release : 6.3 Severity : important Type : security References : 1244061 1244705 1247249 CVE-2025-4435 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container containers/open-webui-pipelines was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2717-1 Released: Wed Aug 6 15:39:46 2025 Summary: Security update for python311 Type: security Severity: important References: 1244061,1244705,1247249,CVE-2025-4435,CVE-2025-6069,CVE-2025-8194 This update for python311 fixes the following issues: - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249). - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705). - CVE-2025-4435: Fixed Tarfile extracting filtered members when errorlevel=0 (bsc#1244061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libpython3_11-1_0-3.11.13-150600.3.35.1 updated - python311-base-3.11.13-150600.3.35.1 updated - python311-3.11.13-150600.3.35.2 updated - python311-certifi-2024.7.4-150600.1.46 updated - python-open-webui-pipelines-0.20250329.151219-150600.3.14 updated From sle-container-updates at lists.suse.com Fri Aug 8 07:07:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 Aug 2025 09:07:29 +0200 (CEST) Subject: SUSE-CU-2025:6006-1: Security update of containers/pytorch Message-ID: <20250808070729.89515FF2D@maintenance.suse.de> SUSE Container Update Advisory: containers/pytorch ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6006-1 Container Tags : containers/pytorch:2-nvidia , containers/pytorch:2.7.0-nvidia , containers/pytorch:2.7.0-nvidia-2.45 Container Release : 2.45 Severity : important Type : security References : 1244061 1244705 1247249 CVE-2025-4435 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container containers/pytorch was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2717-1 Released: Wed Aug 6 15:39:46 2025 Summary: Security update for python311 Type: security Severity: important References: 1244061,1244705,1247249,CVE-2025-4435,CVE-2025-6069,CVE-2025-8194 This update for python311 fixes the following issues: - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249). - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705). - CVE-2025-4435: Fixed Tarfile extracting filtered members when errorlevel=0 (bsc#1244061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libudev1-254.27-150600.4.43.3 updated - libpython3_11-1_0-3.11.13-150600.3.35.1 updated - python311-base-3.11.13-150600.3.35.1 updated - python311-3.11.13-150600.3.35.2 updated - python311-numpy-2.1.1-150600.1.50 updated - python311-devel-3.11.13-150600.3.35.1 updated - python311-torch-cuda-2.7.0-150600.2.24 updated From sle-container-updates at lists.suse.com Fri Aug 8 07:09:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 Aug 2025 09:09:22 +0200 (CEST) Subject: SUSE-IU-2025:2291-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20250808070922.74384FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2291-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.194 , suse/sle-micro/base-5.5:latest Image Release : 5.8.194 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2723-1 Released: Thu Aug 7 09:36:30 2025 Summary: Recommended update for SSSD Type: recommended Severity: moderate References: This update for fixes the following issues: - Added additional SSSD packages and dependencies to SUSE Linux Enterprise Micro 5.5 (no source changes) (jsc#PED-12639) - krb5-client - python3-sssd-config - sssd-dbus - sssd-tools - realmd The following package changes have been done: - krb5-1.20.1-150500.3.14.1 updated From sle-container-updates at lists.suse.com Fri Aug 8 07:10:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 Aug 2025 09:10:27 +0200 (CEST) Subject: SUSE-IU-2025:2292-1: Recommended update of suse/sle-micro/kvm-5.5 Message-ID: <20250808071027.6EE00FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2292-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.370 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.370 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2723-1 Released: Thu Aug 7 09:36:30 2025 Summary: Recommended update for SSSD Type: recommended Severity: moderate References: This update for fixes the following issues: - Added additional SSSD packages and dependencies to SUSE Linux Enterprise Micro 5.5 (no source changes) (jsc#PED-12639) - krb5-client - python3-sssd-config - sssd-dbus - sssd-tools - realmd The following package changes have been done: - krb5-1.20.1-150500.3.14.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.194 updated From sle-container-updates at lists.suse.com Fri Aug 8 07:12:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 Aug 2025 09:12:00 +0200 (CEST) Subject: SUSE-IU-2025:2293-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20250808071200.DC9A2FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2293-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.455 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.455 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2723-1 Released: Thu Aug 7 09:36:30 2025 Summary: Recommended update for SSSD Type: recommended Severity: moderate References: This update for fixes the following issues: - Added additional SSSD packages and dependencies to SUSE Linux Enterprise Micro 5.5 (no source changes) (jsc#PED-12639) - krb5-client - python3-sssd-config - sssd-dbus - sssd-tools - realmd The following package changes have been done: - krb5-1.20.1-150500.3.14.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.346 updated From sle-container-updates at lists.suse.com Fri Aug 8 07:13:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 Aug 2025 09:13:27 +0200 (CEST) Subject: SUSE-IU-2025:2294-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20250808071327.1332CFF1E@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2294-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.346 , suse/sle-micro/5.5:latest Image Release : 5.5.346 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2723-1 Released: Thu Aug 7 09:36:30 2025 Summary: Recommended update for SSSD Type: recommended Severity: moderate References: This update for fixes the following issues: - Added additional SSSD packages and dependencies to SUSE Linux Enterprise Micro 5.5 (no source changes) (jsc#PED-12639) - krb5-client - python3-sssd-config - sssd-dbus - sssd-tools - realmd The following package changes have been done: - krb5-1.20.1-150500.3.14.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.194 updated From sle-container-updates at lists.suse.com Fri Aug 8 07:22:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 Aug 2025 09:22:20 +0200 (CEST) Subject: SUSE-CU-2025:6010-1: Security update of suse/sle-micro-rancher/5.4 Message-ID: <20250808072220.C94F8FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6010-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.36 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.36 Severity : moderate Type : security References : 1234959 CVE-2024-56738 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2727-1 Released: Thu Aug 7 11:02:04 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1234959,CVE-2024-56738 This update for grub2 fixes the following issues: - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959) The following package changes have been done: - grub2-i386-pc-2.06-150400.11.63.1 updated - grub2-x86_64-efi-2.06-150400.11.63.1 updated - grub2-2.06-150400.11.63.1 updated From sle-container-updates at lists.suse.com Fri Aug 8 07:23:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 Aug 2025 09:23:49 +0200 (CEST) Subject: SUSE-CU-2025:6011-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20250808072349.AC2CCFF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6011-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.70 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.70 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2723-1 Released: Thu Aug 7 09:36:30 2025 Summary: Recommended update for SSSD Type: recommended Severity: moderate References: This update for fixes the following issues: - Added additional SSSD packages and dependencies to SUSE Linux Enterprise Micro 5.5 (no source changes) (jsc#PED-12639) - krb5-client - python3-sssd-config - sssd-dbus - sssd-tools - realmd The following package changes have been done: - krb5-1.20.1-150500.3.14.1 updated From sle-container-updates at lists.suse.com Fri Aug 8 07:28:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 Aug 2025 09:28:13 +0200 (CEST) Subject: SUSE-CU-2025:6013-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250808072813.A0614FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6013-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.88 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.88 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated From sle-container-updates at lists.suse.com Fri Aug 8 07:29:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 Aug 2025 09:29:54 +0200 (CEST) Subject: SUSE-CU-2025:6014-1: Recommended update of bci/bci-base-fips Message-ID: <20250808072954.88B45FF1E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6014-1 Container Tags : bci/bci-base-fips:15.7 , bci/bci-base-fips:15.7-6.7 , bci/bci-base-fips:latest Container Release : 6.7 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-scripts-20230920.570ea89-150600.3.12.1 updated - crypto-policies-20230920.570ea89-150600.3.12.1 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Fri Aug 8 07:30:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 Aug 2025 09:30:31 +0200 (CEST) Subject: SUSE-CU-2025:6017-1: Security update of bci/spack Message-ID: <20250808073031.6B4F9FF1E@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6017-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-15.7 , bci/spack:latest Container Release : 15.7 Severity : important Type : security References : 1246597 CVE-2025-6965 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - libudev1-254.27-150600.4.43.3 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Fri Aug 8 07:30:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 Aug 2025 09:30:35 +0200 (CEST) Subject: SUSE-CU-2025:6018-1: Security update of suse/kiosk/xorg-client Message-ID: <20250808073035.0C04CFF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6018-1 Container Tags : suse/kiosk/xorg-client:21 , suse/kiosk/xorg-client:21-64.6 , suse/kiosk/xorg-client:latest Container Release : 64.6 Severity : moderate Type : security References : 1221107 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container suse/kiosk/xorg-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:suse-sle15-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Fri Aug 8 07:32:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 Aug 2025 09:32:27 +0200 (CEST) Subject: SUSE-CU-2025:6028-1: Recommended update of trento/trento-checks Message-ID: <20250808073227.10075FF1E@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-checks ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6028-1 Container Tags : trento/trento-checks:1.1.0 , trento/trento-checks:1.1.0-build1.12.1 , trento/trento-checks:latest Container Release : 1.12.1 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container trento/trento-checks was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1377-1 Released: Fri Apr 25 19:43:34 2025 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: - add bpftool to patterns enhanced base. jsc#PED-8375 The following package changes have been done: - patterns-base-fips-20200124-150600.32.6.1 updated - container:registry.suse.com-bci-bci-base-15.6-005770759dcf00d155a6a603323da3e031fdf5f080aa25f945a31477a5127659-0 updated - filesystem-15.0-11.8.1 removed - glibc-2.38-150600.14.17.2 removed - libacl1-2.2.52-4.3.1 removed - libattr1-2.4.47-2.19 removed - libpcre2-8-0-10.42-150600.1.26 removed - libselinux1-3.5-150600.1.46 removed - system-user-root-20190513-3.3.1 removed - tar-1.34-150000.3.34.1 removed From sle-container-updates at lists.suse.com Fri Aug 8 07:32:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 Aug 2025 09:32:30 +0200 (CEST) Subject: SUSE-CU-2025:6029-1: Security update of trento/trento-wanda Message-ID: <20250808073230.81358FF1E@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-wanda ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6029-1 Container Tags : trento/trento-wanda:1.5.0 , trento/trento-wanda:1.5.0-build1.29.1 , trento/trento-wanda:latest Container Release : 1.29.1 Severity : important Type : security References : 1203617 1219736 1220338 1220893 1220895 1220896 1221107 1224044 1225936 1225939 1225941 1225942 1227637 1229228 1229655 1230959 1231463 1231472 1231748 1232227 1232234 1232326 1233282 1233752 1234015 1234015 1234128 1234313 1234665 1234713 1234765 1235151 1235481 1235873 1236033 1236136 1236136 1236165 1236177 1236282 1236588 1236590 1236619 1236643 1236771 1236858 1236886 1236960 1237496 1239883 1240366 1240414 1240607 1240897 1241605 1242060 1242827 1242844 1242938 1243226 1243259 1243317 1243767 1243935 1244079 1244509 1244596 1245309 1245310 1245311 1245314 CVE-2024-10041 CVE-2024-13176 CVE-2024-13176 CVE-2024-2236 CVE-2024-34397 CVE-2024-52533 CVE-2025-0167 CVE-2025-0395 CVE-2025-0725 CVE-2025-24528 CVE-2025-27587 CVE-2025-31115 CVE-2025-3360 CVE-2025-40909 CVE-2025-4373 CVE-2025-4598 CVE-2025-4802 CVE-2025-4877 CVE-2025-4878 CVE-2025-5278 CVE-2025-5318 CVE-2025-5372 CVE-2025-6018 CVE-2025-6020 CVE-2025-6052 ----------------------------------------------------------------- The container trento/trento-wanda was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4378-1 Released: Thu Dec 19 08:23:55 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1203617 This update for aaa_base fixes the following issues: - Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:10-1 Released: Fri Jan 3 14:53:56 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1220338,1232227,1234015 This update for systemd fixes the following issues: - Drop support for efivar SystemdOptions (bsc#1220338) - pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227) - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - udev: add new builtin net_driver - udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard() - udev-builtin-net_id: split-out get_pci_slot_specifiers() - udev-builtin-net_id: introduce get_port_specifier() helper function - udev-builtin-net_id: split out get_dev_port() and make its failure critical - udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address() - udev-builtin-net_id: return earlier when hotplug slot is not found - udev-builtin-net_id: skip non-directory entry earlier - udev-builtin-net_id: make names_xen() self-contained - udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim - udev-builtin-net_id: make names_netdevsim() self-contained - udev-builtin-net_id: make names_platform() self-contained - udev-builtin-net_id: make names_vio() self-contained - udev-builtin-net_id: make names_ccw() self-contained - udev-builtin-net_id: make dev_devicetree_onboard() self-contained - udev-builtin-net_id: make names_mac() self-contained - udev-builtin-net_id: split out get_ifname_prefix() - udev-builtin-net_id: swap arguments for streq() and friends - udev-builtin-net_id: drop unused value from NetNameType ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:42-1 Released: Thu Jan 9 16:04:03 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1219736 This update for permissions fixes the following issues: - Update to version 20240826: * chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:77-1 Released: Mon Jan 13 10:43:05 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1235151 This update for curl fixes the following issue: - smtp: for starttls, do full upgrade [bsc#1235151] * Make sure the TLS handshake after a successful STARTTLS command is fully done before further sending/receiving on the connection. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1367-1 Released: Thu Apr 24 16:38:48 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1376-1 Released: Fri Apr 25 18:11:02 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1241605 This update for libgcrypt fixes the following issues: - FIPS: Pad PKCS1.5 signatures with SHA3 correctly [bsc#1241605] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1377-1 Released: Fri Apr 25 19:43:34 2025 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: - add bpftool to patterns enhanced base. jsc#PED-8375 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1394-1 Released: Mon Apr 28 16:15:21 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: This update for glibc fixes the following issues: - Add support for userspace livepatching for ppc64le (jsc#PED-11850) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1550-1 Released: Fri May 16 02:16:11 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1230959,1231748,1232326,1240366,1240607,CVE-2025-27587 This update for openssl-3 fixes the following issues: Security: - CVE-2025-27587: Timing side channel vulnerability in the P-384 implementation when used with ECDSA in the PPC architecture (bsc#1240366). - Missing null pointer check before accessing handshake_func in ssl_lib.c (bsc#1240607). FIPS: - Disabling EMS in OpenSSL configuration prevents sshd from starting (bsc#1230959, bsc#1232326, bsc#1231748). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1702-1 Released: Sat May 24 11:50:53 2025 Summary: Security update for glibc Type: security Severity: important References: 1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1733-1 Released: Wed May 28 17:59:52 2025 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1242060 This update for krb5 fixes the following issue: - Remove references to the LMDB backend in the kdc.conf manpage (bsc#1242060). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1739-1 Released: Thu May 29 11:40:51 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1236177,1237496,1242938,1243259 This update for systemd fixes the following issues: - Add missing 'systemd-journal-remote' package to 15-SP7 (bsc#1243259) - umount: do not move busy network mounts (bsc#1236177) - Apply coredump sysctl settings on systemd-coredump updates/removals. - Fix the issue with journalctl not working for users in Container UID range (bsc#1242938) Don't write messages sent from users with UID falling into the container UID range to the system journal. Daemons in the container don't talk to the outside journald as they talk to the inner one directly, which does its journal splitting based on shifted uids. - man/pstore.conf: pstore.conf template is not always installed in /etc - man: coredump.conf template is not always installed in /etc (bsc#1237496) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2013-1 Released: Wed Jun 18 20:05:07 2025 Summary: Security update for pam Type: security Severity: important References: 1243226,1244509,CVE-2025-6018,CVE-2025-6020 This update for pam fixes the following issues: - CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226). - CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2027-1 Released: Thu Jun 19 17:15:41 2025 Summary: Security update for perl Type: security Severity: moderate References: 1244079,CVE-2025-40909 This update for perl fixes the following issues: - CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2167-1 Released: Mon Jun 30 09:14:40 2025 Summary: Security update for glib2 Type: security Severity: important References: 1242844,1244596,CVE-2025-4373,CVE-2025-6052 This update for glib2 fixes the following issues: - CVE-2025-6052: Fixed integer overflow in g_string_maybe_expand() leads to potential buffer overflow in GString (bsc#1244596). - CVE-2025-4373: Fixed buffer underflow through glib/gstring.c via function g_string_insert_unichar (bsc#1242844). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2229-1 Released: Fri Jul 4 18:02:30 2025 Summary: Security update for libssh Type: security Severity: important References: 1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372 This update for libssh fixes the following issues: - CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311). - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309). - CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310). - CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2237-1 Released: Mon Jul 7 14:59:13 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: This update for openssl-3 fixes the following issues: - Backport mdless cms signing support [jsc#PED-12895] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2244-1 Released: Tue Jul 8 10:44:02 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1242827,1243935,CVE-2025-4598 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). Other bugfixes: - logs-show: get timestamp and boot ID only when necessary (bsc#1242827). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2301-1 Released: Mon Jul 14 11:48:57 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1229655 This update for cyrus-sasl fixes the following issues: - Add Channel Binding support for GSSAPI/GSS-SPNEGO (bsc#1229655, jsc#PED-12097) - Add support for setting max ssf 0 to GSS-SPNEGO (bsc#1229655, jsc#PED-12097). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2362-1 Released: Fri Jul 18 11:07:24 2025 Summary: Security update for coreutils Type: security Severity: moderate References: 1243767,CVE-2025-5278 This update for coreutils fixes the following issues: - CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2447-1 Released: Mon Jul 21 16:45:25 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: Fixed timing based side-channel in RSA implementation. (bsc#1221107) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libssh-config-0.9.8-150600.11.3.1 updated - glibc-2.38-150600.14.32.1 updated - libsasl2-3-2.1.28-150600.7.6.2 updated - liblzma5-5.4.1-150600.3.3.1 updated - perl-base-5.26.1-150300.17.20.1 updated - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - libglib-2_0-0-2.78.6-150600.4.16.1 added - libopenssl3-3.1.4-150600.5.33.1 updated - libgcrypt20-1.10.3-150600.3.9.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.33.1 updated - krb5-1.20.1-150600.11.11.2 updated - patterns-base-fips-20200124-150600.32.6.1 updated - libssh4-0.9.8-150600.11.3.1 updated - findutils-4.8.0-150300.3.3.2 updated - libcurl4-8.6.0-150600.4.21.1 updated - coreutils-8.32-150400.9.9.1 updated - permissions-20240826-150600.10.18.2 updated - pam-1.3.0-150000.6.83.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - libopenssl1_1-1.1.1w-150600.5.12.2 updated - libsystemd0-254.27-150600.4.43.3 updated - container:registry.suse.com-bci-rust-1.81-4f6cd9eb1956663f9042116e2e0069bc01c9402dd29d619afaf07b32de0da207-0 added - container:registry.suse.com-bci-bci-base-15.6-005770759dcf00d155a6a603323da3e031fdf5f080aa25f945a31477a5127659-0 updated - container:registry.suse.com-bci-rust-1.82-f1703fcf50bf4649f98b75a07927a7f4019d2da44755d8088b0e9999036e52de-0 removed From sle-container-updates at lists.suse.com Fri Aug 8 07:32:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 Aug 2025 09:32:40 +0200 (CEST) Subject: SUSE-CU-2025:6030-1: Security update of trento/trento-web Message-ID: <20250808073240.9DDABFF1E@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-web ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6030-1 Container Tags : trento/trento-web:2.5.0 , trento/trento-web:2.5.0-build4.52.1 , trento/trento-web:latest Container Release : 4.52.1 Severity : important Type : security References : 1203617 1219736 1220338 1220893 1220895 1220896 1221107 1224044 1225936 1225939 1225941 1225942 1227637 1229228 1229655 1230959 1231463 1231472 1231748 1232227 1232234 1232326 1233282 1233752 1234015 1234015 1234128 1234313 1234665 1234713 1234765 1235151 1235481 1235873 1236033 1236136 1236136 1236165 1236177 1236282 1236588 1236590 1236619 1236643 1236771 1236858 1236886 1236960 1237496 1239883 1240366 1240414 1240607 1240897 1241605 1242060 1242827 1242844 1242938 1243226 1243259 1243317 1243767 1243935 1244079 1244509 1244596 1245309 1245310 1245311 1245314 CVE-2024-10041 CVE-2024-13176 CVE-2024-13176 CVE-2024-2236 CVE-2024-34397 CVE-2024-52533 CVE-2025-0167 CVE-2025-0395 CVE-2025-0725 CVE-2025-24528 CVE-2025-27587 CVE-2025-31115 CVE-2025-3360 CVE-2025-40909 CVE-2025-4373 CVE-2025-4598 CVE-2025-4802 CVE-2025-4877 CVE-2025-4878 CVE-2025-5278 CVE-2025-5318 CVE-2025-5372 CVE-2025-6018 CVE-2025-6020 CVE-2025-6052 ----------------------------------------------------------------- The container trento/trento-web was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4378-1 Released: Thu Dec 19 08:23:55 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1203617 This update for aaa_base fixes the following issues: - Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:10-1 Released: Fri Jan 3 14:53:56 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1220338,1232227,1234015 This update for systemd fixes the following issues: - Drop support for efivar SystemdOptions (bsc#1220338) - pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227) - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - udev: add new builtin net_driver - udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard() - udev-builtin-net_id: split-out get_pci_slot_specifiers() - udev-builtin-net_id: introduce get_port_specifier() helper function - udev-builtin-net_id: split out get_dev_port() and make its failure critical - udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address() - udev-builtin-net_id: return earlier when hotplug slot is not found - udev-builtin-net_id: skip non-directory entry earlier - udev-builtin-net_id: make names_xen() self-contained - udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim - udev-builtin-net_id: make names_netdevsim() self-contained - udev-builtin-net_id: make names_platform() self-contained - udev-builtin-net_id: make names_vio() self-contained - udev-builtin-net_id: make names_ccw() self-contained - udev-builtin-net_id: make dev_devicetree_onboard() self-contained - udev-builtin-net_id: make names_mac() self-contained - udev-builtin-net_id: split out get_ifname_prefix() - udev-builtin-net_id: swap arguments for streq() and friends - udev-builtin-net_id: drop unused value from NetNameType ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:42-1 Released: Thu Jan 9 16:04:03 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1219736 This update for permissions fixes the following issues: - Update to version 20240826: * chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:77-1 Released: Mon Jan 13 10:43:05 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1235151 This update for curl fixes the following issue: - smtp: for starttls, do full upgrade [bsc#1235151] * Make sure the TLS handshake after a successful STARTTLS command is fully done before further sending/receiving on the connection. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1367-1 Released: Thu Apr 24 16:38:48 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1376-1 Released: Fri Apr 25 18:11:02 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1241605 This update for libgcrypt fixes the following issues: - FIPS: Pad PKCS1.5 signatures with SHA3 correctly [bsc#1241605] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1377-1 Released: Fri Apr 25 19:43:34 2025 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: - add bpftool to patterns enhanced base. jsc#PED-8375 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1394-1 Released: Mon Apr 28 16:15:21 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: This update for glibc fixes the following issues: - Add support for userspace livepatching for ppc64le (jsc#PED-11850) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1550-1 Released: Fri May 16 02:16:11 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1230959,1231748,1232326,1240366,1240607,CVE-2025-27587 This update for openssl-3 fixes the following issues: Security: - CVE-2025-27587: Timing side channel vulnerability in the P-384 implementation when used with ECDSA in the PPC architecture (bsc#1240366). - Missing null pointer check before accessing handshake_func in ssl_lib.c (bsc#1240607). FIPS: - Disabling EMS in OpenSSL configuration prevents sshd from starting (bsc#1230959, bsc#1232326, bsc#1231748). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1702-1 Released: Sat May 24 11:50:53 2025 Summary: Security update for glibc Type: security Severity: important References: 1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1733-1 Released: Wed May 28 17:59:52 2025 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1242060 This update for krb5 fixes the following issue: - Remove references to the LMDB backend in the kdc.conf manpage (bsc#1242060). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1739-1 Released: Thu May 29 11:40:51 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1236177,1237496,1242938,1243259 This update for systemd fixes the following issues: - Add missing 'systemd-journal-remote' package to 15-SP7 (bsc#1243259) - umount: do not move busy network mounts (bsc#1236177) - Apply coredump sysctl settings on systemd-coredump updates/removals. - Fix the issue with journalctl not working for users in Container UID range (bsc#1242938) Don't write messages sent from users with UID falling into the container UID range to the system journal. Daemons in the container don't talk to the outside journald as they talk to the inner one directly, which does its journal splitting based on shifted uids. - man/pstore.conf: pstore.conf template is not always installed in /etc - man: coredump.conf template is not always installed in /etc (bsc#1237496) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2013-1 Released: Wed Jun 18 20:05:07 2025 Summary: Security update for pam Type: security Severity: important References: 1243226,1244509,CVE-2025-6018,CVE-2025-6020 This update for pam fixes the following issues: - CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226). - CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2027-1 Released: Thu Jun 19 17:15:41 2025 Summary: Security update for perl Type: security Severity: moderate References: 1244079,CVE-2025-40909 This update for perl fixes the following issues: - CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2167-1 Released: Mon Jun 30 09:14:40 2025 Summary: Security update for glib2 Type: security Severity: important References: 1242844,1244596,CVE-2025-4373,CVE-2025-6052 This update for glib2 fixes the following issues: - CVE-2025-6052: Fixed integer overflow in g_string_maybe_expand() leads to potential buffer overflow in GString (bsc#1244596). - CVE-2025-4373: Fixed buffer underflow through glib/gstring.c via function g_string_insert_unichar (bsc#1242844). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2229-1 Released: Fri Jul 4 18:02:30 2025 Summary: Security update for libssh Type: security Severity: important References: 1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372 This update for libssh fixes the following issues: - CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311). - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309). - CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310). - CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2237-1 Released: Mon Jul 7 14:59:13 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: This update for openssl-3 fixes the following issues: - Backport mdless cms signing support [jsc#PED-12895] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2244-1 Released: Tue Jul 8 10:44:02 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1242827,1243935,CVE-2025-4598 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). Other bugfixes: - logs-show: get timestamp and boot ID only when necessary (bsc#1242827). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2301-1 Released: Mon Jul 14 11:48:57 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1229655 This update for cyrus-sasl fixes the following issues: - Add Channel Binding support for GSSAPI/GSS-SPNEGO (bsc#1229655, jsc#PED-12097) - Add support for setting max ssf 0 to GSS-SPNEGO (bsc#1229655, jsc#PED-12097). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2362-1 Released: Fri Jul 18 11:07:24 2025 Summary: Security update for coreutils Type: security Severity: moderate References: 1243767,CVE-2025-5278 This update for coreutils fixes the following issues: - CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2447-1 Released: Mon Jul 21 16:45:25 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: Fixed timing based side-channel in RSA implementation. (bsc#1221107) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libssh-config-0.9.8-150600.11.3.1 updated - glibc-2.38-150600.14.32.1 updated - libsasl2-3-2.1.28-150600.7.6.2 updated - liblzma5-5.4.1-150600.3.3.1 updated - perl-base-5.26.1-150300.17.20.1 updated - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - libglib-2_0-0-2.78.6-150600.4.16.1 added - libopenssl3-3.1.4-150600.5.33.1 updated - libgcrypt20-1.10.3-150600.3.9.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.33.1 updated - krb5-1.20.1-150600.11.11.2 updated - patterns-base-fips-20200124-150600.32.6.1 updated - libssh4-0.9.8-150600.11.3.1 updated - findutils-4.8.0-150300.3.3.2 updated - libcurl4-8.6.0-150600.4.21.1 updated - coreutils-8.32-150400.9.9.1 updated - permissions-20240826-150600.10.18.2 updated - pam-1.3.0-150000.6.83.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - libopenssl1_1-1.1.1w-150600.5.12.2 updated - libsystemd0-254.27-150600.4.43.3 updated - container:registry.suse.com-bci-nodejs-20-16f7860907407d232041cc8c1be7a913c828cd1ad4cc823983430b90e35c23bc-0 updated - container:registry.suse.com-bci-bci-base-15.6-005770759dcf00d155a6a603323da3e031fdf5f080aa25f945a31477a5127659-0 updated From sle-container-updates at lists.suse.com Sat Aug 9 07:03:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 Aug 2025 09:03:29 +0200 (CEST) Subject: SUSE-CU-2025:6031-1: Security update of containers/milvus Message-ID: <20250809070329.1FDDFFF2D@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6031-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.164 Container Release : 7.164 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated From sle-container-updates at lists.suse.com Sat Aug 9 07:04:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 Aug 2025 09:04:48 +0200 (CEST) Subject: SUSE-CU-2025:6032-1: Security update of containers/ollama Message-ID: <20250809070448.3483CFF2D@maintenance.suse.de> SUSE Container Update Advisory: containers/ollama ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6032-1 Container Tags : containers/ollama:0 , containers/ollama:0.6.8 , containers/ollama:0.6.8-10.49 Container Release : 10.49 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container containers/ollama was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated From sle-container-updates at lists.suse.com Sat Aug 9 07:06:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 Aug 2025 09:06:29 +0200 (CEST) Subject: SUSE-CU-2025:6033-1: Security update of containers/open-webui Message-ID: <20250809070629.71E92FF2D@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6033-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.9 , containers/open-webui:0.6.9-11.9 Container Release : 11.9 Severity : moderate Type : security References : 1244925 1245573 CVE-2025-50181 CVE-2025-6297 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2735-1 Released: Fri Aug 8 10:06:06 2025 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1244925,CVE-2025-50181 This update for python-urllib3 fixes the following issues: - CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated - python311-numpy1-1.26.4-150600.1.51 updated - python311-certifi-2024.7.4-150600.1.47 updated - python311-cchardet-2.1.19-150600.1.43 updated - python311-scipy-1.14.1-150600.1.52 updated - python311-pandas-2.2.3-150600.1.55 updated - python311-scikit-learn-1.5.1-150600.1.54 updated - python311-urllib3-2.0.7-150400.7.21.1 updated - python311-open-webui-0.6.9-150600.2.20 updated From sle-container-updates at lists.suse.com Sat Aug 9 07:06:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 Aug 2025 09:06:36 +0200 (CEST) Subject: SUSE-CU-2025:6034-1: Security update of containers/open-webui-pipelines Message-ID: <20250809070636.F0DE6FF2D@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui-pipelines ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6034-1 Container Tags : containers/open-webui-pipelines:0 , containers/open-webui-pipelines:0.20250329.151219 , containers/open-webui-pipelines:0.20250329.151219-6.4 Container Release : 6.4 Severity : moderate Type : security References : 1244925 1245573 CVE-2025-50181 CVE-2025-6297 ----------------------------------------------------------------- The container containers/open-webui-pipelines was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2735-1 Released: Fri Aug 8 10:06:06 2025 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1244925,CVE-2025-50181 This update for python-urllib3 fixes the following issues: - CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated - python311-certifi-2024.7.4-150600.1.47 updated - python311-urllib3-2.0.7-150400.7.21.1 updated - python-open-webui-pipelines-0.20250329.151219-150600.3.15 updated From sle-container-updates at lists.suse.com Sat Aug 9 07:06:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 Aug 2025 09:06:53 +0200 (CEST) Subject: SUSE-CU-2025:6035-1: Security update of containers/pytorch Message-ID: <20250809070653.992CFFF2D@maintenance.suse.de> SUSE Container Update Advisory: containers/pytorch ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6035-1 Container Tags : containers/pytorch:2-nvidia , containers/pytorch:2.7.0-nvidia , containers/pytorch:2.7.0-nvidia-2.46 Container Release : 2.46 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container containers/pytorch was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated - python311-numpy-2.1.1-150600.1.51 updated - python311-torch-cuda-2.7.0-150600.2.25 updated From sle-container-updates at lists.suse.com Sat Aug 9 07:08:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 Aug 2025 09:08:40 +0200 (CEST) Subject: SUSE-IU-2025:2295-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250809070840.70DDBFF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2295-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.195 , suse/sle-micro/base-5.5:latest Image Release : 5.8.195 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated From sle-container-updates at lists.suse.com Sat Aug 9 07:09:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 Aug 2025 09:09:40 +0200 (CEST) Subject: SUSE-IU-2025:2296-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250809070940.249D4FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2296-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.372 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.372 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.195 updated From sle-container-updates at lists.suse.com Sat Aug 9 07:10:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 Aug 2025 09:10:59 +0200 (CEST) Subject: SUSE-IU-2025:2297-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250809071059.362FEFF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2297-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.458 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.458 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.348 updated From sle-container-updates at lists.suse.com Sat Aug 9 07:12:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 Aug 2025 09:12:11 +0200 (CEST) Subject: SUSE-IU-2025:2298-1: Security update of suse/sle-micro/5.5 Message-ID: <20250809071211.18DBEFF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2298-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.348 , suse/sle-micro/5.5:latest Image Release : 5.5.348 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.195 updated From sle-container-updates at lists.suse.com Sat Aug 9 07:18:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 Aug 2025 09:18:51 +0200 (CEST) Subject: SUSE-CU-2025:6040-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250809071851.03C05FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6040-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.168 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.168 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated From sle-container-updates at lists.suse.com Sat Aug 9 07:21:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 Aug 2025 09:21:28 +0200 (CEST) Subject: SUSE-CU-2025:6041-1: Security update of suse/sle-micro-rancher/5.4 Message-ID: <20250809072128.0A51DFF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6041-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.37 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.37 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated From sle-container-updates at lists.suse.com Sat Aug 9 07:23:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 Aug 2025 09:23:03 +0200 (CEST) Subject: SUSE-CU-2025:6042-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250809072303.C7CD8FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6042-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.168 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.168 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated From sle-container-updates at lists.suse.com Sat Aug 9 07:24:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 Aug 2025 09:24:20 +0200 (CEST) Subject: SUSE-CU-2025:6043-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20250809072420.35794FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6043-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.71 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.71 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated From sle-container-updates at lists.suse.com Sat Aug 9 07:25:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 Aug 2025 09:25:03 +0200 (CEST) Subject: SUSE-IU-2025:2299-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20250809072503.486CAFF1E@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2299-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.37 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.37 Severity : important Type : security References : 1218459 1240414 1245985 1246038 1246466 1247054 1247690 CVE-2025-31115 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 411 Released: Fri Aug 8 09:43:25 2025 Summary: Recommended update for zypper, libzypp Type: recommended Severity: important References: 1218459,1245985,1246038,1246466,1247054,1247690 This update for zypper, libzypp fixes the following issues: libzypp was updated to 17.37.16: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files (fixes #667) - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files (fixes #667) - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. zypper was updated to 1.14.93: - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) ----------------------------------------------------------------- Advisory ID: 412 Released: Fri Aug 8 12:14:29 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.3-5.1 updated - xz-5.4.3-5.1 updated - SL-Micro-release-6.0-25.39 updated - libzypp-17.37.16-1.1 updated - zypper-1.14.93-1.1 updated - container:suse-toolbox-image-1.0.0-9.22 updated From sle-container-updates at lists.suse.com Sat Aug 9 07:25:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 Aug 2025 09:25:49 +0200 (CEST) Subject: SUSE-IU-2025:2300-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250809072549.9BB4DFF1E@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2300-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.61 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.61 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 412 Released: Fri Aug 8 12:14:29 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.3-5.1 updated - xz-5.4.3-5.1 updated - SL-Micro-release-6.0-25.39 updated - container:SL-Micro-base-container-2.1.3-7.37 updated From sle-container-updates at lists.suse.com Sat Aug 9 07:26:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 Aug 2025 09:26:36 +0200 (CEST) Subject: SUSE-CU-2025:6045-1: Security update of suse/sl-micro/6.0/toolbox Message-ID: <20250809072636.6D5B9FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6045-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.22 , suse/sl-micro/6.0/toolbox:latest Container Release : 9.22 Severity : important Type : security References : 1218459 1240414 1245985 1246038 1246466 1247054 1247690 CVE-2025-31115 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 411 Released: Fri Aug 8 09:43:25 2025 Summary: Recommended update for zypper, libzypp Type: recommended Severity: important References: 1218459,1245985,1246038,1246466,1247054,1247690 This update for zypper, libzypp fixes the following issues: libzypp was updated to 17.37.16: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files (fixes #667) - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files (fixes #667) - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. zypper was updated to 1.14.93: - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) ----------------------------------------------------------------- Advisory ID: 412 Released: Fri Aug 8 12:14:29 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - SL-Micro-release-6.0-25.39 updated - liblzma5-5.4.3-5.1 updated - libzypp-17.37.16-1.1 updated - skelcd-EULA-SL-Micro-2024.01.19-8.38 updated - xz-5.4.3-5.1 updated - zypper-1.14.93-1.1 updated From sle-container-updates at lists.suse.com Sat Aug 9 07:30:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 Aug 2025 09:30:14 +0200 (CEST) Subject: SUSE-CU-2025:6046-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250809073014.A47E0FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6046-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.89 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.89 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated From sle-container-updates at lists.suse.com Sat Aug 9 07:31:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 Aug 2025 09:31:04 +0200 (CEST) Subject: SUSE-CU-2025:6047-1: Security update of bci/bci-init Message-ID: <20250809073104.4E9E4FF1E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6047-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.45.11 Container Release : 45.11 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated - container:registry.suse.com-bci-bci-base-15.6-005770759dcf00d155a6a603323da3e031fdf5f080aa25f945a31477a5127659-0 updated From sle-container-updates at lists.suse.com Sat Aug 9 07:33:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 Aug 2025 09:33:33 +0200 (CEST) Subject: SUSE-CU-2025:6048-1: Security update of suse/kiosk/firefox-esr Message-ID: <20250809073333.07EE8FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6048-1 Container Tags : suse/kiosk/firefox-esr:140.1 , suse/kiosk/firefox-esr:140.1-64.9 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 64.9 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated From sle-container-updates at lists.suse.com Sat Aug 9 07:33:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 Aug 2025 09:33:36 +0200 (CEST) Subject: SUSE-CU-2025:6049-1: Security update of suse/kubectl Message-ID: <20250809073336.1E6F4FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6049-1 Container Tags : suse/kubectl:1.31 , suse/kubectl:1.31.9 , suse/kubectl:1.31.9-2.63.7 , suse/kubectl:oldstable , suse/kubectl:oldstable-2.63.7 Container Release : 63.7 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated - container:suse-sle15-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 updated From sle-container-updates at lists.suse.com Sat Aug 9 07:33:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 Aug 2025 09:33:44 +0200 (CEST) Subject: SUSE-CU-2025:6050-1: Security update of bci/openjdk Message-ID: <20250809073344.3B15DFF1E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6050-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.8.0 , bci/openjdk:21.0.8.0-11.10 , bci/openjdk:latest Container Release : 11.10 Severity : important Type : security References : 1213796 1230959 1231748 1232326 1245573 1246428 1246575 1246584 1246595 1246597 1246598 CVE-2025-30749 CVE-2025-30754 CVE-2025-50059 CVE-2025-50106 CVE-2025-6297 CVE-2025-6965 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2657-1 Released: Mon Aug 4 12:34:32 2025 Summary: Security update for java-21-openjdk Type: security Severity: important References: 1213796,1246575,1246584,1246595,1246598,CVE-2025-30749,CVE-2025-30754,CVE-2025-50059,CVE-2025-50106 This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.8+9 (July 2025 CPU): Security fixes: - CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595) - CVE-2025-30754: incomplete handshake may lead to weakening TLS protections (bsc#1246598) - CVE-2025-50059: Improve HTTP client header handling (bsc#1246575) - CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584) Other fixes: - Allow compilation of openjdk for 40 years (bsc#1213796) Changelog: + JDK-6956385: URLConnection.getLastModified() leaks file handles for jar:file and file: URLs + JDK-8051591: Test javax/swing/JTabbedPane/8007563/Test8007563.java fails + JDK-8136895: Writer not closed with disk full error, file resource leaked + JDK-8180450: secondary_super_cache does not scale well + JDK-8183348: Better cleanup for jdk/test/sun/security/pkcs12/P12SecretKey.java + JDK-8200566: DistributionPointFetcher fails to fetch CRLs if the DistributionPoints field contains more than one DistributionPoint and the first one fails + JDK-8202100: Merge vm/share/InMemoryJavaCompiler w/ jdk/test/lib/compiler/InMemoryJavaCompiler + JDK-8210471: GZIPInputStream constructor could leak an un-end()ed Inflater + JDK-8211400: nsk.share.gc.Memory::getArrayLength returns wrong value + JDK-8220213: com/sun/jndi/dns/ConfigTests/Timeout.java failed intermittent + JDK-8249831: Test sun/security/mscapi/nonUniqueAliases/ /NonUniqueAliases.java is marked with @ignore + JDK-8253440: serviceability/sa/TestJhsdbJstackLineNumbers.java failed with 'Didn't find enough line numbers' + JDK-8256211: assert fired in java/net/httpclient/DependentPromiseActionsTest (infrequent) + JDK-8258483: [TESTBUG] gtest CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is too small + JDK-8267174: Many test files have the wrong Copyright header + JDK-8270269: Desktop.browse method fails if earlier CoInitialize call as COINIT_MULTITHREADED + JDK-8276995: Bug in jdk.jfr.event.gc.collection.TestSystemGC + JDK-8279016: JFR Leak Profiler is broken with Shenandoah + JDK-8280991: [XWayland] No displayChanged event after setDisplayMode call + JDK-8281511: java/net/ipv6tests/UdpTest.java fails with checkTime failed + JDK-8282726: java/net/vthread/BlockingSocketOps.java timeout/hang intermittently on Windows + JDK-8286204: [Accessibility,macOS,VoiceOver] VoiceOver reads the spinner value 10 as 1 when user iterates to 10 for the first time on macOS + JDK-8286789: Test forceEarlyReturn002.java timed out + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit access thread fields from native + JDK-8294155: Exception thrown before awaitAndCheck hangs PassFailJFrame + JDK-8295804: javax/swing/JFileChooser/ /JFileChooserSetLocationTest.java failed with 'setLocation() is not working properly' + JDK-8297692: Avoid sending per-region GCPhaseParallel JFR events in G1ScanCollectionSetRegionClosure + JDK-8303770: Remove Baltimore root certificate expiring in May 2025 + JDK-8305010: Test vmTestbase/nsk/jvmti/scenarios/sampling/ /SP05/sp05t003/TestDescription.java timed out: thread not suspended + JDK-8307318: Test serviceability/sa/ /ClhsdbCDSJstackPrintAll.java failed: ArrayIndexOutOfBoundsException + JDK-8307824: Clean up Finalizable.java and finalize terminology in vmTestbase/nsk/share + JDK-8308033: The jcmd thread dump related tests should test virtual threads + JDK-8308966: Add intrinsic for float/double modulo for x86 AVX2 and AVX512 + JDK-8309667: TLS handshake fails because of ConcurrentModificationException in PKCS12KeyStore .engineGetEntry + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8309978: [x64] Fix useless padding + JDK-8310066: Improve test coverage for JVMTI GetThreadState on carrier and mounted vthread + JDK-8310525: DynamicLauncher for JDP test needs to try harder to find a free port + JDK-8310643: Misformatted copyright messages in FFM + JDK-8312246: NPE when HSDB visits bad oop + JDK-8312475: org.jline.util.PumpReader signed byte problem + JDK-8313290: Misleading exception message from STS.Subtask::get when task forked after shutdown + JDK-8313430: [JVMCI] fatal error: Never compilable: in JVMCI shutdown + JDK-8313654: Test WaitNotifySuspendedVThreadTest.java timed out + JDK-8314056: Remove runtime platform check from frem/drem + JDK-8314136: Test java/net/httpclient/CancelRequestTest.java failed: WARNING: tracker for HttpClientImpl(42) has outstanding operations + JDK-8314236: Overflow in Collections.rotate + JDK-8314319: LogCompilation doesn't reset lateInlining when it encounters a failure. + JDK-8314840: 3 gc/epsilon tests ignore external vm options + JDK-8314842: zgc/genzgc tests ignore vm flags + JDK-8315128: jdk/jfr/event/runtime/ /TestResidentSetSizeEvent.java fails with 'The size should be less than or equal to peak' + JDK-8315484: java/awt/dnd/RejectDragDropActionTest.java timed out + JDK-8315669: Open source several Swing PopupMenu related tests + JDK-8315742: Open source several Swing Scroll related tests + JDK-8315827: Kitchensink.java and RenaissanceStressTest.java time out with jvmti module errors + JDK-8315871: Opensource five more Swing regression tests + JDK-8315876: Open source several Swing CSS related tests + JDK-8315951: Open source several Swing HTMLEditorKit related tests + JDK-8315981: Opensource five more random Swing tests + JDK-8316061: Open source several Swing RootPane and Slider related tests + JDK-8316324: Opensource five miscellaneous Swing tests + JDK-8316388: Opensource five Swing component related regression tests + JDK-8316452: java/lang/instrument/modules/ /AppendToClassPathModuleTest.java ignores VM flags + JDK-8316497: ColorConvertOp - typo for non-ICC conversions needs one-line fix + JDK-8316580: HttpClient with StructuredTaskScope does not close when a task fails + JDK-8316629: j.text.DateFormatSymbols setZoneStrings() exception is unhelpful + JDK-8317264: Pattern.Bound has `static` fields that should be `static final`. + JDK-8318509: x86 count_positives intrinsic broken for -XX:AVX3Threshold=0 + JDK-8318636: Add jcmd to print annotated process memory map + JDK-8318700: MacOS Zero cannot run gtests due to wrong JVM path + JDK-8318811: Compiler directives parser swallows a character after line comments + JDK-8318915: Enhance checks in BigDecimal.toPlainString() + JDK-8319439: Move BufferNode from PtrQueue files to new files + JDK-8319572: Test jdk/incubator/vector/LoadJsvmlTest.java ignores VM flags + JDK-8319690: [AArch64] C2 compilation hits offset_ok_for_immed: assert 'c2 compiler bug' + JDK-8320687: sun.jvmstat.monitor.MonitoredHost .getMonitoredHost() throws unexpected exceptions when invoked concurrently + JDK-8320948: NPE due to unreported compiler error + JDK-8321204: C2: assert(false) failed: node should be in igvn hash table + JDK-8321479: java -D-D crashes + JDK-8321931: memory_swap_current_in_bytes reports 0 as 'unlimited' + JDK-8322141: SequenceInputStream.transferTo should not return as soon as Long.MAX_VALUE bytes have been transferred + JDK-8322475: Extend printing for System.map + JDK-8323795: jcmd Compiler.codecache should print total size of code cache + JDK-8324345: Stack overflow during C2 compilation when splitting memory phi + JDK-8324678: Replace NULL with nullptr in HotSpot gtests + JDK-8324681: Replace NULL with nullptr in HotSpot jtreg test native code files + JDK-8324799: Use correct extension for C++ test headers + JDK-8324880: Rename get_stack_trace.h + JDK-8325055: Rename Injector.h + JDK-8325180: Rename jvmti_FollowRefObjects.h + JDK-8325347: Rename native_thread.h + JDK-8325367: Rename nsk_list.h + JDK-8325435: [macos] Menu or JPopupMenu not closed when main window is resized + JDK-8325456: Rename nsk_mutex.h + JDK-8325458: Rename mlvmJvmtiUtils.h + JDK-8325680: Uninitialised memory in deleteGSSCB of GSSLibStub.c:179 + JDK-8325682: Rename nsk_strace.h + JDK-8325910: Rename jnihelper.h + JDK-8326090: Rename jvmti_aod.h + JDK-8326389: [test] improve assertEquals failure output + JDK-8326524: Rename agent_common.h + JDK-8326586: Improve Speed of System.map + JDK-8327071: [Testbug] g-tests for cgroup leave files in /tmp on linux + JDK-8327169: serviceability/dcmd/vm/SystemMapTest.java and SystemDumpMapTest.java may fail after JDK-8326586 + JDK-8327370: (ch) sun.nio.ch.Poller.register throws AssertionError + JDK-8327461: KeyStore getEntry is not thread-safe + JDK-8328107: Shenandoah/C2: TestVerifyLoopOptimizations test failure + JDK-8328301: Convert Applet test ManualHTMLDataFlavorTest.java to main program + JDK-8328482: Convert and Open source few manual applet test to main based + JDK-8328484: Convert and Opensource few JFileChooser applet test to main + JDK-8328648: Remove applet usage from JFileChooser tests bug4150029 + JDK-8328670: Automate and open source few closed manual applet test + JDK-8328673: Convert closed text/html/CSS manual applet test to main + JDK-8328864: NullPointerException in sun.security.jca.ProviderList.getService() + JDK-8329261: G1: interpreter post-barrier x86 code asserts index size of wrong buffer + JDK-8329729: java/util/Properties/StoreReproducibilityTest.java times out + JDK-8330106: C2: VectorInsertNode::make() shouldn't call ConINode::make() directly + JDK-8330158: C2: Loop strip mining uses ABS with min int + JDK-8330534: Update nsk/jdwp tests to use driver instead of othervm + JDK-8330598: java/net/httpclient/Http1ChunkedTest.java fails with java.util.MissingFormatArgumentException: Format specifier '%s' + JDK-8330936: [ubsan] exclude function BilinearInterp and ShapeSINextSpan in libawt java2d from ubsan checks + JDK-8331088: Incorrect TraceLoopPredicate output + JDK-8331735: UpcallLinker::on_exit races with GC when copying frame anchor + JDK-8332252: Clean up vmTestbase/vm/share + JDK-8332506: SIGFPE In ObjectSynchronizer::is_async_deflation_needed() + JDK-8332631: Update nsk.share.jpda.BindServer to don't use finalization + JDK-8332641: Update nsk.share.jpda.Jdb to don't use finalization + JDK-8332880: JFR GCHelper class recognizes 'Archive' regions as valid + JDK-8332921: Ctrl+C does not call shutdown hooks after JLine upgrade + JDK-8333013: Update vmTestbase/nsk/share/LocalProcess.java to don't use finalization + JDK-8333117: Remove support of remote and manual debuggee launchers + JDK-8333680: com/sun/tools/attach/BasicTests.java fails with 'SocketException: Permission denied: connect' + JDK-8333805: Replaying compilation with null static final fields results in a crash + JDK-8333890: Fatal error in auto-vectorizer with float16 kernel. + JDK-8334644: Automate javax/print/attribute/PageRangesException.java + JDK-8334780: Crash: assert(h_array_list.not_null()) failed: invariant + JDK-8334895: OpenJDK fails to configure on linux aarch64 when CDS is disabled after JDK-8331942 + JDK-8335181: Incorrect handling of HTTP/2 GOAWAY frames in HttpClient + JDK-8335643: serviceability/dcmd/vm tests fail for ZGC after JDK-8322475 + JDK-8335662: [AArch64] C1: guarantee(val < (1ULL << nbits)) failed: Field too big for insn + JDK-8335684: Test ThreadCpuTime.java should pause like ThreadCpuTimeArray.java + JDK-8335710: serviceability/dcmd/vm/SystemDumpMapTest.java and SystemMapTest.java fail on Linux Alpine after 8322475 + JDK-8335836: serviceability/jvmti/StartPhase/AllowedFunctions/ /AllowedFunctions.java fails with unexpected exit code: 112 + JDK-8335860: compiler/vectorization/ /TestFloat16VectorConvChain.java fails with non-standard AVX/SSE settings + JDK-8336042: Caller/callee param size mismatch in deoptimization causes crash + JDK-8336499: Failure when creating non-CRT RSA private keys in SunPKCS11 + JDK-8336587: failure_handler lldb command times out on macosx-aarch64 core file + JDK-8336827: compiler/vectorization/ /TestFloat16VectorConvChain.java timeouts on ppc64 platforms after JDK-8335860 + JDK-8337221: CompileFramework: test library to conveniently compile java and jasm sources for fuzzing + JDK-8337299: vmTestbase/nsk/jdb/stop_at/stop_at002/ /stop_at002.java failure goes undetected + JDK-8337681: PNGImageWriter uses much more memory than necessary + JDK-8337795: Type annotation attached to incorrect type during class reading + JDK-8337958: Out-of-bounds array access in secondary_super_cache + JDK-8337981: ShenandoahHeap::is_in should check for alive regions + JDK-8337998: CompletionFailure in getEnclosingType attaching type annotations + JDK-8338010: WB_IsFrameDeoptimized miss ResourceMark + JDK-8338064: Give better error for ConcurrentHashTable corruption + JDK-8338136: Hotspot should support multiple large page sizes on Windows + JDK-8338154: Fix -Wzero-as-null-pointer-constant warnings in gtest framework + JDK-8338202: Shenandoah: Improve handshake closure labels + JDK-8338314: JFR: Split JFRCheckpoint VM operation + JDK-8339148: Make os::Linux::active_processor_count() public + JDK-8339288: Improve diagnostic logging runtime/cds/DeterministicDump.java + JDK-8339300: CollectorPolicy.young_scaled_initial_ergo_vm gtest fails on ppc64 based platforms + JDK-8339538: Wrong timeout computations in DnsClient + JDK-8339639: Opensource few AWT PopupMenu tests + JDK-8339678: Update runtime/condy tests to be executed with VM flags + JDK-8339727: Open source several AWT focus tests - series 1 + JDK-8339769: Incorrect error message during startup if working directory does not exist + JDK-8339794: Open source closed choice tests #1 + JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract + JDK-8339836: Open source several AWT Mouse tests - Batch 1 + JDK-8339842: Open source several AWT focus tests - series 2 + JDK-8339895: Open source several AWT focus tests - series 3 + JDK-8339906: Open source several AWT focus tests - series 4 + JDK-8339935: Open source several AWT focus tests - series 5 + JDK-8339982: Open source several AWT Mouse tests - Batch 2 + JDK-8339984: Open source AWT MenuItem related tests + JDK-8339995: Open source several AWT focus tests - series 6 + JDK-8340024: In ClassReader, extract a constant for the superclass supertype_index + JDK-8340077: Open source few Checkbox tests - Set2 + JDK-8340084: Open source AWT Frame related tests + JDK-8340143: Open source several Java2D rendering loop tests. + JDK-8340146: ZGC: TestAllocateHeapAt.java should not run with UseLargePages + JDK-8340164: Open source few Component tests - Set1 + JDK-8340173: Open source some Component/Panel/EventQueue tests - Set2 + JDK-8340176: Replace usage of -noclassgc with -Xnoclassgc in test/jdk/java/lang/management/MemoryMXBean/LowMemoryTest2.java + JDK-8340193: Open source several AWT Dialog tests - Batch 1 + JDK-8340228: Open source couple more miscellaneous AWT tests + JDK-8340271: Open source several AWT Robot tests + JDK-8340279: Open source several AWT Dialog tests - Batch 2 + JDK-8340332: Open source mixed AWT tests - Set3 + JDK-8340366: Open source several AWT Dialog tests - Batch 3 + JDK-8340367: Opensource few AWT image tests + JDK-8340393: Open source closed choice tests #2 + JDK-8340407: Open source a few more Component related tests + JDK-8340417: Open source some MenuBar tests - Set1 + JDK-8340432: Open source some MenuBar tests - Set2 + JDK-8340433: Open source closed choice tests #3 + JDK-8340437: Open source few more AWT Frame related tests + JDK-8340458: Open source additional Component tests (part 2) + JDK-8340555: Open source DnD tests - Set4 + JDK-8340560: Open Source several AWT/2D font and rendering tests + JDK-8340605: Open source several AWT PopupMenu tests + JDK-8340621: Open source several AWT List tests + JDK-8340625: Open source additional Component tests (part 3) + JDK-8340639: Open source few more AWT List tests + JDK-8340713: Open source DnD tests - Set5 + JDK-8340784: Remove PassFailJFrame constructor with screenshots + JDK-8340790: Open source several AWT Dialog tests - Batch 4 + JDK-8340809: Open source few more AWT PopupMenu tests + JDK-8340874: Open source some of the AWT Geometry/Button tests + JDK-8340907: Open source closed frame tests # 2 + JDK-8340966: Open source few Checkbox and Cursor tests - Set1 + JDK-8340967: Open source few Cursor tests - Set2 + JDK-8340978: Open source few DnD tests - Set6 + JDK-8340985: Open source some Desktop related tests + JDK-8341000: Open source some of the AWT Window tests + JDK-8341004: Open source AWT FileDialog related tests + JDK-8341072: Open source several AWT Canvas and Rectangle related tests + JDK-8341128: open source some 2d graphics tests + JDK-8341148: Open source several Choice related tests + JDK-8341162: Open source some of the AWT window test + JDK-8341170: Open source several Choice related tests (part 2) + JDK-8341177: Opensource few List and a Window test + JDK-8341191: Open source few more AWT FileDialog tests + JDK-8341239: Open source closed frame tests # 3 + JDK-8341257: Open source few DND tests - Set1 + JDK-8341258: Open source few various AWT tests - Set1 + JDK-8341278: Open source few TrayIcon tests - Set7 + JDK-8341298: Open source more AWT window tests + JDK-8341373: Open source closed frame tests # 4 + JDK-8341378: Open source few TrayIcon tests - Set8 + JDK-8341447: Open source closed frame tests # 5 + JDK-8341535: sun/awt/font/TestDevTransform.java fails with RuntimeException: Different rendering + JDK-8341637: java/net/Socket/UdpSocket.java fails with 'java.net.BindException: Address already in use' (macos-aarch64) + JDK-8341779: [REDO BACKPORT] type annotations are not visible to javac plugins across compilation boundaries (JDK-8225377) + JDK-8341972: java/awt/dnd/DnDRemoveFocusOwnerCrashTest.java timed out after JDK-8341257 + JDK-8342075: HttpClient: improve HTTP/2 flow control checks + JDK-8342376: More reliable OOM handling in ExceptionDuringDumpAtObjectsInitPhase test + JDK-8342524: Use latch in AbstractButton/bug6298940.java instead of delay + JDK-8342633: javax/management/security/ /HashedPasswordFileTest.java creates tmp file in src dir + JDK-8342958: Use jvmArgs consistently in microbenchmarks + JDK-8343019: Primitive caches must use boxed instances from the archive + JDK-8343037: Missing @since tag on JColorChooser.showDialog overload + JDK-8343103: Enable debug logging for vmTestbase/nsk/jvmti/ /scenarios/sampling/SP05/sp05t003/TestDescription.java + JDK-8343124: Tests fails with java.lang.IllegalAccessException: class com.sun.javatest.regtest.agent.MainWrapper$MainTask cannot access + JDK-8343144: UpcallLinker::on_entry racingly clears pending exception with GC safepoints + JDK-8343170: java/awt/Cursor/JPanelCursorTest/ /JPanelCursorTest.java does not show the default cursor + JDK-8343224: print/Dialog/PaperSizeError.java fails with MediaSizeName is not A4: A4 + JDK-8343342: java/io/File/GetXSpace.java fails on Windows with CD-ROM drive + JDK-8343345: Use -jvmArgsPrepend when running microbenchmarks in RunTests.gmk + JDK-8343529: serviceability/sa/ClhsdbWhere.java fails AssertionFailure: Corrupted constant pool + JDK-8343754: Problemlist jdk/jfr/event/oldobject/TestShenandoah.java after JDK-8279016 + JDK-8343855: HTTP/2 ConnectionWindowUpdateSender may miss some unprocessed DataFrames from closed streams + JDK-8343891: Test javax/swing/JTabbedPane/ /TestJTabbedPaneBackgroundColor.java failed + JDK-8343936: Adjust timeout in test javax/management/monitor/DerivedGaugeMonitorTest.java + JDK-8344316: security/auth/callback/TextCallbackHandler/ /Password.java make runnable with JTReg and add the UI + JDK-8344346: java/net/httpclient/ShutdownNow.java fails with java.lang.AssertionError: client was still running, but exited after further delay: timeout should be adjusted + JDK-8344361: Restore null return for invalid services from legacy providers + JDK-8344414: ZGC: Another division by zero in rule_major_allocation_rate + JDK-8344925: translet-name ignored when package-name is also set + JDK-8345133: Test sun/security/tools/jarsigner/ /TsacertOptionTest.java failed: Warning found in stdout + JDK-8345134: Test sun/security/tools/jarsigner/ /ConciseJarsigner.java failed: unable to find valid certification path to requested target + JDK-8345146: [PPC64] Make intrinsic conversions between bit representations of half precision values and floats + JDK-8345341: Fix incorrect log message in JDI stop002t test + JDK-8345357: test/jdk/javax/swing/JRadioButton/8033699/ /bug8033699.java fails in ubuntu22.04 + JDK-8345447: test/jdk/javax/swing/JToolBar/4529206/ /bug4529206.java fails in ubuntu22.04 + JDK-8345547: test/jdk/javax/swing/text/DefaultEditorKit/ /4278839/bug4278839.java fails in ubuntu22.04 + JDK-8345598: Upgrade NSS binaries for interop tests + JDK-8345625: Better HTTP connections + JDK-8345728: [Accessibility,macOS,Screen Magnifier]: JCheckbox unchecked state does not magnify but works for checked state + JDK-8345838: Remove the appcds/javaldr/AnonVmClassesDuringDump.java test + JDK-8346049: jdk/test/lib/security/timestamp/TsaServer.java warnings + JDK-8346082: Output JVMTI agent information in hserr files + JDK-8346264: 'Total compile time' counter should include time spent in failing/bailout compiles + JDK-8346581: JRadioButton/ButtonGroupFocusTest.java fails in CI on Linux + JDK-8346888: [ubsan] block.cpp:1617:30: runtime error: 9.97582e+36 is outside the range of representable values of type 'int' + JDK-8347000: Bug in com/sun/net/httpserver/bugs/B6361557.java test + JDK-8347019: Test javax/swing/JRadioButton/8033699/ /bug8033699.java still fails: Focus is not on Radio Button Single as Expected + JDK-8347083: Incomplete logging in nsk/jvmti/ /ResourceExhausted/resexhausted00* tests + JDK-8347126: gc/stress/TestStressG1Uncommit.java gets OOM-killed + JDK-8347173: java/net/DatagramSocket/ /InterruptibleDatagramSocket.java fails with virtual thread factory + JDK-8347286: (fs) Remove some extensions from java/nio/file/Files/probeContentType/Basic.java + JDK-8347296: WinInstallerUiTest fails in local test runs if the path to test work directory is longer that regular + JDK-8347373: HTTP/2 flow control checks may count unprocessed data twice + JDK-8347506: Compatible OCSP readtimeout property with OCSP timeout + JDK-8347596: Update HSS/LMS public key encoding + JDK-8347629: Test FailOverDirectExecutionControlTest.java fails with -Xcomp + JDK-8347995: Race condition in jdk/java/net/httpclient/ /offline/FixedResponseHttpClient.java + JDK-8348107: test/jdk/java/net/httpclient/ /HttpsTunnelAuthTest.java fails intermittently + JDK-8348110: Update LCMS to 2.17 + JDK-8348299: Update List/ItemEventTest/ItemEventTest.java + JDK-8348323: Corrupted timezone string in JVM crash log + JDK-8348596: Update FreeType to 2.13.3 + JDK-8348597: Update HarfBuzz to 10.4.0 + JDK-8348598: Update Libpng to 1.6.47 + JDK-8348600: Update PipeWire to 1.3.81 + JDK-8348865: JButton/bug4796987.java never runs because Windows XP is unavailable + JDK-8348936: [Accessibility,macOS,VoiceOver] VoiceOver doesn't announce untick on toggling the checkbox with 'space' key on macOS + JDK-8348989: Better Glyph drawing + JDK-8349111: Enhance Swing supports + JDK-8349200: [JMH] time.format.ZonedDateTimeFormatterBenchmark fails + JDK-8349348: Refactor ClassLoaderDeadlock.sh and Deadlock.sh to run fully in java + JDK-8349358: [JMH] Cannot access class jdk.internal.vm.ContinuationScope + JDK-8349492: Update sun/security/pkcs12/ /KeytoolOpensslInteropTest.java to use a recent Openssl version + JDK-8349501: Relocate supporting classes in security/testlibrary to test/lib/jdk tree + JDK-8349594: Enhance TLS protocol support + JDK-8349623: [ASAN] Gtest os_linux.glibc_mallinfo_wrapper_vm fails + JDK-8349637: Integer.numberOfLeadingZeros outputs incorrectly in certain cases + JDK-8349751: AIX build failure after upgrade pipewire to 1.3.81 + JDK-8350201: Out of bounds access on Linux aarch64 in os::print_register_info + JDK-8350211: CTW: Attempt to preload all classes in constant pool + JDK-8350224: Test javax/swing/JComboBox/ /TestComboBoxComponentRendering.java fails in ubuntu 23.x and later + JDK-8350260: Improve HTML instruction formatting in PassFailJFrame + JDK-8350313: Include timings for leaving safepoint in safepoint logging + JDK-8350383: Test: add more test case for string compare (UL case) + JDK-8350386: Test TestCodeCacheFull.java fails with option -XX:-UseCodeCacheFlushing + JDK-8350412: [21u] AArch64: Ambiguous frame layout leads to incorrect traces in JFR + JDK-8350483: AArch64: turn on signum intrinsics by default on Ampere CPUs + JDK-8350498: Remove two Camerfirma root CA certificates + JDK-8350546: Several java/net/InetAddress tests fails UnknownHostException + JDK-8350616: Skip ValidateHazardPtrsClosure in non-debug builds + JDK-8350650: Bump update version for OpenJDK: jdk-21.0.8 + JDK-8350682: [JMH] vector.IndexInRangeBenchmark failed with IndexOutOfBoundsException for size=1024 + JDK-8350786: Some java/lang jtreg tests miss requires vm.hasJFR + JDK-8350924: javax/swing/JMenu/4213634/bug4213634.java fails + JDK-8350991: Improve HTTP client header handling + JDK-8351086: (fc) Make java/nio/channels/FileChannel/ /BlockDeviceSize.java test manual + JDK-8351500: G1: NUMA migrations cause crashes in region allocation + JDK-8351665: Remove unused UseNUMA in os_aix.cpp + JDK-8351933: Inaccurate masking of TC subfield decrement in ForkJoinPool + JDK-8352076: [21u] Problem list tests that fail in 21 and would be fixed by 8309622 + JDK-8352109: java/awt/Desktop/MailTest.java fails in platforms where Action.MAIL is not supported + JDK-8352302: Test sun/security/tools/jarsigner/ /TimestampCheck.java is failing + JDK-8352512: TestVectorZeroCount: counter not reset between iterations + JDK-8352676: Opensource JMenu tests - series1 + JDK-8352680: Opensource few misc swing tests + JDK-8352684: Opensource JInternalFrame tests - series1 + JDK-8352706: httpclient HeadTest does not run on HTTP2 + JDK-8352716: (tz) Update Timezone Data to 2025b + JDK-8352908: Open source several swing tests batch1 + JDK-8352942: jdk/jfr/startupargs/TestMemoryOptions.java fails with 32-bit build + JDK-8353070: Clean up and open source couple AWT Graphics related tests (Part 1) + JDK-8353138: Screen capture for test TaskbarPositionTest.java, failure case + JDK-8353190: Use '/native' Run Option for TestAvailableProcessors Execution + JDK-8353237: [AArch64] Incorrect result of VectorizedHashCode intrinsic on Cortex-A53 + JDK-8353320: Open source more Swing text tests + JDK-8353446: Open source several AWT Menu tests - Batch 2 + JDK-8353475: Open source two Swing DefaultCaret tests + JDK-8353685: Open some JComboBox bugs 4 + JDK-8353709: Debug symbols bundle should contain full debug files when building --with-external-symbols-in-bundles=public + JDK-8353787: Increased number of SHA-384-Digest java.util.jar.Attributes$Name instances leading to higher memory footprint + JDK-8353942: Open source Swing Tests - Set 5 + JDK-8354255: [jittester] Remove TempDir debug output + JDK-8354530: AIX: sporadic unexpected errno when calling setsockopt in Net.joinOrDrop + JDK-8354554: Open source several clipboard tests batch1 + JDK-8354802: MAX_SECS definition is unused in os_linux + JDK-8354893: [REDO BACKPORT] javac crashes while adding type annotations to the return type of a constructor (JDK-8320001) + JDK-8355498: [AIX] Adapt code for C++ VLA rule + JDK-8356053: Test java/awt/Toolkit/Headless/ /HeadlessToolkit.java fails by timeout + JDK-8356096: ISO 4217 Amendment 179 Update + JDK-8356571: Re-enable -Wtype-limits for GCC in LCMS + JDK-8357105: C2: compilation fails with 'assert(false) failed: empty program detected during loop optimization' + JDK-8357193: [VS 2022 17.14] Warning C5287 in debugInit.c: enum type mismatch during build + JDK-8359170: Add 2 TLS and 2 CS Sectigo roots + JDK-8360147: Better Glyph drawing redux + JDK-8360406: [21u] Disable logic for attaching type annotations to class files until 8359336 is fixed + JDK-8361672: [21u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.8 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - openssl-3-3.2.3-150700.5.15.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - java-21-openjdk-headless-21.0.8.0-150600.3.15.1 updated - java-21-openjdk-21.0.8.0-150600.3.15.1 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Sun Aug 10 07:08:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 Aug 2025 09:08:39 +0200 (CEST) Subject: SUSE-CU-2025:6050-1: Security update of bci/openjdk Message-ID: <20250810070839.35355FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6050-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.8.0 , bci/openjdk:21.0.8.0-11.10 , bci/openjdk:latest Container Release : 11.10 Severity : important Type : security References : 1213796 1230959 1231748 1232326 1245573 1246428 1246575 1246584 1246595 1246597 1246598 CVE-2025-30749 CVE-2025-30754 CVE-2025-50059 CVE-2025-50106 CVE-2025-6297 CVE-2025-6965 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2657-1 Released: Mon Aug 4 12:34:32 2025 Summary: Security update for java-21-openjdk Type: security Severity: important References: 1213796,1246575,1246584,1246595,1246598,CVE-2025-30749,CVE-2025-30754,CVE-2025-50059,CVE-2025-50106 This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.8+9 (July 2025 CPU): Security fixes: - CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595) - CVE-2025-30754: incomplete handshake may lead to weakening TLS protections (bsc#1246598) - CVE-2025-50059: Improve HTTP client header handling (bsc#1246575) - CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584) Other fixes: - Allow compilation of openjdk for 40 years (bsc#1213796) Changelog: + JDK-6956385: URLConnection.getLastModified() leaks file handles for jar:file and file: URLs + JDK-8051591: Test javax/swing/JTabbedPane/8007563/Test8007563.java fails + JDK-8136895: Writer not closed with disk full error, file resource leaked + JDK-8180450: secondary_super_cache does not scale well + JDK-8183348: Better cleanup for jdk/test/sun/security/pkcs12/P12SecretKey.java + JDK-8200566: DistributionPointFetcher fails to fetch CRLs if the DistributionPoints field contains more than one DistributionPoint and the first one fails + JDK-8202100: Merge vm/share/InMemoryJavaCompiler w/ jdk/test/lib/compiler/InMemoryJavaCompiler + JDK-8210471: GZIPInputStream constructor could leak an un-end()ed Inflater + JDK-8211400: nsk.share.gc.Memory::getArrayLength returns wrong value + JDK-8220213: com/sun/jndi/dns/ConfigTests/Timeout.java failed intermittent + JDK-8249831: Test sun/security/mscapi/nonUniqueAliases/ /NonUniqueAliases.java is marked with @ignore + JDK-8253440: serviceability/sa/TestJhsdbJstackLineNumbers.java failed with 'Didn't find enough line numbers' + JDK-8256211: assert fired in java/net/httpclient/DependentPromiseActionsTest (infrequent) + JDK-8258483: [TESTBUG] gtest CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is too small + JDK-8267174: Many test files have the wrong Copyright header + JDK-8270269: Desktop.browse method fails if earlier CoInitialize call as COINIT_MULTITHREADED + JDK-8276995: Bug in jdk.jfr.event.gc.collection.TestSystemGC + JDK-8279016: JFR Leak Profiler is broken with Shenandoah + JDK-8280991: [XWayland] No displayChanged event after setDisplayMode call + JDK-8281511: java/net/ipv6tests/UdpTest.java fails with checkTime failed + JDK-8282726: java/net/vthread/BlockingSocketOps.java timeout/hang intermittently on Windows + JDK-8286204: [Accessibility,macOS,VoiceOver] VoiceOver reads the spinner value 10 as 1 when user iterates to 10 for the first time on macOS + JDK-8286789: Test forceEarlyReturn002.java timed out + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit access thread fields from native + JDK-8294155: Exception thrown before awaitAndCheck hangs PassFailJFrame + JDK-8295804: javax/swing/JFileChooser/ /JFileChooserSetLocationTest.java failed with 'setLocation() is not working properly' + JDK-8297692: Avoid sending per-region GCPhaseParallel JFR events in G1ScanCollectionSetRegionClosure + JDK-8303770: Remove Baltimore root certificate expiring in May 2025 + JDK-8305010: Test vmTestbase/nsk/jvmti/scenarios/sampling/ /SP05/sp05t003/TestDescription.java timed out: thread not suspended + JDK-8307318: Test serviceability/sa/ /ClhsdbCDSJstackPrintAll.java failed: ArrayIndexOutOfBoundsException + JDK-8307824: Clean up Finalizable.java and finalize terminology in vmTestbase/nsk/share + JDK-8308033: The jcmd thread dump related tests should test virtual threads + JDK-8308966: Add intrinsic for float/double modulo for x86 AVX2 and AVX512 + JDK-8309667: TLS handshake fails because of ConcurrentModificationException in PKCS12KeyStore .engineGetEntry + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8309978: [x64] Fix useless padding + JDK-8310066: Improve test coverage for JVMTI GetThreadState on carrier and mounted vthread + JDK-8310525: DynamicLauncher for JDP test needs to try harder to find a free port + JDK-8310643: Misformatted copyright messages in FFM + JDK-8312246: NPE when HSDB visits bad oop + JDK-8312475: org.jline.util.PumpReader signed byte problem + JDK-8313290: Misleading exception message from STS.Subtask::get when task forked after shutdown + JDK-8313430: [JVMCI] fatal error: Never compilable: in JVMCI shutdown + JDK-8313654: Test WaitNotifySuspendedVThreadTest.java timed out + JDK-8314056: Remove runtime platform check from frem/drem + JDK-8314136: Test java/net/httpclient/CancelRequestTest.java failed: WARNING: tracker for HttpClientImpl(42) has outstanding operations + JDK-8314236: Overflow in Collections.rotate + JDK-8314319: LogCompilation doesn't reset lateInlining when it encounters a failure. + JDK-8314840: 3 gc/epsilon tests ignore external vm options + JDK-8314842: zgc/genzgc tests ignore vm flags + JDK-8315128: jdk/jfr/event/runtime/ /TestResidentSetSizeEvent.java fails with 'The size should be less than or equal to peak' + JDK-8315484: java/awt/dnd/RejectDragDropActionTest.java timed out + JDK-8315669: Open source several Swing PopupMenu related tests + JDK-8315742: Open source several Swing Scroll related tests + JDK-8315827: Kitchensink.java and RenaissanceStressTest.java time out with jvmti module errors + JDK-8315871: Opensource five more Swing regression tests + JDK-8315876: Open source several Swing CSS related tests + JDK-8315951: Open source several Swing HTMLEditorKit related tests + JDK-8315981: Opensource five more random Swing tests + JDK-8316061: Open source several Swing RootPane and Slider related tests + JDK-8316324: Opensource five miscellaneous Swing tests + JDK-8316388: Opensource five Swing component related regression tests + JDK-8316452: java/lang/instrument/modules/ /AppendToClassPathModuleTest.java ignores VM flags + JDK-8316497: ColorConvertOp - typo for non-ICC conversions needs one-line fix + JDK-8316580: HttpClient with StructuredTaskScope does not close when a task fails + JDK-8316629: j.text.DateFormatSymbols setZoneStrings() exception is unhelpful + JDK-8317264: Pattern.Bound has `static` fields that should be `static final`. + JDK-8318509: x86 count_positives intrinsic broken for -XX:AVX3Threshold=0 + JDK-8318636: Add jcmd to print annotated process memory map + JDK-8318700: MacOS Zero cannot run gtests due to wrong JVM path + JDK-8318811: Compiler directives parser swallows a character after line comments + JDK-8318915: Enhance checks in BigDecimal.toPlainString() + JDK-8319439: Move BufferNode from PtrQueue files to new files + JDK-8319572: Test jdk/incubator/vector/LoadJsvmlTest.java ignores VM flags + JDK-8319690: [AArch64] C2 compilation hits offset_ok_for_immed: assert 'c2 compiler bug' + JDK-8320687: sun.jvmstat.monitor.MonitoredHost .getMonitoredHost() throws unexpected exceptions when invoked concurrently + JDK-8320948: NPE due to unreported compiler error + JDK-8321204: C2: assert(false) failed: node should be in igvn hash table + JDK-8321479: java -D-D crashes + JDK-8321931: memory_swap_current_in_bytes reports 0 as 'unlimited' + JDK-8322141: SequenceInputStream.transferTo should not return as soon as Long.MAX_VALUE bytes have been transferred + JDK-8322475: Extend printing for System.map + JDK-8323795: jcmd Compiler.codecache should print total size of code cache + JDK-8324345: Stack overflow during C2 compilation when splitting memory phi + JDK-8324678: Replace NULL with nullptr in HotSpot gtests + JDK-8324681: Replace NULL with nullptr in HotSpot jtreg test native code files + JDK-8324799: Use correct extension for C++ test headers + JDK-8324880: Rename get_stack_trace.h + JDK-8325055: Rename Injector.h + JDK-8325180: Rename jvmti_FollowRefObjects.h + JDK-8325347: Rename native_thread.h + JDK-8325367: Rename nsk_list.h + JDK-8325435: [macos] Menu or JPopupMenu not closed when main window is resized + JDK-8325456: Rename nsk_mutex.h + JDK-8325458: Rename mlvmJvmtiUtils.h + JDK-8325680: Uninitialised memory in deleteGSSCB of GSSLibStub.c:179 + JDK-8325682: Rename nsk_strace.h + JDK-8325910: Rename jnihelper.h + JDK-8326090: Rename jvmti_aod.h + JDK-8326389: [test] improve assertEquals failure output + JDK-8326524: Rename agent_common.h + JDK-8326586: Improve Speed of System.map + JDK-8327071: [Testbug] g-tests for cgroup leave files in /tmp on linux + JDK-8327169: serviceability/dcmd/vm/SystemMapTest.java and SystemDumpMapTest.java may fail after JDK-8326586 + JDK-8327370: (ch) sun.nio.ch.Poller.register throws AssertionError + JDK-8327461: KeyStore getEntry is not thread-safe + JDK-8328107: Shenandoah/C2: TestVerifyLoopOptimizations test failure + JDK-8328301: Convert Applet test ManualHTMLDataFlavorTest.java to main program + JDK-8328482: Convert and Open source few manual applet test to main based + JDK-8328484: Convert and Opensource few JFileChooser applet test to main + JDK-8328648: Remove applet usage from JFileChooser tests bug4150029 + JDK-8328670: Automate and open source few closed manual applet test + JDK-8328673: Convert closed text/html/CSS manual applet test to main + JDK-8328864: NullPointerException in sun.security.jca.ProviderList.getService() + JDK-8329261: G1: interpreter post-barrier x86 code asserts index size of wrong buffer + JDK-8329729: java/util/Properties/StoreReproducibilityTest.java times out + JDK-8330106: C2: VectorInsertNode::make() shouldn't call ConINode::make() directly + JDK-8330158: C2: Loop strip mining uses ABS with min int + JDK-8330534: Update nsk/jdwp tests to use driver instead of othervm + JDK-8330598: java/net/httpclient/Http1ChunkedTest.java fails with java.util.MissingFormatArgumentException: Format specifier '%s' + JDK-8330936: [ubsan] exclude function BilinearInterp and ShapeSINextSpan in libawt java2d from ubsan checks + JDK-8331088: Incorrect TraceLoopPredicate output + JDK-8331735: UpcallLinker::on_exit races with GC when copying frame anchor + JDK-8332252: Clean up vmTestbase/vm/share + JDK-8332506: SIGFPE In ObjectSynchronizer::is_async_deflation_needed() + JDK-8332631: Update nsk.share.jpda.BindServer to don't use finalization + JDK-8332641: Update nsk.share.jpda.Jdb to don't use finalization + JDK-8332880: JFR GCHelper class recognizes 'Archive' regions as valid + JDK-8332921: Ctrl+C does not call shutdown hooks after JLine upgrade + JDK-8333013: Update vmTestbase/nsk/share/LocalProcess.java to don't use finalization + JDK-8333117: Remove support of remote and manual debuggee launchers + JDK-8333680: com/sun/tools/attach/BasicTests.java fails with 'SocketException: Permission denied: connect' + JDK-8333805: Replaying compilation with null static final fields results in a crash + JDK-8333890: Fatal error in auto-vectorizer with float16 kernel. + JDK-8334644: Automate javax/print/attribute/PageRangesException.java + JDK-8334780: Crash: assert(h_array_list.not_null()) failed: invariant + JDK-8334895: OpenJDK fails to configure on linux aarch64 when CDS is disabled after JDK-8331942 + JDK-8335181: Incorrect handling of HTTP/2 GOAWAY frames in HttpClient + JDK-8335643: serviceability/dcmd/vm tests fail for ZGC after JDK-8322475 + JDK-8335662: [AArch64] C1: guarantee(val < (1ULL << nbits)) failed: Field too big for insn + JDK-8335684: Test ThreadCpuTime.java should pause like ThreadCpuTimeArray.java + JDK-8335710: serviceability/dcmd/vm/SystemDumpMapTest.java and SystemMapTest.java fail on Linux Alpine after 8322475 + JDK-8335836: serviceability/jvmti/StartPhase/AllowedFunctions/ /AllowedFunctions.java fails with unexpected exit code: 112 + JDK-8335860: compiler/vectorization/ /TestFloat16VectorConvChain.java fails with non-standard AVX/SSE settings + JDK-8336042: Caller/callee param size mismatch in deoptimization causes crash + JDK-8336499: Failure when creating non-CRT RSA private keys in SunPKCS11 + JDK-8336587: failure_handler lldb command times out on macosx-aarch64 core file + JDK-8336827: compiler/vectorization/ /TestFloat16VectorConvChain.java timeouts on ppc64 platforms after JDK-8335860 + JDK-8337221: CompileFramework: test library to conveniently compile java and jasm sources for fuzzing + JDK-8337299: vmTestbase/nsk/jdb/stop_at/stop_at002/ /stop_at002.java failure goes undetected + JDK-8337681: PNGImageWriter uses much more memory than necessary + JDK-8337795: Type annotation attached to incorrect type during class reading + JDK-8337958: Out-of-bounds array access in secondary_super_cache + JDK-8337981: ShenandoahHeap::is_in should check for alive regions + JDK-8337998: CompletionFailure in getEnclosingType attaching type annotations + JDK-8338010: WB_IsFrameDeoptimized miss ResourceMark + JDK-8338064: Give better error for ConcurrentHashTable corruption + JDK-8338136: Hotspot should support multiple large page sizes on Windows + JDK-8338154: Fix -Wzero-as-null-pointer-constant warnings in gtest framework + JDK-8338202: Shenandoah: Improve handshake closure labels + JDK-8338314: JFR: Split JFRCheckpoint VM operation + JDK-8339148: Make os::Linux::active_processor_count() public + JDK-8339288: Improve diagnostic logging runtime/cds/DeterministicDump.java + JDK-8339300: CollectorPolicy.young_scaled_initial_ergo_vm gtest fails on ppc64 based platforms + JDK-8339538: Wrong timeout computations in DnsClient + JDK-8339639: Opensource few AWT PopupMenu tests + JDK-8339678: Update runtime/condy tests to be executed with VM flags + JDK-8339727: Open source several AWT focus tests - series 1 + JDK-8339769: Incorrect error message during startup if working directory does not exist + JDK-8339794: Open source closed choice tests #1 + JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract + JDK-8339836: Open source several AWT Mouse tests - Batch 1 + JDK-8339842: Open source several AWT focus tests - series 2 + JDK-8339895: Open source several AWT focus tests - series 3 + JDK-8339906: Open source several AWT focus tests - series 4 + JDK-8339935: Open source several AWT focus tests - series 5 + JDK-8339982: Open source several AWT Mouse tests - Batch 2 + JDK-8339984: Open source AWT MenuItem related tests + JDK-8339995: Open source several AWT focus tests - series 6 + JDK-8340024: In ClassReader, extract a constant for the superclass supertype_index + JDK-8340077: Open source few Checkbox tests - Set2 + JDK-8340084: Open source AWT Frame related tests + JDK-8340143: Open source several Java2D rendering loop tests. + JDK-8340146: ZGC: TestAllocateHeapAt.java should not run with UseLargePages + JDK-8340164: Open source few Component tests - Set1 + JDK-8340173: Open source some Component/Panel/EventQueue tests - Set2 + JDK-8340176: Replace usage of -noclassgc with -Xnoclassgc in test/jdk/java/lang/management/MemoryMXBean/LowMemoryTest2.java + JDK-8340193: Open source several AWT Dialog tests - Batch 1 + JDK-8340228: Open source couple more miscellaneous AWT tests + JDK-8340271: Open source several AWT Robot tests + JDK-8340279: Open source several AWT Dialog tests - Batch 2 + JDK-8340332: Open source mixed AWT tests - Set3 + JDK-8340366: Open source several AWT Dialog tests - Batch 3 + JDK-8340367: Opensource few AWT image tests + JDK-8340393: Open source closed choice tests #2 + JDK-8340407: Open source a few more Component related tests + JDK-8340417: Open source some MenuBar tests - Set1 + JDK-8340432: Open source some MenuBar tests - Set2 + JDK-8340433: Open source closed choice tests #3 + JDK-8340437: Open source few more AWT Frame related tests + JDK-8340458: Open source additional Component tests (part 2) + JDK-8340555: Open source DnD tests - Set4 + JDK-8340560: Open Source several AWT/2D font and rendering tests + JDK-8340605: Open source several AWT PopupMenu tests + JDK-8340621: Open source several AWT List tests + JDK-8340625: Open source additional Component tests (part 3) + JDK-8340639: Open source few more AWT List tests + JDK-8340713: Open source DnD tests - Set5 + JDK-8340784: Remove PassFailJFrame constructor with screenshots + JDK-8340790: Open source several AWT Dialog tests - Batch 4 + JDK-8340809: Open source few more AWT PopupMenu tests + JDK-8340874: Open source some of the AWT Geometry/Button tests + JDK-8340907: Open source closed frame tests # 2 + JDK-8340966: Open source few Checkbox and Cursor tests - Set1 + JDK-8340967: Open source few Cursor tests - Set2 + JDK-8340978: Open source few DnD tests - Set6 + JDK-8340985: Open source some Desktop related tests + JDK-8341000: Open source some of the AWT Window tests + JDK-8341004: Open source AWT FileDialog related tests + JDK-8341072: Open source several AWT Canvas and Rectangle related tests + JDK-8341128: open source some 2d graphics tests + JDK-8341148: Open source several Choice related tests + JDK-8341162: Open source some of the AWT window test + JDK-8341170: Open source several Choice related tests (part 2) + JDK-8341177: Opensource few List and a Window test + JDK-8341191: Open source few more AWT FileDialog tests + JDK-8341239: Open source closed frame tests # 3 + JDK-8341257: Open source few DND tests - Set1 + JDK-8341258: Open source few various AWT tests - Set1 + JDK-8341278: Open source few TrayIcon tests - Set7 + JDK-8341298: Open source more AWT window tests + JDK-8341373: Open source closed frame tests # 4 + JDK-8341378: Open source few TrayIcon tests - Set8 + JDK-8341447: Open source closed frame tests # 5 + JDK-8341535: sun/awt/font/TestDevTransform.java fails with RuntimeException: Different rendering + JDK-8341637: java/net/Socket/UdpSocket.java fails with 'java.net.BindException: Address already in use' (macos-aarch64) + JDK-8341779: [REDO BACKPORT] type annotations are not visible to javac plugins across compilation boundaries (JDK-8225377) + JDK-8341972: java/awt/dnd/DnDRemoveFocusOwnerCrashTest.java timed out after JDK-8341257 + JDK-8342075: HttpClient: improve HTTP/2 flow control checks + JDK-8342376: More reliable OOM handling in ExceptionDuringDumpAtObjectsInitPhase test + JDK-8342524: Use latch in AbstractButton/bug6298940.java instead of delay + JDK-8342633: javax/management/security/ /HashedPasswordFileTest.java creates tmp file in src dir + JDK-8342958: Use jvmArgs consistently in microbenchmarks + JDK-8343019: Primitive caches must use boxed instances from the archive + JDK-8343037: Missing @since tag on JColorChooser.showDialog overload + JDK-8343103: Enable debug logging for vmTestbase/nsk/jvmti/ /scenarios/sampling/SP05/sp05t003/TestDescription.java + JDK-8343124: Tests fails with java.lang.IllegalAccessException: class com.sun.javatest.regtest.agent.MainWrapper$MainTask cannot access + JDK-8343144: UpcallLinker::on_entry racingly clears pending exception with GC safepoints + JDK-8343170: java/awt/Cursor/JPanelCursorTest/ /JPanelCursorTest.java does not show the default cursor + JDK-8343224: print/Dialog/PaperSizeError.java fails with MediaSizeName is not A4: A4 + JDK-8343342: java/io/File/GetXSpace.java fails on Windows with CD-ROM drive + JDK-8343345: Use -jvmArgsPrepend when running microbenchmarks in RunTests.gmk + JDK-8343529: serviceability/sa/ClhsdbWhere.java fails AssertionFailure: Corrupted constant pool + JDK-8343754: Problemlist jdk/jfr/event/oldobject/TestShenandoah.java after JDK-8279016 + JDK-8343855: HTTP/2 ConnectionWindowUpdateSender may miss some unprocessed DataFrames from closed streams + JDK-8343891: Test javax/swing/JTabbedPane/ /TestJTabbedPaneBackgroundColor.java failed + JDK-8343936: Adjust timeout in test javax/management/monitor/DerivedGaugeMonitorTest.java + JDK-8344316: security/auth/callback/TextCallbackHandler/ /Password.java make runnable with JTReg and add the UI + JDK-8344346: java/net/httpclient/ShutdownNow.java fails with java.lang.AssertionError: client was still running, but exited after further delay: timeout should be adjusted + JDK-8344361: Restore null return for invalid services from legacy providers + JDK-8344414: ZGC: Another division by zero in rule_major_allocation_rate + JDK-8344925: translet-name ignored when package-name is also set + JDK-8345133: Test sun/security/tools/jarsigner/ /TsacertOptionTest.java failed: Warning found in stdout + JDK-8345134: Test sun/security/tools/jarsigner/ /ConciseJarsigner.java failed: unable to find valid certification path to requested target + JDK-8345146: [PPC64] Make intrinsic conversions between bit representations of half precision values and floats + JDK-8345341: Fix incorrect log message in JDI stop002t test + JDK-8345357: test/jdk/javax/swing/JRadioButton/8033699/ /bug8033699.java fails in ubuntu22.04 + JDK-8345447: test/jdk/javax/swing/JToolBar/4529206/ /bug4529206.java fails in ubuntu22.04 + JDK-8345547: test/jdk/javax/swing/text/DefaultEditorKit/ /4278839/bug4278839.java fails in ubuntu22.04 + JDK-8345598: Upgrade NSS binaries for interop tests + JDK-8345625: Better HTTP connections + JDK-8345728: [Accessibility,macOS,Screen Magnifier]: JCheckbox unchecked state does not magnify but works for checked state + JDK-8345838: Remove the appcds/javaldr/AnonVmClassesDuringDump.java test + JDK-8346049: jdk/test/lib/security/timestamp/TsaServer.java warnings + JDK-8346082: Output JVMTI agent information in hserr files + JDK-8346264: 'Total compile time' counter should include time spent in failing/bailout compiles + JDK-8346581: JRadioButton/ButtonGroupFocusTest.java fails in CI on Linux + JDK-8346888: [ubsan] block.cpp:1617:30: runtime error: 9.97582e+36 is outside the range of representable values of type 'int' + JDK-8347000: Bug in com/sun/net/httpserver/bugs/B6361557.java test + JDK-8347019: Test javax/swing/JRadioButton/8033699/ /bug8033699.java still fails: Focus is not on Radio Button Single as Expected + JDK-8347083: Incomplete logging in nsk/jvmti/ /ResourceExhausted/resexhausted00* tests + JDK-8347126: gc/stress/TestStressG1Uncommit.java gets OOM-killed + JDK-8347173: java/net/DatagramSocket/ /InterruptibleDatagramSocket.java fails with virtual thread factory + JDK-8347286: (fs) Remove some extensions from java/nio/file/Files/probeContentType/Basic.java + JDK-8347296: WinInstallerUiTest fails in local test runs if the path to test work directory is longer that regular + JDK-8347373: HTTP/2 flow control checks may count unprocessed data twice + JDK-8347506: Compatible OCSP readtimeout property with OCSP timeout + JDK-8347596: Update HSS/LMS public key encoding + JDK-8347629: Test FailOverDirectExecutionControlTest.java fails with -Xcomp + JDK-8347995: Race condition in jdk/java/net/httpclient/ /offline/FixedResponseHttpClient.java + JDK-8348107: test/jdk/java/net/httpclient/ /HttpsTunnelAuthTest.java fails intermittently + JDK-8348110: Update LCMS to 2.17 + JDK-8348299: Update List/ItemEventTest/ItemEventTest.java + JDK-8348323: Corrupted timezone string in JVM crash log + JDK-8348596: Update FreeType to 2.13.3 + JDK-8348597: Update HarfBuzz to 10.4.0 + JDK-8348598: Update Libpng to 1.6.47 + JDK-8348600: Update PipeWire to 1.3.81 + JDK-8348865: JButton/bug4796987.java never runs because Windows XP is unavailable + JDK-8348936: [Accessibility,macOS,VoiceOver] VoiceOver doesn't announce untick on toggling the checkbox with 'space' key on macOS + JDK-8348989: Better Glyph drawing + JDK-8349111: Enhance Swing supports + JDK-8349200: [JMH] time.format.ZonedDateTimeFormatterBenchmark fails + JDK-8349348: Refactor ClassLoaderDeadlock.sh and Deadlock.sh to run fully in java + JDK-8349358: [JMH] Cannot access class jdk.internal.vm.ContinuationScope + JDK-8349492: Update sun/security/pkcs12/ /KeytoolOpensslInteropTest.java to use a recent Openssl version + JDK-8349501: Relocate supporting classes in security/testlibrary to test/lib/jdk tree + JDK-8349594: Enhance TLS protocol support + JDK-8349623: [ASAN] Gtest os_linux.glibc_mallinfo_wrapper_vm fails + JDK-8349637: Integer.numberOfLeadingZeros outputs incorrectly in certain cases + JDK-8349751: AIX build failure after upgrade pipewire to 1.3.81 + JDK-8350201: Out of bounds access on Linux aarch64 in os::print_register_info + JDK-8350211: CTW: Attempt to preload all classes in constant pool + JDK-8350224: Test javax/swing/JComboBox/ /TestComboBoxComponentRendering.java fails in ubuntu 23.x and later + JDK-8350260: Improve HTML instruction formatting in PassFailJFrame + JDK-8350313: Include timings for leaving safepoint in safepoint logging + JDK-8350383: Test: add more test case for string compare (UL case) + JDK-8350386: Test TestCodeCacheFull.java fails with option -XX:-UseCodeCacheFlushing + JDK-8350412: [21u] AArch64: Ambiguous frame layout leads to incorrect traces in JFR + JDK-8350483: AArch64: turn on signum intrinsics by default on Ampere CPUs + JDK-8350498: Remove two Camerfirma root CA certificates + JDK-8350546: Several java/net/InetAddress tests fails UnknownHostException + JDK-8350616: Skip ValidateHazardPtrsClosure in non-debug builds + JDK-8350650: Bump update version for OpenJDK: jdk-21.0.8 + JDK-8350682: [JMH] vector.IndexInRangeBenchmark failed with IndexOutOfBoundsException for size=1024 + JDK-8350786: Some java/lang jtreg tests miss requires vm.hasJFR + JDK-8350924: javax/swing/JMenu/4213634/bug4213634.java fails + JDK-8350991: Improve HTTP client header handling + JDK-8351086: (fc) Make java/nio/channels/FileChannel/ /BlockDeviceSize.java test manual + JDK-8351500: G1: NUMA migrations cause crashes in region allocation + JDK-8351665: Remove unused UseNUMA in os_aix.cpp + JDK-8351933: Inaccurate masking of TC subfield decrement in ForkJoinPool + JDK-8352076: [21u] Problem list tests that fail in 21 and would be fixed by 8309622 + JDK-8352109: java/awt/Desktop/MailTest.java fails in platforms where Action.MAIL is not supported + JDK-8352302: Test sun/security/tools/jarsigner/ /TimestampCheck.java is failing + JDK-8352512: TestVectorZeroCount: counter not reset between iterations + JDK-8352676: Opensource JMenu tests - series1 + JDK-8352680: Opensource few misc swing tests + JDK-8352684: Opensource JInternalFrame tests - series1 + JDK-8352706: httpclient HeadTest does not run on HTTP2 + JDK-8352716: (tz) Update Timezone Data to 2025b + JDK-8352908: Open source several swing tests batch1 + JDK-8352942: jdk/jfr/startupargs/TestMemoryOptions.java fails with 32-bit build + JDK-8353070: Clean up and open source couple AWT Graphics related tests (Part 1) + JDK-8353138: Screen capture for test TaskbarPositionTest.java, failure case + JDK-8353190: Use '/native' Run Option for TestAvailableProcessors Execution + JDK-8353237: [AArch64] Incorrect result of VectorizedHashCode intrinsic on Cortex-A53 + JDK-8353320: Open source more Swing text tests + JDK-8353446: Open source several AWT Menu tests - Batch 2 + JDK-8353475: Open source two Swing DefaultCaret tests + JDK-8353685: Open some JComboBox bugs 4 + JDK-8353709: Debug symbols bundle should contain full debug files when building --with-external-symbols-in-bundles=public + JDK-8353787: Increased number of SHA-384-Digest java.util.jar.Attributes$Name instances leading to higher memory footprint + JDK-8353942: Open source Swing Tests - Set 5 + JDK-8354255: [jittester] Remove TempDir debug output + JDK-8354530: AIX: sporadic unexpected errno when calling setsockopt in Net.joinOrDrop + JDK-8354554: Open source several clipboard tests batch1 + JDK-8354802: MAX_SECS definition is unused in os_linux + JDK-8354893: [REDO BACKPORT] javac crashes while adding type annotations to the return type of a constructor (JDK-8320001) + JDK-8355498: [AIX] Adapt code for C++ VLA rule + JDK-8356053: Test java/awt/Toolkit/Headless/ /HeadlessToolkit.java fails by timeout + JDK-8356096: ISO 4217 Amendment 179 Update + JDK-8356571: Re-enable -Wtype-limits for GCC in LCMS + JDK-8357105: C2: compilation fails with 'assert(false) failed: empty program detected during loop optimization' + JDK-8357193: [VS 2022 17.14] Warning C5287 in debugInit.c: enum type mismatch during build + JDK-8359170: Add 2 TLS and 2 CS Sectigo roots + JDK-8360147: Better Glyph drawing redux + JDK-8360406: [21u] Disable logic for attaching type annotations to class files until 8359336 is fixed + JDK-8361672: [21u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.8 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - openssl-3-3.2.3-150700.5.15.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - java-21-openjdk-headless-21.0.8.0-150600.3.15.1 updated - java-21-openjdk-21.0.8.0-150600.3.15.1 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Sun Aug 10 07:08:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 Aug 2025 09:08:46 +0200 (CEST) Subject: SUSE-CU-2025:6052-1: Security update of bci/php-apache Message-ID: <20250810070846.8FDB5FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6052-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.3.23 , bci/php-apache:8.3.23-12.11 , bci/php-apache:latest Container Release : 12.11 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Sun Aug 10 07:08:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 Aug 2025 09:08:53 +0200 (CEST) Subject: SUSE-CU-2025:6053-1: Security update of bci/php-fpm Message-ID: <20250810070853.ECA7DFF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6053-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.3.23 , bci/php-fpm:8.3.23-12.10 , bci/php-fpm:latest Container Release : 12.10 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Sun Aug 10 07:09:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 Aug 2025 09:09:01 +0200 (CEST) Subject: SUSE-CU-2025:6054-1: Security update of suse/kiosk/pulseaudio Message-ID: <20250810070901.E4137FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/pulseaudio ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6054-1 Container Tags : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-63.3 , suse/kiosk/pulseaudio:latest Container Release : 63.3 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated From sle-container-updates at lists.suse.com Sun Aug 10 07:09:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 Aug 2025 09:09:13 +0200 (CEST) Subject: SUSE-CU-2025:6055-1: Security update of bci/python Message-ID: <20250810070913.5E554FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6055-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.13 , bci/python:3.11.13-74.10 Container Release : 74.10 Severity : important Type : security References : 1244061 1244705 1245573 1246597 1247249 CVE-2025-4435 CVE-2025-6069 CVE-2025-6297 CVE-2025-6965 CVE-2025-8194 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2717-1 Released: Wed Aug 6 15:39:46 2025 Summary: Security update for python311 Type: security Severity: important References: 1244061,1244705,1247249,CVE-2025-4435,CVE-2025-6069,CVE-2025-8194 This update for python311 fixes the following issues: - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249). - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705). - CVE-2025-4435: Fixed Tarfile extracting filtered members when errorlevel=0 (bsc#1244061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libpython3_11-1_0-3.11.13-150600.3.35.1 updated - python311-base-3.11.13-150600.3.35.1 updated - python311-3.11.13-150600.3.35.2 updated - libsystemd0-254.27-150600.4.43.3 updated - python311-devel-3.11.13-150600.3.35.1 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Sun Aug 10 07:09:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 Aug 2025 09:09:23 +0200 (CEST) Subject: SUSE-CU-2025:6056-1: Security update of bci/python Message-ID: <20250810070923.B14E0FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6056-1 Container Tags : bci/python:3 , bci/python:3.13 , bci/python:3.13.5 , bci/python:3.13.5-76.9 , bci/python:latest Container Release : 76.9 Severity : important Type : security References : 1245573 1246597 CVE-2025-6297 CVE-2025-6965 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Sun Aug 10 07:09:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 Aug 2025 09:09:33 +0200 (CEST) Subject: SUSE-CU-2025:6057-1: Security update of bci/python Message-ID: <20250810070933.F321DFF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6057-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-73.9 Container Release : 73.9 Severity : important Type : security References : 1245573 1246597 CVE-2025-6297 CVE-2025-6965 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Sun Aug 10 07:09:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 Aug 2025 09:09:43 +0200 (CEST) Subject: SUSE-CU-2025:6058-1: Security update of suse/rmt-server Message-ID: <20250810070943.A7F55FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6058-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.23 , suse/rmt-server:2.23-73.10 , suse/rmt-server:latest Container Release : 73.10 Severity : important Type : security References : 1245573 1246597 CVE-2025-6297 CVE-2025-6965 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - libudev1-254.27-150600.4.43.3 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Sun Aug 10 07:09:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 Aug 2025 09:09:53 +0200 (CEST) Subject: SUSE-CU-2025:6059-1: Security update of bci/ruby Message-ID: <20250810070953.208F5FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6059-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-12.9 , bci/ruby:latest Container Release : 12.9 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Sun Aug 10 07:10:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 Aug 2025 09:10:00 +0200 (CEST) Subject: SUSE-CU-2025:6060-1: Security update of bci/rust Message-ID: <20250810071000.CC39FFF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6060-1 Container Tags : bci/rust:1.87 , bci/rust:1.87.0 , bci/rust:1.87.0-2.3.7 , bci/rust:oldstable , bci/rust:oldstable-2.3.7 Container Release : 3.7 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Sun Aug 10 07:10:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 Aug 2025 09:10:10 +0200 (CEST) Subject: SUSE-CU-2025:6061-1: Security update of bci/rust Message-ID: <20250810071010.B6158FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6061-1 Container Tags : bci/rust:1.88 , bci/rust:1.88.0 , bci/rust:1.88.0-1.3.7 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.3.7 Container Release : 3.7 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Sun Aug 10 07:10:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 Aug 2025 09:10:24 +0200 (CEST) Subject: SUSE-CU-2025:6062-1: Security update of bci/spack Message-ID: <20250810071024.89B06FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6062-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-15.8 , bci/spack:latest Container Release : 15.8 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated From sle-container-updates at lists.suse.com Sun Aug 10 07:10:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 Aug 2025 09:10:28 +0200 (CEST) Subject: SUSE-CU-2025:6063-1: Security update of suse/kiosk/xorg-client Message-ID: <20250810071028.5567AFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6063-1 Container Tags : suse/kiosk/xorg-client:21 , suse/kiosk/xorg-client:21-64.7 , suse/kiosk/xorg-client:latest Container Release : 64.7 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container suse/kiosk/xorg-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated From sle-container-updates at lists.suse.com Sun Aug 10 07:10:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 Aug 2025 09:10:35 +0200 (CEST) Subject: SUSE-CU-2025:6064-1: Security update of suse/kiosk/xorg Message-ID: <20250810071035.65218FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6064-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-65.9 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 65.9 Severity : moderate Type : security References : 1221107 1245573 1246934 CVE-2024-2236 CVE-2025-6297 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:suse-sle15-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Sun Aug 10 07:11:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 Aug 2025 09:11:53 +0200 (CEST) Subject: SUSE-CU-2025:6065-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20250810071153.97214FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6065-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16 , suse/manager/4.3/proxy-httpd:4.3.16.9.67.12 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.67.12 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated From sle-container-updates at lists.suse.com Sun Aug 10 07:13:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 Aug 2025 09:13:03 +0200 (CEST) Subject: SUSE-CU-2025:6066-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20250810071303.6C505FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6066-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.16 , suse/manager/4.3/proxy-tftpd:4.3.16.9.57.11 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.57.11 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated From sle-container-updates at lists.suse.com Sun Aug 10 07:14:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 Aug 2025 09:14:34 +0200 (CEST) Subject: SUSE-CU-2025:6067-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250810071434.64E85FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6067-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.157 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.157 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated From sle-container-updates at lists.suse.com Sun Aug 10 07:18:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 Aug 2025 09:18:56 +0200 (CEST) Subject: SUSE-CU-2025:6069-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250810071856.7B8BBFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6069-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.159 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.159 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated From sle-container-updates at lists.suse.com Tue Aug 12 07:13:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 12 Aug 2025 09:13:27 +0200 (CEST) Subject: SUSE-CU-2025:6085-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250812071327.7790DFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6085-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.159 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.159 Severity : moderate Type : security References : 1221107 CVE-2024-2236 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2752-1 Released: Mon Aug 11 15:15:12 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). The following package changes have been done: - libgcrypt20-hmac-1.8.2-150100.8.45.1 updated - libgcrypt20-1.8.2-150100.8.45.1 updated From sle-container-updates at lists.suse.com Tue Aug 12 07:18:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 12 Aug 2025 09:18:59 +0200 (CEST) Subject: SUSE-CU-2025:6087-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250812071859.652B5FF1E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6087-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.161 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.161 Severity : moderate Type : security References : 1221107 CVE-2024-2236 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2752-1 Released: Mon Aug 11 15:15:12 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). The following package changes have been done: - libgcrypt20-hmac-1.8.2-150100.8.45.1 updated - libgcrypt20-1.8.2-150100.8.45.1 updated From sle-container-updates at lists.suse.com Tue Aug 12 13:45:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 12 Aug 2025 15:45:37 +0200 (CEST) Subject: SUSE-IU-2025:2305-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250812134537.4022EFF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2305-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.196 , suse/sle-micro/base-5.5:latest Image Release : 5.8.196 Severity : important Type : security References : 1246296 CVE-2025-7425 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2758-1 Released: Tue Aug 12 12:05:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.10.3-150500.5.32.1 updated From sle-container-updates at lists.suse.com Tue Aug 12 13:46:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 12 Aug 2025 15:46:34 +0200 (CEST) Subject: SUSE-IU-2025:2306-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250812134635.6DDD2FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2306-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.374 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.374 Severity : important Type : security References : 1246296 CVE-2025-7425 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2758-1 Released: Tue Aug 12 12:05:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.10.3-150500.5.32.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.196 updated From sle-container-updates at lists.suse.com Tue Aug 12 13:48:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 12 Aug 2025 15:48:07 +0200 (CEST) Subject: SUSE-IU-2025:2307-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250812134807.A6AE1FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2307-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.461 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.461 Severity : important Type : security References : 1246296 CVE-2025-7425 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2758-1 Released: Tue Aug 12 12:05:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.10.3-150500.5.32.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.350 updated From sle-container-updates at lists.suse.com Tue Aug 12 13:49:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 12 Aug 2025 15:49:37 +0200 (CEST) Subject: SUSE-IU-2025:2308-1: Security update of suse/sle-micro/5.5 Message-ID: <20250812134937.ABF8BFF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2308-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.350 , suse/sle-micro/5.5:latest Image Release : 5.5.350 Severity : important Type : security References : 1246296 CVE-2025-7425 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2758-1 Released: Tue Aug 12 12:05:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.10.3-150500.5.32.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.196 updated From sle-container-updates at lists.suse.com Tue Aug 12 13:51:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 12 Aug 2025 15:51:32 +0200 (CEST) Subject: SUSE-CU-2025:6090-1: Security update of private-registry/harbor-db Message-ID: <20250812135132.39FDEFF2D@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6090-1 Container Tags : private-registry/harbor-db:2.12 , private-registry/harbor-db:2.12.2 , private-registry/harbor-db:2.12.2-2.17 , private-registry/harbor-db:latest Container Release : 2.17 Severity : important Type : security References : 1246296 CVE-2025-7425 ----------------------------------------------------------------- The container private-registry/harbor-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2758-1 Released: Tue Aug 12 12:05:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.10.3-150500.5.32.1 updated From sle-container-updates at lists.suse.com Tue Aug 12 13:53:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 12 Aug 2025 15:53:06 +0200 (CEST) Subject: SUSE-CU-2025:6093-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20250812135306.4A5D8FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6093-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.73 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.73 Severity : important Type : security References : 1246296 CVE-2025-7425 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2758-1 Released: Tue Aug 12 12:05:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.10.3-150500.5.32.1 updated From sle-container-updates at lists.suse.com Tue Aug 12 13:57:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 12 Aug 2025 15:57:00 +0200 (CEST) Subject: SUSE-CU-2025:6094-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250812135700.49C9AFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6094-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.90 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.90 Severity : important Type : security References : 1246296 CVE-2025-7425 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2758-1 Released: Tue Aug 12 12:05:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.10.3-150500.5.32.1 updated From sle-container-updates at lists.suse.com Wed Aug 13 07:06:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Aug 2025 09:06:59 +0200 (CEST) Subject: SUSE-CU-2025:6103-1: Security update of containers/open-webui Message-ID: <20250813070659.62959FF2D@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6103-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.9 , containers/open-webui:0.6.9-11.12 Container Release : 11.12 Severity : important Type : security References : 1243503 1246296 1247106 1247108 CVE-2025-7425 CVE-2025-8176 CVE-2025-8177 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2758-1 Released: Tue Aug 12 12:05:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2770-1 Released: Tue Aug 12 15:50:12 2025 Summary: Security update for tiff Type: security Severity: important References: 1243503,1247106,1247108,CVE-2025-8176,CVE-2025-8177 This update for tiff fixes the following issues: - Updated TIFFMergeFieldInfo() with read_count=write_count=0 for FIELD_IGNORE (bsc#1243503) - CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108) - CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow() when processing malformed TIFF files (bsc#1247106) - Add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to fix FTBFS with cmake4 - Add %check section - Remove Group: declarations, no longer used The following package changes have been done: - libxml2-2-2.10.3-150500.5.32.1 updated - libtiff6-4.7.0-150600.3.13.1 updated - python311-open-webui-0.6.9-150600.2.22 updated From sle-container-updates at lists.suse.com Wed Aug 13 07:07:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Aug 2025 09:07:15 +0200 (CEST) Subject: SUSE-CU-2025:6104-1: Security update of containers/pytorch Message-ID: <20250813070715.DEE2CFF2D@maintenance.suse.de> SUSE Container Update Advisory: containers/pytorch ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6104-1 Container Tags : containers/pytorch:2-nvidia , containers/pytorch:2.7.0-nvidia , containers/pytorch:2.7.0-nvidia-2.48 Container Release : 2.48 Severity : important Type : security References : 1246296 CVE-2025-7425 ----------------------------------------------------------------- The container containers/pytorch was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2758-1 Released: Tue Aug 12 12:05:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - libxml2-2-2.10.3-150500.5.32.1 updated - python311-torch-cuda-2.7.0-150600.2.27 updated From sle-container-updates at lists.suse.com Wed Aug 13 07:09:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Aug 2025 09:09:15 +0200 (CEST) Subject: SUSE-IU-2025:2309-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250813070915.F221FFF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2309-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.197 , suse/sle-micro/base-5.5:latest Image Release : 5.8.197 Severity : moderate Type : security References : 1221107 CVE-2024-2236 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2773-1 Released: Wed Aug 13 02:10:16 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). The following package changes have been done: - libgcrypt20-1.9.4-150500.12.3.3 updated From sle-container-updates at lists.suse.com Wed Aug 13 07:10:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Aug 2025 09:10:20 +0200 (CEST) Subject: SUSE-IU-2025:2310-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250813071020.669E0FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2310-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.376 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.376 Severity : moderate Type : security References : 1221107 CVE-2024-2236 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2773-1 Released: Wed Aug 13 02:10:16 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). The following package changes have been done: - libgcrypt20-1.9.4-150500.12.3.3 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.197 updated From sle-container-updates at lists.suse.com Wed Aug 13 07:11:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Aug 2025 09:11:53 +0200 (CEST) Subject: SUSE-IU-2025:2311-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250813071153.01222FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2311-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.464 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.464 Severity : moderate Type : security References : 1221107 CVE-2024-2236 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2773-1 Released: Wed Aug 13 02:10:16 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). The following package changes have been done: - libgcrypt20-1.9.4-150500.12.3.3 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.352 updated From sle-container-updates at lists.suse.com Wed Aug 13 07:13:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Aug 2025 09:13:22 +0200 (CEST) Subject: SUSE-IU-2025:2312-1: Security update of suse/sle-micro/5.5 Message-ID: <20250813071322.0F276FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2312-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.352 , suse/sle-micro/5.5:latest Image Release : 5.5.352 Severity : moderate Type : security References : 1221107 CVE-2024-2236 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2773-1 Released: Wed Aug 13 02:10:16 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). The following package changes have been done: - libgcrypt20-1.9.4-150500.12.3.3 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.197 updated From sle-container-updates at lists.suse.com Wed Aug 13 07:17:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Aug 2025 09:17:00 +0200 (CEST) Subject: SUSE-CU-2025:6118-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20250813071700.5E948FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6118-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.74 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.74 Severity : moderate Type : security References : 1221107 CVE-2024-2236 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2773-1 Released: Wed Aug 13 02:10:16 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). The following package changes have been done: - libgcrypt20-hmac-1.9.4-150500.12.3.3 updated - libgcrypt20-1.9.4-150500.12.3.3 updated From sle-container-updates at lists.suse.com Wed Aug 13 07:17:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Aug 2025 09:17:45 +0200 (CEST) Subject: SUSE-IU-2025:2313-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250813071745.CC3B4FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2313-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.70 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.70 Severity : important Type : security References : 1240414 1242827 1243935 1245169 1247074 391434 CVE-2025-31115 CVE-2025-4598 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 410 Released: Tue Aug 5 15:33:35 2025 Summary: Recommended update for open-vm-tools Type: recommended Severity: moderate References: 1245169,391434 This update for open-vm-tools fixes the following issues: - Update to open-vm-tools 13.0.0 based on build 24696409. (bsc#1245169): There are no new features in the open-vm-tools 13.0.0 release. This is primarily a maintenance release that addresses a few issues, including: + The vm-support script has been updated to collect the open-vm-tools log files from the Linux guest and information from the systemd journal. + Github pull requests has been integrated and issues fixed. Please see the Resolved Issues section of the Release Notes. For a more complete list of issues resolved in this release, see the Resolved Issues section of the Release Notes. - Add patch: Currently the 'telinit 6' command is used to reboot a Linux VM following Guest OS Customization. As the classic Linux init system, SysVinit, is deprecated in favor of a newer init system, systemd, the telinit command may not be available on the base Linux OS. This change adds support to Guest OS Customization for the systemd init system. If the modern init system, systemd, is available, then a 'systemctl reboot' command will be used to trigger reboot. Otherwise, the 'telinit 6' command will be used assuming the traditional init system, SysVinit, is still available. - Ran /usr/lib/obs/service/source_validators/helpers/fix_changelog to fix changes file where source validator was failing. ----------------------------------------------------------------- Advisory ID: 412 Released: Fri Aug 8 12:14:29 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: 416 Released: Tue Aug 12 16:05:24 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1242827,1243935,1247074,CVE-2025-4598 This update for systemd fixes the following issues: - Remove the script used to help migrating the language and locale settings located in /etc/sysconfig/language on old systems to the systemd default locations (bsc#1247074) The script was introduced more than 7 years ago and all systems running TW should have been migrated since then. Moreover the installer supports the systemd default locations since approximately SLE15. - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - logs-show: get timestamp and boot ID only when necessary (bsc#1242827) - sd-journal: drop to use Hashmap to manage journal files per boot ID - tree-wide: set SD_JOURNAL_ASSUME_IMMUTABLE where appropriate - sd-journal: introduce SD_JOURNAL_ASSUME_IMMUTABLE flag - sd-journal: make journal_file_read_tail_timestamp() notify to the caller that some new journal entries added - sd-journal: cache last entry offset and journal file state - sd-journal: fix typo in function name - coredump: use %d in kernel core pattern (bsc#1243935 CVE-2025-4598) The following package changes have been done: - liblzma5-5.4.3-5.1 updated - libudev1-254.27-1.1 updated - libsystemd0-254.27-1.1 updated - xz-5.4.3-5.1 updated - SL-Micro-release-6.0-25.40 updated - systemd-254.27-1.1 updated - udev-254.27-1.1 updated - libvmtools0-13.0.0-1.1 updated - open-vm-tools-13.0.0-1.1 updated - container:SL-Micro-base-container-2.1.3-7.38 updated From sle-container-updates at lists.suse.com Wed Aug 13 07:18:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Aug 2025 09:18:31 +0200 (CEST) Subject: SUSE-IU-2025:2314-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20250813071831.93156FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2314-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.38 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.38 Severity : moderate Type : security References : 1242827 1243935 1247074 CVE-2025-4598 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 416 Released: Tue Aug 12 16:05:24 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1242827,1243935,1247074,CVE-2025-4598 This update for systemd fixes the following issues: - Remove the script used to help migrating the language and locale settings located in /etc/sysconfig/language on old systems to the systemd default locations (bsc#1247074) The script was introduced more than 7 years ago and all systems running TW should have been migrated since then. Moreover the installer supports the systemd default locations since approximately SLE15. - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - logs-show: get timestamp and boot ID only when necessary (bsc#1242827) - sd-journal: drop to use Hashmap to manage journal files per boot ID - tree-wide: set SD_JOURNAL_ASSUME_IMMUTABLE where appropriate - sd-journal: introduce SD_JOURNAL_ASSUME_IMMUTABLE flag - sd-journal: make journal_file_read_tail_timestamp() notify to the caller that some new journal entries added - sd-journal: cache last entry offset and journal file state - sd-journal: fix typo in function name - coredump: use %d in kernel core pattern (bsc#1243935 CVE-2025-4598) The following package changes have been done: - libudev1-254.27-1.1 updated - libsystemd0-254.27-1.1 updated - SL-Micro-release-6.0-25.40 updated - systemd-254.27-1.1 updated - udev-254.27-1.1 updated - container:suse-toolbox-image-1.0.0-9.23 updated From sle-container-updates at lists.suse.com Wed Aug 13 07:19:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Aug 2025 09:19:20 +0200 (CEST) Subject: SUSE-IU-2025:2315-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250813071920.3CE30FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2315-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.62 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.62 Severity : moderate Type : security References : 1242827 1243935 1247074 CVE-2025-4598 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 416 Released: Tue Aug 12 16:05:24 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1242827,1243935,1247074,CVE-2025-4598 This update for systemd fixes the following issues: - Remove the script used to help migrating the language and locale settings located in /etc/sysconfig/language on old systems to the systemd default locations (bsc#1247074) The script was introduced more than 7 years ago and all systems running TW should have been migrated since then. Moreover the installer supports the systemd default locations since approximately SLE15. - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - logs-show: get timestamp and boot ID only when necessary (bsc#1242827) - sd-journal: drop to use Hashmap to manage journal files per boot ID - tree-wide: set SD_JOURNAL_ASSUME_IMMUTABLE where appropriate - sd-journal: introduce SD_JOURNAL_ASSUME_IMMUTABLE flag - sd-journal: make journal_file_read_tail_timestamp() notify to the caller that some new journal entries added - sd-journal: cache last entry offset and journal file state - sd-journal: fix typo in function name - coredump: use %d in kernel core pattern (bsc#1243935 CVE-2025-4598) The following package changes have been done: - libudev1-254.27-1.1 updated - libsystemd0-254.27-1.1 updated - SL-Micro-release-6.0-25.40 updated - systemd-254.27-1.1 updated - udev-254.27-1.1 updated - container:SL-Micro-base-container-2.1.3-7.38 updated From sle-container-updates at lists.suse.com Wed Aug 13 07:20:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Aug 2025 09:20:52 +0200 (CEST) Subject: SUSE-CU-2025:6121-1: Security update of suse/sl-micro/6.0/toolbox Message-ID: <20250813072052.B50E9FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6121-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.23 , suse/sl-micro/6.0/toolbox:latest Container Release : 9.23 Severity : moderate Type : security References : 1242827 1243935 1247074 CVE-2025-4598 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 416 Released: Tue Aug 12 16:05:24 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1242827,1243935,1247074,CVE-2025-4598 This update for systemd fixes the following issues: - Remove the script used to help migrating the language and locale settings located in /etc/sysconfig/language on old systems to the systemd default locations (bsc#1247074) The script was introduced more than 7 years ago and all systems running TW should have been migrated since then. Moreover the installer supports the systemd default locations since approximately SLE15. - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - logs-show: get timestamp and boot ID only when necessary (bsc#1242827) - sd-journal: drop to use Hashmap to manage journal files per boot ID - tree-wide: set SD_JOURNAL_ASSUME_IMMUTABLE where appropriate - sd-journal: introduce SD_JOURNAL_ASSUME_IMMUTABLE flag - sd-journal: make journal_file_read_tail_timestamp() notify to the caller that some new journal entries added - sd-journal: cache last entry offset and journal file state - sd-journal: fix typo in function name - coredump: use %d in kernel core pattern (bsc#1243935 CVE-2025-4598) The following package changes have been done: - SL-Micro-release-6.0-25.40 updated - libsystemd0-254.27-1.1 updated - libudev1-254.27-1.1 updated - skelcd-EULA-SL-Micro-2024.01.19-8.39 updated - systemd-254.27-1.1 updated From sle-container-updates at lists.suse.com Wed Aug 13 07:21:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Aug 2025 09:21:24 +0200 (CEST) Subject: SUSE-CU-2025:6122-1: Security update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20250813072124.DE029FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6122-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.121 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.121 Severity : moderate Type : security References : 1221107 CVE-2024-2236 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2756-1 Released: Tue Aug 12 10:23:06 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). The following package changes have been done: - libgcrypt20-1.6.1-16.86.1 updated From sle-container-updates at lists.suse.com Wed Aug 13 07:28:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Aug 2025 09:28:47 +0200 (CEST) Subject: SUSE-CU-2025:6127-1: Security update of suse/mariadb Message-ID: <20250813072847.AC839FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6127-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.11 , suse/mariadb:10.11.11-70.13 Container Release : 70.13 Severity : important Type : security References : 1244183 1245573 1246296 CVE-2025-6297 CVE-2025-7425 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2731-1 Released: Fri Aug 8 06:51:47 2025 Summary: Recommended update for perl-DBI Type: recommended Severity: moderate References: 1244183 This update for perl-DBI fixes the following issues: - Dependency submission for the openQA stack (bsc#1244183) - Updated to 1.647.0 (1.647) * Remove 'experimental' tag from statistics_info * RT tickets moved to github issues (rwfranks++) * Fix install issue ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2758-1 Released: Tue Aug 12 12:05:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libxml2-2-2.10.3-150500.5.32.1 updated - perl-DBI-1.647.0-150600.12.6.1 updated - container:suse-sle15-15.6-005770759dcf00d155a6a603323da3e031fdf5f080aa25f945a31477a5127659-0 updated From sle-container-updates at lists.suse.com Wed Aug 13 07:31:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Aug 2025 09:31:58 +0200 (CEST) Subject: SUSE-CU-2025:6128-1: Security update of suse/389-ds Message-ID: <20250813073158.C4676FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6128-1 Container Tags : suse/389-ds:2.5 , suse/389-ds:2.5.3 , suse/389-ds:2.5.3-62.11 , suse/389-ds:latest Container Release : 62.11 Severity : important Type : security References : 1233012 1245573 1246597 CVE-2025-6297 CVE-2025-6965 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2761-1 Released: Tue Aug 12 14:17:29 2025 Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa Type: recommended Severity: moderate References: 1233012 This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - python3-pycparser-2.17-150000.3.5.1 updated - python3-pyasn1-0.4.2-150000.3.8.1 updated - python3-asn1crypto-0.24.0-150000.3.5.1 updated - python3-appdirs-1.4.3-150000.3.3.1 updated - python3-pyasn1-modules-0.2.1-150000.3.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Wed Aug 13 07:32:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Aug 2025 09:32:12 +0200 (CEST) Subject: SUSE-CU-2025:6129-1: Security update of bci/golang Message-ID: <20250813073212.03FAFFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6129-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.12 , bci/golang:1.23.12-2.73.4 , bci/golang:oldstable , bci/golang:oldstable-2.73.4 Container Release : 73.4 Severity : moderate Type : security References : 1229122 1245573 1247719 1247720 CVE-2025-47906 CVE-2025-47907 CVE-2025-6297 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2759-1 Released: Tue Aug 12 14:06:16 2025 Summary: Security update for go1.23 Type: security Severity: moderate References: 1229122,1247719,1247720,CVE-2025-47906,CVE-2025-47907 This update for go1.23 fixes the following issues: - Update to go1.23.12: * CVE-2025-47906: Fixed LookPath returning unexpected paths (bsc#1247719) * CVE-2025-47907: Fixed incorrect results returned from Rows.Scan (bsc#1247720) * go#74415 runtime: use-after-free of allpSnapshot in findRunnable * go#74693 runtime: segfaults in runtime.(*unwinder).next * go#74721 cmd/go: TestScript/build_trimpath_cgo fails to decode dwarf on release-branch.go1.23 * go#74726 cmd/cgo/internal/testsanitizers: failures with signal: segmentation fault or exit status 66 The following package changes have been done: - go1.23-doc-1.23.12-150000.1.40.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - go1.23-1.23.12-150000.1.40.1 updated - go1.23-race-1.23.12-150000.1.40.1 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Wed Aug 13 07:32:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Aug 2025 09:32:23 +0200 (CEST) Subject: SUSE-CU-2025:6130-1: Security update of suse/kiosk/firefox-esr Message-ID: <20250813073223.A285CFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6130-1 Container Tags : suse/kiosk/firefox-esr:140.1 , suse/kiosk/firefox-esr:140.1-64.10 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 64.10 Severity : important Type : security References : 1243503 1247106 1247108 CVE-2025-8176 CVE-2025-8177 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2770-1 Released: Tue Aug 12 15:50:12 2025 Summary: Security update for tiff Type: security Severity: important References: 1243503,1247106,1247108,CVE-2025-8176,CVE-2025-8177 This update for tiff fixes the following issues: - Updated TIFFMergeFieldInfo() with read_count=write_count=0 for FIELD_IGNORE (bsc#1243503) - CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108) - CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow() when processing malformed TIFF files (bsc#1247106) - Add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to fix FTBFS with cmake4 - Add %check section - Remove Group: declarations, no longer used The following package changes have been done: - libtiff6-4.7.0-150600.3.13.1 updated From sle-container-updates at lists.suse.com Wed Aug 13 07:32:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Aug 2025 09:32:42 +0200 (CEST) Subject: SUSE-CU-2025:6131-1: Security update of bci/kiwi Message-ID: <20250813073242.13C8CFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6131-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-18.12 , bci/kiwi:latest Container Release : 18.12 Severity : important Type : security References : 1233012 1245573 1246570 1246597 CVE-2025-6297 CVE-2025-6965 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2761-1 Released: Tue Aug 12 14:17:29 2025 Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa Type: recommended Severity: moderate References: 1233012 This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:2763-1 Released: Tue Aug 12 14:45:40 2025 Summary: Optional update for libyaml Type: optional Severity: moderate References: 1246570 This update for libyaml ships the missing libyaml-0-2 library package to SUSE MicroOS 5.1 and 5.2. The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - libudev1-254.27-150600.4.43.3 updated - libyaml-0-2-0.1.7-150000.3.4.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - python3-appdirs-1.4.3-150000.3.3.1 updated - systemd-254.27-150600.4.43.3 updated - python3-pycparser-2.17-150000.3.5.1 updated - python3-pyasn1-0.4.2-150000.3.8.1 updated - python3-iniconfig-1.1.1-150000.1.13.1 updated - python3-idna-2.6-150000.3.6.1 updated - python3-chardet-3.0.4-150000.5.6.1 updated - python3-certifi-2018.1.18-150000.3.6.1 updated - python3-asn1crypto-0.24.0-150000.3.5.1 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Wed Aug 13 07:32:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Aug 2025 09:32:52 +0200 (CEST) Subject: SUSE-CU-2025:6132-1: Security update of suse/postgres Message-ID: <20250813073252.3F17EFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6132-1 Container Tags : suse/postgres:17 , suse/postgres:17.5 , suse/postgres:17.5 , suse/postgres:17.5-64.9 , suse/postgres:latest Container Release : 64.9 Severity : moderate Type : security References : 1221107 1245573 1246934 CVE-2024-2236 CVE-2025-6297 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - container:suse-sle15-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Wed Aug 13 07:33:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Aug 2025 09:33:08 +0200 (CEST) Subject: SUSE-CU-2025:6133-1: Security update of bci/python Message-ID: <20250813073308.B1CC6FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6133-1 Container Tags : bci/python:3 , bci/python:3.13 , bci/python:3.13.5 , bci/python:3.13.5-76.10 , bci/python:latest Container Release : 76.10 Severity : important Type : security References : 1243155 1244061 1244705 1246229 1247249 CVE-2025-4435 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2767-1 Released: Tue Aug 12 15:00:53 2025 Summary: Security update for python313 Type: security Severity: important References: 1243155,1244061,1244705,1246229,1247249,CVE-2025-4435,CVE-2025-6069,CVE-2025-8194 This update for python313 fixes the following issues: - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249). - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705). - CVE-2025-4435: Fixed Tarfile extracting filtered members when errorlevel=0 (bsc#1244061). The following package changes have been done: - libpython3_13-1_0-3.13.5-150700.4.20.1 updated - python313-base-3.13.5-150700.4.20.1 updated - python313-3.13.5-150700.4.20.1 updated - python313-devel-3.13.5-150700.4.20.1 updated From sle-container-updates at lists.suse.com Wed Aug 13 07:33:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Aug 2025 09:33:22 +0200 (CEST) Subject: SUSE-CU-2025:6134-1: Recommended update of bci/python Message-ID: <20250813073322.9E2C6FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6134-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-73.10 Container Release : 73.10 Severity : moderate Type : recommended References : 1233012 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2761-1 Released: Tue Aug 12 14:17:29 2025 Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa Type: recommended Severity: moderate References: 1233012 This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) The following package changes have been done: - python3-appdirs-1.4.3-150000.3.3.1 updated From sle-container-updates at lists.suse.com Wed Aug 13 07:33:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Aug 2025 09:33:37 +0200 (CEST) Subject: SUSE-CU-2025:6135-1: Recommended update of suse/rmt-server Message-ID: <20250813073337.0DD25FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6135-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.23 , suse/rmt-server:2.23-73.11 , suse/rmt-server:latest Container Release : 73.11 Severity : moderate Type : recommended References : 1246570 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:2763-1 Released: Tue Aug 12 14:45:40 2025 Summary: Optional update for libyaml Type: optional Severity: moderate References: 1246570 This update for libyaml ships the missing libyaml-0-2 library package to SUSE MicroOS 5.1 and 5.2. The following package changes have been done: - libyaml-0-2-0.1.7-150000.3.4.1 updated From sle-container-updates at lists.suse.com Thu Aug 14 07:03:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Aug 2025 09:03:42 +0200 (CEST) Subject: SUSE-CU-2025:6136-1: Recommended update of containers/milvus Message-ID: <20250814070342.DC26AFF2D@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6136-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.167 Container Release : 7.167 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgomp1-14.3.0+git11799-150000.1.11.1 updated - libquadmath0-14.3.0+git11799-150000.1.11.1 updated - container:registry.suse.com-bci-bci-base-15.6-0e61584d4e062db1a7fd6948555ef62a18541b35ec80af43af0239064a91c65d-0 updated - container:registry.suse.com-bci-bci-micro-15.6-f618c726154469a8cfb45792859381377972c6348a3db0164fc3f245ea04d997-0 updated From sle-container-updates at lists.suse.com Thu Aug 14 07:05:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Aug 2025 09:05:14 +0200 (CEST) Subject: SUSE-CU-2025:6137-1: Recommended update of containers/ollama Message-ID: <20250814070514.5A2B4FF2D@maintenance.suse.de> SUSE Container Update Advisory: containers/ollama ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6137-1 Container Tags : containers/ollama:0 , containers/ollama:0.11.4 , containers/ollama:0.11.4-10.54 Container Release : 10.54 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container containers/ollama was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - ollama-nvidia-0.11.4-150600.1.1 updated - container:registry.suse.com-bci-bci-base-15.6-0e61584d4e062db1a7fd6948555ef62a18541b35ec80af43af0239064a91c65d-0 updated - container:registry.suse.com-bci-bci-micro-15.6-f618c726154469a8cfb45792859381377972c6348a3db0164fc3f245ea04d997-0 updated From sle-container-updates at lists.suse.com Thu Aug 14 07:07:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Aug 2025 09:07:07 +0200 (CEST) Subject: SUSE-CU-2025:6138-1: Recommended update of containers/open-webui Message-ID: <20250814070707.26CFFFF2D@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6138-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.9 , containers/open-webui:0.6.9-11.14 Container Release : 11.14 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libatomic1-14.3.0+git11799-150000.1.11.1 updated - libgomp1-14.3.0+git11799-150000.1.11.1 updated - libitm1-14.3.0+git11799-150000.1.11.1 updated - liblsan0-14.3.0+git11799-150000.1.11.1 updated - libquadmath0-14.3.0+git11799-150000.1.11.1 updated - libubsan1-14.3.0+git11799-150000.1.11.1 updated - libgfortran5-14.3.0+git11799-150000.1.11.1 updated - python311-numpy1-1.26.4-150600.1.53 updated - python311-certifi-2024.7.4-150600.1.49 updated - python311-cchardet-2.1.19-150600.1.45 updated - python311-scipy-1.14.1-150600.1.53 updated - python311-pyarrow-17.0.0-150600.2.44 updated - python311-pandas-2.2.3-150600.1.57 updated - python311-scikit-learn-1.5.1-150600.1.55 updated - python311-open-webui-0.6.9-150600.2.23 updated - container:registry.suse.com-bci-bci-base-15.6-0e61584d4e062db1a7fd6948555ef62a18541b35ec80af43af0239064a91c65d-0 updated - container:registry.suse.com-bci-bci-micro-15.6-f618c726154469a8cfb45792859381377972c6348a3db0164fc3f245ea04d997-0 updated From sle-container-updates at lists.suse.com Thu Aug 14 07:07:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Aug 2025 09:07:18 +0200 (CEST) Subject: SUSE-CU-2025:6140-1: Recommended update of containers/open-webui-pipelines Message-ID: <20250814070718.D37A9FF2D@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui-pipelines ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6140-1 Container Tags : containers/open-webui-pipelines:0 , containers/open-webui-pipelines:0.20250329.151219 , containers/open-webui-pipelines:0.20250329.151219-6.6 Container Release : 6.6 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container containers/open-webui-pipelines was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:registry.suse.com-bci-bci-micro-15.6-f618c726154469a8cfb45792859381377972c6348a3db0164fc3f245ea04d997-0 updated From sle-container-updates at lists.suse.com Thu Aug 14 07:07:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Aug 2025 09:07:39 +0200 (CEST) Subject: SUSE-CU-2025:6141-1: Security update of containers/pytorch Message-ID: <20250814070739.96956FF2D@maintenance.suse.de> SUSE Container Update Advisory: containers/pytorch ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6141-1 Container Tags : containers/pytorch:2-nvidia , containers/pytorch:2.7.0-nvidia , containers/pytorch:2.7.0-nvidia-2.50 Container Release : 2.50 Severity : important Type : security References : 1230262 1232526 1233012 1237442 1238491 1239566 1239938 1240788 1241549 1243273 1243991 1244032 1244050 1244056 1244059 1244060 1244061 1244401 1244705 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container containers/pytorch was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libatomic1-14.3.0+git11799-150000.1.11.1 updated - libgomp1-14.3.0+git11799-150000.1.11.1 updated - libitm1-14.3.0+git11799-150000.1.11.1 updated - liblsan0-14.3.0+git11799-150000.1.11.1 updated - libquadmath0-14.3.0+git11799-150000.1.11.1 updated - libubsan1-14.3.0+git11799-150000.1.11.1 updated - python3-base-3.6.15-150300.10.97.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - python311-numpy-2.1.1-150600.1.53 updated - python311-torch-cuda-2.7.0-150600.2.28 updated - container:registry.suse.com-bci-bci-micro-15.6-f618c726154469a8cfb45792859381377972c6348a3db0164fc3f245ea04d997-0 updated From sle-container-updates at lists.suse.com Thu Aug 14 07:09:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Aug 2025 09:09:28 +0200 (CEST) Subject: SUSE-IU-2025:2316-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20250814070928.0BE4CFF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2316-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.199 , suse/sle-micro/base-5.5:latest Image Release : 5.8.199 Severity : moderate Type : recommended References : 1230262 1232526 1237143 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2776-1 Released: Wed Aug 13 08:10:36 2025 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1237143 This update for systemd-rpm-macros fixes the following issues: - Introduce %udev_trigger_with_reload() for packages that need to trigger events in theirs scriplets. The new macro automatically triggers a reload of the udev rule files as this step is often overlooked by packages (bsc#1237143). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - systemd-rpm-macros-16-150000.7.42.1 updated From sle-container-updates at lists.suse.com Thu Aug 14 07:10:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Aug 2025 09:10:32 +0200 (CEST) Subject: SUSE-IU-2025:2317-1: Recommended update of suse/sle-micro/kvm-5.5 Message-ID: <20250814071032.26C3FFF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2317-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.379 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.379 Severity : moderate Type : recommended References : 1230262 1232526 1237143 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2776-1 Released: Wed Aug 13 08:10:36 2025 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1237143 This update for systemd-rpm-macros fixes the following issues: - Introduce %udev_trigger_with_reload() for packages that need to trigger events in theirs scriplets. The new macro automatically triggers a reload of the udev rule files as this step is often overlooked by packages (bsc#1237143). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - systemd-rpm-macros-16-150000.7.42.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.199 updated From sle-container-updates at lists.suse.com Thu Aug 14 07:12:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Aug 2025 09:12:06 +0200 (CEST) Subject: SUSE-IU-2025:2318-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20250814071206.C52CFFCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2318-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.467 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.467 Severity : moderate Type : recommended References : 1230262 1232526 1237143 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2776-1 Released: Wed Aug 13 08:10:36 2025 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1237143 This update for systemd-rpm-macros fixes the following issues: - Introduce %udev_trigger_with_reload() for packages that need to trigger events in theirs scriplets. The new macro automatically triggers a reload of the udev rule files as this step is often overlooked by packages (bsc#1237143). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - systemd-rpm-macros-16-150000.7.42.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.355 updated From sle-container-updates at lists.suse.com Thu Aug 14 07:13:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Aug 2025 09:13:37 +0200 (CEST) Subject: SUSE-IU-2025:2319-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20250814071337.D8ACBFCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2319-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.355 , suse/sle-micro/5.5:latest Image Release : 5.5.355 Severity : moderate Type : recommended References : 1230262 1232526 1237143 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2776-1 Released: Wed Aug 13 08:10:36 2025 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1237143 This update for systemd-rpm-macros fixes the following issues: - Introduce %udev_trigger_with_reload() for packages that need to trigger events in theirs scriplets. The new macro automatically triggers a reload of the udev rule files as this step is often overlooked by packages (bsc#1237143). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - systemd-rpm-macros-16-150000.7.42.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.199 updated From sle-container-updates at lists.suse.com Thu Aug 14 07:15:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Aug 2025 09:15:41 +0200 (CEST) Subject: SUSE-CU-2025:6146-1: Recommended update of private-registry/harbor-core Message-ID: <20250814071541.AA1B8FCFE@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-core ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6146-1 Container Tags : private-registry/harbor-core:2.12 , private-registry/harbor-core:2.12.2 , private-registry/harbor-core:2.12.2-2.18 , private-registry/harbor-core:latest Container Release : 2.18 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container private-registry/harbor-core was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.6-0e61584d4e062db1a7fd6948555ef62a18541b35ec80af43af0239064a91c65d-0 updated - container:registry.suse.com-bci-bci-micro-15.6-f618c726154469a8cfb45792859381377972c6348a3db0164fc3f245ea04d997-0 updated From sle-container-updates at lists.suse.com Thu Aug 14 07:15:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Aug 2025 09:15:44 +0200 (CEST) Subject: SUSE-CU-2025:6147-1: Recommended update of private-registry/harbor-db Message-ID: <20250814071544.63E80FCFE@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6147-1 Container Tags : private-registry/harbor-db:2.12 , private-registry/harbor-db:2.12.2 , private-registry/harbor-db:2.12.2-2.21 , private-registry/harbor-db:latest Container Release : 2.21 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container private-registry/harbor-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.6-0e61584d4e062db1a7fd6948555ef62a18541b35ec80af43af0239064a91c65d-0 updated - container:registry.suse.com-bci-bci-micro-15.6-f618c726154469a8cfb45792859381377972c6348a3db0164fc3f245ea04d997-0 updated From sle-container-updates at lists.suse.com Thu Aug 14 07:15:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Aug 2025 09:15:45 +0200 (CEST) Subject: SUSE-CU-2025:6148-1: Recommended update of private-registry/harbor-exporter Message-ID: <20250814071545.B2515FCFE@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-exporter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6148-1 Container Tags : private-registry/harbor-exporter:2.12 , private-registry/harbor-exporter:2.12 , private-registry/harbor-exporter:2.12.2 , private-registry/harbor-exporter:2.12.2 , private-registry/harbor-exporter:2.12.2-2.19 , private-registry/harbor-exporter:latest Container Release : 2.19 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container private-registry/harbor-exporter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.6-0e61584d4e062db1a7fd6948555ef62a18541b35ec80af43af0239064a91c65d-0 updated - container:registry.suse.com-bci-bci-micro-15.6-f618c726154469a8cfb45792859381377972c6348a3db0164fc3f245ea04d997-0 updated From sle-container-updates at lists.suse.com Thu Aug 14 07:15:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Aug 2025 09:15:47 +0200 (CEST) Subject: SUSE-CU-2025:6149-1: Recommended update of private-registry/harbor-jobservice Message-ID: <20250814071547.18725FCFE@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-jobservice ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6149-1 Container Tags : private-registry/harbor-jobservice:2.12 , private-registry/harbor-jobservice:2.12.2 , private-registry/harbor-jobservice:2.12.2-2.19 , private-registry/harbor-jobservice:latest Container Release : 2.19 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container private-registry/harbor-jobservice was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.6-0e61584d4e062db1a7fd6948555ef62a18541b35ec80af43af0239064a91c65d-0 updated - container:registry.suse.com-bci-bci-micro-15.6-f618c726154469a8cfb45792859381377972c6348a3db0164fc3f245ea04d997-0 updated From sle-container-updates at lists.suse.com Thu Aug 14 07:15:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Aug 2025 09:15:50 +0200 (CEST) Subject: SUSE-CU-2025:6150-1: Recommended update of private-registry/harbor-nginx Message-ID: <20250814071550.AB464FCFE@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6150-1 Container Tags : private-registry/harbor-nginx:1.21 , private-registry/harbor-nginx:1.21.5 , private-registry/harbor-nginx:1.21.5-2.19 , private-registry/harbor-nginx:latest Container Release : 2.19 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container private-registry/harbor-nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.6-0e61584d4e062db1a7fd6948555ef62a18541b35ec80af43af0239064a91c65d-0 updated - container:registry.suse.com-bci-bci-micro-15.6-f618c726154469a8cfb45792859381377972c6348a3db0164fc3f245ea04d997-0 updated From sle-container-updates at lists.suse.com Thu Aug 14 07:15:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Aug 2025 09:15:52 +0200 (CEST) Subject: SUSE-CU-2025:6151-1: Recommended update of private-registry/harbor-portal Message-ID: <20250814071552.C0A36FCFE@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6151-1 Container Tags : private-registry/harbor-portal:2.12 , private-registry/harbor-portal:2.12.2 , private-registry/harbor-portal:2.12.2-2.20 , private-registry/harbor-portal:latest Container Release : 2.20 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container private-registry/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.6-0e61584d4e062db1a7fd6948555ef62a18541b35ec80af43af0239064a91c65d-0 updated - container:registry.suse.com-bci-bci-micro-15.6-f618c726154469a8cfb45792859381377972c6348a3db0164fc3f245ea04d997-0 updated From sle-container-updates at lists.suse.com Thu Aug 14 07:15:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Aug 2025 09:15:58 +0200 (CEST) Subject: SUSE-CU-2025:6155-1: Recommended update of private-registry/harbor-valkey Message-ID: <20250814071558.6DFE5FCFE@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6155-1 Container Tags : private-registry/harbor-valkey:8.0.2 , private-registry/harbor-valkey:8.0.2-2.19 , private-registry/harbor-valkey:latest Container Release : 2.19 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container private-registry/harbor-valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.6-0e61584d4e062db1a7fd6948555ef62a18541b35ec80af43af0239064a91c65d-0 updated - container:registry.suse.com-bci-bci-micro-15.6-f618c726154469a8cfb45792859381377972c6348a3db0164fc3f245ea04d997-0 updated From sle-container-updates at lists.suse.com Thu Aug 14 07:15:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Aug 2025 09:15:54 +0200 (CEST) Subject: SUSE-CU-2025:6152-1: Recommended update of private-registry/harbor-registryctl Message-ID: <20250814071554.0E65FFCFE@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-registryctl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6152-1 Container Tags : private-registry/harbor-registryctl:2.12 , private-registry/harbor-registryctl:2.12.2 , private-registry/harbor-registryctl:2.12.2-2.27 , private-registry/harbor-registryctl:latest Container Release : 2.27 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container private-registry/harbor-registryctl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.6-0e61584d4e062db1a7fd6948555ef62a18541b35ec80af43af0239064a91c65d-0 updated - container:registry.suse.com-bci-bci-micro-15.6-f618c726154469a8cfb45792859381377972c6348a3db0164fc3f245ea04d997-0 updated From sle-container-updates at lists.suse.com Thu Aug 14 07:15:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Aug 2025 09:15:55 +0200 (CEST) Subject: SUSE-CU-2025:6153-1: Recommended update of private-registry/harbor-trivy-adapter Message-ID: <20250814071555.54DB4FCFE@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-trivy-adapter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6153-1 Container Tags : private-registry/harbor-trivy-adapter:0.32.3 , private-registry/harbor-trivy-adapter:0.32.3-2.19 , private-registry/harbor-trivy-adapter:latest Container Release : 2.19 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container private-registry/harbor-trivy-adapter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.6-0e61584d4e062db1a7fd6948555ef62a18541b35ec80af43af0239064a91c65d-0 updated - container:registry.suse.com-bci-bci-micro-15.6-f618c726154469a8cfb45792859381377972c6348a3db0164fc3f245ea04d997-0 updated From sle-container-updates at lists.suse.com Thu Aug 14 07:21:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Aug 2025 09:21:54 +0200 (CEST) Subject: SUSE-CU-2025:6157-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250814072154.852E6FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6157-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.170 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.170 Severity : important Type : security References : 1230262 1232526 1233012 1237442 1238491 1239566 1239938 1240788 1241549 1243273 1243991 1244032 1244050 1244056 1244059 1244060 1244061 1244401 1244705 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - python3-base-3.6.15-150300.10.97.1 updated From sle-container-updates at lists.suse.com Thu Aug 14 07:24:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Aug 2025 09:24:51 +0200 (CEST) Subject: SUSE-CU-2025:6158-1: Recommended update of suse/sle-micro-rancher/5.4 Message-ID: <20250814072451.E3077FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6158-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.39 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.39 Severity : moderate Type : recommended References : 1230262 1232526 1237143 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2776-1 Released: Wed Aug 13 08:10:36 2025 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1237143 This update for systemd-rpm-macros fixes the following issues: - Introduce %udev_trigger_with_reload() for packages that need to trigger events in theirs scriplets. The new macro automatically triggers a reload of the udev rule files as this step is often overlooked by packages (bsc#1237143). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - systemd-rpm-macros-16-150000.7.42.1 updated From sle-container-updates at lists.suse.com Thu Aug 14 07:26:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Aug 2025 09:26:47 +0200 (CEST) Subject: SUSE-CU-2025:6159-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250814072647.EFBA1FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6159-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.170 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.170 Severity : important Type : security References : 1230262 1232526 1233012 1237442 1238491 1239566 1239938 1240788 1241549 1243273 1243991 1244032 1244050 1244056 1244059 1244060 1244061 1244401 1244705 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - python3-base-3.6.15-150300.10.97.1 updated From sle-container-updates at lists.suse.com Fri Aug 15 07:05:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Aug 2025 09:05:56 +0200 (CEST) Subject: SUSE-CU-2025:6163-1: Recommended update of private-registry/harbor-registry Message-ID: <20250815070556.664BCFF2D@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6163-1 Container Tags : private-registry/harbor-registry:2.8.3 , private-registry/harbor-registry:2.8.3-2.27 , private-registry/harbor-registry:latest Container Release : 2.27 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container private-registry/harbor-registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.6-0e61584d4e062db1a7fd6948555ef62a18541b35ec80af43af0239064a91c65d-0 updated - container:registry.suse.com-bci-bci-micro-15.6-f618c726154469a8cfb45792859381377972c6348a3db0164fc3f245ea04d997-0 updated From sle-container-updates at lists.suse.com Fri Aug 15 07:07:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Aug 2025 09:07:49 +0200 (CEST) Subject: SUSE-CU-2025:6159-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250815070749.82CD3FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6159-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.170 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.170 Severity : important Type : security References : 1230262 1232526 1233012 1237442 1238491 1239566 1239938 1240788 1241549 1243273 1243991 1244032 1244050 1244056 1244059 1244060 1244061 1244401 1244705 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - python3-base-3.6.15-150300.10.97.1 updated From sle-container-updates at lists.suse.com Fri Aug 15 07:09:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Aug 2025 09:09:27 +0200 (CEST) Subject: SUSE-CU-2025:6164-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20250815070927.3DC6DFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6164-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.76 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.76 Severity : important Type : security References : 1230262 1232526 1233012 1237442 1238491 1239566 1239938 1240788 1241549 1243273 1243991 1244032 1244050 1244056 1244059 1244060 1244061 1244401 1244705 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - python3-base-3.6.15-150300.10.97.1 updated From sle-container-updates at lists.suse.com Fri Aug 15 07:10:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Aug 2025 09:10:15 +0200 (CEST) Subject: SUSE-IU-2025:2320-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20250815071015.C9D19FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2320-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.40 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.40 Severity : important Type : security References : 1245309 1245310 1245311 1245312 1245314 1245317 CVE-2025-4877 CVE-2025-4878 CVE-2025-5318 CVE-2025-5351 CVE-2025-5372 CVE-2025-5987 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 419 Released: Thu Aug 14 11:26:49 2025 Summary: Security update for libssh Type: security Severity: important References: 1245309,1245310,1245311,1245312,1245314,1245317,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5351,CVE-2025-5372,CVE-2025-5987 This update for libssh fixes the following issues: - CVE-2025-5372: ssh_kdf() returns a success code on certain failures (bsc#1245314) - CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend (bsc#1245317) - CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions (bsc#1245309) - CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() (bsc#1245310) - CVE-2025-5318: Likely read beyond bounds in sftp server handle management (bsc#1245311) - CVE-2025-5351: Double free in functions exporting keys (bsc#1245312) The following package changes have been done: - SL-Micro-release-6.0-25.41 updated - libssh-config-0.10.6-2.1 updated - libssh4-0.10.6-2.1 updated - container:suse-toolbox-image-1.0.0-9.25 updated From sle-container-updates at lists.suse.com Fri Aug 15 07:11:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Aug 2025 09:11:00 +0200 (CEST) Subject: SUSE-IU-2025:2321-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250815071100.80609FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2321-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.63 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.63 Severity : important Type : security References : 1245309 1245310 1245311 1245312 1245314 1245317 CVE-2025-4877 CVE-2025-4878 CVE-2025-5318 CVE-2025-5351 CVE-2025-5372 CVE-2025-5987 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 419 Released: Thu Aug 14 11:26:49 2025 Summary: Security update for libssh Type: security Severity: important References: 1245309,1245310,1245311,1245312,1245314,1245317,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5351,CVE-2025-5372,CVE-2025-5987 This update for libssh fixes the following issues: - CVE-2025-5372: ssh_kdf() returns a success code on certain failures (bsc#1245314) - CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend (bsc#1245317) - CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions (bsc#1245309) - CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() (bsc#1245310) - CVE-2025-5318: Likely read beyond bounds in sftp server handle management (bsc#1245311) - CVE-2025-5351: Double free in functions exporting keys (bsc#1245312) The following package changes have been done: - SL-Micro-release-6.0-25.41 updated - libssh-config-0.10.6-2.1 updated - libssh4-0.10.6-2.1 updated - container:SL-Micro-base-container-2.1.3-7.40 updated From sle-container-updates at lists.suse.com Fri Aug 15 07:11:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Aug 2025 09:11:49 +0200 (CEST) Subject: SUSE-IU-2025:2322-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250815071149.C6AE0FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2322-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.72 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.72 Severity : important Type : security References : 1240414 1242827 1243935 1245309 1245310 1245311 1245312 1245314 1245317 1247074 CVE-2025-31115 CVE-2025-4598 CVE-2025-4877 CVE-2025-4878 CVE-2025-5318 CVE-2025-5351 CVE-2025-5372 CVE-2025-5987 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 412 Released: Fri Aug 8 12:14:29 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: 416 Released: Tue Aug 12 16:05:24 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1242827,1243935,1247074,CVE-2025-4598 This update for systemd fixes the following issues: - Remove the script used to help migrating the language and locale settings located in /etc/sysconfig/language on old systems to the systemd default locations (bsc#1247074) The script was introduced more than 7 years ago and all systems running TW should have been migrated since then. Moreover the installer supports the systemd default locations since approximately SLE15. - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - logs-show: get timestamp and boot ID only when necessary (bsc#1242827) - sd-journal: drop to use Hashmap to manage journal files per boot ID - tree-wide: set SD_JOURNAL_ASSUME_IMMUTABLE where appropriate - sd-journal: introduce SD_JOURNAL_ASSUME_IMMUTABLE flag - sd-journal: make journal_file_read_tail_timestamp() notify to the caller that some new journal entries added - sd-journal: cache last entry offset and journal file state - sd-journal: fix typo in function name - coredump: use %d in kernel core pattern (bsc#1243935 CVE-2025-4598) ----------------------------------------------------------------- Advisory ID: 419 Released: Thu Aug 14 11:26:49 2025 Summary: Security update for libssh Type: security Severity: important References: 1245309,1245310,1245311,1245312,1245314,1245317,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5351,CVE-2025-5372,CVE-2025-5987 This update for libssh fixes the following issues: - CVE-2025-5372: ssh_kdf() returns a success code on certain failures (bsc#1245314) - CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend (bsc#1245317) - CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions (bsc#1245309) - CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() (bsc#1245310) - CVE-2025-5318: Likely read beyond bounds in sftp server handle management (bsc#1245311) - CVE-2025-5351: Double free in functions exporting keys (bsc#1245312) The following package changes have been done: - liblzma5-5.4.3-5.1 updated - libudev1-254.27-1.1 updated - libsystemd0-254.27-1.1 updated - xz-5.4.3-5.1 updated - SL-Micro-release-6.0-25.41 updated - systemd-254.27-1.1 updated - udev-254.27-1.1 updated - libssh-config-0.10.6-2.1 updated - libssh4-0.10.6-2.1 updated - container:SL-Micro-container-2.1.3-6.71 updated From sle-container-updates at lists.suse.com Sat Aug 16 07:10:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Aug 2025 09:10:33 +0200 (CEST) Subject: SUSE-IU-2025:2328-1: Security update of suse/sle-micro/5.5 Message-ID: <20250816071033.991E8FF46@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2328-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.357 , suse/sle-micro/5.5:latest Image Release : 5.5.357 Severity : important Type : security References : 1245320 CVE-2025-6032 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2808-1 Released: Fri Aug 15 14:51:13 2025 Summary: Security update for podman Type: security Severity: important References: 1245320,CVE-2025-6032 This update for podman fixes the following issues: - CVE-2025-6032: Fixed machine init command failing to verify TLS certificate (bsc#1245320) The following package changes have been done: - podman-4.9.5-150500.3.46.1 updated From sle-container-updates at lists.suse.com Sat Aug 16 07:06:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Aug 2025 09:06:25 +0200 (CEST) Subject: SUSE-IU-2025:2323-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20250816070625.84E17FF2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2323-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.200 , suse/sle-micro/base-5.5:latest Image Release : 5.8.200 Severity : moderate Type : recommended References : 1246231 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2805-1 Released: Fri Aug 15 08:00:49 2025 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1246231 This update for grub2 fixes the following issues: - Skip mount point in grub_find_device function (bsc#1246231) The following package changes have been done: - grub2-2.06-150500.29.56.1 updated - grub2-i386-pc-2.06-150500.29.56.1 updated - grub2-x86_64-efi-2.06-150500.29.56.1 updated From sle-container-updates at lists.suse.com Mon Aug 18 08:59:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Aug 2025 10:59:01 +0200 (CEST) Subject: SUSE-CU-2025:6177-1: Security update of bci/bci-base-fips Message-ID: <20250818085901.AB61EFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6177-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.32.11 Container Release : 32.11 Severity : important Type : security References : 1233012 1243273 1244032 1244056 1244059 1244060 1244061 1244401 1244705 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). The following package changes have been done: - crypto-policies-scripts-20230920.570ea89-150600.3.12.1 updated - crypto-policies-20230920.570ea89-150600.3.12.1 updated - python3-base-3.6.15-150300.10.97.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - container:registry.suse.com-bci-bci-base-15.6-005770759dcf00d155a6a603323da3e031fdf5f080aa25f945a31477a5127659-0 updated From sle-container-updates at lists.suse.com Mon Aug 18 08:59:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Aug 2025 10:59:02 +0200 (CEST) Subject: SUSE-CU-2025:6178-1: Recommended update of bci/bci-base-fips Message-ID: <20250818085902.6AC39FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6178-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.32.13 Container Release : 32.13 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:registry.suse.com-bci-bci-base-15.6-0e61584d4e062db1a7fd6948555ef62a18541b35ec80af43af0239064a91c65d-0 updated From sle-container-updates at lists.suse.com Mon Aug 18 09:00:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Aug 2025 11:00:00 +0200 (CEST) Subject: SUSE-CU-2025:6180-1: Recommended update of bci/bci-micro-fips Message-ID: <20250818090000.762D8FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6180-1 Container Tags : bci/bci-micro-fips:15.6 , bci/bci-micro-fips:15.6.6.11 Container Release : 6.11 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/bci-micro-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:bci-bci-base-15.6-0e61584d4e062db1a7fd6948555ef62a18541b35ec80af43af0239064a91c65d-0 updated From sle-container-updates at lists.suse.com Mon Aug 18 09:00:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Aug 2025 11:00:22 +0200 (CEST) Subject: SUSE-CU-2025:6181-1: Recommended update of bci/bci-micro Message-ID: <20250818090022.24884FF47@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6181-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.49.8 Container Release : 49.8 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:bci-bci-base-15.6-005770759dcf00d155a6a603323da3e031fdf5f080aa25f945a31477a5127659-0 updated From sle-container-updates at lists.suse.com Mon Aug 18 09:00:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Aug 2025 11:00:44 +0200 (CEST) Subject: SUSE-CU-2025:6182-1: Recommended update of bci/bci-minimal Message-ID: <20250818090044.E528EFF46@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6182-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.41.2 Container Release : 41.2 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated From sle-container-updates at lists.suse.com Mon Aug 18 09:01:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Aug 2025 11:01:40 +0200 (CEST) Subject: SUSE-CU-2025:6183-1: Security update of bci/nodejs Message-ID: <20250818090140.7A54DFF46@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6183-1 Container Tags : bci/node:20 , bci/node:20.19.2 , bci/node:20.19.2-55.11 , bci/nodejs:20 , bci/nodejs:20.19.2 , bci/nodejs:20.19.2-55.11 Container Release : 55.11 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated From sle-container-updates at lists.suse.com Mon Aug 18 09:01:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Aug 2025 11:01:41 +0200 (CEST) Subject: SUSE-CU-2025:6184-1: Recommended update of bci/nodejs Message-ID: <20250818090141.5ACAEFF47@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6184-1 Container Tags : bci/node:20 , bci/node:20.19.2 , bci/node:20.19.2-55.13 , bci/nodejs:20 , bci/nodejs:20.19.2 , bci/nodejs:20.19.2-55.13 Container Release : 55.13 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:registry.suse.com-bci-bci-base-15.6-0e61584d4e062db1a7fd6948555ef62a18541b35ec80af43af0239064a91c65d-0 updated From sle-container-updates at lists.suse.com Mon Aug 18 09:02:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Aug 2025 11:02:45 +0200 (CEST) Subject: SUSE-CU-2025:6185-1: Security update of bci/python Message-ID: <20250818090245.6ADD6FF47@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6185-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.11 , bci/python:3.12.11-72.12 Container Release : 72.12 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated - container:registry.suse.com-bci-bci-base-15.6-005770759dcf00d155a6a603323da3e031fdf5f080aa25f945a31477a5127659-0 updated From sle-container-updates at lists.suse.com Mon Aug 18 09:03:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Aug 2025 11:03:19 +0200 (CEST) Subject: SUSE-CU-2025:6187-1: Recommended update of suse/mariadb-client Message-ID: <20250818090319.78597FF49@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6187-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.11 , suse/mariadb-client:10.11.11-63.11 Container Release : 63.11 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - container:suse-sle15-15.6-005770759dcf00d155a6a603323da3e031fdf5f080aa25f945a31477a5127659-0 updated - container:registry.suse.com-bci-bci-micro-15.6-592385970a14eee93496c33b7487ee31b306e6dcc3d2aa7a07be02c120d6bccb-0 updated From sle-container-updates at lists.suse.com Mon Aug 18 09:03:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Aug 2025 11:03:20 +0200 (CEST) Subject: SUSE-CU-2025:6188-1: Recommended update of suse/mariadb-client Message-ID: <20250818090320.2C1F2FF49@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6188-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.11 , suse/mariadb-client:10.11.11-63.13 Container Release : 63.13 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.6-0e61584d4e062db1a7fd6948555ef62a18541b35ec80af43af0239064a91c65d-0 updated - container:registry.suse.com-bci-bci-micro-15.6-f618c726154469a8cfb45792859381377972c6348a3db0164fc3f245ea04d997-0 updated From sle-container-updates at lists.suse.com Mon Aug 18 09:04:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Aug 2025 11:04:00 +0200 (CEST) Subject: SUSE-CU-2025:6189-1: Security update of suse/mariadb Message-ID: <20250818090400.AE53AFF49@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6189-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.11 , suse/mariadb:10.11.11-70.15 Container Release : 70.15 Severity : important Type : security References : 1233012 1243273 1244032 1244056 1244059 1244060 1244061 1244401 1244705 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - python3-base-3.6.15-150300.10.97.1 updated From sle-container-updates at lists.suse.com Mon Aug 18 09:04:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Aug 2025 11:04:01 +0200 (CEST) Subject: SUSE-CU-2025:6190-1: Recommended update of suse/mariadb Message-ID: <20250818090401.72921FF49@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6190-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.11 , suse/mariadb:10.11.11-70.17 Container Release : 70.17 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.6-0e61584d4e062db1a7fd6948555ef62a18541b35ec80af43af0239064a91c65d-0 updated - container:registry.suse.com-bci-bci-micro-15.6-f618c726154469a8cfb45792859381377972c6348a3db0164fc3f245ea04d997-0 updated From sle-container-updates at lists.suse.com Mon Aug 18 08:59:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Aug 2025 10:59:57 +0200 (CEST) Subject: SUSE-CU-2025:6179-1: Recommended update of bci/bci-init Message-ID: <20250818085957.3B0B6FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6179-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.45.14 Container Release : 45.14 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:registry.suse.com-bci-bci-base-15.6-0e61584d4e062db1a7fd6948555ef62a18541b35ec80af43af0239064a91c65d-0 updated From sle-container-updates at lists.suse.com Mon Aug 18 09:02:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Aug 2025 11:02:46 +0200 (CEST) Subject: SUSE-CU-2025:6186-1: Recommended update of bci/python Message-ID: <20250818090246.4031BFF47@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6186-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.11 , bci/python:3.12.11-72.13 Container Release : 72.13 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:registry.suse.com-bci-bci-base-15.6-0e61584d4e062db1a7fd6948555ef62a18541b35ec80af43af0239064a91c65d-0 updated From sle-container-updates at lists.suse.com Mon Aug 18 09:13:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Aug 2025 11:13:34 +0200 (CEST) Subject: SUSE-CU-2025:6191-1: Security update of suse/sle15 Message-ID: <20250818091334.9B124FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6191-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.23.22 , suse/sle15:15.6 , suse/sle15:15.6.47.23.22 Container Release : 47.23.22 Severity : important Type : security References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 1246296 CVE-2025-7425 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2758-1 Released: Tue Aug 12 12:05:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libxml2-2-2.10.3-150500.5.32.1 updated From sle-container-updates at lists.suse.com Mon Aug 18 09:14:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Aug 2025 11:14:39 +0200 (CEST) Subject: SUSE-CU-2025:6192-1: Security update of bci/spack Message-ID: <20250818091439.EA045FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6192-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.42 Container Release : 11.42 Severity : important Type : security References : 1230262 1232526 1233012 1233012 1237442 1238491 1239566 1239938 1240788 1241549 1243273 1243991 1244032 1244050 1244056 1244059 1244060 1244061 1244401 1244705 1245573 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-6297 CVE-2025-8194 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2761-1 Released: Tue Aug 12 14:17:29 2025 Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa Type: recommended Severity: moderate References: 1233012 This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libudev1-254.27-150600.4.43.3 updated - libatomic1-14.3.0+git11799-150000.1.11.1 updated - libgomp1-14.3.0+git11799-150000.1.11.1 updated - libitm1-14.3.0+git11799-150000.1.11.1 updated - liblsan0-14.3.0+git11799-150000.1.11.1 updated - libquadmath0-14.3.0+git11799-150000.1.11.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - python3-base-3.6.15-150300.10.97.1 updated - python3-pycparser-2.17-150000.3.5.1 updated - container:registry.suse.com-bci-bci-base-15.6-005770759dcf00d155a6a603323da3e031fdf5f080aa25f945a31477a5127659-0 updated From sle-container-updates at lists.suse.com Mon Aug 18 09:14:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Aug 2025 11:14:40 +0200 (CEST) Subject: SUSE-CU-2025:6193-1: Security update of bci/spack Message-ID: <20250818091440.CAF3EFF46@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6193-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.43 Container Release : 11.43 Severity : important Type : security References : 1246296 CVE-2025-7425 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2758-1 Released: Tue Aug 12 12:05:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libxml2-2-2.10.3-150500.5.32.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:registry.suse.com-bci-bci-base-15.6-0e61584d4e062db1a7fd6948555ef62a18541b35ec80af43af0239064a91c65d-0 updated From sle-container-updates at lists.suse.com Mon Aug 18 09:14:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Aug 2025 11:14:54 +0200 (CEST) Subject: SUSE-CU-2025:6194-1: Security update of suse/389-ds Message-ID: <20250818091454.8497FFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6194-1 Container Tags : suse/389-ds:2.5 , suse/389-ds:2.5.3 , suse/389-ds:2.5.3-62.13 , suse/389-ds:latest Container Release : 62.13 Severity : important Type : security References : 1233012 1243273 1244032 1244056 1244059 1244060 1244061 1244401 1244705 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). The following package changes have been done: - python3-base-3.6.15-150300.10.97.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - python3-3.6.15-150300.10.97.2 updated From sle-container-updates at lists.suse.com Mon Aug 18 09:14:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Aug 2025 11:14:55 +0200 (CEST) Subject: SUSE-CU-2025:6195-1: Security update of suse/389-ds Message-ID: <20250818091455.56149FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6195-1 Container Tags : suse/389-ds:2.5 , suse/389-ds:2.5.3 , suse/389-ds:2.5.3-62.15 , suse/389-ds:latest Container Release : 62.15 Severity : moderate Type : security References : 1221107 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Mon Aug 18 09:15:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Aug 2025 11:15:06 +0200 (CEST) Subject: SUSE-CU-2025:6196-1: Recommended update of bci/dotnet-aspnet Message-ID: <20250818091506.DE92BFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6196-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0.19 , bci/dotnet-aspnet:8.0.19-67.3 Container Release : 67.3 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Mon Aug 18 09:15:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Aug 2025 11:15:16 +0200 (CEST) Subject: SUSE-CU-2025:6197-1: Recommended update of bci/dotnet-aspnet Message-ID: <20250818091516.37BA2FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6197-1 Container Tags : bci/dotnet-aspnet:9.0 , bci/dotnet-aspnet:9.0.8 , bci/dotnet-aspnet:9.0.8-26.3 , bci/dotnet-aspnet:latest Container Release : 26.3 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 07:05:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 09:05:06 +0200 (CEST) Subject: SUSE-CU-2025:6199-1: Recommended update of containers/pytorch Message-ID: <20250819070506.02994FF2D@maintenance.suse.de> SUSE Container Update Advisory: containers/pytorch ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6199-1 Container Tags : containers/pytorch:2-nvidia , containers/pytorch:2.7.0-nvidia , containers/pytorch:2.7.0-nvidia-2.52 Container Release : 2.52 Severity : moderate Type : recommended References : 1246697 ----------------------------------------------------------------- The container containers/pytorch was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2841-1 Released: Mon Aug 18 13:01:25 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.15.1 updated - python311-numpy-2.1.1-150600.1.55 updated - python311-torch-cuda-2.7.0-150600.2.30 updated From sle-container-updates at lists.suse.com Tue Aug 19 07:07:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 09:07:28 +0200 (CEST) Subject: SUSE-IU-2025:2329-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250819070728.1D9A0FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2329-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.470 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.470 Severity : important Type : security References : 1206051 1221829 1233551 1234480 1234863 1236104 1236333 1237164 1238160 1239644 1240799 1242414 1242417 1244309 1244523 1245217 1245431 1245506 1245711 1245986 1246000 1246029 1246037 1246045 1246073 1246186 1246287 1246555 1246781 1247314 1247347 1247348 1247349 1247437 CVE-2022-49138 CVE-2022-49770 CVE-2023-52923 CVE-2023-52927 CVE-2024-26643 CVE-2024-53057 CVE-2024-53164 CVE-2024-57947 CVE-2025-21701 CVE-2025-21971 CVE-2025-37797 CVE-2025-37798 CVE-2025-38079 CVE-2025-38088 CVE-2025-38120 CVE-2025-38177 CVE-2025-38181 CVE-2025-38200 CVE-2025-38206 CVE-2025-38212 CVE-2025-38213 CVE-2025-38257 CVE-2025-38289 CVE-2025-38350 CVE-2025-38468 CVE-2025-38477 CVE-2025-38494 CVE-2025-38495 CVE-2025-38497 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2852-1 Released: Mon Aug 18 17:58:12 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1206051,1221829,1233551,1234480,1234863,1236104,1236333,1237164,1238160,1239644,1240799,1242414,1242417,1244309,1244523,1245217,1245431,1245506,1245711,1245986,1246000,1246029,1246037,1246045,1246073,1246186,1246287,1246555,1246781,1247314,1247347,1247348,1247349,1247437,CVE-2022-49138,CVE-2022-49770,CVE-2023-52923,CVE-2023-52927,CVE-2024-26643,CVE-2024-53057,CVE-2024-53164,CVE-2024-57947,CVE-2025-21701,CVE-2025-21971,CVE-2025-37797,CVE-2025-37798,CVE-2025-38079,CVE-2025-38088,CVE-2025-38120,CVE-2025-38177,CVE-2025-38181,CVE-2025-38200,CVE-2025-38206,CVE-2025-38212,CVE-2025-38213,CVE-2025-38257,CVE-2025-38289,CVE-2025-38350,CVE-2025-38468,CVE-2025-38477,CVE-2025-38494,CVE-2025-38495,CVE-2025-38497 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104). - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217). - CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037). - CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186). - CVE-2025-38289: scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1246287). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437). - CVE-2025-38477: net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (bsc#1247314). - CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349). - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). The following non-security bugs were fixed: - Revert 'hugetlb: unshare some PMDs when splitting VMAs' (bsc#1245431). - Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race' - Revert 'mm/hugetlb: unshare page tables during VMA split, not before' - bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (bsc#1244523). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480 bsc#1246555). The following package changes have been done: - kernel-rt-5.14.21-150500.13.103.2 updated From sle-container-updates at lists.suse.com Tue Aug 19 07:13:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 09:13:28 +0200 (CEST) Subject: SUSE-CU-2025:6201-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20250819071328.789FFFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6201-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.171 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.171 Severity : moderate Type : recommended References : 1245223 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2838-1 Released: Mon Aug 18 10:56:16 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1245223 This update for suse-build-key fixes the following issue: - adjust SLES16 signing key UID (name,email) with official names (bsc#1245223). The following package changes have been done: - suse-build-key-12.0-150000.8.61.2 updated From sle-container-updates at lists.suse.com Tue Aug 19 07:16:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 09:16:29 +0200 (CEST) Subject: SUSE-CU-2025:6202-1: Security update of suse/sle-micro-rancher/5.4 Message-ID: <20250819071629.7A398FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6202-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.41 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.41 Severity : important Type : security References : 1206051 1221829 1229334 1234863 1236104 1236333 1238160 1239644 1240185 1240799 1242414 1242780 1244309 1245217 1245431 1245506 1245711 1245986 1246000 1246029 1246037 1246045 1246073 1246186 1246781 1247314 1247347 1247348 1247349 1247437 CVE-2022-49138 CVE-2022-49770 CVE-2023-52923 CVE-2023-52927 CVE-2023-53117 CVE-2024-26643 CVE-2024-42265 CVE-2024-53164 CVE-2024-57947 CVE-2025-21881 CVE-2025-21971 CVE-2025-37798 CVE-2025-38079 CVE-2025-38088 CVE-2025-38120 CVE-2025-38177 CVE-2025-38181 CVE-2025-38200 CVE-2025-38206 CVE-2025-38212 CVE-2025-38213 CVE-2025-38257 CVE-2025-38350 CVE-2025-38468 CVE-2025-38477 CVE-2025-38494 CVE-2025-38495 CVE-2025-38497 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2849-1 Released: Mon Aug 18 17:56:40 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1206051,1221829,1229334,1234863,1236104,1236333,1238160,1239644,1240185,1240799,1242414,1242780,1244309,1245217,1245431,1245506,1245711,1245986,1246000,1246029,1246037,1246045,1246073,1246186,1246781,1247314,1247347,1247348,1247349,1247437,CVE-2022-49138,CVE-2022-49770,CVE-2023-52923,CVE-2023-52927,CVE-2023-53117,CVE-2024-26643,CVE-2024-42265,CVE-2024-53164,CVE-2024-57947,CVE-2025-21881,CVE-2025-21971,CVE-2025-37798,CVE-2025-38079,CVE-2025-38088,CVE-2025-38120,CVE-2025-38177,CVE-2025-38181,CVE-2025-38200,CVE-2025-38206,CVE-2025-38212,CVE-2025-38213,CVE-2025-38257,CVE-2025-38350,CVE-2025-38468,CVE-2025-38477,CVE-2025-38494,CVE-2025-38495,CVE-2025-38497 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104). - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780). - CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829). - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185). - CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799). - CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217). - CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037). - CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437). - CVE-2025-38477: net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (bsc#1247314). - CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349). - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). The following non-security bugs were fixed: - Revert 'hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).' - Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race' - Revert 'mm/hugetlb: unshare page tables during VMA split, not before' The following package changes have been done: - kernel-default-5.14.21-150400.24.173.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 07:18:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 09:18:26 +0200 (CEST) Subject: SUSE-CU-2025:6203-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20250819071826.9A28EFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6203-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.171 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.171 Severity : moderate Type : recommended References : 1245223 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2838-1 Released: Mon Aug 18 10:56:16 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1245223 This update for suse-build-key fixes the following issue: - adjust SLES16 signing key UID (name,email) with official names (bsc#1245223). The following package changes have been done: - suse-build-key-12.0-150000.8.61.2 updated From sle-container-updates at lists.suse.com Tue Aug 19 07:20:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 09:20:03 +0200 (CEST) Subject: SUSE-CU-2025:6204-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20250819072003.0CAE4FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6204-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.77 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.77 Severity : moderate Type : recommended References : 1245223 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2838-1 Released: Mon Aug 18 10:56:16 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1245223 This update for suse-build-key fixes the following issue: - adjust SLES16 signing key UID (name,email) with official names (bsc#1245223). The following package changes have been done: - suse-build-key-12.0-150000.8.61.2 updated From sle-container-updates at lists.suse.com Tue Aug 19 07:24:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 09:24:58 +0200 (CEST) Subject: SUSE-CU-2025:6206-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250819072458.A91EFFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6206-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.95 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.95 Severity : moderate Type : security References : 1230262 1232526 1234959 1237143 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 1245223 1246157 1246231 1246237 CVE-2024-56738 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2772-1 Released: Tue Aug 12 19:35:08 2025 Summary: Recommended update for grub2 Type: security Severity: moderate References: 1234959,1246157,1246231,1246237,CVE-2024-56738 This update for grub2 fixes the following issues: - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959) Other fixes: - Fix test -f and -s do not work properly over the network files served via tftp and http (bsc#1246157, bsc#1246237) - Skip mount point in grub_find_device function (bsc#1246231) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2776-1 Released: Wed Aug 13 08:10:36 2025 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1237143 This update for systemd-rpm-macros fixes the following issues: - Introduce %udev_trigger_with_reload() for packages that need to trigger events in theirs scriplets. The new macro automatically triggers a reload of the udev rule files as this step is often overlooked by packages (bsc#1237143). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2838-1 Released: Mon Aug 18 10:56:16 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1245223 This update for suse-build-key fixes the following issue: - adjust SLES16 signing key UID (name,email) with official names (bsc#1245223). The following package changes have been done: - grub2-i386-pc-2.12-150600.8.34.1 updated - grub2-x86_64-efi-2.12-150600.8.34.1 updated - grub2-2.12-150600.8.34.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - suse-build-key-12.0-150000.8.61.2 updated - systemd-rpm-macros-16-150000.7.42.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 07:27:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 09:27:29 +0200 (CEST) Subject: SUSE-CU-2025:6207-1: Recommended update of bci/spack Message-ID: <20250819072729.8E930FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6207-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.44 Container Release : 11.44 Severity : moderate Type : recommended References : 1246697 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2841-1 Released: Mon Aug 18 13:01:25 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.15.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 07:27:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 09:27:40 +0200 (CEST) Subject: SUSE-CU-2025:6197-1: Recommended update of bci/dotnet-aspnet Message-ID: <20250819072740.F0890FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6197-1 Container Tags : bci/dotnet-aspnet:9.0 , bci/dotnet-aspnet:9.0.8 , bci/dotnet-aspnet:9.0.8-26.3 , bci/dotnet-aspnet:latest Container Release : 26.3 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 07:27:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 09:27:51 +0200 (CEST) Subject: SUSE-CU-2025:6208-1: Security update of bci/bci-base-fips Message-ID: <20250819072751.83F79FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6208-1 Container Tags : bci/bci-base-fips:15.7 , bci/bci-base-fips:15.7-6.9 , bci/bci-base-fips:latest Container Release : 6.9 Severity : important Type : security References : 1233012 1243273 1244032 1244056 1244059 1244060 1244061 1244401 1244705 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). The following package changes have been done: - python3-base-3.6.15-150300.10.97.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 07:27:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 09:27:52 +0200 (CEST) Subject: SUSE-CU-2025:6209-1: Recommended update of bci/bci-base-fips Message-ID: <20250819072752.6C19EFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6209-1 Container Tags : bci/bci-base-fips:15.7 , bci/bci-base-fips:15.7-6.11 , bci/bci-base-fips:latest Container Release : 6.11 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 07:28:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 09:28:01 +0200 (CEST) Subject: SUSE-CU-2025:6210-1: Recommended update of suse/bind Message-ID: <20250819072801.EC0FFFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/bind ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6210-1 Container Tags : suse/bind:9 , suse/bind:9.20 , suse/bind:9.20.11 , suse/bind:9.20.11-65.12 , suse/bind:latest Container Release : 65.12 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/bind was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated - container:registry.suse.com-bci-bci-micro-15.7-9ca7ac208218042a31a71f1e8d780e824550478284aef7e4c03cb97eefa7d605-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 07:28:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 09:28:06 +0200 (CEST) Subject: SUSE-CU-2025:6211-1: Security update of suse/cosign Message-ID: <20250819072806.B9867FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/cosign ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6211-1 Container Tags : suse/cosign:2 , suse/cosign:2.5 , suse/cosign:2.5.3 , suse/cosign:2.5.3-13.10 , suse/cosign:latest Container Release : 13.10 Severity : moderate Type : security References : 1221107 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container suse/cosign was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). The following package changes have been done: - libudev1-254.27-150600.4.43.3 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:suse-sle15-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 07:28:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 09:28:07 +0200 (CEST) Subject: SUSE-CU-2025:6212-1: Recommended update of suse/cosign Message-ID: <20250819072807.A7616FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/cosign ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6212-1 Container Tags : suse/cosign:2 , suse/cosign:2.5 , suse/cosign:2.5.3 , suse/cosign:2.5.3-13.13 , suse/cosign:latest Container Release : 13.13 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/cosign was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated - container:registry.suse.com-bci-bci-micro-15.7-9ca7ac208218042a31a71f1e8d780e824550478284aef7e4c03cb97eefa7d605-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 07:28:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 09:28:13 +0200 (CEST) Subject: SUSE-CU-2025:6213-1: Recommended update of suse/registry Message-ID: <20250819072813.1BA07FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6213-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-7.6 , suse/registry:latest Container Release : 7.6 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:bci-bci-micro-15.7-9ca7ac208218042a31a71f1e8d780e824550478284aef7e4c03cb97eefa7d605-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 07:28:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 09:28:15 +0200 (CEST) Subject: SUSE-CU-2025:6214-1: Recommended update of suse/registry Message-ID: <20250819072815.B6C87FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6214-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-7.7 , suse/registry:latest Container Release : 7.7 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - openssl-3-3.2.3-150700.5.18.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 07:28:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 09:28:27 +0200 (CEST) Subject: SUSE-CU-2025:6215-1: Recommended update of bci/dotnet-sdk Message-ID: <20250819072827.5E9ACFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6215-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0.19 , bci/dotnet-sdk:8.0.19-67.3 Container Release : 67.3 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 07:28:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 09:28:38 +0200 (CEST) Subject: SUSE-CU-2025:6216-1: Recommended update of bci/dotnet-sdk Message-ID: <20250819072838.0C976FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6216-1 Container Tags : bci/dotnet-sdk:9.0 , bci/dotnet-sdk:9.0.8 , bci/dotnet-sdk:9.0.8-27.3 , bci/dotnet-sdk:latest Container Release : 27.3 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 07:28:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 09:28:50 +0200 (CEST) Subject: SUSE-CU-2025:6217-1: Recommended update of bci/dotnet-runtime Message-ID: <20250819072850.90D16FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6217-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0.19 , bci/dotnet-runtime:8.0.19-67.3 Container Release : 67.3 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 07:29:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 09:29:00 +0200 (CEST) Subject: SUSE-CU-2025:6218-1: Recommended update of bci/dotnet-runtime Message-ID: <20250819072900.53BF1FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6218-1 Container Tags : bci/dotnet-runtime:9.0 , bci/dotnet-runtime:9.0.8 , bci/dotnet-runtime:9.0.8-26.3 , bci/dotnet-runtime:latest Container Release : 26.3 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 07:29:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 09:29:09 +0200 (CEST) Subject: SUSE-CU-2025:6219-1: Security update of bci/gcc Message-ID: <20250819072909.49B57FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6219-1 Container Tags : bci/gcc:14 , bci/gcc:14.3 , bci/gcc:14.3-11.10 , bci/gcc:latest Container Release : 11.10 Severity : moderate Type : security References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libatomic1-14.3.0+git11799-150000.1.11.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libgomp1-14.3.0+git11799-150000.1.11.1 updated - libitm1-14.3.0+git11799-150000.1.11.1 updated - libquadmath0-14.3.0+git11799-150000.1.11.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libsystemd0-254.27-150600.4.43.3 updated - libquadmath0-devel-gcc14-14.3.0+git11799-150000.1.11.1 updated - libgfortran5-14.3.0+git11799-150000.1.11.1 updated - libubsan1-14.3.0+git11799-150000.1.11.1 updated - libtsan2-14.3.0+git11799-150000.1.11.1 updated - liblsan0-14.3.0+git11799-150000.1.11.1 updated - libhwasan0-14.3.0+git11799-150000.1.11.1 updated - libasan8-14.3.0+git11799-150000.1.11.1 updated - cpp14-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-devel-gcc14-14.3.0+git11799-150000.1.11.1 updated - gcc14-14.3.0+git11799-150000.1.11.1 updated - gcc14-fortran-14.3.0+git11799-150000.1.11.1 updated - gcc14-c++-14.3.0+git11799-150000.1.11.1 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:18:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:18:19 +0200 (CEST) Subject: SUSE-CU-2025:6221-1: Recommended update of suse/mariadb Message-ID: <20250819111819.AA5A0FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6221-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.11 , suse/mariadb:10.11.11-70.18 Container Release : 70.18 Severity : moderate Type : recommended References : 1246697 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2841-1 Released: Mon Aug 18 13:01:25 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.15.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:19:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:19:36 +0200 (CEST) Subject: SUSE-CU-2025:6222-1: Recommended update of bci/dotnet-aspnet Message-ID: <20250819111936.5CAF1FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6222-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0.19 , bci/dotnet-aspnet:8.0.19-67.4 Container Release : 67.4 Severity : moderate Type : recommended References : 1246697 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.3.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:19:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:19:45 +0200 (CEST) Subject: SUSE-CU-2025:6223-1: Recommended update of bci/dotnet-aspnet Message-ID: <20250819111945.4C34FFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6223-1 Container Tags : bci/dotnet-aspnet:9.0 , bci/dotnet-aspnet:9.0.8 , bci/dotnet-aspnet:9.0.8-26.4 , bci/dotnet-aspnet:latest Container Release : 26.4 Severity : moderate Type : recommended References : 1246697 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.3.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:19:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:19:54 +0200 (CEST) Subject: SUSE-CU-2025:6224-1: Recommended update of suse/bind Message-ID: <20250819111954.7A24DFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/bind ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6224-1 Container Tags : suse/bind:9 , suse/bind:9.20 , suse/bind:9.20.11 , suse/bind:9.20.11-65.13 , suse/bind:latest Container Release : 65.13 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container suse/bind was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:19:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:19:59 +0200 (CEST) Subject: SUSE-CU-2025:6225-1: Recommended update of suse/cosign Message-ID: <20250819111959.B11A5FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/cosign ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6225-1 Container Tags : suse/cosign:2 , suse/cosign:2.5 , suse/cosign:2.5.3 , suse/cosign:2.5.3-13.14 , suse/cosign:latest Container Release : 13.14 Severity : moderate Type : recommended References : 1245223 ----------------------------------------------------------------- The container suse/cosign was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2838-1 Released: Mon Aug 18 10:56:16 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1245223 This update for suse-build-key fixes the following issue: - adjust SLES16 signing key UID (name,email) with official names (bsc#1245223). The following package changes have been done: - suse-build-key-12.0-150000.8.61.2 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:20:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:20:10 +0200 (CEST) Subject: SUSE-CU-2025:6226-1: Recommended update of bci/dotnet-sdk Message-ID: <20250819112010.17A79FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6226-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0.19 , bci/dotnet-sdk:8.0.19-67.4 Container Release : 67.4 Severity : moderate Type : recommended References : 1246697 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.3.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:20:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:20:18 +0200 (CEST) Subject: SUSE-CU-2025:6227-1: Recommended update of bci/dotnet-sdk Message-ID: <20250819112018.443E0FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6227-1 Container Tags : bci/dotnet-sdk:9.0 , bci/dotnet-sdk:9.0.8 , bci/dotnet-sdk:9.0.8-27.4 , bci/dotnet-sdk:latest Container Release : 27.4 Severity : moderate Type : recommended References : 1246697 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.3.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:20:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:20:28 +0200 (CEST) Subject: SUSE-CU-2025:6228-1: Recommended update of bci/dotnet-runtime Message-ID: <20250819112028.3F37BFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6228-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0.19 , bci/dotnet-runtime:8.0.19-67.4 Container Release : 67.4 Severity : moderate Type : recommended References : 1246697 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.3.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:20:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:20:36 +0200 (CEST) Subject: SUSE-CU-2025:6229-1: Recommended update of bci/dotnet-runtime Message-ID: <20250819112036.69303FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6229-1 Container Tags : bci/dotnet-runtime:9.0 , bci/dotnet-runtime:9.0.8 , bci/dotnet-runtime:9.0.8-26.4 , bci/dotnet-runtime:latest Container Release : 26.4 Severity : moderate Type : recommended References : 1246697 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.3.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:20:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:20:43 +0200 (CEST) Subject: SUSE-CU-2025:6219-1: Security update of bci/gcc Message-ID: <20250819112043.43AB1FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6219-1 Container Tags : bci/gcc:14 , bci/gcc:14.3 , bci/gcc:14.3-11.10 , bci/gcc:latest Container Release : 11.10 Severity : moderate Type : security References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libatomic1-14.3.0+git11799-150000.1.11.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libgomp1-14.3.0+git11799-150000.1.11.1 updated - libitm1-14.3.0+git11799-150000.1.11.1 updated - libquadmath0-14.3.0+git11799-150000.1.11.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libsystemd0-254.27-150600.4.43.3 updated - libquadmath0-devel-gcc14-14.3.0+git11799-150000.1.11.1 updated - libgfortran5-14.3.0+git11799-150000.1.11.1 updated - libubsan1-14.3.0+git11799-150000.1.11.1 updated - libtsan2-14.3.0+git11799-150000.1.11.1 updated - liblsan0-14.3.0+git11799-150000.1.11.1 updated - libhwasan0-14.3.0+git11799-150000.1.11.1 updated - libasan8-14.3.0+git11799-150000.1.11.1 updated - cpp14-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-devel-gcc14-14.3.0+git11799-150000.1.11.1 updated - gcc14-14.3.0+git11799-150000.1.11.1 updated - gcc14-fortran-14.3.0+git11799-150000.1.11.1 updated - gcc14-c++-14.3.0+git11799-150000.1.11.1 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:20:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:20:44 +0200 (CEST) Subject: SUSE-CU-2025:6230-1: Security update of bci/gcc Message-ID: <20250819112044.1B473FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6230-1 Container Tags : bci/gcc:14 , bci/gcc:14.3 , bci/gcc:14.3-11.12 , bci/gcc:latest Container Release : 11.12 Severity : moderate Type : security References : 1221107 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:20:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:20:50 +0200 (CEST) Subject: SUSE-CU-2025:6231-1: Recommended update of suse/git Message-ID: <20250819112050.2B894FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6231-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-63.9 , suse/git:latest Container Release : 63.9 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libudev1-254.27-150600.4.43.3 updated - container:suse-sle15-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:20:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:20:51 +0200 (CEST) Subject: SUSE-CU-2025:6233-1: Recommended update of suse/git Message-ID: <20250819112051.CCB6DFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6233-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-63.13 , suse/git:latest Container Release : 63.13 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:20:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:20:51 +0200 (CEST) Subject: SUSE-CU-2025:6232-1: Recommended update of suse/git Message-ID: <20250819112051.08880FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6232-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-63.12 , suse/git:latest Container Release : 63.12 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated - container:registry.suse.com-bci-bci-micro-15.7-9ca7ac208218042a31a71f1e8d780e824550478284aef7e4c03cb97eefa7d605-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:21:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:21:02 +0200 (CEST) Subject: SUSE-CU-2025:6234-1: Recommended update of bci/golang Message-ID: <20250819112102.BA79EFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6234-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.12 , bci/golang:1.23.12-2.73.5 , bci/golang:oldstable , bci/golang:oldstable-2.73.5 Container Release : 73.5 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libatomic1-14.3.0+git11799-150000.1.11.1 updated - libgomp1-14.3.0+git11799-150000.1.11.1 updated - libitm1-14.3.0+git11799-150000.1.11.1 updated - liblsan0-14.3.0+git11799-150000.1.11.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:21:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:21:03 +0200 (CEST) Subject: SUSE-CU-2025:6235-1: Security update of bci/golang Message-ID: <20250819112103.A0B54FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6235-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.12 , bci/golang:1.23.12-2.73.7 , bci/golang:oldstable , bci/golang:oldstable-2.73.7 Container Release : 73.7 Severity : moderate Type : security References : 1221107 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:21:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:21:14 +0200 (CEST) Subject: SUSE-CU-2025:6237-1: Security update of bci/golang Message-ID: <20250819112114.68E66FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6237-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-73.6 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-73.6 Container Release : 73.6 Severity : moderate Type : security References : 1221107 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:21:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:21:13 +0200 (CEST) Subject: SUSE-CU-2025:6236-1: Security update of bci/golang Message-ID: <20250819112113.7FE00FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6236-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-73.4 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-73.4 Container Release : 73.4 Severity : moderate Type : security References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libatomic1-14.3.0+git11799-150000.1.11.1 updated - libgomp1-14.3.0+git11799-150000.1.11.1 updated - libitm1-14.3.0+git11799-150000.1.11.1 updated - liblsan0-14.3.0+git11799-150000.1.11.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:21:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:21:15 +0200 (CEST) Subject: SUSE-CU-2025:6238-1: Recommended update of bci/golang Message-ID: <20250819112115.5289AFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6238-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-73.7 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-73.7 Container Release : 73.7 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl-3-devel-3.2.3-150700.5.18.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:21:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:21:25 +0200 (CEST) Subject: SUSE-CU-2025:6239-1: Security update of bci/golang Message-ID: <20250819112125.DB7FFFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6239-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.6 , bci/golang:1.24.6-1.73.4 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.73.4 Container Release : 73.4 Severity : moderate Type : security References : 1236217 1245573 1247719 1247720 CVE-2025-47906 CVE-2025-47907 CVE-2025-6297 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2760-1 Released: Tue Aug 12 14:08:20 2025 Summary: Security update for go1.24 Type: security Severity: moderate References: 1236217,1247719,1247720,CVE-2025-47906,CVE-2025-47907 This update for go1.24 fixes the following issues: - Update to go1.24.6: * CVE-2025-47906: Fixed LookPath returning unexpected paths (bsc#1247719) * CVE-2025-47907: Fixed incorrect results returned from Rows.Scan (bsc#1247720) * go#73800 runtime: RSS seems to have increased in Go 1.24 while the runtime accounting has not * go#74416 runtime: use-after-free of allpSnapshot in findRunnable * go#74694 runtime: segfaults in runtime.(*unwinder).next * go#74760 os/user:nolibgcc: TestGroupIdsTestUser failures The following package changes have been done: - go1.24-doc-1.24.6-150000.1.32.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - go1.24-1.24.6-150000.1.32.1 updated - go1.24-race-1.24.6-150000.1.32.1 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:21:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:21:26 +0200 (CEST) Subject: SUSE-CU-2025:6240-1: Recommended update of bci/golang Message-ID: <20250819112126.B90C5FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6240-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.6 , bci/golang:1.24.6-1.73.5 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.73.5 Container Release : 73.5 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libatomic1-14.3.0+git11799-150000.1.11.1 updated - libgomp1-14.3.0+git11799-150000.1.11.1 updated - libitm1-14.3.0+git11799-150000.1.11.1 updated - liblsan0-14.3.0+git11799-150000.1.11.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:45:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:45:54 +0200 (CEST) Subject: SUSE-CU-2025:6240-1: Recommended update of bci/golang Message-ID: <20250819114554.043A6FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6240-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.6 , bci/golang:1.24.6-1.73.5 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.73.5 Container Release : 73.5 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libatomic1-14.3.0+git11799-150000.1.11.1 updated - libgomp1-14.3.0+git11799-150000.1.11.1 updated - libitm1-14.3.0+git11799-150000.1.11.1 updated - liblsan0-14.3.0+git11799-150000.1.11.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:45:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:45:54 +0200 (CEST) Subject: SUSE-CU-2025:6241-1: Security update of bci/golang Message-ID: <20250819114554.A81C5FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6241-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.6 , bci/golang:1.24.6-1.73.7 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.73.7 Container Release : 73.7 Severity : moderate Type : security References : 1221107 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:46:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:46:02 +0200 (CEST) Subject: SUSE-CU-2025:6242-1: Security update of bci/golang Message-ID: <20250819114602.0F9F0FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6242-1 Container Tags : bci/golang:1.24-openssl , bci/golang:1.24.3-openssl , bci/golang:1.24.3-openssl-73.4 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-73.4 Container Release : 73.4 Severity : moderate Type : security References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libatomic1-14.3.0+git11799-150000.1.11.1 updated - libgomp1-14.3.0+git11799-150000.1.11.1 updated - libitm1-14.3.0+git11799-150000.1.11.1 updated - liblsan0-14.3.0+git11799-150000.1.11.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:46:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:46:02 +0200 (CEST) Subject: SUSE-CU-2025:6243-1: Security update of bci/golang Message-ID: <20250819114602.ABCB2FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6243-1 Container Tags : bci/golang:1.24-openssl , bci/golang:1.24.3-openssl , bci/golang:1.24.3-openssl-73.6 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-73.6 Container Release : 73.6 Severity : moderate Type : security References : 1221107 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:46:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:46:03 +0200 (CEST) Subject: SUSE-CU-2025:6244-1: Recommended update of bci/golang Message-ID: <20250819114603.663E2FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6244-1 Container Tags : bci/golang:1.24-openssl , bci/golang:1.24.3-openssl , bci/golang:1.24.3-openssl-73.7 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-73.7 Container Release : 73.7 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl-3-devel-3.2.3-150700.5.18.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:46:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:46:07 +0200 (CEST) Subject: SUSE-CU-2025:6245-1: Recommended update of suse/helm Message-ID: <20250819114607.BE84DFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6245-1 Container Tags : suse/helm:3 , suse/helm:3.18 , suse/helm:3.18.3 , suse/helm:3.18.3-63.8 , suse/helm:latest Container Release : 63.8 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - container:suse-sle15-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:46:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:46:08 +0200 (CEST) Subject: SUSE-CU-2025:6246-1: Recommended update of suse/helm Message-ID: <20250819114608.78324FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6246-1 Container Tags : suse/helm:3 , suse/helm:3.18 , suse/helm:3.18.3 , suse/helm:3.18.3-63.11 , suse/helm:latest Container Release : 63.11 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated - container:registry.suse.com-bci-bci-micro-15.7-9ca7ac208218042a31a71f1e8d780e824550478284aef7e4c03cb97eefa7d605-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:46:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:46:09 +0200 (CEST) Subject: SUSE-CU-2025:6247-1: Recommended update of suse/helm Message-ID: <20250819114609.2B6C5FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6247-1 Container Tags : suse/helm:3 , suse/helm:3.18 , suse/helm:3.18.3 , suse/helm:3.18.3-63.12 , suse/helm:latest Container Release : 63.12 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - openssl-3-3.2.3-150700.5.18.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:46:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:46:18 +0200 (CEST) Subject: SUSE-CU-2025:6248-1: Security update of bci/bci-init Message-ID: <20250819114618.392F5FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6248-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-42.10 , bci/bci-init:latest Container Release : 42.10 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:46:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:46:18 +0200 (CEST) Subject: SUSE-CU-2025:6249-1: Security update of bci/bci-init Message-ID: <20250819114618.E89BEFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6249-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-42.12 , bci/bci-init:latest Container Release : 42.12 Severity : moderate Type : security References : 1221107 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:46:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:46:22 +0200 (CEST) Subject: SUSE-CU-2025:6250-1: Security update of suse/kea Message-ID: <20250819114622.B510EFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/kea ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6250-1 Container Tags : suse/kea:2.6 , suse/kea:2.6-62.9 , suse/kea:latest Container Release : 62.9 Severity : important Type : security References : 1233012 1243273 1244032 1244056 1244059 1244060 1244061 1244401 1244705 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container suse/kea was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). The following package changes have been done: - python3-base-3.6.15-150300.10.97.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:46:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:46:23 +0200 (CEST) Subject: SUSE-CU-2025:6251-1: Recommended update of suse/kea Message-ID: <20250819114623.6BC27FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/kea ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6251-1 Container Tags : suse/kea:2.6 , suse/kea:2.6-62.11 , suse/kea:latest Container Release : 62.11 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/kea was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:46:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:46:31 +0200 (CEST) Subject: SUSE-CU-2025:6252-1: Recommended update of suse/kiosk/firefox-esr Message-ID: <20250819114631.8541DFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6252-1 Container Tags : suse/kiosk/firefox-esr:140.1 , suse/kiosk/firefox-esr:140.1-64.13 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 64.13 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated - container:registry.suse.com-bci-bci-micro-15.7-9ca7ac208218042a31a71f1e8d780e824550478284aef7e4c03cb97eefa7d605-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:46:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:46:32 +0200 (CEST) Subject: SUSE-CU-2025:6253-1: Recommended update of suse/kiosk/firefox-esr Message-ID: <20250819114632.48CCAFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6253-1 Container Tags : suse/kiosk/firefox-esr:140.1 , suse/kiosk/firefox-esr:140.1-64.14 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 64.14 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:46:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:46:45 +0200 (CEST) Subject: SUSE-CU-2025:6254-1: Security update of bci/kiwi Message-ID: <20250819114645.0B0D0FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6254-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-18.15 , bci/kiwi:latest Container Release : 18.15 Severity : important Type : security References : 1230262 1232526 1233012 1237143 1237442 1238491 1239566 1239938 1240788 1241549 1243273 1243991 1244032 1244050 1244056 1244059 1244060 1244061 1244401 1244705 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2776-1 Released: Wed Aug 13 08:10:36 2025 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1237143 This update for systemd-rpm-macros fixes the following issues: - Introduce %udev_trigger_with_reload() for packages that need to trigger events in theirs scriplets. The new macro automatically triggers a reload of the udev rule files as this step is often overlooked by packages (bsc#1237143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libatomic1-14.3.0+git11799-150000.1.11.1 updated - libgomp1-14.3.0+git11799-150000.1.11.1 updated - libitm1-14.3.0+git11799-150000.1.11.1 updated - liblsan0-14.3.0+git11799-150000.1.11.1 updated - systemd-rpm-macros-16-150000.7.42.1 updated - python3-base-3.6.15-150300.10.97.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - python3-3.6.15-150300.10.97.2 updated - python3-devel-3.6.15-150300.10.97.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:46:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:46:46 +0200 (CEST) Subject: SUSE-CU-2025:6256-1: Security update of bci/kiwi Message-ID: <20250819114646.81F60FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6256-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-18.18 , bci/kiwi:latest Container Release : 18.18 Severity : moderate Type : security References : 1221107 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:46:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:46:45 +0200 (CEST) Subject: SUSE-CU-2025:6255-1: Recommended update of bci/kiwi Message-ID: <20250819114645.BD6DDFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6255-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-18.16 , bci/kiwi:latest Container Release : 18.16 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2804-1 Released: Fri Aug 15 07:09:00 2025 Summary: Recommended update for liburing2 Type: recommended Severity: moderate References: This update for liburing2 fixes the following issues: - Move liburing-ffi2 to a separate package following factory packaging - Update to liburing 2.9 (PED-12844) * Add support for ring resizing * Add support for registered waits * Test additions and improvements * Fix bug with certain ring setups with SQE128 set not fully closing the ring after io_uring_queue_exit(3) had been called. * Various man page fixes and updates The following package changes have been done: - liburing2-2.9-150700.10.3.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:46:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:46:49 +0200 (CEST) Subject: SUSE-CU-2025:6257-1: Recommended update of suse/kubectl Message-ID: <20250819114649.8CA98FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6257-1 Container Tags : suse/kubectl:1.31 , suse/kubectl:1.31.9 , suse/kubectl:1.31.9-2.63.11 , suse/kubectl:oldstable , suse/kubectl:oldstable-2.63.11 Container Release : 63.11 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated - container:registry.suse.com-bci-bci-micro-15.7-9ca7ac208218042a31a71f1e8d780e824550478284aef7e4c03cb97eefa7d605-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:46:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:46:52 +0200 (CEST) Subject: SUSE-CU-2025:6258-1: Security update of suse/kubectl Message-ID: <20250819114652.B60D6FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6258-1 Container Tags : suse/kubectl:1.33 , suse/kubectl:1.33.1 , suse/kubectl:1.33.1-1.63.8 , suse/kubectl:latest , suse/kubectl:stable , suse/kubectl:stable-1.63.8 Container Release : 63.8 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated - container:suse-sle15-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:46:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:46:55 +0200 (CEST) Subject: SUSE-CU-2025:6259-1: Recommended update of bci/bci-micro-fips Message-ID: <20250819114655.CD498FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6259-1 Container Tags : bci/bci-micro-fips:15.7 , bci/bci-micro-fips:15.7-7.8 , bci/bci-micro-fips:latest Container Release : 7.8 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/bci-micro-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:46:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:46:58 +0200 (CEST) Subject: SUSE-CU-2025:6260-1: Recommended update of bci/bci-micro Message-ID: <20250819114658.BEEF6FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6260-1 Container Tags : bci/bci-micro:15.7 , bci/bci-micro:15.7-46.7 , bci/bci-micro:latest Container Release : 46.7 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:57:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:57:06 +0200 (CEST) Subject: SUSE-CU-2025:6260-1: Recommended update of bci/bci-micro Message-ID: <20250819115706.2A969FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6260-1 Container Tags : bci/bci-micro:15.7 , bci/bci-micro:15.7-46.7 , bci/bci-micro:latest Container Release : 46.7 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:57:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:57:10 +0200 (CEST) Subject: SUSE-CU-2025:6261-1: Recommended update of bci/bci-minimal Message-ID: <20250819115710.A6EDCFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6261-1 Container Tags : bci/bci-minimal:15.7 , bci/bci-minimal:15.7-13.3 , bci/bci-minimal:latest Container Release : 13.3 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:57:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:57:21 +0200 (CEST) Subject: SUSE-CU-2025:6262-1: Security update of suse/nginx Message-ID: <20250819115721.0F0BBFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6262-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-62.10 , suse/nginx:latest Container Release : 62.10 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:57:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:57:22 +0200 (CEST) Subject: SUSE-CU-2025:6263-1: Security update of suse/nginx Message-ID: <20250819115722.0431DFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6263-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-62.13 , suse/nginx:latest Container Release : 62.13 Severity : important Type : security References : 1221107 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 1246934 1247106 1247108 CVE-2024-2236 CVE-2025-8176 CVE-2025-8177 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2815-1 Released: Fri Aug 15 14:54:44 2025 Summary: Security update for tiff Type: security Severity: important References: 1247106,1247108,CVE-2025-8176,CVE-2025-8177 This update for tiff fixes the following issues: - CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108) - CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow() when processing malformed TIFF files (bsc#1247106) The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - libtiff5-4.0.9-150000.45.50.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:57:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:57:31 +0200 (CEST) Subject: SUSE-CU-2025:6264-1: Security update of bci/nodejs Message-ID: <20250819115731.A1DE1FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6264-1 Container Tags : bci/node:22 , bci/node:22.15.1 , bci/node:22.15.1-10.10 , bci/node:latest , bci/nodejs:22 , bci/nodejs:22.15.1 , bci/nodejs:22.15.1-10.10 , bci/nodejs:latest Container Release : 10.10 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:57:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:57:32 +0200 (CEST) Subject: SUSE-CU-2025:6265-1: Security update of bci/nodejs Message-ID: <20250819115732.88EA0FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6265-1 Container Tags : bci/node:22 , bci/node:22.15.1 , bci/node:22.15.1-10.12 , bci/node:latest , bci/nodejs:22 , bci/nodejs:22.15.1 , bci/nodejs:22.15.1-10.12 , bci/nodejs:latest Container Release : 10.12 Severity : moderate Type : security References : 1221107 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:57:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:57:43 +0200 (CEST) Subject: SUSE-CU-2025:6266-1: Security update of bci/openjdk-devel Message-ID: <20250819115743.89A17FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6266-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.16.0 , bci/openjdk-devel:17.0.16.0-8.11 Container Release : 8.11 Severity : important Type : security References : 1245573 1246597 CVE-2025-6297 CVE-2025-6965 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - container:bci-openjdk-17-15.7.17-8.11 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:57:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:57:44 +0200 (CEST) Subject: SUSE-CU-2025:6267-1: Recommended update of bci/openjdk-devel Message-ID: <20250819115744.69315FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6267-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.16.0 , bci/openjdk-devel:17.0.16.0-8.13 Container Release : 8.13 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:bci-openjdk-17-15.7.17-8.13 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:57:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:57:53 +0200 (CEST) Subject: SUSE-CU-2025:6269-1: Security update of bci/openjdk Message-ID: <20250819115753.7432CFF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6269-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.16.0 , bci/openjdk:17.0.16.0-8.13 Container Release : 8.13 Severity : moderate Type : security References : 1221107 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:57:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:57:52 +0200 (CEST) Subject: SUSE-CU-2025:6268-1: Security update of bci/openjdk Message-ID: <20250819115752.966ABFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6268-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.16.0 , bci/openjdk:17.0.16.0-8.11 Container Release : 8.11 Severity : important Type : security References : 1230959 1231748 1232326 1245573 1246428 1246575 1246584 1246595 1246597 1246598 CVE-2025-30749 CVE-2025-30754 CVE-2025-50059 CVE-2025-50106 CVE-2025-6297 CVE-2025-6965 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2667-1 Released: Mon Aug 4 14:37:23 2025 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1246575,1246584,1246595,1246598,CVE-2025-30749,CVE-2025-30754,CVE-2025-50059,CVE-2025-50106 This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.16+8 (July 2025 CPU): - CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595) - CVE-2025-30754: incomplete handshake may lead to weakening TLS protections (bsc#1246598) - CVE-2025-50059: Improve HTTP client header handling (bsc#1246575) - CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584) Changelog: + JDK-4850101: Setting mnemonic to VK_F4 underlines the letter S in a button. + JDK-5074006: Swing JOptionPane shows tag as a string after newline + JDK-6956385: URLConnection.getLastModified() leaks file handles for jar:file and file: URLs + JDK-8024624: [TEST_BUG] [macosx] CTRL+RIGHT(LEFT) doesn't move selection on next cell in JTable on Aqua L&F + JDK-8042134: JOptionPane bungles HTML messages + JDK-8051591: Test javax/swing/JTabbedPane/8007563/Test8007563.java fails + JDK-8077371: Binary files in JAXP test should be removed + JDK-8183348: Better cleanup for jdk/test/sun/security/pkcs12/P12SecretKey.java + JDK-8196465: javax/swing/JComboBox/8182031/ComboPopupTest.java fails on Linux + JDK-8202100: Merge vm/share/InMemoryJavaCompiler w/ jdk/test/lib/compiler/InMemoryJavaCompiler + JDK-8211400: nsk.share.gc.Memory::getArrayLength returns wrong value + JDK-8218474: JComboBox display issue with GTKLookAndFeel + JDK-8224267: JOptionPane message string with 5000+ newlines produces StackOverflowError + JDK-8249831: Test sun/security/mscapi/nonUniqueAliases/ /NonUniqueAliases.java is marked with @ignore + JDK-8251505: Use of types in compiler shared code should be consistent. + JDK-8253440: serviceability/sa/TestJhsdbJstackLineNumbers.java failed with 'Didn't find enough line numbers' + JDK-8254786: java/net/httpclient/CancelRequestTest.java failing intermittently + JDK-8256211: assert fired in java/net/httpclient/DependentPromiseActionsTest (infrequent) + JDK-8258483: [TESTBUG] gtest CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is too small + JDK-8269516: AArch64: Assembler cleanups + JDK-8271419: Refactor test code for modifying CDS archive contents + JDK-8276995: Bug in jdk.jfr.event.gc.collection.TestSystemGC + JDK-8277983: Remove unused fields from sun.net.www.protocol.jar.JarURLConnection + JDK-8279884: Use better file for cygwin source permission check + JDK-8279894: javax/swing/JInternalFrame/8020708/bug8020708.java timeouts on Windows 11 + JDK-8280468: Crashes in getConfigColormap, getConfigVisualId, XVisualIDFromVisual on Linux + JDK-8280820: Clean up bug8033699 and bug8075609.java tests: regtesthelpers aren't used + JDK-8280991: [XWayland] No displayChanged event after setDisplayMode call + JDK-8281511: java/net/ipv6tests/UdpTest.java fails with checkTime failed + JDK-8282863: java/awt/FullScreen/FullscreenWindowProps/ /FullscreenWindowProps.java fails on Windows 10 with HiDPI screen + JDK-8286204: [Accessibility,macOS,VoiceOver] VoiceOver reads the spinner value 10 as 1 when user iterates to 10 for the first time on macOS + JDK-8286789: Test forceEarlyReturn002.java timed out + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit access thread fields from native + JDK-8286925: Move JSON parser used in JFR tests to test library + JDK-8287352: DockerTestUtils::execute shows incorrect elapsed time + JDK-8287801: Fix test-bugs related to stress flags + JDK-8288707: javax/swing/JToolBar/4529206/bug4529206.java: setFloating does not work correctly + JDK-8290162: Reset recursion counter missed in fix of JDK-8224267 + JDK-8292064: Convert java/lang/management/MemoryMXBean shell tests to java version + JDK-8293503: gc/metaspace/TestMetaspacePerfCounters.java #Epsilon-64 failed assertGreaterThanOrEqual: expected MMM >= NNN + JDK-8294038: Remove 'Classpath' exception from javax/swing tests + JDK-8294155: Exception thrown before awaitAndCheck hangs PassFailJFrame + JDK-8295470: Update openjdk.java.net => openjdk.org URLs in test code + JDK-8295670: Remove duplication in java/util/Formatter/Basic*.java + JDK-8295804: javax/swing/JFileChooser/JFileChooserSetLocationTest.java failed with 'setLocation() is not working properly' + JDK-8296072: CertAttrSet::encode and DerEncoder::derEncode should write into DerOutputStream + JDK-8296167: test/langtools/tools/jdeps/jdkinternals/ /ShowReplacement.java failing after JDK-8296072 + JDK-8296920: Regression Test DialogOrient.java fails on MacOS + JDK-8297173: usageTicks and totalTicks should be volatile to ensure that different threads get the latest ticks + JDK-8297242: Use-after-free during library unloading on Linux + JDK-8298061: vmTestbase/nsk/sysdict/vm/stress/btree/btree012/ /btree012.java failed with 'fatal error: refcount has gone to zero' + JDK-8298147: Clang warns about pointless comparisons + JDK-8298248: Limit sscanf output width in cgroup file parsers + JDK-8298709: Fix typos in src/java.desktop/ and various test classes of client component + JDK-8298730: Refactor subsystem_file_line_contents and add docs and tests + JDK-8300645: Handle julong values in logging of GET_CONTAINER_INFO macros + JDK-8300658: memory_and_swap_limit() reporting wrong values on systems with swapaccount=0 + JDK-8302226: failure_handler native.core should wait for coredump to finish + JDK-8303549: [AIX] TestNativeStack.java is failing with exit value 1 + JDK-8303770: Remove Baltimore root certificate expiring in May 2025 + JDK-8305010: Test vmTestbase/nsk/jvmti/scenarios/sampling/ /SP05/sp05t003/TestDescription.java timed out: thread not suspended + JDK-8305578: X11GraphicsDevice.pGetBounds() is slow in remote X11 sessions + JDK-8306997: C2: 'malformed control flow' assert due to missing safepoint on backedge with a switch + JDK-8307318: Test serviceability/sa/ClhsdbCDSJstackPrintAll.java failed: ArrayIndexOutOfBoundsException + JDK-8308875: java/awt/Toolkit/GetScreenInsetsCustomGC/ /GetScreenInsetsCustomGC.java failed with 'Cannot invoke 'sun.awt.X11GraphicsDevice.getInsets()' because 'device' is null' + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8310525: DynamicLauncher for JDP test needs to try harder to find a free port + JDK-8312246: NPE when HSDB visits bad oop + JDK-8314120: Add tests for FileDescriptor.sync + JDK-8314236: Overflow in Collections.rotate + JDK-8314246: javax/swing/JToolBar/4529206/bug4529206.java fails intermittently on Linux + JDK-8314320: Mark runtime/CommandLine/ tests as flagless + JDK-8314828: Mark 3 jcmd command-line options test as vm.flagless + JDK-8315484: java/awt/dnd/RejectDragDropActionTest.java timed out + JDK-8315669: Open source several Swing PopupMenu related tests + JDK-8315721: CloseRace.java#id0 fails transiently on libgraal + JDK-8315742: Open source several Swing Scroll related tests + JDK-8315871: Opensource five more Swing regression tests + JDK-8315876: Open source several Swing CSS related tests + JDK-8315951: Open source several Swing HTMLEditorKit related tests + JDK-8315981: Opensource five more random Swing tests + JDK-8316061: Open source several Swing RootPane and Slider related tests + JDK-8316156: ByteArrayInputStream.transferTo causes MaxDirectMemorySize overflow + JDK-8316228: jcmd tests are broken by 8314828 + JDK-8316324: Opensource five miscellaneous Swing tests + JDK-8316388: Opensource five Swing component related regression tests + JDK-8316451: 6 java/lang/instrument/PremainClass tests ignore VM flags + JDK-8316452: java/lang/instrument/modules/ /AppendToClassPathModuleTest.java ignores VM flags + JDK-8316460: 4 javax/management tests ignore VM flags + JDK-8316497: ColorConvertOp - typo for non-ICC conversions needs one-line fix + JDK-8316629: j.text.DateFormatSymbols setZoneStrings() exception is unhelpful + JDK-8318700: MacOS Zero cannot run gtests due to wrong JVM path + JDK-8318915: Enhance checks in BigDecimal.toPlainString() + JDK-8318962: Update ProcessTools javadoc with suggestions in 8315097 + JDK-8319572: Test jdk/incubator/vector/LoadJsvmlTest.java ignores VM flags + JDK-8319578: Few java/lang/instrument ignore test.java.opts and accept test.vm.opts only + JDK-8319690: [AArch64] C2 compilation hits offset_ok_for_immed: assert 'c2 compiler bug' + JDK-8320682: [AArch64] C1 compilation fails with 'Field too big for insn' + JDK-8320687: sun.jvmstat.monitor.MonitoredHost .getMonitoredHost() throws unexpected exceptions when invoked concurrently + JDK-8321204: C2: assert(false) failed: node should be in igvn hash table + JDK-8321479: java -D-D crashes + JDK-8321509: False positive in get_trampoline fast path causes crash + JDK-8321713: Harmonize executeTestJvm with create[Limited]TestJavaProcessBuilder + JDK-8321718: ProcessTools.executeProcess calls waitFor before logging + JDK-8321931: memory_swap_current_in_bytes reports 0 as 'unlimited' + JDK-8325435: [macos] Menu or JPopupMenu not closed when main window is resized + JDK-8325680: Uninitialised memory in deleteGSSCB of GSSLibStub.c:179 + JDK-8325682: Rename nsk_strace.h + JDK-8326389: [test] improve assertEquals failure output + JDK-8328301: Convert Applet test ManualHTMLDataFlavorTest.java to main program + JDK-8328482: Convert and Open source few manual applet test to main based + JDK-8328484: Convert and Opensource few JFileChooser applet test to main + JDK-8328648: Remove applet usage from JFileChooser tests bug4150029 + JDK-8328670: Automate and open source few closed manual applet test + JDK-8328673: Convert closed text/html/CSS manual applet test to main + JDK-8329261: G1: interpreter post-barrier x86 code asserts index size of wrong buffer + JDK-8330534: Update nsk/jdwp tests to use driver instead of othervm + JDK-8330598: java/net/httpclient/Http1ChunkedTest.java fails with java.util.MissingFormatArgumentException: Format specifier '%s' + JDK-8331735: UpcallLinker::on_exit races with GC when copying frame anchor + JDK-8333117: Remove support of remote and manual debuggee launchers + JDK-8333680: com/sun/tools/attach/BasicTests.java fails with 'SocketException: Permission denied: connect' + JDK-8334560: [PPC64]: postalloc_expand_java_dynamic_call_sched does not copy all fields + JDK-8334644: Automate javax/print/attribute/PageRangesException.java + JDK-8334780: Crash: assert(h_array_list.not_null()) failed: invariant + JDK-8334895: OpenJDK fails to configure on linux aarch64 when CDS is disabled after JDK-8331942 + JDK-8335662: [AArch64] C1: guarantee(val < (1ULL << nbits)) failed: Field too big for insn + JDK-8335684: Test ThreadCpuTime.java should pause like ThreadCpuTimeArray.java + JDK-8335836: serviceability/jvmti/StartPhase/AllowedFunctions/ /AllowedFunctions.java fails with unexpected exit code: 112 + JDK-8336587: failure_handler lldb command times out on macosx-aarch64 core file + JDK-8337221: CompileFramework: test library to conveniently compile java and jasm sources for fuzzing + JDK-8337299: vmTestbase/nsk/jdb/stop_at/stop_at002/ /stop_at002.java failure goes undetected + JDK-8338154: Fix -Wzero-as-null-pointer-constant warnings in gtest framework + JDK-8339148: Make os::Linux::active_processor_count() public + JDK-8339300: CollectorPolicy.young_scaled_initial_ergo_vm gtest fails on ppc64 based platforms + JDK-8339639: Opensource few AWT PopupMenu tests + JDK-8339678: Update runtime/condy tests to be executed with VM flags + JDK-8339727: Open source several AWT focus tests - series 1 + JDK-8339794: Open source closed choice tests #1 + JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract + JDK-8339836: Open source several AWT Mouse tests - Batch 1 + JDK-8339842: Open source several AWT focus tests - series 2 + JDK-8339895: Open source several AWT focus tests - series 3 + JDK-8339906: Open source several AWT focus tests - series 4 + JDK-8339935: Open source several AWT focus tests - series 5 + JDK-8339982: Open source several AWT Mouse tests - Batch 2 + JDK-8339984: Open source AWT MenuItem related tests + JDK-8339995: Open source several AWT focus tests - series 6 + JDK-8340077: Open source few Checkbox tests - Set2 + JDK-8340084: Open source AWT Frame related tests + JDK-8340143: Open source several Java2D rendering loop tests. + JDK-8340164: Open source few Component tests - Set1 + JDK-8340173: Open source some Component/Panel/EventQueue tests - Set2 + JDK-8340176: Replace usage of -noclassgc with -Xnoclassgc in test/jdk/java/lang/management/MemoryMXBean/LowMemoryTest2.java + JDK-8340193: Open source several AWT Dialog tests - Batch 1 + JDK-8340228: Open source couple more miscellaneous AWT tests + JDK-8340271: Open source several AWT Robot tests + JDK-8340279: Open source several AWT Dialog tests - Batch 2 + JDK-8340332: Open source mixed AWT tests - Set3 + JDK-8340366: Open source several AWT Dialog tests - Batch 3 + JDK-8340367: Opensource few AWT image tests + JDK-8340393: Open source closed choice tests #2 + JDK-8340407: Open source a few more Component related tests + JDK-8340417: Open source some MenuBar tests - Set1 + JDK-8340432: Open source some MenuBar tests - Set2 + JDK-8340433: Open source closed choice tests #3 + JDK-8340437: Open source few more AWT Frame related tests + JDK-8340458: Open source additional Component tests (part 2) + JDK-8340555: Open source DnD tests - Set4 + JDK-8340560: Open Source several AWT/2D font and rendering tests + JDK-8340605: Open source several AWT PopupMenu tests + JDK-8340621: Open source several AWT List tests + JDK-8340625: Open source additional Component tests (part 3) + JDK-8340639: Open source few more AWT List tests + JDK-8340713: Open source DnD tests - Set5 + JDK-8340784: Remove PassFailJFrame constructor with screenshots + JDK-8340790: Open source several AWT Dialog tests - Batch 4 + JDK-8340809: Open source few more AWT PopupMenu tests + JDK-8340874: Open source some of the AWT Geometry/Button tests + JDK-8340907: Open source closed frame tests # 2 + JDK-8340966: Open source few Checkbox and Cursor tests - Set1 + JDK-8340967: Open source few Cursor tests - Set2 + JDK-8340978: Open source few DnD tests - Set6 + JDK-8340985: Open source some Desktop related tests + JDK-8341000: Open source some of the AWT Window tests + JDK-8341004: Open source AWT FileDialog related tests + JDK-8341072: Open source several AWT Canvas and Rectangle related tests + JDK-8341128: open source some 2d graphics tests + JDK-8341148: Open source several Choice related tests + JDK-8341162: Open source some of the AWT window test + JDK-8341170: Open source several Choice related tests (part 2) + JDK-8341177: Opensource few List and a Window test + JDK-8341191: Open source few more AWT FileDialog tests + JDK-8341239: Open source closed frame tests # 3 + JDK-8341257: Open source few DND tests - Set1 + JDK-8341258: Open source few various AWT tests - Set1 + JDK-8341278: Open source few TrayIcon tests - Set7 + JDK-8341298: Open source more AWT window tests + JDK-8341373: Open source closed frame tests # 4 + JDK-8341378: Open source few TrayIcon tests - Set8 + JDK-8341447: Open source closed frame tests # 5 + JDK-8341535: sun/awt/font/TestDevTransform.java fails with RuntimeException: Different rendering + JDK-8341637: java/net/Socket/UdpSocket.java fails with 'java.net.BindException: Address already in use' (macos-aarch64) + JDK-8341972: java/awt/dnd/DnDRemoveFocusOwnerCrashTest.java timed out after JDK-8341257 + JDK-8342376: More reliable OOM handling in ExceptionDuringDumpAtObjectsInitPhase test + JDK-8342524: Use latch in AbstractButton/bug6298940.java instead of delay + JDK-8342633: javax/management/security/ /HashedPasswordFileTest.java creates tmp file in src dir + JDK-8343037: Missing @since tag on JColorChooser.showDialog overload + JDK-8343103: Enable debug logging for vmTestbase/nsk/jvmti/ /scenarios/sampling/SP05/sp05t003/TestDescription.java + JDK-8343124: Tests fails with java.lang.IllegalAccessException: class com.sun.javatest.regtest.agent.MainWrapper$MainTask cannot access + JDK-8343170: java/awt/Cursor/JPanelCursorTest/ /JPanelCursorTest.java does not show the default cursor + JDK-8343205: CompileBroker::possibly_add_compiler_threads excessively polls available memory + JDK-8343529: serviceability/sa/ClhsdbWhere.java fails AssertionFailure: Corrupted constant pool + JDK-8343891: Test javax/swing/JTabbedPane/ /TestJTabbedPaneBackgroundColor.java failed + JDK-8343936: Adjust timeout in test javax/management/monitor/DerivedGaugeMonitorTest.java + JDK-8344316: security/auth/callback/TextCallbackHandler/ /Password.java make runnable with JTReg and add the UI + JDK-8344361: Restore null return for invalid services from legacy providers + JDK-8345133: Test sun/security/tools/jarsigner/ /TsacertOptionTest.java failed: Warning found in stdout + JDK-8345134: Test sun/security/tools/jarsigner/ /ConciseJarsigner.java failed: unable to find valid certification path to requested target + JDK-8345357: test/jdk/javax/swing/JRadioButton/8033699/ /bug8033699.java fails in ubuntu22.04 + JDK-8345447: test/jdk/javax/swing/JToolBar/4529206/ /bug4529206.java fails in ubuntu22.04 + JDK-8345547: test/jdk/javax/swing/text/DefaultEditorKit/ /4278839/bug4278839.java fails in ubuntu22.04 + JDK-8345598: Upgrade NSS binaries for interop tests + JDK-8345625: Better HTTP connections + JDK-8345728: [Accessibility,macOS,Screen Magnifier]: JCheckbox unchecked state does not magnify but works for checked tate + JDK-8345838: Remove the appcds/javaldr/AnonVmClassesDuringDump.java test + JDK-8346049: jdk/test/lib/security/timestamp/TsaServer.java warnings + JDK-8346581: JRadioButton/ButtonGroupFocusTest.java fails in CI on Linux + JDK-8347000: Bug in com/sun/net/httpserver/bugs/B6361557.java test + JDK-8347019: Test javax/swing/JRadioButton/8033699/ /bug8033699.java still fails: Focus is not on Radio Button Single as Expected + JDK-8347083: Incomplete logging in nsk/jvmti/ResourceExhausted/resexhausted00* tests + JDK-8347126: gc/stress/TestStressG1Uncommit.java gets OOM-killed + JDK-8347267: [macOS]: UnixOperatingSystem.c:67:40: runtime error: division by zero + JDK-8347286: (fs) Remove some extensions from java/nio/file/Files/probeContentType/Basic.java + JDK-8347576: Error output in libjsound has non matching format strings + JDK-8347629: Test FailOverDirectExecutionControlTest.java fails with -Xcomp + JDK-8347911: Limit the length of inflated text chunks + JDK-8347995: Race condition in jdk/java/net/httpclient/ /offline/FixedResponseHttpClient.java + JDK-8348107: test/jdk/java/net/httpclient/ /HttpsTunnelAuthTest.java fails intermittently + JDK-8348110: Update LCMS to 2.17 + JDK-8348299: Update List/ItemEventTest/ItemEventTest.java + JDK-8348596: Update FreeType to 2.13.3 + JDK-8348597: Update HarfBuzz to 10.4.0 + JDK-8348598: Update Libpng to 1.6.47 + JDK-8348600: Update PipeWire to 1.3.81 + JDK-8348865: JButton/bug4796987.java never runs because Windows XP is unavailable + JDK-8348936: [Accessibility,macOS,VoiceOver] VoiceOver doesn't announce untick on toggling the checkbox with 'space' key on macOS + JDK-8348989: Better Glyph drawing + JDK-8349039: Adjust exception No type named in database + JDK-8349111: Enhance Swing supports + JDK-8349200: [JMH] time.format.ZonedDateTimeFormatterBenchmark fails + JDK-8349348: Refactor ClassLoaderDeadlock.sh and Deadlock.sh to run fully in java + JDK-8349492: Update sun/security/pkcs12/ /KeytoolOpensslInteropTest.java to use a recent Openssl version + JDK-8349501: Relocate supporting classes in security/testlibrary to test/lib/jdk tree + JDK-8349594: Enhance TLS protocol support + JDK-8349751: AIX build failure after upgrade pipewire to 1.3.81 + JDK-8349974: [JMH,17u] MaskQueryOperationsBenchmark fails java.lang.NoClassDefFoundError + JDK-8350211: CTW: Attempt to preload all classes in constant pool + JDK-8350224: Test javax/swing/JComboBox/ /TestComboBoxComponentRendering.java fails in ubuntu 23.x and later + JDK-8350260: Improve HTML instruction formatting in PassFailJFrame + JDK-8350383: Test: add more test case for string compare (UL case) + JDK-8350386: Test TestCodeCacheFull.java fails with option -XX:-UseCodeCacheFlushing + JDK-8350412: [21u] AArch64: Ambiguous frame layout leads to incorrect traces in JFR + JDK-8350498: Remove two Camerfirma root CA certificates + JDK-8350540: [17u,11u] B8312065.java fails Network is unreachable + JDK-8350546: Several java/net/InetAddress tests fails UnknownHostException + JDK-8350616: Skip ValidateHazardPtrsClosure in non-debug builds + JDK-8350651: Bump update version for OpenJDK: jdk-17.0.16 + JDK-8350924: javax/swing/JMenu/4213634/bug4213634.java fails + JDK-8350991: Improve HTTP client header handling + JDK-8351086: (fc) Make java/nio/channels/FileChannel/BlockDeviceSize.java test manual + JDK-8352076: [21u] Problem list tests that fail in 21 and would be fixed by 8309622 + JDK-8352109: java/awt/Desktop/MailTest.java fails in platforms where Action.MAIL is not supported + JDK-8352302: Test sun/security/tools/jarsigner/TimestampCheck.java is failing + JDK-8352649: [17u] guarantee(is_result_safe || is_in_asgct()) failed inside AsyncGetCallTrace + JDK-8352676: Opensource JMenu tests - series1 + JDK-8352680: Opensource few misc swing tests + JDK-8352684: Opensource JInternalFrame tests - series1 + JDK-8352706: httpclient HeadTest does not run on HTTP2 + JDK-8352716: (tz) Update Timezone Data to 2025b + JDK-8352908: Open source several swing tests batch1 + JDK-8352942: jdk/jfr/startupargs/TestMemoryOptions.java fails with 32-bit build + JDK-8353070: Clean up and open source couple AWT Graphics related tests (Part 1) + JDK-8353138: Screen capture for test TaskbarPositionTest.java, failure case + JDK-8353320: Open source more Swing text tests + JDK-8353446: Open source several AWT Menu tests - Batch 2 + JDK-8353475: Open source two Swing DefaultCaret tests + JDK-8353685: Open some JComboBox bugs 4 + JDK-8353709: Debug symbols bundle should contain full debug files when building --with-external-symbols-in-bundles=public + JDK-8353714: [17u] Backport of 8347740 incomplete + JDK-8353942: Open source Swing Tests - Set 5 + JDK-8354554: Open source several clipboard tests batch1 + JDK-8356053: Test java/awt/Toolkit/Headless/ /HeadlessToolkit.java fails by timeout + JDK-8356096: ISO 4217 Amendment 179 Update + JDK-8356571: Re-enable -Wtype-limits for GCC in LCMS + JDK-8357105: C2: compilation fails with 'assert(false) failed: empty program detected during loop optimization' + JDK-8357193: [VS 2022 17.14] Warning C5287 in debugInit.c: enum type mismatch during build + JDK-8359170: Add 2 TLS and 2 CS Sectigo roots + JDK-8360147: Better Glyph drawing redux + JDK-8361674: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.16 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - libopenssl3-3.2.3-150700.5.15.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated - openssl-3-3.2.3-150700.5.15.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - java-17-openjdk-headless-17.0.16.0-150400.3.57.1 updated - java-17-openjdk-17.0.16.0-150400.3.57.1 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:58:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:58:02 +0200 (CEST) Subject: SUSE-CU-2025:6270-1: Security update of bci/openjdk-devel Message-ID: <20250819115802.2CB0BFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6270-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.8.0 , bci/openjdk-devel:21.0.8.0-11.11 , bci/openjdk-devel:latest Container Release : 11.11 Severity : important Type : security References : 1245573 1246597 CVE-2025-6297 CVE-2025-6965 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - libsqlite3-0-3.50.2-150000.3.33.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - container:bci-openjdk-21-15.7.21-11.11 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:58:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:58:02 +0200 (CEST) Subject: SUSE-CU-2025:6271-1: Recommended update of bci/openjdk-devel Message-ID: <20250819115802.EC7FEFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6271-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.8.0 , bci/openjdk-devel:21.0.8.0-11.13 , bci/openjdk-devel:latest Container Release : 11.13 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:bci-openjdk-21-15.7.21-11.13 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:58:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:58:11 +0200 (CEST) Subject: SUSE-CU-2025:6272-1: Security update of bci/openjdk Message-ID: <20250819115811.B50EEFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6272-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.8.0 , bci/openjdk:21.0.8.0-11.13 , bci/openjdk:latest Container Release : 11.13 Severity : moderate Type : security References : 1221107 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:58:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:58:21 +0200 (CEST) Subject: SUSE-CU-2025:6273-1: Recommended update of suse/pcp Message-ID: <20250819115821.5A4ABFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6273-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-62.13 , suse/pcp:latest Container Release : 62.13 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 The following package changes have been done: - libsystemd0-254.27-150600.4.43.3 updated - systemd-254.27-150600.4.43.3 updated - container:bci-bci-init-15.7-1609b5645e63797f0822a921bb30c13b5f360107e3db2978b702d62e23ab3776-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:58:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:58:22 +0200 (CEST) Subject: SUSE-CU-2025:6275-1: Security update of suse/pcp Message-ID: <20250819115822.BD3F9FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6275-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-62.17 , suse/pcp:latest Container Release : 62.17 Severity : moderate Type : security References : 1221107 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:bci-bci-init-15.7-05eb7584a367b2bc7b5f08f62d2db8362d7e3f864d9a6c01c9f6cc82344c7532-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:58:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:58:22 +0200 (CEST) Subject: SUSE-CU-2025:6274-1: Security update of suse/pcp Message-ID: <20250819115822.23721FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6274-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-62.15 , suse/pcp:latest Container Release : 62.15 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - libudev1-254.27-150600.4.43.3 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - container:bci-bci-init-15.7-eb8eadcf579b66c160cce68d8ef386355bf22483242abb26cba920367530d56d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:58:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:58:31 +0200 (CEST) Subject: SUSE-CU-2025:6276-1: Security update of bci/php-apache Message-ID: <20250819115831.90765FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6276-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.3.23 , bci/php-apache:8.3.23-12.14 , bci/php-apache:latest Container Release : 12.14 Severity : moderate Type : security References : 1221107 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:58:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:58:40 +0200 (CEST) Subject: SUSE-CU-2025:6277-1: Security update of bci/php-fpm Message-ID: <20250819115840.B44E3FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6277-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.3.23 , bci/php-fpm:8.3.23-12.13 , bci/php-fpm:latest Container Release : 12.13 Severity : moderate Type : security References : 1221107 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:58:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:58:49 +0200 (CEST) Subject: SUSE-CU-2025:6278-1: Security update of bci/php Message-ID: <20250819115849.286ECFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6278-1 Container Tags : bci/php:8 , bci/php:8.3.23 , bci/php:8.3.23-12.9 , bci/php:latest Container Release : 12.9 Severity : moderate Type : security References : 1245573 CVE-2025-6297 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:58:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:58:49 +0200 (CEST) Subject: SUSE-CU-2025:6279-1: Recommended update of bci/php Message-ID: <20250819115849.BA27CFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6279-1 Container Tags : bci/php:8 , bci/php:8.3.23 , bci/php:8.3.23-12.11 , bci/php:latest Container Release : 12.11 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 11:58:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 13:58:57 +0200 (CEST) Subject: SUSE-CU-2025:6280-1: Security update of suse/postgres Message-ID: <20250819115857.2CE8CFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6280-1 Container Tags : suse/postgres:16 , suse/postgres:16.9 , suse/postgres:16.9 , suse/postgres:16.9-74.10 Container Release : 74.10 Severity : moderate Type : security References : 1221107 1245573 1246934 CVE-2024-2236 CVE-2025-6297 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - container:suse-sle15-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:11:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:11:48 +0200 (CEST) Subject: SUSE-CU-2025:6281-1: Recommended update of suse/kea Message-ID: <20250819121148.3D312FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/kea ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6281-1 Container Tags : suse/kea:2.6 , suse/kea:2.6-62.13 , suse/kea:latest Container Release : 62.13 Severity : moderate Type : recommended References : 1246697 ----------------------------------------------------------------- The container suse/kea was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.3.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:11:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:11:56 +0200 (CEST) Subject: SUSE-CU-2025:6280-1: Security update of suse/postgres Message-ID: <20250819121156.9804FFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6280-1 Container Tags : suse/postgres:16 , suse/postgres:16.9 , suse/postgres:16.9 , suse/postgres:16.9-74.10 Container Release : 74.10 Severity : moderate Type : security References : 1221107 1245573 1246934 CVE-2024-2236 CVE-2025-6297 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - container:suse-sle15-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:11:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:11:57 +0200 (CEST) Subject: SUSE-CU-2025:6282-1: Recommended update of suse/postgres Message-ID: <20250819121157.75B7FFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6282-1 Container Tags : suse/postgres:16 , suse/postgres:16.9 , suse/postgres:16.9 , suse/postgres:16.9-74.13 Container Release : 74.13 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated - container:registry.suse.com-bci-bci-micro-15.7-9ca7ac208218042a31a71f1e8d780e824550478284aef7e4c03cb97eefa7d605-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:11:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:11:58 +0200 (CEST) Subject: SUSE-CU-2025:6283-1: Recommended update of suse/postgres Message-ID: <20250819121158.7480DFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6283-1 Container Tags : suse/postgres:16 , suse/postgres:16.9 , suse/postgres:16.9 , suse/postgres:16.9-74.14 Container Release : 74.14 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:12:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:12:07 +0200 (CEST) Subject: SUSE-CU-2025:6284-1: Recommended update of suse/postgres Message-ID: <20250819121207.CB918FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6284-1 Container Tags : suse/postgres:17 , suse/postgres:17.5 , suse/postgres:17.5 , suse/postgres:17.5-64.12 , suse/postgres:latest Container Release : 64.12 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated - container:registry.suse.com-bci-bci-micro-15.7-9ca7ac208218042a31a71f1e8d780e824550478284aef7e4c03cb97eefa7d605-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:12:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:12:08 +0200 (CEST) Subject: SUSE-CU-2025:6285-1: Recommended update of suse/postgres Message-ID: <20250819121208.E2455FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6285-1 Container Tags : suse/postgres:17 , suse/postgres:17.5 , suse/postgres:17.5 , suse/postgres:17.5-64.13 , suse/postgres:latest Container Release : 64.13 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:12:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:12:19 +0200 (CEST) Subject: SUSE-CU-2025:6286-1: Security update of suse/kiosk/pulseaudio Message-ID: <20250819121219.DB4C9FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/pulseaudio ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6286-1 Container Tags : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-63.6 , suse/kiosk/pulseaudio:latest Container Release : 63.6 Severity : important Type : security References : 1230262 1232526 1233012 1237143 1237442 1238491 1239566 1239938 1240788 1241549 1243273 1243991 1244032 1244050 1244056 1244059 1244060 1244061 1244401 1244705 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2776-1 Released: Wed Aug 13 08:10:36 2025 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1237143 This update for systemd-rpm-macros fixes the following issues: - Introduce %udev_trigger_with_reload() for packages that need to trigger events in theirs scriplets. The new macro automatically triggers a reload of the udev rule files as this step is often overlooked by packages (bsc#1237143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgomp1-14.3.0+git11799-150000.1.11.1 updated - systemd-rpm-macros-16-150000.7.42.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - python3-base-3.6.15-150300.10.97.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:12:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:12:21 +0200 (CEST) Subject: SUSE-CU-2025:6288-1: Recommended update of suse/kiosk/pulseaudio Message-ID: <20250819121221.B1D9CFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/pulseaudio ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6288-1 Container Tags : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-63.9 , suse/kiosk/pulseaudio:latest Container Release : 63.9 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:12:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:12:24 +0200 (CEST) Subject: SUSE-CU-2025:6289-1: Recommended update of suse/kiosk/pulseaudio Message-ID: <20250819121224.55DE6FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/pulseaudio ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6289-1 Container Tags : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-63.10 , suse/kiosk/pulseaudio:latest Container Release : 63.10 Severity : moderate Type : recommended References : 1241038 1246697 ----------------------------------------------------------------- The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2887-1 Released: Tue Aug 19 09:47:06 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1241038 This update for suse-module-tools fixes the following issues: - Version update 15.7.6 - Add missing util-linux requirement in the spec file (bsc#1241038). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.3.1 updated - suse-module-tools-15.7.6-150700.3.3.3 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:12:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:12:36 +0200 (CEST) Subject: SUSE-CU-2025:6290-1: Security update of bci/python Message-ID: <20250819121236.64CD1FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6290-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.13 , bci/python:3.11.13-74.13 Container Release : 74.13 Severity : moderate Type : security References : 1221107 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:12:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:12:51 +0200 (CEST) Subject: SUSE-CU-2025:6291-1: Security update of bci/python Message-ID: <20250819121251.B19A7FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6291-1 Container Tags : bci/python:3 , bci/python:3.13 , bci/python:3.13.5 , bci/python:3.13.5-76.13 , bci/python:latest Container Release : 76.13 Severity : moderate Type : security References : 1221107 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:13:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:13:04 +0200 (CEST) Subject: SUSE-CU-2025:6292-1: Security update of bci/python Message-ID: <20250819121304.44B24FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6292-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-73.12 Container Release : 73.12 Severity : important Type : security References : 1233012 1243273 1244032 1244056 1244059 1244060 1244061 1244401 1244705 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - python3-base-3.6.15-150300.10.97.1 updated - python3-3.6.15-150300.10.97.2 updated - python3-devel-3.6.15-150300.10.97.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:13:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:13:06 +0200 (CEST) Subject: SUSE-CU-2025:6294-1: Recommended update of bci/python Message-ID: <20250819121306.1F427FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6294-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-73.16 Container Release : 73.16 Severity : moderate Type : recommended References : 1246697 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.3.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:13:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:13:05 +0200 (CEST) Subject: SUSE-CU-2025:6293-1: Security update of bci/python Message-ID: <20250819121305.2EE20FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6293-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-73.14 Container Release : 73.14 Severity : moderate Type : security References : 1221107 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:13:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:13:11 +0200 (CEST) Subject: SUSE-CU-2025:6295-1: Recommended update of suse/mariadb-client Message-ID: <20250819121311.AAD6CFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6295-1 Container Tags : suse/mariadb-client:11.4 , suse/mariadb-client:11.4.5 , suse/mariadb-client:11.4.5-63.7 , suse/mariadb-client:latest Container Release : 63.7 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - container:suse-sle15-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:13:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:13:12 +0200 (CEST) Subject: SUSE-CU-2025:6296-1: Recommended update of suse/mariadb-client Message-ID: <20250819121312.99FF6FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6296-1 Container Tags : suse/mariadb-client:11.4 , suse/mariadb-client:11.4.5 , suse/mariadb-client:11.4.5-63.9 , suse/mariadb-client:latest Container Release : 63.9 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated - container:registry.suse.com-bci-bci-micro-15.7-9ca7ac208218042a31a71f1e8d780e824550478284aef7e4c03cb97eefa7d605-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:13:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:13:13 +0200 (CEST) Subject: SUSE-CU-2025:6297-1: Recommended update of suse/mariadb-client Message-ID: <20250819121313.7EB54FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6297-1 Container Tags : suse/mariadb-client:11.4 , suse/mariadb-client:11.4.5 , suse/mariadb-client:11.4.5-63.10 , suse/mariadb-client:latest Container Release : 63.10 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:13:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:13:19 +0200 (CEST) Subject: SUSE-CU-2025:6298-1: Security update of suse/mariadb Message-ID: <20250819121319.AD722FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6298-1 Container Tags : suse/mariadb:11.4 , suse/mariadb:11.4.5 , suse/mariadb:11.4.5-63.12 , suse/mariadb:latest Container Release : 63.12 Severity : important Type : security References : 1221107 1233012 1243273 1244032 1244056 1244059 1244060 1244061 1244183 1244401 1244705 1245573 1246934 1247249 831629 CVE-2024-12718 CVE-2024-2236 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-6297 CVE-2025-8194 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2731-1 Released: Fri Aug 8 06:51:47 2025 Summary: Recommended update for perl-DBI Type: recommended Severity: moderate References: 1244183 This update for perl-DBI fixes the following issues: - Dependency submission for the openQA stack (bsc#1244183) - Updated to 1.647.0 (1.647) * Remove 'experimental' tag from statistics_info * RT tickets moved to github issues (rwfranks++) * Fix install issue ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - python3-base-3.6.15-150300.10.97.1 updated - perl-DBI-1.647.0-150600.12.6.1 updated - container:suse-sle15-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:13:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:13:20 +0200 (CEST) Subject: SUSE-CU-2025:6299-1: Recommended update of suse/mariadb Message-ID: <20250819121320.9789FFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6299-1 Container Tags : suse/mariadb:11.4 , suse/mariadb:11.4.5 , suse/mariadb:11.4.5-63.14 , suse/mariadb:latest Container Release : 63.14 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated - container:registry.suse.com-bci-bci-micro-15.7-9ca7ac208218042a31a71f1e8d780e824550478284aef7e4c03cb97eefa7d605-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:13:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:13:21 +0200 (CEST) Subject: SUSE-CU-2025:6300-1: Recommended update of suse/mariadb Message-ID: <20250819121321.871E0FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6300-1 Container Tags : suse/mariadb:11.4 , suse/mariadb:11.4.5 , suse/mariadb:11.4.5-63.15 , suse/mariadb:latest Container Release : 63.15 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - openssl-3-3.2.3-150700.5.18.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:13:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:13:34 +0200 (CEST) Subject: SUSE-CU-2025:6135-1: Recommended update of suse/rmt-server Message-ID: <20250819121334.90A64FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6135-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.23 , suse/rmt-server:2.23-73.11 , suse/rmt-server:latest Container Release : 73.11 Severity : moderate Type : recommended References : 1246570 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:2763-1 Released: Tue Aug 12 14:45:40 2025 Summary: Optional update for libyaml Type: optional Severity: moderate References: 1246570 This update for libyaml ships the missing libyaml-0-2 library package to SUSE MicroOS 5.1 and 5.2. The following package changes have been done: - libyaml-0-2-0.1.7-150000.3.4.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:23:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:23:58 +0200 (CEST) Subject: SUSE-CU-2025:6302-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250819122358.288E5FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6302-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.96 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.96 Severity : important Type : security References : 1228929 1241038 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2888-1 Released: Tue Aug 19 09:47:17 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1228929,1241038 This update for suse-module-tools fixes the following issues: - Version update 15.6.11. - Add missing util-linux requirement to the spec file (bsc#1241038) - Kernel installation fails to build initrd (bsc#1228929). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2889-1 Released: Tue Aug 19 09:53:30 2025 Summary: Security update for container-suseconnect Type: security Severity: important References: This update for container-suseconnect rebuilds it with the last go1.24 security release. The following package changes have been done: - container-suseconnect-2.5.5-150000.4.69.1 updated - suse-module-tools-15.6.11-150600.3.9.2 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:26:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:26:14 +0200 (CEST) Subject: SUSE-CU-2025:6135-1: Recommended update of suse/rmt-server Message-ID: <20250819122614.2F9E7FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6135-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.23 , suse/rmt-server:2.23-73.11 , suse/rmt-server:latest Container Release : 73.11 Severity : moderate Type : recommended References : 1246570 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:2763-1 Released: Tue Aug 12 14:45:40 2025 Summary: Optional update for libyaml Type: optional Severity: moderate References: 1246570 This update for libyaml ships the missing libyaml-0-2 library package to SUSE MicroOS 5.1 and 5.2. The following package changes have been done: - libyaml-0-2-0.1.7-150000.3.4.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:26:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:26:15 +0200 (CEST) Subject: SUSE-CU-2025:6303-1: Security update of suse/rmt-server Message-ID: <20250819122615.60BB9FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6303-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.23 , suse/rmt-server:2.23-73.14 , suse/rmt-server:latest Container Release : 73.14 Severity : moderate Type : security References : 1221107 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:26:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:26:29 +0200 (CEST) Subject: SUSE-CU-2025:6304-1: Security update of bci/ruby Message-ID: <20250819122629.24484FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6304-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-13.10 Container Release : 13.10 Severity : moderate Type : security References : 1245573 1246570 CVE-2025-6297 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:2763-1 Released: Tue Aug 12 14:45:40 2025 Summary: Optional update for libyaml Type: optional Severity: moderate References: 1246570 This update for libyaml ships the missing libyaml-0-2 library package to SUSE MicroOS 5.1 and 5.2. The following package changes have been done: - libyaml-0-2-0.1.7-150000.3.4.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - container:registry.suse.com-bci-bci-base-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:26:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:26:31 +0200 (CEST) Subject: SUSE-CU-2025:6306-1: Security update of bci/ruby Message-ID: <20250819122631.7EEC3FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6306-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-13.13 Container Release : 13.13 Severity : moderate Type : security References : 1221107 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:26:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:26:30 +0200 (CEST) Subject: SUSE-CU-2025:6305-1: Recommended update of bci/ruby Message-ID: <20250819122630.4F2E1FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6305-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-13.11 Container Release : 13.11 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libatomic1-14.3.0+git11799-150000.1.11.1 updated - libgomp1-14.3.0+git11799-150000.1.11.1 updated - libitm1-14.3.0+git11799-150000.1.11.1 updated - liblsan0-14.3.0+git11799-150000.1.11.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:26:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:26:48 +0200 (CEST) Subject: SUSE-CU-2025:6307-1: Recommended update of bci/ruby Message-ID: <20250819122648.F086DFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6307-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-12.10 , bci/ruby:latest Container Release : 12.10 Severity : moderate Type : recommended References : 1246570 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:2763-1 Released: Tue Aug 12 14:45:40 2025 Summary: Optional update for libyaml Type: optional Severity: moderate References: 1246570 This update for libyaml ships the missing libyaml-0-2 library package to SUSE MicroOS 5.1 and 5.2. The following package changes have been done: - libyaml-0-2-0.1.7-150000.3.4.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:26:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:26:49 +0200 (CEST) Subject: SUSE-CU-2025:6308-1: Recommended update of bci/ruby Message-ID: <20250819122649.DBBCFFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6308-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-12.11 , bci/ruby:latest Container Release : 12.11 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libatomic1-14.3.0+git11799-150000.1.11.1 updated - libgomp1-14.3.0+git11799-150000.1.11.1 updated - libitm1-14.3.0+git11799-150000.1.11.1 updated - liblsan0-14.3.0+git11799-150000.1.11.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:26:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:26:51 +0200 (CEST) Subject: SUSE-CU-2025:6309-1: Security update of bci/ruby Message-ID: <20250819122651.36D42FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6309-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-12.13 , bci/ruby:latest Container Release : 12.13 Severity : moderate Type : security References : 1221107 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:27:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:27:06 +0200 (CEST) Subject: SUSE-CU-2025:6310-1: Recommended update of bci/rust Message-ID: <20250819122706.0E959FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6310-1 Container Tags : bci/rust:1.87 , bci/rust:1.87.0 , bci/rust:1.87.0-2.3.8 , bci/rust:oldstable , bci/rust:oldstable-2.3.8 Container Release : 3.8 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libasan8-14.3.0+git11799-150000.1.11.1 updated - libatomic1-14.3.0+git11799-150000.1.11.1 updated - libgomp1-14.3.0+git11799-150000.1.11.1 updated - libhwasan0-14.3.0+git11799-150000.1.11.1 updated - libitm1-14.3.0+git11799-150000.1.11.1 updated - liblsan0-14.3.0+git11799-150000.1.11.1 updated - libtsan2-14.3.0+git11799-150000.1.11.1 updated - libubsan1-14.3.0+git11799-150000.1.11.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:27:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:27:07 +0200 (CEST) Subject: SUSE-CU-2025:6311-1: Recommended update of bci/rust Message-ID: <20250819122707.29B28FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6311-1 Container Tags : bci/rust:1.87 , bci/rust:1.87.0 , bci/rust:1.87.0-2.3.10 , bci/rust:oldstable , bci/rust:oldstable-2.3.10 Container Release : 3.10 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:27:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:27:19 +0200 (CEST) Subject: SUSE-CU-2025:6312-1: Recommended update of bci/rust Message-ID: <20250819122719.BA80AFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6312-1 Container Tags : bci/rust:1.88 , bci/rust:1.88.0 , bci/rust:1.88.0-1.3.8 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.3.8 Container Release : 3.8 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libasan8-14.3.0+git11799-150000.1.11.1 updated - libatomic1-14.3.0+git11799-150000.1.11.1 updated - libgomp1-14.3.0+git11799-150000.1.11.1 updated - libhwasan0-14.3.0+git11799-150000.1.11.1 updated - libitm1-14.3.0+git11799-150000.1.11.1 updated - liblsan0-14.3.0+git11799-150000.1.11.1 updated - libtsan2-14.3.0+git11799-150000.1.11.1 updated - libubsan1-14.3.0+git11799-150000.1.11.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:27:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:27:20 +0200 (CEST) Subject: SUSE-CU-2025:6313-1: Recommended update of bci/rust Message-ID: <20250819122720.B908DFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6313-1 Container Tags : bci/rust:1.88 , bci/rust:1.88.0 , bci/rust:1.88.0-1.3.10 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.3.10 Container Release : 3.10 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:27:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:27:28 +0200 (CEST) Subject: SUSE-CU-2025:6314-1: Security update of suse/samba-client Message-ID: <20250819122728.1D3D0FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6314-1 Container Tags : suse/samba-client:4.21 , suse/samba-client:4.21 , suse/samba-client:4.21-64.10 , suse/samba-client:latest Container Release : 64.10 Severity : important Type : security References : 1221107 1233012 1243273 1244032 1244056 1244059 1244060 1244061 1244401 1244705 1246934 1247249 831629 CVE-2024-12718 CVE-2024-2236 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container suse/samba-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - python3-base-3.6.15-150300.10.97.1 updated - container:suse-sle15-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:27:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:27:31 +0200 (CEST) Subject: SUSE-CU-2025:6317-1: Recommended update of suse/samba-client Message-ID: <20250819122731.3972CFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6317-1 Container Tags : suse/samba-client:4.21 , suse/samba-client:4.21 , suse/samba-client:4.21-64.14 , suse/samba-client:latest Container Release : 64.14 Severity : moderate Type : recommended References : 1246697 ----------------------------------------------------------------- The container suse/samba-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.3.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:27:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:27:29 +0200 (CEST) Subject: SUSE-CU-2025:6315-1: Recommended update of suse/samba-client Message-ID: <20250819122729.29A76FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6315-1 Container Tags : suse/samba-client:4.21 , suse/samba-client:4.21 , suse/samba-client:4.21-64.12 , suse/samba-client:latest Container Release : 64.12 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/samba-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated - container:registry.suse.com-bci-bci-micro-15.7-9ca7ac208218042a31a71f1e8d780e824550478284aef7e4c03cb97eefa7d605-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:27:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:27:30 +0200 (CEST) Subject: SUSE-CU-2025:6316-1: Recommended update of suse/samba-client Message-ID: <20250819122730.36533FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6316-1 Container Tags : suse/samba-client:4.21 , suse/samba-client:4.21 , suse/samba-client:4.21-64.13 , suse/samba-client:latest Container Release : 64.13 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container suse/samba-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:27:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:27:38 +0200 (CEST) Subject: SUSE-CU-2025:6318-1: Security update of suse/samba-server Message-ID: <20250819122738.45268FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6318-1 Container Tags : suse/samba-server:4.21 , suse/samba-server:4.21 , suse/samba-server:4.21-64.10 , suse/samba-server:latest Container Release : 64.10 Severity : important Type : security References : 1221107 1233012 1243273 1244032 1244056 1244059 1244060 1244061 1244401 1244705 1246934 1247249 831629 CVE-2024-12718 CVE-2024-2236 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container suse/samba-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - python3-base-3.6.15-150300.10.97.1 updated - container:suse-sle15-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:27:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:27:39 +0200 (CEST) Subject: SUSE-CU-2025:6319-1: Recommended update of suse/samba-server Message-ID: <20250819122739.52CBCFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6319-1 Container Tags : suse/samba-server:4.21 , suse/samba-server:4.21 , suse/samba-server:4.21-64.12 , suse/samba-server:latest Container Release : 64.12 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/samba-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated - container:registry.suse.com-bci-bci-micro-15.7-9ca7ac208218042a31a71f1e8d780e824550478284aef7e4c03cb97eefa7d605-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:27:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:27:45 +0200 (CEST) Subject: SUSE-CU-2025:6320-1: Security update of suse/samba-toolbox Message-ID: <20250819122745.EB444FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6320-1 Container Tags : suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21-64.10 , suse/samba-toolbox:latest Container Release : 64.10 Severity : important Type : security References : 1221107 1233012 1243273 1244032 1244056 1244059 1244060 1244061 1244401 1244705 1246934 1247249 831629 CVE-2024-12718 CVE-2024-2236 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container suse/samba-toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - python3-base-3.6.15-150300.10.97.1 updated - container:suse-sle15-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Tue Aug 19 12:27:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Aug 2025 14:27:47 +0200 (CEST) Subject: SUSE-CU-2025:6321-1: Recommended update of suse/samba-toolbox Message-ID: <20250819122747.1675EFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6321-1 Container Tags : suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21-64.12 , suse/samba-toolbox:latest Container Release : 64.12 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/samba-toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated - container:registry.suse.com-bci-bci-micro-15.7-9ca7ac208218042a31a71f1e8d780e824550478284aef7e4c03cb97eefa7d605-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 07:03:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 09:03:41 +0200 (CEST) Subject: SUSE-CU-2025:6322-1: Security update of containers/suse-ai-observability-extension-setup Message-ID: <20250820070341.1118EFF2D@maintenance.suse.de> SUSE Container Update Advisory: containers/suse-ai-observability-extension-setup ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6322-1 Container Tags : containers/suse-ai-observability-extension-setup:1 , containers/suse-ai-observability-extension-setup:1.0.4 , containers/suse-ai-observability-extension-setup:1.0.4-3.54 Container Release : 3.54 Severity : moderate Type : security References : 1244116 CVE-2025-48060 ----------------------------------------------------------------- The container containers/suse-ai-observability-extension-setup was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2915-1 Released: Tue Aug 19 14:56:35 2025 Summary: Security update for jq Type: security Severity: moderate References: 1244116,CVE-2025-48060 This update for jq fixes the following issues: - CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116) The following package changes have been done: - libjq1-1.6-150000.3.9.1 updated - jq-1.6-150000.3.9.1 updated - container:registry.suse.com-bci-bci-base-15.6-e8108b05d0f310a74744345d25e38017a08a894cb5c486967091cfa18ec2aeef-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 07:07:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 09:07:18 +0200 (CEST) Subject: SUSE-IU-2025:2336-1: Security update of suse/sle-micro/5.5 Message-ID: <20250820070718.84F00FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2336-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.358 , suse/sle-micro/5.5:latest Image Release : 5.5.358 Severity : moderate Type : security References : 1244116 CVE-2025-48060 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2915-1 Released: Tue Aug 19 14:56:35 2025 Summary: Security update for jq Type: security Severity: moderate References: 1244116,CVE-2025-48060 This update for jq fixes the following issues: - CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116) The following package changes have been done: - libjq1-1.6-150000.3.9.1 updated - jq-1.6-150000.3.9.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 07:14:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 09:14:43 +0200 (CEST) Subject: SUSE-CU-2025:6326-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250820071443.E9070FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6326-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.172 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.172 Severity : important Type : security References : ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2889-1 Released: Tue Aug 19 09:53:30 2025 Summary: Security update for container-suseconnect Type: security Severity: important References: This update for container-suseconnect rebuilds it with the last go1.24 security release. The following package changes have been done: - container-suseconnect-2.5.5-150000.4.69.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 07:17:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 09:17:27 +0200 (CEST) Subject: SUSE-CU-2025:6327-1: Security update of suse/sle-micro-rancher/5.4 Message-ID: <20250820071727.14086FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6327-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.42 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.42 Severity : moderate Type : security References : 1244116 CVE-2025-48060 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2915-1 Released: Tue Aug 19 14:56:35 2025 Summary: Security update for jq Type: security Severity: moderate References: 1244116,CVE-2025-48060 This update for jq fixes the following issues: - CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116) The following package changes have been done: - jq-1.6-150000.3.9.1 updated - libjq1-1.6-150000.3.9.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 07:19:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 09:19:10 +0200 (CEST) Subject: SUSE-CU-2025:6328-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250820071910.202A5FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6328-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.172 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.172 Severity : important Type : security References : ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2889-1 Released: Tue Aug 19 09:53:30 2025 Summary: Security update for container-suseconnect Type: security Severity: important References: This update for container-suseconnect rebuilds it with the last go1.24 security release. The following package changes have been done: - container-suseconnect-2.5.5-150000.4.69.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 07:20:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 09:20:41 +0200 (CEST) Subject: SUSE-CU-2025:6329-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20250820072041.A8C9CFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6329-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.78 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.78 Severity : important Type : security References : ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2889-1 Released: Tue Aug 19 09:53:30 2025 Summary: Security update for container-suseconnect Type: security Severity: important References: This update for container-suseconnect rebuilds it with the last go1.24 security release. The following package changes have been done: - container-suseconnect-2.5.5-150000.4.69.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 07:26:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 09:26:49 +0200 (CEST) Subject: SUSE-CU-2025:6333-1: Recommended update of bci/bci-base-fips Message-ID: <20250820072649.550E9FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6333-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.32.20 Container Release : 32.20 Severity : moderate Type : recommended References : 1246697 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2841-1 Released: Mon Aug 18 13:01:25 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.15.1 updated - container:registry.suse.com-bci-bci-base-15.6-ffb7c76eb9915612dee9e2c241b3fc0b6ac9c2a778af8e32db9361aa9586030b-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 07:27:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 09:27:55 +0200 (CEST) Subject: SUSE-CU-2025:6334-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250820072755.9ECA0FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6334-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.98 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.98 Severity : important Type : security References : 1218459 1244116 1245220 1245985 1246038 1246149 1246466 1247054 1247690 CVE-2025-48060 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2915-1 Released: Tue Aug 19 14:56:35 2025 Summary: Security update for jq Type: security Severity: moderate References: 1244116,CVE-2025-48060 This update for jq fixes the following issues: - CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2921-1 Released: Tue Aug 19 16:54:12 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1218459,1245220,1245985,1246038,1246149,1246466,1247054,1247690 This update for libzypp, zypper fixes the following issues: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 - Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149) - Add regression test for (bsc#1245220) and some other filesize related tests. - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) The following package changes have been done: - jq-1.6-150000.3.9.1 updated - libjq1-1.6-150000.3.9.1 updated - libzypp-17.37.16-150600.3.79.1 updated - zypper-1.14.93-150600.10.49.2 updated From sle-container-updates at lists.suse.com Wed Aug 20 07:33:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 09:33:24 +0200 (CEST) Subject: SUSE-CU-2025:6341-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250820073324.751FBFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6341-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.47.5 Container Release : 47.5 Severity : important Type : security References : 1228929 1230262 1232526 1233012 1237143 1237442 1238491 1239566 1239938 1240788 1241038 1241549 1243273 1243991 1244032 1244050 1244056 1244059 1244060 1244061 1244401 1244705 1245573 1246296 1246697 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-6297 CVE-2025-7425 CVE-2025-8194 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2758-1 Released: Tue Aug 12 12:05:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2776-1 Released: Wed Aug 13 08:10:36 2025 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1237143 This update for systemd-rpm-macros fixes the following issues: - Introduce %udev_trigger_with_reload() for packages that need to trigger events in theirs scriplets. The new macro automatically triggers a reload of the udev rule files as this step is often overlooked by packages (bsc#1237143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2841-1 Released: Mon Aug 18 13:01:25 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2888-1 Released: Tue Aug 19 09:47:17 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1228929,1241038 This update for suse-module-tools fixes the following issues: - Version update 15.6.11. - Add missing util-linux requirement to the spec file (bsc#1241038) - Kernel installation fails to build initrd (bsc#1228929). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libxml2-2-2.10.3-150500.5.32.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libatomic1-14.3.0+git11799-150000.1.11.1 updated - libgomp1-14.3.0+git11799-150000.1.11.1 updated - libitm1-14.3.0+git11799-150000.1.11.1 updated - liblsan0-14.3.0+git11799-150000.1.11.1 updated - libopenssl1_1-1.1.1w-150600.5.15.1 updated - systemd-rpm-macros-16-150000.7.42.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - python3-base-3.6.15-150300.10.97.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - suse-module-tools-15.6.11-150600.3.9.2 updated - mokutil-0.5.0-150600.8.3 added - container:registry.suse.com-bci-bci-base-15.6-e8108b05d0f310a74744345d25e38017a08a894cb5c486967091cfa18ec2aeef-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 07:34:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 09:34:17 +0200 (CEST) Subject: SUSE-CU-2025:6343-1: Security update of suse/sle15 Message-ID: <20250820073417.A01A3FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6343-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.23.25 , suse/sle15:15.6 , suse/sle15:15.6.47.23.25 Container Release : 47.23.25 Severity : important Type : security References : 1218459 1245220 1245223 1245985 1246038 1246149 1246466 1247054 1247690 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2838-1 Released: Mon Aug 18 10:56:16 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1245223 This update for suse-build-key fixes the following issue: - adjust SLES16 signing key UID (name,email) with official names (bsc#1245223). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2889-1 Released: Tue Aug 19 09:53:30 2025 Summary: Security update for container-suseconnect Type: security Severity: important References: This update for container-suseconnect rebuilds it with the last go1.24 security release. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2921-1 Released: Tue Aug 19 16:54:12 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1218459,1245220,1245985,1246038,1246149,1246466,1247054,1247690 This update for libzypp, zypper fixes the following issues: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 - Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149) - Add regression test for (bsc#1245220) and some other filesize related tests. - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) The following package changes have been done: - container-suseconnect-2.5.5-150000.4.69.1 updated - libzypp-17.37.16-150600.3.79.1 updated - suse-build-key-12.0-150000.8.61.2 updated - zypper-1.14.93-150600.10.49.2 updated From sle-container-updates at lists.suse.com Wed Aug 20 07:35:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 09:35:41 +0200 (CEST) Subject: SUSE-CU-2025:6346-1: Recommended update of suse/389-ds Message-ID: <20250820073541.C3551FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6346-1 Container Tags : suse/389-ds:2.5 , suse/389-ds:2.5.3 , suse/389-ds:2.5.3-62.17 , suse/389-ds:latest Container Release : 62.17 Severity : moderate Type : recommended References : 1246697 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.3.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 07:35:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 09:35:42 +0200 (CEST) Subject: SUSE-CU-2025:6347-1: Recommended update of suse/389-ds Message-ID: <20250820073542.78DD9FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6347-1 Container Tags : suse/389-ds:2.5 , suse/389-ds:2.5.3 , suse/389-ds:2.5.3-62.20 , suse/389-ds:latest Container Release : 62.20 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - openssl-3-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 07:36:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 09:36:18 +0200 (CEST) Subject: SUSE-CU-2025:6350-1: Recommended update of bci/bci-base-fips Message-ID: <20250820073618.4E616FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6350-1 Container Tags : bci/bci-base-fips:15.7 , bci/bci-base-fips:15.7-6.12 , bci/bci-base-fips:latest Container Release : 6.12 Severity : moderate Type : recommended References : 1246697 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.3.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 07:37:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 09:37:11 +0200 (CEST) Subject: SUSE-CU-2025:6356-1: Recommended update of bci/gcc Message-ID: <20250820073711.248FBFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6356-1 Container Tags : bci/gcc:14 , bci/gcc:14.3 , bci/gcc:14.3-11.16 , bci/gcc:latest Container Release : 11.16 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 07:37:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 09:37:23 +0200 (CEST) Subject: SUSE-CU-2025:6357-1: Recommended update of bci/golang Message-ID: <20250820073723.2376BFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6357-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.12 , bci/golang:1.23.12-2.73.11 , bci/golang:oldstable , bci/golang:oldstable-2.73.11 Container Release : 73.11 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 07:37:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 09:37:49 +0200 (CEST) Subject: SUSE-CU-2025:6359-1: Recommended update of bci/golang Message-ID: <20250820073749.138BBFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6359-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.6 , bci/golang:1.24.6-1.73.11 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.73.11 Container Release : 73.11 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 07:38:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 09:38:01 +0200 (CEST) Subject: SUSE-CU-2025:6360-1: Recommended update of bci/bci-init Message-ID: <20250820073801.656AEFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6360-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-42.17 , bci/bci-init:latest Container Release : 42.17 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:04:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:04:05 +0200 (CEST) Subject: SUSE-IU-2025:2337-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20250820140405.EF063FF2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2337-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.201 , suse/sle-micro/base-5.5:latest Image Release : 5.8.201 Severity : moderate Type : recommended References : 1246776 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2927-1 Released: Wed Aug 20 11:47:47 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1246776 This update for permissions fixes the following issues: Update to version 20201225: * nvidia-modprobe: SLE-15-SP4 backport of setuid root permissions (bsc#1246776) The following package changes have been done: - permissions-20201225-150400.5.19.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:05:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:05:11 +0200 (CEST) Subject: SUSE-IU-2025:2338-1: Recommended update of suse/sle-micro/kvm-5.5 Message-ID: <20250820140511.F144DFF2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2338-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.382 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.382 Severity : moderate Type : recommended References : 1246776 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2927-1 Released: Wed Aug 20 11:47:47 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1246776 This update for permissions fixes the following issues: Update to version 20201225: * nvidia-modprobe: SLE-15-SP4 backport of setuid root permissions (bsc#1246776) The following package changes have been done: - permissions-20201225-150400.5.19.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.201 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:06:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:06:59 +0200 (CEST) Subject: SUSE-IU-2025:2339-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20250820140659.B8F69FF2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2339-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.474 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.474 Severity : moderate Type : recommended References : 1246776 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2927-1 Released: Wed Aug 20 11:47:47 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1246776 This update for permissions fixes the following issues: Update to version 20201225: * nvidia-modprobe: SLE-15-SP4 backport of setuid root permissions (bsc#1246776) The following package changes have been done: - permissions-20201225-150400.5.19.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.360 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:08:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:08:41 +0200 (CEST) Subject: SUSE-IU-2025:2340-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20250820140841.3D9C8FF2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2340-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.360 , suse/sle-micro/5.5:latest Image Release : 5.5.360 Severity : moderate Type : recommended References : 1246776 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2927-1 Released: Wed Aug 20 11:47:47 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1246776 This update for permissions fixes the following issues: Update to version 20201225: * nvidia-modprobe: SLE-15-SP4 backport of setuid root permissions (bsc#1246776) The following package changes have been done: - permissions-20201225-150400.5.19.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.201 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:17:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:17:23 +0200 (CEST) Subject: SUSE-CU-2025:6365-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20250820141723.E6BC5FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6365-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.173 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.173 Severity : moderate Type : recommended References : 1246776 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2927-1 Released: Wed Aug 20 11:47:47 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1246776 This update for permissions fixes the following issues: Update to version 20201225: * nvidia-modprobe: SLE-15-SP4 backport of setuid root permissions (bsc#1246776) The following package changes have been done: - permissions-20201225-150400.5.19.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:20:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:20:32 +0200 (CEST) Subject: SUSE-CU-2025:6366-1: Recommended update of suse/sle-micro-rancher/5.4 Message-ID: <20250820142032.9FB1DFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6366-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.43 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.43 Severity : moderate Type : recommended References : 1246776 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2927-1 Released: Wed Aug 20 11:47:47 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1246776 This update for permissions fixes the following issues: Update to version 20201225: * nvidia-modprobe: SLE-15-SP4 backport of setuid root permissions (bsc#1246776) The following package changes have been done: - permissions-20201225-150400.5.19.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:22:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:22:37 +0200 (CEST) Subject: SUSE-CU-2025:6367-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20250820142237.1C10AFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6367-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.173 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.173 Severity : moderate Type : recommended References : 1246776 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2927-1 Released: Wed Aug 20 11:47:47 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1246776 This update for permissions fixes the following issues: Update to version 20201225: * nvidia-modprobe: SLE-15-SP4 backport of setuid root permissions (bsc#1246776) The following package changes have been done: - permissions-20201225-150400.5.19.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:24:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:24:23 +0200 (CEST) Subject: SUSE-CU-2025:6368-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20250820142423.E88B2FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6368-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.79 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.79 Severity : moderate Type : recommended References : 1246776 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2927-1 Released: Wed Aug 20 11:47:47 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1246776 This update for permissions fixes the following issues: Update to version 20201225: * nvidia-modprobe: SLE-15-SP4 backport of setuid root permissions (bsc#1246776) The following package changes have been done: - permissions-20201225-150400.5.19.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:25:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:25:19 +0200 (CEST) Subject: SUSE-IU-2025:2341-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20250820142519.E5DE8FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2341-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.41 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.41 Severity : important Type : security References : 1246597 CVE-2025-6965 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 428 Released: Wed Aug 20 13:36:54 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to 3.50.2: * Fix the concat_ws() SQL function so that it includes empty strings in the concatenation. * Avoid writing frames with no checksums into the wal file if a savepoint is rolled back after dirty pages have already been spilled into the wal file. * Fix the Bitvec object to avoid stack overflow when the database is within 60 pages of its maximum size. * Fix a problem with UPDATEs on fts5 tables that contain BLOB values. * Fix an issue with transitive IS constraints on a RIGHT JOIN. * CVE-2025-6965: Fixed Integer Truncation in SQLite (bsc#1246597) * Ensure that sqlite3_setlk_timeout() holds the database mutex. - Update to 3.50 (3.50.1): * Improved handling and robust output of control characters * sqlite3_rsync no longer requires WAL mode and needs less bandwidth * Bug fixes and optimized JSON handling * Performance optimizations and developer visible fixes - Update to release 3.49.2: * Fix a bug in the NOT NULL optimization of version 3.40.0 that can lead to a memory error if abused. * Fix the count-of-view optimization so that it does not give an incorrect answer for a DISTINCT query. * Fix a possible incorrect answer that can result if a UNIQUE constraint of a table contains the PRIMARY KEY column and that UNIQUE constraint is used by an IN operator. * Fix obscure problems with the generate_series() extension function. * Incremental improvements to the configure/make. - Add subpackage for the lemon parser generator. The following package changes have been done: - SL-Micro-release-6.0-25.42 updated - libsqlite3-0-3.50.2-1.1 updated - container:suse-toolbox-image-1.0.0-9.26 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:26:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:26:17 +0200 (CEST) Subject: SUSE-IU-2025:2342-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250820142617.09A8EFF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2342-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.64 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.64 Severity : important Type : security References : 1246597 CVE-2025-6965 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 428 Released: Wed Aug 20 13:36:54 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to 3.50.2: * Fix the concat_ws() SQL function so that it includes empty strings in the concatenation. * Avoid writing frames with no checksums into the wal file if a savepoint is rolled back after dirty pages have already been spilled into the wal file. * Fix the Bitvec object to avoid stack overflow when the database is within 60 pages of its maximum size. * Fix a problem with UPDATEs on fts5 tables that contain BLOB values. * Fix an issue with transitive IS constraints on a RIGHT JOIN. * CVE-2025-6965: Fixed Integer Truncation in SQLite (bsc#1246597) * Ensure that sqlite3_setlk_timeout() holds the database mutex. - Update to 3.50 (3.50.1): * Improved handling and robust output of control characters * sqlite3_rsync no longer requires WAL mode and needs less bandwidth * Bug fixes and optimized JSON handling * Performance optimizations and developer visible fixes - Update to release 3.49.2: * Fix a bug in the NOT NULL optimization of version 3.40.0 that can lead to a memory error if abused. * Fix the count-of-view optimization so that it does not give an incorrect answer for a DISTINCT query. * Fix a possible incorrect answer that can result if a UNIQUE constraint of a table contains the PRIMARY KEY column and that UNIQUE constraint is used by an IN operator. * Fix obscure problems with the generate_series() extension function. * Incremental improvements to the configure/make. - Add subpackage for the lemon parser generator. The following package changes have been done: - SL-Micro-release-6.0-25.42 updated - libsqlite3-0-3.50.2-1.1 updated - container:SL-Micro-base-container-2.1.3-7.41 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:27:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:27:20 +0200 (CEST) Subject: SUSE-IU-2025:2343-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250820142720.C69E5FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2343-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.73 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.73 Severity : important Type : security References : 1246597 CVE-2025-6965 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 428 Released: Wed Aug 20 13:36:54 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to 3.50.2: * Fix the concat_ws() SQL function so that it includes empty strings in the concatenation. * Avoid writing frames with no checksums into the wal file if a savepoint is rolled back after dirty pages have already been spilled into the wal file. * Fix the Bitvec object to avoid stack overflow when the database is within 60 pages of its maximum size. * Fix a problem with UPDATEs on fts5 tables that contain BLOB values. * Fix an issue with transitive IS constraints on a RIGHT JOIN. * CVE-2025-6965: Fixed Integer Truncation in SQLite (bsc#1246597) * Ensure that sqlite3_setlk_timeout() holds the database mutex. - Update to 3.50 (3.50.1): * Improved handling and robust output of control characters * sqlite3_rsync no longer requires WAL mode and needs less bandwidth * Bug fixes and optimized JSON handling * Performance optimizations and developer visible fixes - Update to release 3.49.2: * Fix a bug in the NOT NULL optimization of version 3.40.0 that can lead to a memory error if abused. * Fix the count-of-view optimization so that it does not give an incorrect answer for a DISTINCT query. * Fix a possible incorrect answer that can result if a UNIQUE constraint of a table contains the PRIMARY KEY column and that UNIQUE constraint is used by an IN operator. * Fix obscure problems with the generate_series() extension function. * Incremental improvements to the configure/make. - Add subpackage for the lemon parser generator. The following package changes have been done: - SL-Micro-release-6.0-25.42 updated - libsqlite3-0-3.50.2-1.1 updated - container:SL-Micro-container-2.1.3-6.72 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:29:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:29:14 +0200 (CEST) Subject: SUSE-CU-2025:6371-1: Security update of suse/sl-micro/6.0/toolbox Message-ID: <20250820142914.C4953FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6371-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.26 , suse/sl-micro/6.0/toolbox:latest Container Release : 9.26 Severity : important Type : security References : 1245309 1245310 1245311 1245312 1245314 1245317 1246597 CVE-2025-4877 CVE-2025-4878 CVE-2025-5318 CVE-2025-5351 CVE-2025-5372 CVE-2025-5987 CVE-2025-6965 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 419 Released: Thu Aug 14 11:26:49 2025 Summary: Security update for libssh Type: security Severity: important References: 1245309,1245310,1245311,1245312,1245314,1245317,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5351,CVE-2025-5372,CVE-2025-5987 This update for libssh fixes the following issues: - CVE-2025-5372: ssh_kdf() returns a success code on certain failures (bsc#1245314) - CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend (bsc#1245317) - CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions (bsc#1245309) - CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() (bsc#1245310) - CVE-2025-5318: Likely read beyond bounds in sftp server handle management (bsc#1245311) - CVE-2025-5351: Double free in functions exporting keys (bsc#1245312) ----------------------------------------------------------------- Advisory ID: 428 Released: Wed Aug 20 13:36:54 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to 3.50.2: * Fix the concat_ws() SQL function so that it includes empty strings in the concatenation. * Avoid writing frames with no checksums into the wal file if a savepoint is rolled back after dirty pages have already been spilled into the wal file. * Fix the Bitvec object to avoid stack overflow when the database is within 60 pages of its maximum size. * Fix a problem with UPDATEs on fts5 tables that contain BLOB values. * Fix an issue with transitive IS constraints on a RIGHT JOIN. * CVE-2025-6965: Fixed Integer Truncation in SQLite (bsc#1246597) * Ensure that sqlite3_setlk_timeout() holds the database mutex. - Update to 3.50 (3.50.1): * Improved handling and robust output of control characters * sqlite3_rsync no longer requires WAL mode and needs less bandwidth * Bug fixes and optimized JSON handling * Performance optimizations and developer visible fixes - Update to release 3.49.2: * Fix a bug in the NOT NULL optimization of version 3.40.0 that can lead to a memory error if abused. * Fix the count-of-view optimization so that it does not give an incorrect answer for a DISTINCT query. * Fix a possible incorrect answer that can result if a UNIQUE constraint of a table contains the PRIMARY KEY column and that UNIQUE constraint is used by an IN operator. * Fix obscure problems with the generate_series() extension function. * Incremental improvements to the configure/make. - Add subpackage for the lemon parser generator. The following package changes have been done: - SL-Micro-release-6.0-25.42 updated - libsqlite3-0-3.50.2-1.1 updated - libssh-config-0.10.6-2.1 updated - libssh4-0.10.6-2.1 updated - skelcd-EULA-SL-Micro-2024.01.19-8.41 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:36:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:36:55 +0200 (CEST) Subject: SUSE-CU-2025:6360-1: Recommended update of bci/bci-init Message-ID: <20250820143655.6803BFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6360-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-42.17 , bci/bci-init:latest Container Release : 42.17 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:37:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:37:05 +0200 (CEST) Subject: SUSE-CU-2025:6375-1: Recommended update of suse/kea Message-ID: <20250820143705.B9B3CFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/kea ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6375-1 Container Tags : suse/kea:2.6 , suse/kea:2.6-62.17 , suse/kea:latest Container Release : 62.17 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container suse/kea was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:37:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:37:28 +0200 (CEST) Subject: SUSE-CU-2025:6376-1: Recommended update of bci/kiwi Message-ID: <20250820143728.056B2FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6376-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-18.20 , bci/kiwi:latest Container Release : 18.20 Severity : moderate Type : recommended References : 1241038 1246697 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2887-1 Released: Tue Aug 19 09:47:06 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1241038 This update for suse-module-tools fixes the following issues: - Version update 15.7.6 - Add missing util-linux requirement in the spec file (bsc#1241038). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.3.1 updated - suse-module-tools-15.7.6-150700.3.3.3 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:37:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:37:29 +0200 (CEST) Subject: SUSE-CU-2025:6377-1: Recommended update of bci/kiwi Message-ID: <20250820143729.0F3ABFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6377-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-18.24 , bci/kiwi:latest Container Release : 18.24 Severity : important Type : recommended References : 1218459 1245220 1245985 1246038 1246149 1246466 1247054 1247144 1247148 1247690 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2921-1 Released: Tue Aug 19 16:54:12 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1218459,1245220,1245985,1246038,1246149,1246466,1247054,1247690 This update for libzypp, zypper fixes the following issues: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 - Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149) - Add regression test for (bsc#1245220) and some other filesize related tests. - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - libzypp-17.37.16-150600.3.79.1 updated - zypper-1.14.93-150600.10.49.2 updated - openssl-3-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:37:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:37:34 +0200 (CEST) Subject: SUSE-CU-2025:6378-1: Recommended update of suse/kubectl Message-ID: <20250820143734.BC64AFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6378-1 Container Tags : suse/kubectl:1.33 , suse/kubectl:1.33.1 , suse/kubectl:1.33.1-1.63.13 , suse/kubectl:latest , suse/kubectl:stable , suse/kubectl:stable-1.63.13 Container Release : 63.13 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated - container:registry.suse.com-bci-bci-micro-15.7-9ca7ac208218042a31a71f1e8d780e824550478284aef7e4c03cb97eefa7d605-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:37:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:37:40 +0200 (CEST) Subject: SUSE-CU-2025:6379-1: Recommended update of bci/bci-micro-fips Message-ID: <20250820143740.A0AC6FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6379-1 Container Tags : bci/bci-micro-fips:15.7 , bci/bci-micro-fips:15.7-7.15 , bci/bci-micro-fips:latest Container Release : 7.15 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/bci-micro-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - container:bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:37:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:37:56 +0200 (CEST) Subject: SUSE-CU-2025:6380-1: Recommended update of suse/nginx Message-ID: <20250820143756.0E3B7FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6380-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-62.17 , suse/nginx:latest Container Release : 62.17 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:38:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:38:08 +0200 (CEST) Subject: SUSE-CU-2025:6381-1: Recommended update of bci/nodejs Message-ID: <20250820143808.DFD2CFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6381-1 Container Tags : bci/node:22 , bci/node:22.15.1 , bci/node:22.15.1-10.16 , bci/node:latest , bci/nodejs:22 , bci/nodejs:22.15.1 , bci/nodejs:22.15.1-10.16 , bci/nodejs:latest Container Release : 10.16 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:38:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:38:23 +0200 (CEST) Subject: SUSE-CU-2025:6382-1: Recommended update of bci/openjdk-devel Message-ID: <20250820143823.8E6B5FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6382-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.16.0 , bci/openjdk-devel:17.0.16.0-8.17 Container Release : 8.17 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - openssl-3-3.2.3-150700.5.18.1 updated - container:bci-openjdk-17-15.7.17-8.17 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:51:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:51:52 +0200 (CEST) Subject: SUSE-CU-2025:6382-1: Recommended update of bci/openjdk-devel Message-ID: <20250820145152.0558EFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6382-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.16.0 , bci/openjdk-devel:17.0.16.0-8.17 Container Release : 8.17 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - openssl-3-3.2.3-150700.5.18.1 updated - container:bci-openjdk-17-15.7.17-8.17 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:52:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:52:03 +0200 (CEST) Subject: SUSE-CU-2025:6383-1: Recommended update of bci/openjdk Message-ID: <20250820145203.3A1D5FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6383-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.16.0 , bci/openjdk:17.0.16.0-8.17 Container Release : 8.17 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - openssl-3-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:52:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:52:16 +0200 (CEST) Subject: SUSE-CU-2025:6384-1: Recommended update of bci/openjdk-devel Message-ID: <20250820145216.6C1B4FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6384-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.8.0 , bci/openjdk-devel:21.0.8.0-11.17 , bci/openjdk-devel:latest Container Release : 11.17 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - openssl-3-3.2.3-150700.5.18.1 updated - container:bci-openjdk-21-15.7.21-11.17 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:52:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:52:26 +0200 (CEST) Subject: SUSE-CU-2025:6385-1: Recommended update of bci/openjdk Message-ID: <20250820145226.CA687FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6385-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.8.0 , bci/openjdk:21.0.8.0-11.17 , bci/openjdk:latest Container Release : 11.17 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - openssl-3-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:52:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:52:42 +0200 (CEST) Subject: SUSE-CU-2025:6386-1: Recommended update of suse/pcp Message-ID: <20250820145242.410C2FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6386-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-62.22 , suse/pcp:latest Container Release : 62.22 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - container:bci-bci-init-15.7-19ca9b9bb81b77f2e361a688b2588cfeb31f24460fd904ba18ed7e9e77fc7b19-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:52:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:52:54 +0200 (CEST) Subject: SUSE-CU-2025:6387-1: Recommended update of bci/php-apache Message-ID: <20250820145254.AFE80FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6387-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.3.23 , bci/php-apache:8.3.23-12.18 , bci/php-apache:latest Container Release : 12.18 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:53:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:53:03 +0200 (CEST) Subject: SUSE-CU-2025:6388-1: Recommended update of bci/php-fpm Message-ID: <20250820145303.CF9D5FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6388-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.3.23 , bci/php-fpm:8.3.23-12.17 , bci/php-fpm:latest Container Release : 12.17 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:53:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:53:15 +0200 (CEST) Subject: SUSE-CU-2025:6389-1: Recommended update of bci/php Message-ID: <20250820145315.63C74FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6389-1 Container Tags : bci/php:8 , bci/php:8.3.23 , bci/php:8.3.23-12.15 , bci/php:latest Container Release : 12.15 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:53:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:53:27 +0200 (CEST) Subject: SUSE-CU-2025:6390-1: Recommended update of bci/python Message-ID: <20250820145327.9DDE8FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6390-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.13 , bci/python:3.11.13-74.18 Container Release : 74.18 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - openssl-3-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:53:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:53:42 +0200 (CEST) Subject: SUSE-CU-2025:6391-1: Recommended update of bci/python Message-ID: <20250820145342.87C68FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6391-1 Container Tags : bci/python:3 , bci/python:3.13 , bci/python:3.13.5 , bci/python:3.13.5-76.17 , bci/python:latest Container Release : 76.17 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - openssl-3-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:53:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:53:58 +0200 (CEST) Subject: SUSE-CU-2025:6392-1: Recommended update of bci/python Message-ID: <20250820145358.B0862FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6392-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-73.19 Container Release : 73.19 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - openssl-3-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:54:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:54:07 +0200 (CEST) Subject: SUSE-CU-2025:6393-1: Recommended update of suse/mariadb Message-ID: <20250820145407.3C115FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6393-1 Container Tags : suse/mariadb:11.4 , suse/mariadb:11.4.5 , suse/mariadb:11.4.5-63.16 , suse/mariadb:latest Container Release : 63.16 Severity : moderate Type : recommended References : 1246697 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.3.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:54:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:54:17 +0200 (CEST) Subject: SUSE-CU-2025:6394-1: Recommended update of suse/rmt-server Message-ID: <20250820145417.7173CFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6394-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.23 , suse/rmt-server:2.23-73.18 , suse/rmt-server:latest Container Release : 73.18 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:54:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:54:28 +0200 (CEST) Subject: SUSE-CU-2025:6395-1: Recommended update of bci/ruby Message-ID: <20250820145428.4AAE5FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6395-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-13.17 Container Release : 13.17 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:54:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:54:39 +0200 (CEST) Subject: SUSE-CU-2025:6396-1: Recommended update of bci/ruby Message-ID: <20250820145439.52D9DFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6396-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-12.17 , bci/ruby:latest Container Release : 12.17 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:54:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:54:48 +0200 (CEST) Subject: SUSE-CU-2025:6397-1: Recommended update of bci/rust Message-ID: <20250820145448.61A45FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6397-1 Container Tags : bci/rust:1.87 , bci/rust:1.87.0 , bci/rust:1.87.0-2.3.12 , bci/rust:oldstable , bci/rust:oldstable-2.3.12 Container Release : 3.12 Severity : moderate Type : recommended References : 1246697 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.3.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:54:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:54:49 +0200 (CEST) Subject: SUSE-CU-2025:6398-1: Recommended update of bci/rust Message-ID: <20250820145449.1BBBCFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6398-1 Container Tags : bci/rust:1.87 , bci/rust:1.87.0 , bci/rust:1.87.0-2.3.15 , bci/rust:oldstable , bci/rust:oldstable-2.3.15 Container Release : 3.15 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:55:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:55:00 +0200 (CEST) Subject: SUSE-CU-2025:6399-1: Recommended update of bci/rust Message-ID: <20250820145500.1C9CDFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6399-1 Container Tags : bci/rust:1.88 , bci/rust:1.88.0 , bci/rust:1.88.0-1.3.12 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.3.12 Container Release : 3.12 Severity : moderate Type : recommended References : 1246697 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.3.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:55:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:55:01 +0200 (CEST) Subject: SUSE-CU-2025:6400-1: Recommended update of bci/rust Message-ID: <20250820145501.02F33FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6400-1 Container Tags : bci/rust:1.88 , bci/rust:1.88.0 , bci/rust:1.88.0-1.3.15 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.3.15 Container Release : 3.15 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:55:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:55:08 +0200 (CEST) Subject: SUSE-CU-2025:6401-1: Recommended update of suse/samba-server Message-ID: <20250820145508.E4492FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6401-1 Container Tags : suse/samba-server:4.21 , suse/samba-server:4.21 , suse/samba-server:4.21-64.14 , suse/samba-server:latest Container Release : 64.14 Severity : important Type : recommended References : 1246697 1247144 1247148 ----------------------------------------------------------------- The container suse/samba-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl1_1-1.1.1w-150700.11.3.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 14:55:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 16:55:15 +0200 (CEST) Subject: SUSE-CU-2025:6321-1: Recommended update of suse/samba-toolbox Message-ID: <20250820145515.974E1FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6321-1 Container Tags : suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21-64.12 , suse/samba-toolbox:latest Container Release : 64.12 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/samba-toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated - container:registry.suse.com-bci-bci-micro-15.7-9ca7ac208218042a31a71f1e8d780e824550478284aef7e4c03cb97eefa7d605-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 15:05:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 17:05:17 +0200 (CEST) Subject: SUSE-CU-2025:6321-1: Recommended update of suse/samba-toolbox Message-ID: <20250820150517.DA6FCFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6321-1 Container Tags : suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21-64.12 , suse/samba-toolbox:latest Container Release : 64.12 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/samba-toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated - container:registry.suse.com-bci-bci-micro-15.7-9ca7ac208218042a31a71f1e8d780e824550478284aef7e4c03cb97eefa7d605-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 15:05:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 17:05:18 +0200 (CEST) Subject: SUSE-CU-2025:6402-1: Recommended update of suse/samba-toolbox Message-ID: <20250820150518.E956FFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6402-1 Container Tags : suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21-64.14 , suse/samba-toolbox:latest Container Release : 64.14 Severity : important Type : recommended References : 1246697 1247144 1247148 ----------------------------------------------------------------- The container suse/samba-toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl1_1-1.1.1w-150700.11.3.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 15:05:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 17:05:31 +0200 (CEST) Subject: SUSE-CU-2025:6403-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250820150531.40F85FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6403-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-44.3 , bci/bci-sle15-kernel-module-devel:latest Container Release : 44.3 Severity : important Type : security References : 1221107 1230262 1232526 1233012 1237143 1237442 1238491 1239566 1239938 1240788 1241038 1241549 1243273 1243991 1244032 1244050 1244056 1244059 1244060 1244061 1244401 1244705 1245573 1246597 1246697 1246934 1247249 831629 CVE-2024-12718 CVE-2024-2236 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-6297 CVE-2025-6965 CVE-2025-8194 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2776-1 Released: Wed Aug 13 08:10:36 2025 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1237143 This update for systemd-rpm-macros fixes the following issues: - Introduce %udev_trigger_with_reload() for packages that need to trigger events in theirs scriplets. The new macro automatically triggers a reload of the udev rule files as this step is often overlooked by packages (bsc#1237143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2887-1 Released: Tue Aug 19 09:47:06 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1241038 This update for suse-module-tools fixes the following issues: - Version update 15.7.6 - Add missing util-linux requirement in the spec file (bsc#1241038). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - libatomic1-14.3.0+git11799-150000.1.11.1 updated - libgomp1-14.3.0+git11799-150000.1.11.1 updated - libitm1-14.3.0+git11799-150000.1.11.1 updated - liblsan0-14.3.0+git11799-150000.1.11.1 updated - libopenssl1_1-1.1.1w-150700.11.3.1 updated - systemd-rpm-macros-16-150000.7.42.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - python3-base-3.6.15-150300.10.97.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - suse-module-tools-15.7.6-150700.3.3.3 updated - mokutil-0.5.0-150600.8.3 added - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 15:05:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 17:05:32 +0200 (CEST) Subject: SUSE-CU-2025:6404-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20250820150532.045CFFF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6404-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-44.6 , bci/bci-sle15-kernel-module-devel:latest Container Release : 44.6 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - openssl-3-3.2.3-150700.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 15:05:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 17:05:41 +0200 (CEST) Subject: SUSE-CU-2025:6405-1: Security update of suse/sle15 Message-ID: <20250820150541.D464BFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6405-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-5.8.23 , bci/bci-base:latest , suse/sle15:15.7 , suse/sle15:15.7-5.8.23 , suse/sle15:latest Container Release : 5.8.23 Severity : moderate Type : security References : 1221107 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 15:05:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 17:05:44 +0200 (CEST) Subject: SUSE-CU-2025:6407-1: Recommended update of suse/sle15 Message-ID: <20250820150544.1EF2CFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6407-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-5.8.27 , bci/bci-base:latest , suse/sle15:15.7 , suse/sle15:15.7-5.8.27 , suse/sle15:latest Container Release : 5.8.27 Severity : important Type : recommended References : 1218459 1245220 1245985 1246038 1246149 1246466 1247054 1247690 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2921-1 Released: Tue Aug 19 16:54:12 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1218459,1245220,1245985,1246038,1246149,1246466,1247054,1247690 This update for libzypp, zypper fixes the following issues: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 - Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149) - Add regression test for (bsc#1245220) and some other filesize related tests. - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) The following package changes have been done: - libzypp-17.37.16-150600.3.79.1 updated - zypper-1.14.93-150600.10.49.2 updated From sle-container-updates at lists.suse.com Wed Aug 20 15:05:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 17:05:43 +0200 (CEST) Subject: SUSE-CU-2025:6406-1: Security update of suse/sle15 Message-ID: <20250820150543.151F1FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6406-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-5.8.26 , bci/bci-base:latest , suse/sle15:15.7 , suse/sle15:15.7-5.8.26 , suse/sle15:latest Container Release : 5.8.26 Severity : important Type : security References : 1245223 1247144 1247148 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2838-1 Released: Mon Aug 18 10:56:16 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1245223 This update for suse-build-key fixes the following issue: - adjust SLES16 signing key UID (name,email) with official names (bsc#1245223). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2889-1 Released: Tue Aug 19 09:53:30 2025 Summary: Security update for container-suseconnect Type: security Severity: important References: This update for container-suseconnect rebuilds it with the last go1.24 security release. The following package changes have been done: - container-suseconnect-2.5.5-150000.4.69.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.18.1 updated - libopenssl3-3.2.3-150700.5.18.1 updated - openssl-3-3.2.3-150700.5.18.1 updated - suse-build-key-12.0-150000.8.61.2 updated From sle-container-updates at lists.suse.com Wed Aug 20 15:05:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 17:05:58 +0200 (CEST) Subject: SUSE-CU-2025:6408-1: Recommended update of bci/spack Message-ID: <20250820150558.2C0ABFF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6408-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-15.9 , bci/spack:latest Container Release : 15.9 Severity : moderate Type : recommended References : 1233012 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2761-1 Released: Tue Aug 12 14:17:29 2025 Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa Type: recommended Severity: moderate References: 1233012 This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) The following package changes have been done: - python3-pycparser-2.17-150000.3.5.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 15:05:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 17:05:59 +0200 (CEST) Subject: SUSE-CU-2025:6410-1: Security update of bci/spack Message-ID: <20250820150559.E8AEEFF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6410-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-15.12 , bci/spack:latest Container Release : 15.12 Severity : moderate Type : security References : 1221107 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 15:05:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 17:05:59 +0200 (CEST) Subject: SUSE-CU-2025:6409-1: Security update of bci/spack Message-ID: <20250820150559.040A8FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6409-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-15.11 , bci/spack:latest Container Release : 15.11 Severity : important Type : security References : 1230262 1232526 1233012 1237442 1238491 1239566 1239938 1240788 1241549 1243273 1243991 1244032 1244050 1244056 1244059 1244060 1244061 1244401 1244705 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libatomic1-14.3.0+git11799-150000.1.11.1 updated - libgomp1-14.3.0+git11799-150000.1.11.1 updated - libitm1-14.3.0+git11799-150000.1.11.1 updated - liblsan0-14.3.0+git11799-150000.1.11.1 updated - libquadmath0-14.3.0+git11799-150000.1.11.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - python3-base-3.6.15-150300.10.97.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 15:06:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 17:06:01 +0200 (CEST) Subject: SUSE-CU-2025:6412-1: Recommended update of bci/spack Message-ID: <20250820150601.C8DD4FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6412-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-15.14 , bci/spack:latest Container Release : 15.14 Severity : moderate Type : recommended References : 1246697 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.3.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 15:06:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 17:06:00 +0200 (CEST) Subject: SUSE-CU-2025:6411-1: Recommended update of bci/spack Message-ID: <20250820150600.E0487FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6411-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-15.13 , bci/spack:latest Container Release : 15.13 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl-3-devel-3.2.3-150700.5.18.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 15:06:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 17:06:08 +0200 (CEST) Subject: SUSE-CU-2025:6414-1: Recommended update of suse/stunnel Message-ID: <20250820150608.38C8BFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6414-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-63.7 , suse/stunnel:latest Container Release : 63.7 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - container:suse-sle15-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 15:06:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 17:06:09 +0200 (CEST) Subject: SUSE-CU-2025:6416-1: Recommended update of suse/stunnel Message-ID: <20250820150609.F2FBDFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6416-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-63.10 , suse/stunnel:latest Container Release : 63.10 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 15:06:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 17:06:09 +0200 (CEST) Subject: SUSE-CU-2025:6415-1: Recommended update of suse/stunnel Message-ID: <20250820150609.12ECFFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6415-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-63.9 , suse/stunnel:latest Container Release : 63.9 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated - container:registry.suse.com-bci-bci-micro-15.7-9ca7ac208218042a31a71f1e8d780e824550478284aef7e4c03cb97eefa7d605-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 15:06:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 17:06:16 +0200 (CEST) Subject: SUSE-CU-2025:6418-1: Recommended update of suse/valkey Message-ID: <20250820150616.C4E3DFF47@maintenance.suse.de> SUSE Container Update Advisory: suse/valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6418-1 Container Tags : suse/valkey:8 , suse/valkey:8.0 , suse/valkey:8.0.2 , suse/valkey:8.0.2-63.10 , suse/valkey:latest Container Release : 63.10 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated - container:registry.suse.com-bci-bci-micro-15.7-9ca7ac208218042a31a71f1e8d780e824550478284aef7e4c03cb97eefa7d605-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 15:06:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 17:06:17 +0200 (CEST) Subject: SUSE-CU-2025:6419-1: Recommended update of suse/valkey Message-ID: <20250820150617.7037AFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6419-1 Container Tags : suse/valkey:8 , suse/valkey:8.0 , suse/valkey:8.0.2 , suse/valkey:8.0.2-63.11 , suse/valkey:latest Container Release : 63.11 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container suse/valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 15:06:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 17:06:16 +0200 (CEST) Subject: SUSE-CU-2025:6417-1: Security update of suse/valkey Message-ID: <20250820150616.01528FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6417-1 Container Tags : suse/valkey:8 , suse/valkey:8.0 , suse/valkey:8.0.2 , suse/valkey:8.0.2-63.8 , suse/valkey:latest Container Release : 63.8 Severity : moderate Type : security References : 1221107 1246934 CVE-2024-2236 ----------------------------------------------------------------- The container suse/valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - container:suse-sle15-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 15:06:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 17:06:21 +0200 (CEST) Subject: SUSE-CU-2025:6421-1: Recommended update of suse/kiosk/xorg-client Message-ID: <20250820150621.C23D6FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6421-1 Container Tags : suse/kiosk/xorg-client:21 , suse/kiosk/xorg-client:21-64.11 , suse/kiosk/xorg-client:latest Container Release : 64.11 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container suse/kiosk/xorg-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated From sle-container-updates at lists.suse.com Wed Aug 20 15:06:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 17:06:20 +0200 (CEST) Subject: SUSE-CU-2025:6420-1: Recommended update of suse/kiosk/xorg-client Message-ID: <20250820150620.F13E4FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6420-1 Container Tags : suse/kiosk/xorg-client:21 , suse/kiosk/xorg-client:21-64.10 , suse/kiosk/xorg-client:latest Container Release : 64.10 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/kiosk/xorg-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated - container:registry.suse.com-bci-bci-micro-15.7-9ca7ac208218042a31a71f1e8d780e824550478284aef7e4c03cb97eefa7d605-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 15:06:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 17:06:28 +0200 (CEST) Subject: SUSE-CU-2025:6422-1: Security update of suse/kiosk/xorg Message-ID: <20250820150629.0010AFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6422-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-65.10 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 65.10 Severity : important Type : security References : 1243503 1247106 1247108 CVE-2025-8176 CVE-2025-8177 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2770-1 Released: Tue Aug 12 15:50:12 2025 Summary: Security update for tiff Type: security Severity: important References: 1243503,1247106,1247108,CVE-2025-8176,CVE-2025-8177 This update for tiff fixes the following issues: - Updated TIFFMergeFieldInfo() with read_count=write_count=0 for FIELD_IGNORE (bsc#1243503) - CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108) - CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow() when processing malformed TIFF files (bsc#1247106) - Add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to fix FTBFS with cmake4 - Add %check section - Remove Group: declarations, no longer used The following package changes have been done: - libtiff6-4.7.0-150600.3.13.1 updated From sle-container-updates at lists.suse.com Thu Aug 21 07:08:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 09:08:06 +0200 (CEST) Subject: SUSE-CU-2025:6422-1: Security update of suse/kiosk/xorg Message-ID: <20250821070806.71D49FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6422-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-65.10 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 65.10 Severity : important Type : security References : 1243503 1247106 1247108 CVE-2025-8176 CVE-2025-8177 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2770-1 Released: Tue Aug 12 15:50:12 2025 Summary: Security update for tiff Type: security Severity: important References: 1243503,1247106,1247108,CVE-2025-8176,CVE-2025-8177 This update for tiff fixes the following issues: - Updated TIFFMergeFieldInfo() with read_count=write_count=0 for FIELD_IGNORE (bsc#1243503) - CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108) - CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow() when processing malformed TIFF files (bsc#1247106) - Add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to fix FTBFS with cmake4 - Add %check section - Remove Group: declarations, no longer used The following package changes have been done: - libtiff6-4.7.0-150600.3.13.1 updated From sle-container-updates at lists.suse.com Thu Aug 21 07:08:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 09:08:07 +0200 (CEST) Subject: SUSE-CU-2025:6423-1: Recommended update of suse/kiosk/xorg Message-ID: <20250821070807.31AFEFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6423-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-65.12 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 65.12 Severity : moderate Type : recommended References : 1237143 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2776-1 Released: Wed Aug 13 08:10:36 2025 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1237143 This update for systemd-rpm-macros fixes the following issues: - Introduce %udev_trigger_with_reload() for packages that need to trigger events in theirs scriplets. The new macro automatically triggers a reload of the udev rule files as this step is often overlooked by packages (bsc#1237143). The following package changes have been done: - systemd-rpm-macros-16-150000.7.42.1 updated From sle-container-updates at lists.suse.com Thu Aug 21 07:08:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 09:08:07 +0200 (CEST) Subject: SUSE-CU-2025:6424-1: Recommended update of suse/kiosk/xorg Message-ID: <20250821070807.D8F16FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6424-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-65.14 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 65.14 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:suse-sle15-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated - container:registry.suse.com-bci-bci-micro-15.7-9ca7ac208218042a31a71f1e8d780e824550478284aef7e4c03cb97eefa7d605-0 updated From sle-container-updates at lists.suse.com Thu Aug 21 07:08:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 09:08:08 +0200 (CEST) Subject: SUSE-CU-2025:6425-1: Recommended update of suse/kiosk/xorg Message-ID: <20250821070808.9576BFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6425-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-65.15 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 65.15 Severity : important Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl3-3.2.3-150700.5.18.1 updated From sle-container-updates at lists.suse.com Thu Aug 21 07:08:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 09:08:09 +0200 (CEST) Subject: SUSE-CU-2025:6426-1: Recommended update of suse/kiosk/xorg Message-ID: <20250821070809.615BFFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6426-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-65.16 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 65.16 Severity : moderate Type : recommended References : 1241038 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2887-1 Released: Tue Aug 19 09:47:06 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1241038 This update for suse-module-tools fixes the following issues: - Version update 15.7.6 - Add missing util-linux requirement in the spec file (bsc#1241038). The following package changes have been done: - suse-module-tools-15.7.6-150700.3.3.3 updated From sle-container-updates at lists.suse.com Thu Aug 21 07:11:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 09:11:46 +0200 (CEST) Subject: SUSE-CU-2025:6460-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20250821071146.86223FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6460-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16 , suse/manager/4.3/proxy-httpd:4.3.16.9.67.13 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.67.13 Severity : moderate Type : recommended References : 1233012 1246570 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2761-1 Released: Tue Aug 12 14:17:29 2025 Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa Type: recommended Severity: moderate References: 1233012 This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:2763-1 Released: Tue Aug 12 14:45:40 2025 Summary: Optional update for libyaml Type: optional Severity: moderate References: 1246570 This update for libyaml ships the missing libyaml-0-2 library package to SUSE MicroOS 5.1 and 5.2. The following package changes have been done: - libyaml-0-2-0.1.7-150000.3.4.1 updated - python3-pycparser-2.17-150000.3.5.1 updated - python3-pyasn1-0.4.2-150000.3.8.1 updated - python3-chardet-3.0.4-150000.5.6.1 updated - python3-asn1crypto-0.24.0-150000.3.5.1 updated - python3-appdirs-1.4.3-150000.3.3.1 updated From sle-container-updates at lists.suse.com Thu Aug 21 07:11:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 09:11:47 +0200 (CEST) Subject: SUSE-CU-2025:6461-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20250821071147.74F6BFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6461-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16 , suse/manager/4.3/proxy-httpd:4.3.16.9.67.14 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.67.14 Severity : important Type : security References : 1233012 1243273 1244032 1244056 1244059 1244060 1244061 1244401 1244705 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). The following package changes have been done: - python3-base-3.6.15-150300.10.97.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - python3-3.6.15-150300.10.97.2 updated - container:sles15-ltss-image-15.4.0-2.64 updated From sle-container-updates at lists.suse.com Thu Aug 21 07:11:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 09:11:49 +0200 (CEST) Subject: SUSE-CU-2025:6464-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20250821071149.E210BFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6464-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16 , suse/manager/4.3/proxy-httpd:4.3.16.9.67.18 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.67.18 Severity : moderate Type : recommended References : 1246776 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2927-1 Released: Wed Aug 20 11:47:47 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1246776 This update for permissions fixes the following issues: Update to version 20201225: * nvidia-modprobe: SLE-15-SP4 backport of setuid root permissions (bsc#1246776) The following package changes have been done: - permissions-20201225-150400.5.19.1 updated - container:sles15-ltss-image-15.4.0-2.68 updated From sle-container-updates at lists.suse.com Thu Aug 21 07:11:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 09:11:48 +0200 (CEST) Subject: SUSE-CU-2025:6462-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20250821071148.4F203FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6462-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16 , suse/manager/4.3/proxy-httpd:4.3.16.9.67.15 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.67.15 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:sles15-ltss-image-15.4.0-2.65 updated From sle-container-updates at lists.suse.com Thu Aug 21 07:13:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 09:13:02 +0200 (CEST) Subject: SUSE-CU-2025:6465-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250821071302.5EA55FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6465-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.16 , suse/manager/4.3/proxy-salt-broker:4.3.16.9.57.13 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.57.13 Severity : moderate Type : recommended References : 1246570 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:2763-1 Released: Tue Aug 12 14:45:40 2025 Summary: Optional update for libyaml Type: optional Severity: moderate References: 1246570 This update for libyaml ships the missing libyaml-0-2 library package to SUSE MicroOS 5.1 and 5.2. The following package changes have been done: - libyaml-0-2-0.1.7-150000.3.4.1 updated From sle-container-updates at lists.suse.com Thu Aug 21 07:13:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 09:13:03 +0200 (CEST) Subject: SUSE-CU-2025:6466-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250821071303.3CC54FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6466-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.16 , suse/manager/4.3/proxy-salt-broker:4.3.16.9.57.14 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.57.14 Severity : important Type : security References : 1233012 1243273 1244032 1244056 1244059 1244060 1244061 1244401 1244705 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - python3-base-3.6.15-150300.10.97.1 updated - python3-3.6.15-150300.10.97.2 updated - container:sles15-ltss-image-15.4.0-2.64 updated From sle-container-updates at lists.suse.com Thu Aug 21 07:13:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 09:13:05 +0200 (CEST) Subject: SUSE-CU-2025:6469-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250821071305.63C33FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6469-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.16 , suse/manager/4.3/proxy-salt-broker:4.3.16.9.57.18 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.57.18 Severity : moderate Type : recommended References : 1246776 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2927-1 Released: Wed Aug 20 11:47:47 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1246776 This update for permissions fixes the following issues: Update to version 20201225: * nvidia-modprobe: SLE-15-SP4 backport of setuid root permissions (bsc#1246776) The following package changes have been done: - permissions-20201225-150400.5.19.1 updated - container:sles15-ltss-image-15.4.0-2.68 updated From sle-container-updates at lists.suse.com Thu Aug 21 07:13:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 09:13:04 +0200 (CEST) Subject: SUSE-CU-2025:6467-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250821071304.11ED4FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6467-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.16 , suse/manager/4.3/proxy-salt-broker:4.3.16.9.57.15 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.57.15 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:sles15-ltss-image-15.4.0-2.65 updated From sle-container-updates at lists.suse.com Thu Aug 21 07:14:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 09:14:07 +0200 (CEST) Subject: SUSE-CU-2025:6472-1: Recommended update of suse/manager/4.3/proxy-squid Message-ID: <20250821071407.16F35FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6472-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.16 , suse/manager/4.3/proxy-squid:4.3.16.9.66.12 , suse/manager/4.3/proxy-squid:latest Container Release : 9.66.12 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:sles15-ltss-image-15.4.0-2.65 updated From sle-container-updates at lists.suse.com Thu Aug 21 07:14:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 09:14:08 +0200 (CEST) Subject: SUSE-CU-2025:6474-1: Recommended update of suse/manager/4.3/proxy-squid Message-ID: <20250821071408.5E07BFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6474-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.16 , suse/manager/4.3/proxy-squid:4.3.16.9.66.15 , suse/manager/4.3/proxy-squid:latest Container Release : 9.66.15 Severity : moderate Type : recommended References : 1246776 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2927-1 Released: Wed Aug 20 11:47:47 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1246776 This update for permissions fixes the following issues: Update to version 20201225: * nvidia-modprobe: SLE-15-SP4 backport of setuid root permissions (bsc#1246776) The following package changes have been done: - permissions-20201225-150400.5.19.1 updated - container:sles15-ltss-image-15.4.0-2.68 updated From sle-container-updates at lists.suse.com Thu Aug 21 07:15:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 09:15:06 +0200 (CEST) Subject: SUSE-CU-2025:6475-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20250821071506.5CE95FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6475-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.16 , suse/manager/4.3/proxy-ssh:4.3.16.9.57.10 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.57.10 Severity : moderate Type : recommended References : 1246570 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:2763-1 Released: Tue Aug 12 14:45:40 2025 Summary: Optional update for libyaml Type: optional Severity: moderate References: 1246570 This update for libyaml ships the missing libyaml-0-2 library package to SUSE MicroOS 5.1 and 5.2. The following package changes have been done: - libyaml-0-2-0.1.7-150000.3.4.1 updated From sle-container-updates at lists.suse.com Thu Aug 21 07:15:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 09:15:08 +0200 (CEST) Subject: SUSE-CU-2025:6477-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20250821071508.13CAAFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6477-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.16 , suse/manager/4.3/proxy-ssh:4.3.16.9.57.12 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.57.12 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:sles15-ltss-image-15.4.0-2.65 updated From sle-container-updates at lists.suse.com Thu Aug 21 07:15:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 09:15:07 +0200 (CEST) Subject: SUSE-CU-2025:6476-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20250821071507.2F8B3FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6476-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.16 , suse/manager/4.3/proxy-ssh:4.3.16.9.57.11 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.57.11 Severity : important Type : security References : 1233012 1243273 1244032 1244056 1244059 1244060 1244061 1244401 1244705 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - python3-base-3.6.15-150300.10.97.1 updated - python3-3.6.15-150300.10.97.2 updated - container:sles15-ltss-image-15.4.0-2.64 updated From sle-container-updates at lists.suse.com Thu Aug 21 07:15:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 09:15:09 +0200 (CEST) Subject: SUSE-CU-2025:6479-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20250821071509.5AA78FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6479-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.16 , suse/manager/4.3/proxy-ssh:4.3.16.9.57.15 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.57.15 Severity : moderate Type : recommended References : 1246776 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2927-1 Released: Wed Aug 20 11:47:47 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1246776 This update for permissions fixes the following issues: Update to version 20201225: * nvidia-modprobe: SLE-15-SP4 backport of setuid root permissions (bsc#1246776) The following package changes have been done: - permissions-20201225-150400.5.19.1 updated - container:sles15-ltss-image-15.4.0-2.68 updated From sle-container-updates at lists.suse.com Thu Aug 21 07:16:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 09:16:20 +0200 (CEST) Subject: SUSE-CU-2025:6480-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20250821071620.B7AFFFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6480-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.16 , suse/manager/4.3/proxy-tftpd:4.3.16.9.57.12 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.57.12 Severity : moderate Type : recommended References : 1233012 1246570 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2761-1 Released: Tue Aug 12 14:17:29 2025 Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa Type: recommended Severity: moderate References: 1233012 This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:2763-1 Released: Tue Aug 12 14:45:40 2025 Summary: Optional update for libyaml Type: optional Severity: moderate References: 1246570 This update for libyaml ships the missing libyaml-0-2 library package to SUSE MicroOS 5.1 and 5.2. The following package changes have been done: - libyaml-0-2-0.1.7-150000.3.4.1 updated - python3-pycparser-2.17-150000.3.5.1 updated - python3-pyasn1-0.4.2-150000.3.8.1 updated - python3-iniconfig-1.1.1-150000.1.13.1 updated - python3-idna-2.6-150000.3.6.1 updated - python3-chardet-3.0.4-150000.5.6.1 updated - python3-certifi-2018.1.18-150000.3.6.1 updated - python3-asn1crypto-0.24.0-150000.3.5.1 updated - python3-appdirs-1.4.3-150000.3.3.1 updated - python3-apipkg-1.4-150000.3.8.1 updated From sle-container-updates at lists.suse.com Thu Aug 21 07:16:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 09:16:21 +0200 (CEST) Subject: SUSE-CU-2025:6481-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20250821071621.857B1FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6481-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.16 , suse/manager/4.3/proxy-tftpd:4.3.16.9.57.13 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.57.13 Severity : important Type : security References : 1233012 1243273 1244032 1244056 1244059 1244060 1244061 1244401 1244705 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - python3-base-3.6.15-150300.10.97.1 updated - python3-3.6.15-150300.10.97.2 updated - container:sles15-ltss-image-15.4.0-2.64 updated From sle-container-updates at lists.suse.com Thu Aug 21 08:50:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 10:50:57 +0200 (CEST) Subject: SUSE-CU-2025:6481-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20250821085057.EA6CFFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6481-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.16 , suse/manager/4.3/proxy-tftpd:4.3.16.9.57.13 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.57.13 Severity : important Type : security References : 1233012 1243273 1244032 1244056 1244059 1244060 1244061 1244401 1244705 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - python3-base-3.6.15-150300.10.97.1 updated - python3-3.6.15-150300.10.97.2 updated - container:sles15-ltss-image-15.4.0-2.64 updated From sle-container-updates at lists.suse.com Thu Aug 21 08:50:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 10:50:58 +0200 (CEST) Subject: SUSE-CU-2025:6482-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20250821085058.BE1FBFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6482-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.16 , suse/manager/4.3/proxy-tftpd:4.3.16.9.57.14 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.57.14 Severity : moderate Type : recommended References : 1230262 1232526 1237442 1238491 1239566 1239938 1240788 1241549 1243991 1244050 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - container:sles15-ltss-image-15.4.0-2.65 updated From sle-container-updates at lists.suse.com Thu Aug 21 08:52:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 10:52:35 +0200 (CEST) Subject: SUSE-CU-2025:6485-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250821085235.5F12AFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6485-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.160 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.160 Severity : important Type : security References : 1230262 1232526 1233012 1237442 1238491 1239566 1239938 1240788 1241549 1243273 1243991 1244032 1244050 1244056 1244059 1244060 1244061 1244401 1244705 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - python3-base-3.6.15-150300.10.97.1 updated From sle-container-updates at lists.suse.com Thu Aug 21 08:52:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 10:52:36 +0200 (CEST) Subject: SUSE-CU-2025:6487-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20250821085236.BE78EFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6487-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.162 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.162 Severity : moderate Type : recommended References : 1245223 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2838-1 Released: Mon Aug 18 10:56:16 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1245223 This update for suse-build-key fixes the following issue: - adjust SLES16 signing key UID (name,email) with official names (bsc#1245223). The following package changes have been done: - suse-build-key-12.0-150000.8.61.2 updated From sle-container-updates at lists.suse.com Thu Aug 21 08:52:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 10:52:36 +0200 (CEST) Subject: SUSE-CU-2025:6486-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250821085236.20881FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6486-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.161 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.161 Severity : moderate Type : security References : 1243284 1243772 CVE-2025-48964 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2797-1 Released: Thu Aug 14 16:35:51 2025 Summary: Security update for iputils Type: security Severity: moderate References: 1243284,1243772,CVE-2025-48964 This update for iputils fixes the following issues: - CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp (bsc#1243772). Other bugfixes: - Fixed ping on s390x that printed invalid ttl (bsc#1243284). The following package changes have been done: - iputils-s20161105-150000.8.14.1 updated From sle-container-updates at lists.suse.com Thu Aug 21 08:52:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 10:52:37 +0200 (CEST) Subject: SUSE-CU-2025:6488-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250821085237.6873AFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6488-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.163 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.163 Severity : important Type : security References : ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2889-1 Released: Tue Aug 19 09:53:30 2025 Summary: Security update for container-suseconnect Type: security Severity: important References: This update for container-suseconnect rebuilds it with the last go1.24 security release. The following package changes have been done: - container-suseconnect-2.5.5-150000.4.69.1 updated From sle-container-updates at lists.suse.com Thu Aug 21 08:57:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 10:57:27 +0200 (CEST) Subject: SUSE-CU-2025:6494-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250821085727.9092FFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6494-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.162 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.162 Severity : important Type : security References : 1230262 1232526 1233012 1237442 1238491 1239566 1239938 1240788 1241549 1243273 1243991 1244032 1244050 1244056 1244059 1244060 1244061 1244401 1244705 1247249 831629 CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. The following package changes have been done: - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - python3-base-3.6.15-150300.10.97.1 updated From sle-container-updates at lists.suse.com Thu Aug 21 08:57:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 10:57:28 +0200 (CEST) Subject: SUSE-CU-2025:6495-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250821085728.413A3FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6495-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.163 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.163 Severity : moderate Type : security References : 1243284 1243772 CVE-2025-48964 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2797-1 Released: Thu Aug 14 16:35:51 2025 Summary: Security update for iputils Type: security Severity: moderate References: 1243284,1243772,CVE-2025-48964 This update for iputils fixes the following issues: - CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp (bsc#1243772). Other bugfixes: - Fixed ping on s390x that printed invalid ttl (bsc#1243284). The following package changes have been done: - iputils-s20161105-150000.8.14.1 updated From sle-container-updates at lists.suse.com Thu Aug 21 08:57:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 10:57:29 +0200 (CEST) Subject: SUSE-CU-2025:6497-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250821085729.BD0D6FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6497-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.165 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.165 Severity : important Type : security References : ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2889-1 Released: Tue Aug 19 09:53:30 2025 Summary: Security update for container-suseconnect Type: security Severity: important References: This update for container-suseconnect rebuilds it with the last go1.24 security release. The following package changes have been done: - container-suseconnect-2.5.5-150000.4.69.1 updated From sle-container-updates at lists.suse.com Thu Aug 21 08:57:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Aug 2025 10:57:28 +0200 (CEST) Subject: SUSE-CU-2025:6496-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20250821085728.F2CA2FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6496-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.164 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.164 Severity : moderate Type : recommended References : 1245223 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2838-1 Released: Mon Aug 18 10:56:16 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1245223 This update for suse-build-key fixes the following issue: - adjust SLES16 signing key UID (name,email) with official names (bsc#1245223). The following package changes have been done: - suse-build-key-12.0-150000.8.61.2 updated From sle-container-updates at lists.suse.com Fri Aug 22 07:07:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Aug 2025 09:07:41 +0200 (CEST) Subject: SUSE-IU-2025:2350-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20250822070741.6DD7AFF2D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2350-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.202 , suse/sle-micro/base-5.5:latest Image Release : 5.8.202 Severity : important Type : recommended References : 1218459 1245220 1245985 1246038 1246149 1246466 1247054 1247690 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2951-1 Released: Thu Aug 21 14:55:35 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1218459,1245220,1245985,1246038,1246149,1246466,1247054,1247690 This update for libzypp, zypper fixes the following issues: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 - Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149) - Add regression test for (bsc#1245220) and some other filesize related tests. - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) The following package changes have been done: - libzypp-17.37.16-150500.6.61.1 updated - zypper-1.14.93-150500.6.39.2 updated From sle-container-updates at lists.suse.com Fri Aug 22 07:21:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Aug 2025 09:21:06 +0200 (CEST) Subject: SUSE-CU-2025:6515-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20250822072106.1BBDFFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6515-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.174 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.174 Severity : important Type : recommended References : 1218459 1245220 1245985 1246038 1246149 1246466 1247054 1247690 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2952-1 Released: Thu Aug 21 14:56:24 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1218459,1245220,1245985,1246038,1246149,1246466,1247054,1247690 This update for libzypp, zypper fixes the following issues: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 - Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149) - Add regression test for (bsc#1245220) and some other filesize related tests. - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) The following package changes have been done: - libzypp-17.37.16-150400.3.142.1 updated - zypper-1.14.93-150400.3.98.2 updated From sle-container-updates at lists.suse.com Fri Aug 22 07:24:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Aug 2025 09:24:17 +0200 (CEST) Subject: SUSE-CU-2025:6516-1: Recommended update of suse/sle-micro-rancher/5.4 Message-ID: <20250822072417.901DFFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6516-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.44 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.44 Severity : important Type : recommended References : 1218459 1245220 1245985 1246038 1246149 1246466 1247054 1247690 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2952-1 Released: Thu Aug 21 14:56:24 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1218459,1245220,1245985,1246038,1246149,1246466,1247054,1247690 This update for libzypp, zypper fixes the following issues: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 - Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149) - Add regression test for (bsc#1245220) and some other filesize related tests. - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) The following package changes have been done: - libzypp-17.37.16-150400.3.142.1 updated - zypper-1.14.93-150400.3.98.2 updated From sle-container-updates at lists.suse.com Fri Aug 22 07:26:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Aug 2025 09:26:22 +0200 (CEST) Subject: SUSE-CU-2025:6517-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20250822072622.6D7A6FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6517-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.174 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.174 Severity : important Type : recommended References : 1218459 1245220 1245985 1246038 1246149 1246466 1247054 1247690 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2952-1 Released: Thu Aug 21 14:56:24 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1218459,1245220,1245985,1246038,1246149,1246466,1247054,1247690 This update for libzypp, zypper fixes the following issues: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 - Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149) - Add regression test for (bsc#1245220) and some other filesize related tests. - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) The following package changes have been done: - libzypp-17.37.16-150400.3.142.1 updated - zypper-1.14.93-150400.3.98.2 updated From sle-container-updates at lists.suse.com Fri Aug 22 07:28:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Aug 2025 09:28:10 +0200 (CEST) Subject: SUSE-CU-2025:6518-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20250822072810.1DB09FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6518-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.80 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.80 Severity : important Type : recommended References : 1218459 1245220 1245985 1246038 1246149 1246466 1247054 1247690 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2951-1 Released: Thu Aug 21 14:55:35 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1218459,1245220,1245985,1246038,1246149,1246466,1247054,1247690 This update for libzypp, zypper fixes the following issues: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 - Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149) - Add regression test for (bsc#1245220) and some other filesize related tests. - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) The following package changes have been done: - libzypp-17.37.16-150500.6.61.1 updated - zypper-1.14.93-150500.6.39.2 updated From sle-container-updates at lists.suse.com Fri Aug 22 07:29:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Aug 2025 09:29:04 +0200 (CEST) Subject: SUSE-IU-2025:2354-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250822072904.1D5DFFCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2354-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.73 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.73 Severity : important Type : security References : 1243581 1244554 1244555 1244557 1244580 1244700 1245309 1245310 1245311 1245312 1245314 1245317 1246296 1246360 1246472 1246597 1246608 CVE-2025-46836 CVE-2025-4877 CVE-2025-4878 CVE-2025-49794 CVE-2025-49795 CVE-2025-49796 CVE-2025-5318 CVE-2025-5351 CVE-2025-5372 CVE-2025-5987 CVE-2025-6021 CVE-2025-6170 CVE-2025-6965 CVE-2025-7424 CVE-2025-7425 CVE-2025-7519 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 418 Released: Thu Aug 14 11:20:44 2025 Summary: Security update for libxslt Type: security Severity: important References: 1246360,CVE-2025-7424 This update for libxslt fixes the following issues: - CVE-2025-7424: Fixed type confusion in xmlNode.psvi between stylesheet and source nodes (bsc#1246360) ----------------------------------------------------------------- Advisory ID: 419 Released: Thu Aug 14 11:26:49 2025 Summary: Security update for libssh Type: security Severity: important References: 1245309,1245310,1245311,1245312,1245314,1245317,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5351,CVE-2025-5372,CVE-2025-5987 This update for libssh fixes the following issues: - CVE-2025-5372: ssh_kdf() returns a success code on certain failures (bsc#1245314) - CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend (bsc#1245317) - CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions (bsc#1245309) - CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() (bsc#1245310) - CVE-2025-5318: Likely read beyond bounds in sftp server handle management (bsc#1245311) - CVE-2025-5351: Double free in functions exporting keys (bsc#1245312) ----------------------------------------------------------------- Advisory ID: 425 Released: Wed Aug 20 13:34:24 2025 Summary: Security update for polkit Type: security Severity: important References: 1246472,CVE-2025-7519 This update for polkit fixes the following issues: - CVE-2025-7519: Fixed that a XML policy file with a large number of nested elements may lead to out-of-bounds write (bsc#1246472) ----------------------------------------------------------------- Advisory ID: 428 Released: Wed Aug 20 13:36:54 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to 3.50.2: * Fix the concat_ws() SQL function so that it includes empty strings in the concatenation. * Avoid writing frames with no checksums into the wal file if a savepoint is rolled back after dirty pages have already been spilled into the wal file. * Fix the Bitvec object to avoid stack overflow when the database is within 60 pages of its maximum size. * Fix a problem with UPDATEs on fts5 tables that contain BLOB values. * Fix an issue with transitive IS constraints on a RIGHT JOIN. * CVE-2025-6965: Fixed Integer Truncation in SQLite (bsc#1246597) * Ensure that sqlite3_setlk_timeout() holds the database mutex. - Update to 3.50 (3.50.1): * Improved handling and robust output of control characters * sqlite3_rsync no longer requires WAL mode and needs less bandwidth * Bug fixes and optimized JSON handling * Performance optimizations and developer visible fixes - Update to release 3.49.2: * Fix a bug in the NOT NULL optimization of version 3.40.0 that can lead to a memory error if abused. * Fix the count-of-view optimization so that it does not give an incorrect answer for a DISTINCT query. * Fix a possible incorrect answer that can result if a UNIQUE constraint of a table contains the PRIMARY KEY column and that UNIQUE constraint is used by an IN operator. * Fix obscure problems with the generate_series() extension function. * Incremental improvements to the configure/make. - Add subpackage for the lemon parser generator. ----------------------------------------------------------------- Advisory ID: 429 Released: Thu Aug 21 10:01:26 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1244554,1244555,1244557,1244580,1244700,1246296,CVE-2025-49794,CVE-2025-49795,CVE-2025-49796,CVE-2025-6021,CVE-2025-6170,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-6021: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 [bsc#1244580] - CVE-2025-6170: stack buffer overflow may lead to a crash [bsc#1244700] - CVE-2025-7425: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr [bsc#1246296] - CVE-2025-49794: heap use after free (UAF) can lead to Denial of service (DoS) [bsc#1244554] - CVE-2025-49795: null pointer dereference may lead to Denial of service (DoS) [bsc#1244555] - CVE-2025-49796: type confusion may lead to Denial of service (DoS) [bsc#1244557] ----------------------------------------------------------------- Advisory ID: 431 Released: Thu Aug 21 10:01:27 2025 Summary: Security update for net-tools Type: security Severity: moderate References: 1243581,1246608,CVE-2025-46836 This update for net-tools fixes the following issues: - Provide more readable error for interface name size checking (bsc#1243581) - Perform bound checks when parsing interface labels in /proc/net/dev (bsc#1243581, bsc#1246608. CVE-2025-46836) The following package changes have been done: - libxml2-2-2.11.6-10.1 updated - SL-Micro-release-6.0-25.43 updated - libsqlite3-0-3.50.2-1.1 updated - libssh-config-0.10.6-2.1 updated - libssh4-0.10.6-2.1 updated - libxslt1-1.1.38-6.1 updated - libpolkit-gobject-1-0-121-3.1 updated - libpolkit-agent-1-0-121-3.1 updated - polkit-121-3.1 updated - net-tools-2.10-3.1 updated - container:SL-Micro-base-container-2.1.3-7.42 updated From sle-container-updates at lists.suse.com Fri Aug 22 07:29:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Aug 2025 09:29:59 +0200 (CEST) Subject: SUSE-IU-2025:2355-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20250822072959.2C615FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2355-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.42 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.42 Severity : important Type : security References : 1244554 1244555 1244557 1244580 1244700 1246296 CVE-2025-49794 CVE-2025-49795 CVE-2025-49796 CVE-2025-6021 CVE-2025-6170 CVE-2025-7425 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 429 Released: Thu Aug 21 10:01:26 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1244554,1244555,1244557,1244580,1244700,1246296,CVE-2025-49794,CVE-2025-49795,CVE-2025-49796,CVE-2025-6021,CVE-2025-6170,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-6021: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 [bsc#1244580] - CVE-2025-6170: stack buffer overflow may lead to a crash [bsc#1244700] - CVE-2025-7425: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr [bsc#1246296] - CVE-2025-49794: heap use after free (UAF) can lead to Denial of service (DoS) [bsc#1244554] - CVE-2025-49795: null pointer dereference may lead to Denial of service (DoS) [bsc#1244555] - CVE-2025-49796: type confusion may lead to Denial of service (DoS) [bsc#1244557] The following package changes have been done: - libxml2-2-2.11.6-10.1 updated - SL-Micro-release-6.0-25.43 updated - container:suse-toolbox-image-1.0.0-9.27 updated From sle-container-updates at lists.suse.com Fri Aug 22 07:30:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Aug 2025 09:30:52 +0200 (CEST) Subject: SUSE-IU-2025:2356-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250822073052.A34A6FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2356-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.65 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.65 Severity : important Type : security References : 1244554 1244555 1244557 1244580 1244700 1246296 CVE-2025-49794 CVE-2025-49795 CVE-2025-49796 CVE-2025-6021 CVE-2025-6170 CVE-2025-7425 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 429 Released: Thu Aug 21 10:01:26 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1244554,1244555,1244557,1244580,1244700,1246296,CVE-2025-49794,CVE-2025-49795,CVE-2025-49796,CVE-2025-6021,CVE-2025-6170,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-6021: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 [bsc#1244580] - CVE-2025-6170: stack buffer overflow may lead to a crash [bsc#1244700] - CVE-2025-7425: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr [bsc#1246296] - CVE-2025-49794: heap use after free (UAF) can lead to Denial of service (DoS) [bsc#1244554] - CVE-2025-49795: null pointer dereference may lead to Denial of service (DoS) [bsc#1244555] - CVE-2025-49796: type confusion may lead to Denial of service (DoS) [bsc#1244557] The following package changes have been done: - libxml2-2-2.11.6-10.1 updated - SL-Micro-release-6.0-25.43 updated - container:SL-Micro-base-container-2.1.3-7.42 updated From sle-container-updates at lists.suse.com Fri Aug 22 07:31:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Aug 2025 09:31:53 +0200 (CEST) Subject: SUSE-IU-2025:2357-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250822073153.2063DFCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2357-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.74 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.74 Severity : important Type : security References : 1244554 1244555 1244557 1244580 1244700 1246296 CVE-2025-49794 CVE-2025-49795 CVE-2025-49796 CVE-2025-6021 CVE-2025-6170 CVE-2025-7425 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 429 Released: Thu Aug 21 10:01:26 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1244554,1244555,1244557,1244580,1244700,1246296,CVE-2025-49794,CVE-2025-49795,CVE-2025-49796,CVE-2025-6021,CVE-2025-6170,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-6021: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 [bsc#1244580] - CVE-2025-6170: stack buffer overflow may lead to a crash [bsc#1244700] - CVE-2025-7425: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr [bsc#1246296] - CVE-2025-49794: heap use after free (UAF) can lead to Denial of service (DoS) [bsc#1244554] - CVE-2025-49795: null pointer dereference may lead to Denial of service (DoS) [bsc#1244555] - CVE-2025-49796: type confusion may lead to Denial of service (DoS) [bsc#1244557] The following package changes have been done: - libxml2-2-2.11.6-10.1 updated - SL-Micro-release-6.0-25.43 updated - container:SL-Micro-container-2.1.3-6.73 updated From sle-container-updates at lists.suse.com Fri Aug 22 07:33:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Aug 2025 09:33:41 +0200 (CEST) Subject: SUSE-CU-2025:6521-1: Security update of suse/sl-micro/6.0/toolbox Message-ID: <20250822073341.63F00FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6521-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.27 , suse/sl-micro/6.0/toolbox:latest Container Release : 9.27 Severity : important Type : security References : 1244554 1244555 1244557 1244580 1244700 1246296 CVE-2025-49794 CVE-2025-49795 CVE-2025-49796 CVE-2025-6021 CVE-2025-6170 CVE-2025-7425 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 429 Released: Thu Aug 21 10:01:26 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1244554,1244555,1244557,1244580,1244700,1246296,CVE-2025-49794,CVE-2025-49795,CVE-2025-49796,CVE-2025-6021,CVE-2025-6170,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-6021: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 [bsc#1244580] - CVE-2025-6170: stack buffer overflow may lead to a crash [bsc#1244700] - CVE-2025-7425: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr [bsc#1246296] - CVE-2025-49794: heap use after free (UAF) can lead to Denial of service (DoS) [bsc#1244554] - CVE-2025-49795: null pointer dereference may lead to Denial of service (DoS) [bsc#1244555] - CVE-2025-49796: type confusion may lead to Denial of service (DoS) [bsc#1244557] The following package changes have been done: - SL-Micro-release-6.0-25.43 updated - libxml2-2-2.11.6-10.1 updated - skelcd-EULA-SL-Micro-2024.01.19-8.42 updated From sle-container-updates at lists.suse.com Fri Aug 22 07:42:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Aug 2025 09:42:46 +0200 (CEST) Subject: SUSE-CU-2025:6527-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250822074246.16A4EFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6527-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.99 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.99 Severity : moderate Type : recommended References : 1240541 1240969 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2939-1 Released: Thu Aug 21 11:22:21 2025 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1240541,1240969 This update for open-iscsi fixes the following issues: - README for rpm build directory - Fix issue with IPv6 adapter interfaces (bsc#1240969) - fwparam_ppc.c: Fix the calloc-transposed-args issue - Makefile: fix 'No rule to make target 'iscsiuio/Makefile.in' issue - Fix typo in initiator.c - Fix iscsid.conf NOP configuration (bsc#1240541) - doc: fixup iscsiadm man page option for -r - Modify log function to print session id - Fix minor typo ('authenticaton') - Preparing for version 2.1.11 - iscsid: Rate limit session reopen log messages - IPv6 support for iBFT iSCSI boot - Improve iscsiadm command line parsing messages - More testing cleanup, and fix dprint test usage - Fix a typo in test/README - iscsid: Fix hang during login with scan=manual - Fix 4 issues which are finded when building with clang 17 The following package changes have been done: - libopeniscsiusr0-0.2.0-150600.51.6.1 updated - open-iscsi-2.1.11-150600.51.6.1 updated From sle-container-updates at lists.suse.com Fri Aug 22 07:49:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Aug 2025 09:49:32 +0200 (CEST) Subject: SUSE-CU-2025:6536-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20250822074932.D055CFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6536-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.164 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.164 Severity : important Type : recommended References : 1218459 1243486 1245220 1245985 1246038 1246149 1246466 1247054 1247690 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2953-1 Released: Thu Aug 21 14:57:20 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1218459,1243486,1245220,1245985,1246038,1246149,1246466,1247054,1247690 This update for libzypp, zypper fixes the following issues: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 - Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149) - Add regression test for (bsc#1245220) and some other filesize related tests. - BuildRequires: %{libsolv_devel_package} >= 0.7.34 (bsc#1243486) Newer rpm versions no longer allow a ':' in rpm package names or obsoletes. So injecting an Obsoletes: product:oldproductname < oldproductversion into the -release package to indicate a product rename is no longer possible. Since libsolv-0.7.34 you can and should use: Provides: product-obsoletes(oldproductname) < oldproductversion in the -release package. libsolv will then inject the appropriate Obsoletes into the Product. - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) The following package changes have been done: - libzypp-17.37.16-150200.171.1 updated - zypper-1.14.93-150200.123.2 updated From sle-container-updates at lists.suse.com Fri Aug 22 07:55:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Aug 2025 09:55:36 +0200 (CEST) Subject: SUSE-CU-2025:6538-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20250822075536.E49D5FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6538-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.166 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.166 Severity : important Type : recommended References : 1218459 1243486 1245220 1245985 1246038 1246149 1246466 1247054 1247690 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2953-1 Released: Thu Aug 21 14:57:20 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1218459,1243486,1245220,1245985,1246038,1246149,1246466,1247054,1247690 This update for libzypp, zypper fixes the following issues: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 - Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149) - Add regression test for (bsc#1245220) and some other filesize related tests. - BuildRequires: %{libsolv_devel_package} >= 0.7.34 (bsc#1243486) Newer rpm versions no longer allow a ':' in rpm package names or obsoletes. So injecting an Obsoletes: product:oldproductname < oldproductversion into the -release package to indicate a product rename is no longer possible. Since libsolv-0.7.34 you can and should use: Provides: product-obsoletes(oldproductname) < oldproductversion in the -release package. libsolv will then inject the appropriate Obsoletes into the Product. - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) The following package changes have been done: - libzypp-17.37.16-150200.171.1 updated - zypper-1.14.93-150200.123.2 updated From sle-container-updates at lists.suse.com Mon Aug 25 07:10:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 25 Aug 2025 09:10:30 +0200 (CEST) Subject: SUSE-CU-2025:6546-1: Recommended update of bci/spack Message-ID: <20250825071030.F0AF3FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6546-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.49 Container Release : 11.49 Severity : moderate Type : recommended References : 1247144 1247148 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2956-1 Released: Fri Aug 22 08:57:48 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increased limit for CRL download (bsc#1247148, bsc#1247144) The following package changes have been done: - libopenssl-3-devel-3.1.4-150600.5.36.4 updated From sle-container-updates at lists.suse.com Mon Aug 25 08:09:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 25 Aug 2025 10:09:48 +0200 (CEST) Subject: SUSE-CU-2025:6549-1: Security update of bci/spack Message-ID: <20250825080948.8D0E1FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6549-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-15.17 , bci/spack:latest Container Release : 15.17 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-devel-2.38-150600.14.37.1 updated From sle-container-updates at lists.suse.com Mon Aug 25 08:09:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 25 Aug 2025 10:09:17 +0200 (CEST) Subject: SUSE-CU-2025:6547-1: Security update of bci/spack Message-ID: <20250825080917.7A34EFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6547-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.51 Container Release : 11.51 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - libopenssl3-3.1.4-150600.5.36.4 updated - libopenssl-3-fips-provider-3.1.4-150600.5.36.4 updated - openssl-3-3.1.4-150600.5.36.4 updated - glibc-devel-2.38-150600.14.37.1 updated - container:registry.suse.com-bci-bci-base-15.6-c9cf0c82484c933a422901a3c9779b320b5a17ccc79ea47831595f99fdb5ef18-0 updated From sle-container-updates at lists.suse.com Mon Aug 25 15:42:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 25 Aug 2025 17:42:48 +0200 (CEST) Subject: SUSE-IU-2025:2373-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250825154248.43DD8FF2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2373-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.203 , suse/sle-micro/base-5.5:latest Image Release : 5.8.203 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.86.1 updated From sle-container-updates at lists.suse.com Mon Aug 25 15:43:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 25 Aug 2025 17:43:47 +0200 (CEST) Subject: SUSE-IU-2025:2374-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250825154347.5C8F2FF2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2374-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.386 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.386 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.86.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.203 updated From sle-container-updates at lists.suse.com Mon Aug 25 15:45:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 25 Aug 2025 17:45:16 +0200 (CEST) Subject: SUSE-IU-2025:2375-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250825154516.1DA67FF2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2375-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.478 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.478 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.86.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.363 updated From sle-container-updates at lists.suse.com Mon Aug 25 15:46:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 25 Aug 2025 17:46:43 +0200 (CEST) Subject: SUSE-IU-2025:2376-1: Security update of suse/sle-micro/5.5 Message-ID: <20250825154643.3B36BFF2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2376-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.363 , suse/sle-micro/5.5:latest Image Release : 5.5.363 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.86.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.203 updated From sle-container-updates at lists.suse.com Mon Aug 25 15:55:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 25 Aug 2025 17:55:03 +0200 (CEST) Subject: SUSE-CU-2025:6553-1: Security update of suse/sle-micro-rancher/5.4 Message-ID: <20250825155503.298FEFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6553-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.46 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.46 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.86.1 updated From sle-container-updates at lists.suse.com Mon Aug 25 15:56:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 25 Aug 2025 17:56:50 +0200 (CEST) Subject: SUSE-CU-2025:6554-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250825155650.9EFC8FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6554-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.176 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.176 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.86.1 updated From sle-container-updates at lists.suse.com Mon Aug 25 15:58:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 25 Aug 2025 17:58:21 +0200 (CEST) Subject: SUSE-CU-2025:6555-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20250825155821.26B8CFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6555-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.83 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.83 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.86.1 updated From sle-container-updates at lists.suse.com Mon Aug 25 16:01:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 25 Aug 2025 18:01:46 +0200 (CEST) Subject: SUSE-CU-2025:6557-1: Recommended update of suse/sl-micro/6.0/toolbox Message-ID: <20250825160146.1BCDDFF47@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6557-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.29 , suse/sl-micro/6.0/toolbox:latest Container Release : 9.29 Severity : moderate Type : recommended References : 1245223 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 434 Released: Mon Aug 25 09:33:07 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1245223 This update for suse-build-key fixes the following issues: - adjust UID (name + email) of SLES16 signing key with official names. (bsc#1245223) The following package changes have been done: - SL-Micro-release-6.0-25.44 updated - skelcd-EULA-SL-Micro-2024.01.19-8.43 updated - suse-build-key-12.0-6.1 updated From sle-container-updates at lists.suse.com Mon Aug 25 16:06:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 25 Aug 2025 18:06:44 +0200 (CEST) Subject: SUSE-CU-2025:6558-1: Security update of suse/bind Message-ID: <20250825160644.EAE1FFF46@maintenance.suse.de> SUSE Container Update Advisory: suse/bind ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6558-1 Container Tags : suse/bind:9 , suse/bind:9.20 , suse/bind:9.20.11 , suse/bind:9.20.11-65.19 , suse/bind:latest Container Release : 65.19 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/bind was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.86.1 updated - container:suse-sle15-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Mon Aug 25 16:06:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 25 Aug 2025 18:06:53 +0200 (CEST) Subject: SUSE-CU-2025:6559-1: Security update of suse/valkey Message-ID: <20250825160653.96FC7FF46@maintenance.suse.de> SUSE Container Update Advisory: suse/valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6559-1 Container Tags : suse/valkey:8 , suse/valkey:8.0 , suse/valkey:8.0.2 , suse/valkey:8.0.2-63.16 , suse/valkey:latest Container Release : 63.16 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.86.1 updated - container:suse-sle15-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 07:05:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 09:05:54 +0200 (CEST) Subject: SUSE-CU-2025:6561-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250826070554.96AD9FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6561-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.176 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.176 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.86.1 updated From sle-container-updates at lists.suse.com Tue Aug 26 07:10:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 09:10:27 +0200 (CEST) Subject: SUSE-CU-2025:6564-1: Security update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20250826071027.0CAF9FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6564-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.126 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.126 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2971-1 Released: Mon Aug 25 10:28:33 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.1.8-24.77.1 updated From sle-container-updates at lists.suse.com Tue Aug 26 07:14:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 09:14:13 +0200 (CEST) Subject: SUSE-CU-2025:6565-1: Security update of bci/bci-base-fips Message-ID: <20250826071413.AC7FBFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6565-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.32.24 Container Release : 32.24 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:registry.suse.com-bci-bci-base-15.6-0934acc60b392531bf6a68a99f0793b3e01c1027d0968caade3ec95a5cd1b2e6-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 07:15:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 09:15:17 +0200 (CEST) Subject: SUSE-CU-2025:6566-1: Security update of bci/bci-init Message-ID: <20250826071517.46BBDFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6566-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.45.26 Container Release : 45.26 Severity : moderate Type : security References : 1232234 1240058 1246221 1246965 CVE-2024-10041 CVE-2025-8058 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - pam-1.3.0-150000.6.86.1 updated - container:registry.suse.com-bci-bci-base-15.6-0934acc60b392531bf6a68a99f0793b3e01c1027d0968caade3ec95a5cd1b2e6-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 07:15:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 09:15:21 +0200 (CEST) Subject: SUSE-CU-2025:6567-1: Security update of bci/bci-micro-fips Message-ID: <20250826071521.E6652FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6567-1 Container Tags : bci/bci-micro-fips:15.6 , bci/bci-micro-fips:15.6.6.22 Container Release : 6.22 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/bci-micro-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:bci-bci-base-15.6-0934acc60b392531bf6a68a99f0793b3e01c1027d0968caade3ec95a5cd1b2e6-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 07:15:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 09:15:46 +0200 (CEST) Subject: SUSE-CU-2025:6568-1: Security update of bci/bci-micro Message-ID: <20250826071546.BE955FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6568-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.49.20 Container Release : 49.20 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:bci-bci-base-15.6-0934acc60b392531bf6a68a99f0793b3e01c1027d0968caade3ec95a5cd1b2e6-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 07:16:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 09:16:49 +0200 (CEST) Subject: SUSE-CU-2025:6569-1: Security update of bci/nodejs Message-ID: <20250826071649.43AB8FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6569-1 Container Tags : bci/node:20 , bci/node:20.19.2 , bci/node:20.19.2-55.25 , bci/nodejs:20 , bci/nodejs:20.19.2 , bci/nodejs:20.19.2-55.25 Container Release : 55.25 Severity : moderate Type : security References : 1232234 1240058 1246221 1246965 CVE-2024-10041 CVE-2025-8058 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - pam-1.3.0-150000.6.86.1 updated - container:registry.suse.com-bci-bci-base-15.6-0934acc60b392531bf6a68a99f0793b3e01c1027d0968caade3ec95a5cd1b2e6-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 07:18:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 09:18:01 +0200 (CEST) Subject: SUSE-CU-2025:6570-1: Security update of bci/python Message-ID: <20250826071801.0B32FFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6570-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.11 , bci/python:3.12.11-72.24 Container Release : 72.24 Severity : moderate Type : security References : 1240058 1246965 1247249 CVE-2025-8058 CVE-2025-8194 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2982-1 Released: Mon Aug 25 15:48:24 2025 Summary: Security update for python312 Type: security Severity: moderate References: 1247249,CVE-2025-8194 This update for python312 fixes the following issues: - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249). The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - libpython3_12-1_0-3.12.11-150600.3.36.1 updated - python312-base-3.12.11-150600.3.36.1 updated - python312-3.12.11-150600.3.36.1 updated - python312-devel-3.12.11-150600.3.36.1 updated - container:registry.suse.com-bci-bci-base-15.6-0934acc60b392531bf6a68a99f0793b3e01c1027d0968caade3ec95a5cd1b2e6-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 07:18:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 09:18:38 +0200 (CEST) Subject: SUSE-CU-2025:6571-1: Security update of suse/mariadb-client Message-ID: <20250826071838.2F9CAFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6571-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.11 , suse/mariadb-client:10.11.11-63.21 Container Release : 63.21 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.86.1 updated - container:suse-sle15-15.6-c9cf0c82484c933a422901a3c9779b320b5a17ccc79ea47831595f99fdb5ef18-0 updated From sle-container-updates at lists.suse.com Wed Aug 20 07:02:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 09:02:46 +0200 (CEST) Subject: SUSE-IU-2025:2330-1: Security update of suse-sles-15-sp6-chost-byos-v20250819-x86_64-gen2 Message-ID: <20250820070246.C5ED0FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20250819-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2330-1 Image Tags : suse-sles-15-sp6-chost-byos-v20250819-x86_64-gen2:20250819 Image Release : Severity : important Type : security References : 1012628 1151679 1151680 1151794 1151927 1210025 1211226 1215199 1218184 1221107 1223008 1228557 1228854 1228929 1229655 1230262 1230267 1232504 1232526 1232882 1233012 1233012 1233012 1233012 1233012 1233012 1234959 1235490 1235728 1236208 1237143 1237312 1237442 1237913 1238491 1238859 1238896 1238982 1239566 1239938 1240180 1240577 1240610 1240686 1240723 1240788 1240814 1240823 1241038 1241166 1241278 1241414 1241544 1241549 1241572 1241592 1241617 1242086 1242163 1242504 1242515 1242521 1242556 1242573 1242725 1242846 1242849 1242850 1242907 1242940 1242946 1242954 1242982 1243051 1243060 1243273 1243279 1243342 1243450 1243457 1243467 1243475 1243480 1243486 1243506 1243523 1243537 1243538 1243542 1243544 1243551 1243571 1243572 1243620 1243628 1243698 1243767 1243772 1243774 1243782 1243823 1243827 1243832 1243836 1243847 1243991 1244032 1244042 1244050 1244056 1244059 1244060 1244061 1244100 1244116 1244145 1244172 1244176 1244229 1244234 1244241 1244261 1244274 1244275 1244277 1244309 1244313 1244337 1244401 1244554 1244555 1244557 1244590 1244626 1244644 1244700 1244705 1244710 1244725 1244727 1244729 1244731 1244732 1244736 1244737 1244738 1244739 1244743 1244746 1244759 1244789 1244862 1244906 1244938 1244995 1244996 1244999 1245001 1245003 1245004 1245025 1245042 1245046 1245078 1245081 1245082 1245083 1245155 1245183 1245193 1245210 1245217 1245220 1245223 1245225 1245226 1245228 1245431 1245452 1245455 1245496 1245573 1245672 1245936 1245950 1246112 1246157 1246231 1246232 1246233 1246237 1246267 1246296 1246299 1246431 1246556 1246570 1246597 1246697 1247249 1247367 831629 CVE-2016-9840 CVE-2023-52888 CVE-2024-12718 CVE-2024-2236 CVE-2024-23337 CVE-2024-26831 CVE-2024-36350 CVE-2024-36357 CVE-2024-49568 CVE-2024-50106 CVE-2024-56613 CVE-2024-56699 CVE-2024-56738 CVE-2024-57982 CVE-2024-58053 CVE-2025-21658 CVE-2025-21720 CVE-2025-21868 CVE-2025-21898 CVE-2025-21899 CVE-2025-21920 CVE-2025-21938 CVE-2025-21959 CVE-2025-21997 CVE-2025-22035 CVE-2025-22083 CVE-2025-22111 CVE-2025-22113 CVE-2025-22120 CVE-2025-23155 CVE-2025-27465 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-37738 CVE-2025-37743 CVE-2025-37752 CVE-2025-37756 CVE-2025-37757 CVE-2025-37786 CVE-2025-37800 CVE-2025-37801 CVE-2025-37811 CVE-2025-37844 CVE-2025-37859 CVE-2025-37862 CVE-2025-37865 CVE-2025-37874 CVE-2025-37884 CVE-2025-37909 CVE-2025-37917 CVE-2025-37921 CVE-2025-37923 CVE-2025-37927 CVE-2025-37933 CVE-2025-37936 CVE-2025-37938 CVE-2025-37945 CVE-2025-37946 CVE-2025-37961 CVE-2025-37967 CVE-2025-37968 CVE-2025-37973 CVE-2025-37987 CVE-2025-37992 CVE-2025-37994 CVE-2025-37995 CVE-2025-37997 CVE-2025-37998 CVE-2025-38000 CVE-2025-38001 CVE-2025-38003 CVE-2025-38004 CVE-2025-38005 CVE-2025-38007 CVE-2025-38009 CVE-2025-38010 CVE-2025-38011 CVE-2025-38013 CVE-2025-38014 CVE-2025-38015 CVE-2025-38018 CVE-2025-38020 CVE-2025-38022 CVE-2025-38023 CVE-2025-38024 CVE-2025-38027 CVE-2025-38031 CVE-2025-38040 CVE-2025-38043 CVE-2025-38044 CVE-2025-38045 CVE-2025-38053 CVE-2025-38057 CVE-2025-38059 CVE-2025-38060 CVE-2025-38065 CVE-2025-38068 CVE-2025-38072 CVE-2025-38077 CVE-2025-38078 CVE-2025-38079 CVE-2025-38080 CVE-2025-38081 CVE-2025-38083 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-48060 CVE-2025-48964 CVE-2025-49794 CVE-2025-49795 CVE-2025-49796 CVE-2025-5278 CVE-2025-54388 CVE-2025-6021 CVE-2025-6069 CVE-2025-6170 CVE-2025-6297 CVE-2025-6395 CVE-2025-6965 CVE-2025-7425 CVE-2025-8194 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20250819-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2301-1 Released: Mon Jul 14 11:48:57 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1229655 This update for cyrus-sasl fixes the following issues: - Add Channel Binding support for GSSAPI/GSS-SPNEGO (bsc#1229655, jsc#PED-12097) - Add support for setting max ssf 0 to GSS-SPNEGO (bsc#1229655, jsc#PED-12097). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2314-1 Released: Tue Jul 15 14:34:08 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1244554,1244555,1244557,1244590,1244700,CVE-2025-49794,CVE-2025-49795,CVE-2025-49796,CVE-2025-6021,CVE-2025-6170 This update for libxml2 fixes the following issues: - CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554) - CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557) - CVE-2025-49795: Fixed a null pointer dereference which could lead to denial of service. (bsc#1244555) - CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700) - CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2316-1 Released: Tue Jul 15 14:59:23 2025 Summary: Security update for xen Type: security Severity: important References: 1238896,1244644,1246112,CVE-2024-36350,CVE-2024-36357,CVE-2025-27465 This update for xen fixes the following issues: - CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471) - CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2344-1 Released: Thu Jul 17 13:09:02 2025 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1246431 This update for samba fixes the following issues: - Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName (bsc#1246431). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2362-1 Released: Fri Jul 18 11:07:24 2025 Summary: Security update for coreutils Type: security Severity: moderate References: 1243767,CVE-2025-5278 This update for coreutils fixes the following issues: - CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2384-1 Released: Fri Jul 18 18:45:53 2025 Summary: Security update for jq Type: security Severity: moderate References: 1243450,CVE-2024-23337 This update for jq fixes the following issues: - CVE-2024-23337: Fixed signed integer overflow in jv.c:jvp_array_write (bsc#1243450). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2430-1 Released: Mon Jul 21 13:23:17 2025 Summary: Security update for iputils Type: security Severity: moderate References: 1243772,CVE-2025-48964 This update for iputils fixes the following issues: - CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp (bsc#1243772). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2447-1 Released: Mon Jul 21 16:45:25 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: Fixed timing based side-channel in RSA implementation. (bsc#1221107) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2538-1 Released: Mon Jul 28 17:10:28 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1151679,1151680,1151794,1151927,1210025,1211226,1215199,1218184,1223008,1228557,1228854,1232504,1232882,1235490,1235728,1236208,1237312,1237913,1238859,1238982,1240180,1240577,1240610,1240686,1240723,1240814,1240823,1241166,1241278,1241414,1241544,1241572,1241592,1241617,1242086,1242163,1242504,1242515,1242521,1242556,1242573,1242725,1242846,1242849,1242850,1242907,1242940,1242946,1242954,1242982,1243051,1243060,1243342,1243467,1243475,1243480,1243506,1243523,1243537,1243538,1243542,1243544,1243551,1243571,1243572,1243620,1243628,1243698,1243774,1243782,1243823,1243827,1243832,1243836,1243847,1244100,1244145,1244172,1244176,1244229,1244234,1244241,1244261,1244274,1244275,1244277,1244309,1244313,1244337,1244626,1244725,1244727,1244729,1244731,1244732,1244736,1244737,1244738,1244739,1244743,1244746,1244759,1244789,1244862,1244906,1244938,1244995,1244996,1244999,1245001,1245003,1245004,1245025,1245042,1245046,1245078,1245081,1245082,1245083,1245155,1245183,1245193,1 245210,1245217,1245225,1245226,1245228,1245431,1245455,CVE-2023-52888,CVE-2024-26831,CVE-2024-49568,CVE-2024-50106,CVE-2024-56613,CVE-2024-56699,CVE-2024-57982,CVE-2024-58053,CVE-2025-21658,CVE-2025-21720,CVE-2025-21868,CVE-2025-21898,CVE-2025-21899,CVE-2025-21920,CVE-2025-21938,CVE-2025-21959,CVE-2025-21997,CVE-2025-22035,CVE-2025-22083,CVE-2025-22111,CVE-2025-22113,CVE-2025-22120,CVE-2025-23155,CVE-2025-37738,CVE-2025-37743,CVE-2025-37752,CVE-2025-37756,CVE-2025-37757,CVE-2025-37786,CVE-2025-37800,CVE-2025-37801,CVE-2025-37811,CVE-2025-37844,CVE-2025-37859,CVE-2025-37862,CVE-2025-37865,CVE-2025-37874,CVE-2025-37884,CVE-2025-37909,CVE-2025-37917,CVE-2025-37921,CVE-2025-37923,CVE-2025-37927,CVE-2025-37933,CVE-2025-37936,CVE-2025-37938,CVE-2025-37945,CVE-2025-37946,CVE-2025-37961,CVE-2025-37967,CVE-2025-37968,CVE-2025-37973,CVE-2025-37987,CVE-2025-37992,CVE-2025-37994,CVE-2025-37995,CVE-2025-37997,CVE-2025-37998,CVE-2025-38000,CVE-2025-38001,CVE-2025-38003,CVE-2025-38004,CVE-2025-380 05,CVE-2025-38007,CVE-2025-38009,CVE-2025-38010,CVE-2025-38011,CVE-2025-38013,CVE-2025-38014,CVE-2025-38015,CVE-2025-38018,CVE-2025-38020,CVE-2025-38022,CVE-2025-38023,CVE-2025-38024,CVE-2025-38027,CVE-2025-38031,CVE-2025-38040,CVE-2025-38043,CVE-2025-38044,CVE-2025-38045,CVE-2025-38053,CVE-2025-38057,CVE-2025-38059,CVE-2025-38060,CVE-2025-38065,CVE-2025-38068,CVE-2025-38072,CVE-2025-38077,CVE-2025-38078,CVE-2025-38079,CVE-2025-38080,CVE-2025-38081,CVE-2025-38083 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52888: media: mediatek: vcodec: Only free buffer VA that is not NULL (bsc#1228557). - CVE-2024-49568: net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg (bsc#1235728). - CVE-2024-57982: xfrm: state: fix out-of-bounds read during lookup (bsc#1237913). - CVE-2024-58053: rxrpc: Fix handling of received connection abort (bsc#1238982). - CVE-2025-21720: xfrm: delete intermediate secpath entry in packet offload mode (bsc#1238859). - CVE-2025-21868: kABI workaround for adding an header (bsc#1240180). - CVE-2025-21898: ftrace: Avoid potential division by zero in function_stat_show() (bsc#1240610). - CVE-2025-21899: tracing: Fix bad hist from corrupting named_triggers list (bsc#1240577). - CVE-2025-21920: vlan: enforce underlying device type (bsc#1240686). - CVE-2025-21938: mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr (bsc#1240723). - CVE-2025-21959: netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (bsc#1240814). - CVE-2025-21997: xsk: fix an integer overflow in xp_create_and_assign_umem() (bsc#1240823). - CVE-2025-22035: tracing: Fix use-after-free in print_graph_function_flags during tracer switching (bsc#1241544). - CVE-2025-22111: kABI fix for net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF (bsc#1241572). - CVE-2025-22113: ext4: define ext4_journal_destroy wrapper (bsc#1241617). - CVE-2025-23155: net: stmmac: Fix accessing freed irq affinity_hint (bsc#1242573). - CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846). - CVE-2025-37743: wifi: ath12k: Avoid memory leak while enabling statistics (bsc#1242163). - CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504). - CVE-2025-37756: net: tls: explicitly disallow disconnect (bsc#1242515). - CVE-2025-37757: tipc: fix memory leak in tipc_link_xmit (bsc#1242521). - CVE-2025-37786: net: dsa: free routing table on probe failure (bsc#1242725). - CVE-2025-37800: driver core: fix potential NULL pointer dereference in dev_uevent() (bsc#1242849). - CVE-2025-37801: spi: spi-imx: Add check for spi_imx_setupxfer() (bsc#1242850). - CVE-2025-37811: usb: chipidea: ci_hdrc_imx: fix usbmisc handling (bsc#1242907). - CVE-2025-37844: cifs: avoid NULL pointer dereference in dbg call (bsc#1242946). - CVE-2025-37859: page_pool: avoid infinite loop to schedule delayed worker (bsc#1243051). - CVE-2025-37862: HID: pidff: Fix null pointer dereference in pidff_find_fields (bsc#1242982). - CVE-2025-37865: net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported (bsc#1242954). - CVE-2025-37874: net: ngbe: fix memory leak in ngbe_probe() error path (bsc#1242940). - CVE-2025-37884: bpf: Fix deadlock between rcu_tasks_trace and event_mutex (bsc#1243060). - CVE-2025-37909: net: lan743x: Fix memleak issue when GSO enabled (bsc#1243467). - CVE-2025-37917: net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll (bsc#1243475). - CVE-2025-37921: vxlan: vnifilter: Fix unlocked deletion of default FDB entry (bsc#1243480). - CVE-2025-37923: tracing: Fix oob write in trace_seq_to_buffer() (bsc#1243551). - CVE-2025-37927: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid (bsc#1243620). - CVE-2025-37933: octeon_ep: Fix host hang issue during device reboot (bsc#1243628). - CVE-2025-37936: perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value (bsc#1243537). - CVE-2025-37938: tracing: Verify event formats that have '%*p..' (bsc#1243544). - CVE-2025-37945: net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY (bsc#1243538). - CVE-2025-37961: ipvs: fix uninit-value for saddr in do_output_route4 (bsc#1243523). - CVE-2025-37967: usb: typec: ucsi: displayport: Fix deadlock (bsc#1243572). - CVE-2025-37968: iio: light: opt3001: fix deadlock due to concurrent flag access (bsc#1243571). - CVE-2025-37987: pds_core: Prevent possible adminq overflow/stuck condition (bsc#1243542). - CVE-2025-37992: net_sched: Flush gso_skb list too during ->change() (bsc#1243698). - CVE-2025-37995: module: ensure that kobject_put() is safe for module type kobjects (bsc#1243827). - CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832). - CVE-2025-37998: openvswitch: Fix unsafe attribute parsing in output_userspace() (bsc#1243836). - CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277). - CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234). - CVE-2025-38011: drm/amdgpu: csa unmap use uninterruptible lock (bsc#1244729). - CVE-2025-38018: net/tls: fix kernel panic when alloc_page failed (bsc#1244999). - CVE-2025-38053: idpf: fix null-ptr-deref in idpf_features_check (bsc#1244746). - CVE-2025-38057: espintcp: fix skb leaks (bsc#1244862). - CVE-2025-38060: bpf: abort verification if env->cur_state->loop_entry != NULL (bsc#1245155). - CVE-2025-38072: libnvdimm/labels: Fix divide error in nd_label_data_init() (bsc#1244743). The following non-security bugs were fixed: - ACPI: CPPC: Fix NULL pointer dereference when nosmp is used (git-fixes). - ACPI: HED: Always initialize before evged (stable-fixes). - ACPI: OSI: Stop advertising support for '3.0 _SCP Extensions' (git-fixes). - ACPI: PNP: Add Intel OC Watchdog IDs to non-PNP device list (stable-fixes). - ACPI: battery: negate current when discharging (stable-fixes). - ACPI: bus: Bail out if acpi_kobj registration fails (stable-fixes). - ACPICA: Avoid sequence overread in call to strncmp() (stable-fixes). - ACPICA: Utilities: Fix spelling mistake 'Incremement' -> 'Increment' (git-fixes). - ACPICA: exserial: do not forget to handle FFixedHW opregions for reading (git-fixes). - ACPICA: fix acpi operand cache leak in dswstate.c (stable-fixes). - ACPICA: fix acpi parse and parseext cache leaks (stable-fixes). - ACPICA: utilities: Fix overflow check in vsnprintf() (stable-fixes). - ALSA: hda/intel: Add Thinkpad E15 to PM deny list (stable-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx (stable-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14ASP10 (stable-fixes). - ALSA: hda/realtek: Enable PC beep passthrough for HP EliteBook 855 G7 (stable-fixes). - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR (git-fixes). - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X513EA (git-fixes). - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged (stable-fixes). - ALSA: pcm: Fix race of buffer access at PCM OSS layer (stable-fixes). - ALSA: seq: Improve data consistency at polling (stable-fixes). - ALSA: usb-audio: Accept multiple protocols in GTBs (stable-fixes). - ALSA: usb-audio: Add Pioneer DJ DJM-V10 support (stable-fixes). - ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock (stable-fixes). - ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 (stable-fixes). - ALSA: usb-audio: Add name for HP Engage Go dock (stable-fixes). - ALSA: usb-audio: Check shutdown at endpoint_set_interface() (stable-fixes). - ALSA: usb-audio: Fix NULL pointer deref in snd_usb_power_domain_set() (git-fixes). - ALSA: usb-audio: Fix duplicated name in MIDI substream names (stable-fixes). - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (git-fixes). - ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card (stable-fixes). - ALSA: usb-audio: Rename Pioneer mixer channel controls (git-fixes). - ALSA: usb-audio: Set MIDI1 flag appropriately for GTB MIDI 1.0 entry (stable-fixes). - ALSA: usb-audio: Skip setting clock selector for single connections (stable-fixes). - ALSA: usb-audio: Support multiple control interfaces (stable-fixes). - ALSA: usb-audio: Support read-only clock selector control (stable-fixes). - ALSA: usb-audio: enable support for Presonus Studio 1824c within 1810c file (stable-fixes). - ALSA: usb-audio: mixer: Remove temporary string use in parse_clock_source_unit (stable-fixes). - ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX (git-fixes). - ASoC: Intel: avs: Verify content returned by parse_int_array() (git-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 (stable-fixes). - ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type (git-fixes). - ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9 (stable-fixes). - ASoC: apple: mca: Constrain channels according to TDM mask (git-fixes). - ASoC: codecs: hda: Fix RPM usage count underflow (git-fixes). - ASoC: codecs: pcm3168a: Allow for 24-bit in provider mode (stable-fixes). - ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of() (stable-fixes). - ASoC: mediatek: mt6359: Add stub for mt6359_accdet_enable_jack_detect (stable-fixes). - ASoC: mediatek: mt8188: Add reference for dmic clocks (stable-fixes). - ASoC: mediatek: mt8188: Treat DMIC_GAINx_CUR as non-volatile (stable-fixes). - ASoC: meson: meson-card-utils: use of_property_present() for DT parsing (git-fixes). - ASoC: ops: Enforce platform maximum on initial value (stable-fixes). - ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() (git-fixes). - ASoC: qcom: sm8250: explicitly set format in sm8250_be_hw_params_fixup() (stable-fixes). - ASoC: rt722-sdca: Add some missing readable registers (stable-fixes). - ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot() (stable-fixes). - ASoC: sun4i-codec: support hp-det-gpios property (stable-fixes). - ASoC: tas2764: Add reg defaults for TAS2764_INT_CLK_CFG (stable-fixes). - ASoC: tas2764: Enable main IRQs (git-fixes). - ASoC: tas2764: Mark SW_RESET as volatile (stable-fixes). - ASoC: tas2764: Power up/down amp on mute ops (stable-fixes). - ASoC: tas2764: Reinit cache on part reset (git-fixes). - ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change (stable-fixes). - ASoC: tegra210_ahub: Add check to of_device_get_match_data() (stable-fixes). - Bluetooth: Fix NULL pointer deference on eir_get_service_data (git-fixes). - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION (git-fixes). - Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete (git-fixes). - Bluetooth: MGMT: Fix sparse errors (git-fixes). - Bluetooth: MGMT: Remove unused mgmt_pending_find_data (stable-fixes). - Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() (git-fixes). - Bluetooth: Remove pending ACL connection attempts (stable-fixes). - Bluetooth: hci_conn: Fix UAF Write in __hci_acl_create_connection_sync (git-fixes). - Bluetooth: hci_conn: Only do ACL connections sequentially (stable-fixes). - Bluetooth: hci_core: fix list_for_each_entry_rcu usage (git-fixes). - Bluetooth: hci_event: Fix not using key encryption size when its known (git-fixes). - Bluetooth: hci_qca: move the SoC type check to the right place (git-fixes). - Bluetooth: hci_sync: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync (git-fixes). - Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance (git-fixes). - Documentation/rtla: Fix duplicate text about timerlat tracer (git-fixes). - Documentation/rtla: Fix typo in common_timerlat_description.rst (git-fixes). - Documentation/rtla: Fix typo in rtla-timerlat.rst (git-fixes). - Documentation: fix typo in root= kernel parameter description (git-fixes). - HID: lenovo: Restrict F7/9/11 mode to compact keyboards only (git-fixes). - HID: quirks: Add ADATA XPG alpha wireless mouse support (stable-fixes). - HID: usbkbd: Fix the bit shift number for LED_KANA (stable-fixes). - HID: wacom: fix kobject reference count leak (git-fixes). - HID: wacom: fix memory leak on kobject creation failure (git-fixes). - HID: wacom: fix memory leak on sysfs attribute creation failure (git-fixes). - Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer() (git-fixes). - Input: ims-pcu - check record size in ims_pcu_flash_firmware() (git-fixes). - Input: sparcspkr - avoid unannotated fall-through (stable-fixes). - Input: xpad - add more controllers (stable-fixes). - KVM: powerpc: Enable commented out BUILD_BUG_ON() assertion (bsc#1215199). - KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY (git-fixes bsc#1245225). - MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') - MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild') - MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed. - NFC: nci: uart: Set tty->disc_data only in success path (git-fixes). - NFS: Do not allow waiting for exiting tasks (git-fixes). - NFSD: Insulate nfsd4_encode_read_plus() from page boundaries in the encode buffer (git-fixes). - NFSv4: Check for delegation validity in nfs_start_delegation_return_locked() (git-fixes). - NFSv4: Treat ENETUNREACH errors as fatal for state recovery (git-fixes). - PCI/DPC: Initialize aer_err_info before using it (git-fixes). - PCI/DPC: Log Error Source ID only when valid (git-fixes). - PCI/DPC: Use defines with DPC reason fields (git-fixes). - PCI/MSI: Size device MSI domain with the maximum number of vectors (git-fixes). - PCI/PM: Set up runtime PM even for devices without PCI PM (git-fixes). - PCI: Explicitly put devices into D0 when initializing (git-fixes). - PCI: Fix lock symmetry in pci_slot_unlock() (git-fixes). - PCI: Fix old_size lower bound in calculate_iosize() too (stable-fixes). - PCI: apple: Set only available ports up (git-fixes). - PCI: apple: Use gpiod_set_value_cansleep in probe flow (git-fixes). - PCI: brcmstb: Add a softdep to MIP MSI-X driver (stable-fixes). - PCI: brcmstb: Expand inbound window size up to 64GB (stable-fixes). - PCI: cadence-ep: Correct PBA offset in .set_msix() callback (git-fixes). - PCI: cadence: Fix runtime atomic count underflow (git-fixes). - PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit() (git-fixes). - PCI: dw-rockchip: Remove PCIE_L0S_ENTRY check from rockchip_pcie_link_up() (git-fixes). - PCI: dwc: ep: Correct PBA offset in .set_msix() callback (git-fixes). - PCI: dwc: ep: Ensure proper iteration over outbound map windows (stable-fixes). - PCI: endpoint: Retain fixed-size BAR size as well as aligned size (git-fixes). - PCI: vmd: Disable MSI remapping bypass under Xen (stable-fixes). - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() (stable-fixes). - PM: sleep: Fix power.is_suspended cleanup for direct-complete devices (git-fixes). - PM: sleep: Print PM debug messages during hibernation (git-fixes). - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() (git-fixes). - RDMA/core: Fix best page size finding when it can cross SG entries (git-fixes) - RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject() (git-fixes) - Remove compress-vmlinux.sh /usr/lib/rpm/brp-suse.d/brp-99-compress-vmlinux was added in pesign-obs-integration during SLE12 RC. This workaround can be removed. - Remove host-memcpy-hack.h This might have been usefult at some point but we have more things that depend on specific library versions today. - Remove try-disable-staging-driver The config for linux-next is autogenerated from master config, and defaults filled for missing options. This is unlikely to enable any staging driver in the first place. - Revert 'ALSA: usb-audio: Skip setting clock selector for single connections' (stable-fixes). - Revert 'arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC (git-fixes) - Revert 'bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first' (stable-fixes). - Revert 'drm/amdgpu: do not allow userspace to create a doorbell BO' (stable-fixes). - Revert 'ipv6: save dontfrag in cork (git-fixes).' - Revert 'kABI: ipv6: save dontfrag in cork (git-fixes).' - Revert 'wifi: mt76: mt7996: fill txd by host driver' (stable-fixes). - SUNRPC: Do not allow waiting for exiting tasks (git-fixes). - SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls (git-fixes). - SUNRPC: rpc_clnt_set_transport() must not change the autobind setting (git-fixes). - SUNRPC: rpcbind should never reset the port to the value '0' (git-fixes). - USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB (stable-fixes). - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (git-fixes). - accel/qaic: Mask out SR-IOV PCI resources (stable-fixes). - acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() (git-fixes). - add bug reference to existing hv_storvsc change (bsc#1245455). - arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs (git-fixes) - ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode (stable-fixes). - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (stable-fixes). - ath10k: snoc: fix unbalanced IRQ enable in crash recovery (git-fixes). - backlight: pm8941: Add NULL check in wled_configure() (git-fixes). - bnxt: properly flush XDP redirect lists (git-fixes). - bpf: Force uprobe bpf program to always return 0 (git-fixes). - bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)') - btrfs: fix fsync of files with no hard links not persisting deletion (git-fixes). - btrfs: fix invalid data space release when truncating block in NOCOW mode (git-fixes). - btrfs: fix qgroup reservation leak on failure to allocate ordered extent (git-fixes). - btrfs: fix wrong start offset for delalloc space release during mmap write (git-fixes). - btrfs: remove end_no_trans label from btrfs_log_inode_parent() (git-fixes). - btrfs: simplify condition for logging new dentries at btrfs_log_inode_parent() (git-fixes). - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device (git-fixes). - bus: fsl-mc: fix GET/SET_TAILDROP command ids (git-fixes). - bus: fsl-mc: fix double-free on mc_dev (git-fixes). - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value (stable-fixes). - bus: mhi: host: Fix conflict between power_up and SYSERR (git-fixes). - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (git-fixes). - can: c_can: Use of_property_present() to test existence of DT property (stable-fixes). - can: tcan4x5x: fix power regulator retrieval during probe (git-fixes). - ceph: Fix incorrect flush end position calculation (git-fixes). - ceph: allocate sparse_ext map only for sparse reads (git-fixes). - ceph: fix memory leaks in __ceph_sync_read() (git-fixes). - cgroup/cpuset: Fix race between newly created partition and dying one (bsc#1241166). - clocksource: Fix brown-bag boolean thinko in (git-fixes) - clocksource: Make watchdog and suspend-timing multiplication (git-fixes) - crypto: lrw - Only add ecb if it is not already there (git-fixes). - crypto: lzo - Fix compression buffer overrun (stable-fixes). - crypto: marvell/cesa - Avoid empty transfer descriptor (git-fixes). - crypto: marvell/cesa - Do not chain submitted requests (git-fixes). - crypto: marvell/cesa - Handle zero-length skcipher requests (git-fixes). - crypto: octeontx2 - suppress auth failure screaming due to negative tests (stable-fixes). - crypto: qat - add shutdown handler to qat_420xx (git-fixes). - crypto: qat - add shutdown handler to qat_4xxx (git-fixes). - crypto: skcipher - Zap type in crypto_alloc_sync_skcipher (stable-fixes). - crypto: sun8i-ce - move fallback ahash_request to the end of the struct (git-fixes). - crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() (git-fixes). - crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions (git-fixes). - crypto: xts - Only add ecb if it is not already there (git-fixes). - devlink: Fix referring to hw_addr attribute during state validation (git-fixes). - devlink: fix port dump cmd type (git-fixes). - dlm: mask sk_shutdown value (bsc#1228854). - dlm: use SHUT_RDWR for SCTP shutdown (bsc#1228854). - dmaengine: idxd: cdev: Fix uninitialized use of sva in idxd_cdev_open (stable-fixes). - dmaengine: ti: Add NULL check in udma_probe() (git-fixes). - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (stable-fixes). - drm/amd/display/dm: drop hw_support check in amdgpu_dm_i2c_xfer() (stable-fixes). - drm/amd/display: Add null pointer check for get_first_active_display() (git-fixes). - drm/amd/display: Do not try AUX transactions on disconnected link (stable-fixes). - drm/amd/display: Fix incorrect DPCD configs while Replay/PSR switch (stable-fixes). - drm/amd/display: Guard against setting dispclk low for dcn31x (stable-fixes). - drm/amd/display: Increase block_sequence array size (stable-fixes). - drm/amd/display: Initial psr_version with correct setting (stable-fixes). - drm/amd/display: Skip checking FRL_MODE bit for PCON BW determination (stable-fixes). - drm/amd/display: Update CR AUX RD interval interpretation (stable-fixes). - drm/amd/display: fix link_set_dpms_off multi-display MST corner case (stable-fixes). - drm/amd/display: remove minimum Dispclk and apply oem panel timing (stable-fixes). - drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table (git-fixes). - drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c (stable-fixes). - drm/amdgpu: Set snoop bit for SDMA for MI series (stable-fixes). - drm/amdgpu: Update SRIOV video codec caps (stable-fixes). - drm/amdgpu: enlarge the VBIOS binary size limit (stable-fixes). - drm/amdgpu: reset psp->cmd to NULL after releasing the buffer (stable-fixes). - drm/amdgpu: switch job hw_fence to amdgpu_fence (git-fixes). - drm/amdkfd: KFD release_work possible circular locking (stable-fixes). - drm/amdkfd: Set per-process flags only once cik/vi (stable-fixes). - drm/ast: Find VBIOS mode from regular display size (stable-fixes). - drm/ast: Fix comment on modeset lock (git-fixes). - drm/atomic: clarify the rules around drm_atomic_state->allow_modeset (stable-fixes). - drm/bridge: cdns-dsi: Check return value when getting default PHY config (git-fixes). - drm/bridge: cdns-dsi: Fix connecting to next bridge (git-fixes). - drm/bridge: cdns-dsi: Fix phy de-init and flag it so (git-fixes). - drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() (git-fixes). - drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready (git-fixes). - drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() (git-fixes). - drm/etnaviv: Protect the scheduler's pending list with its lock (git-fixes). - drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1 (git-fixes). - drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled (git-fixes). - drm/i915: fix build error some more (git-fixes). - drm/mediatek: Fix kobject put for component sub-drivers (git-fixes). - drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence (stable-fixes). - drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr (git-fixes). - drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err (git-fixes). - drm/msm/disp: Correct porch timing for SDM845 (git-fixes). - drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate (git-fixes). - drm/msm/gpu: Fix crash when throttling GPU immediately during boot (git-fixes). - drm/nouveau/bl: increase buffer size to avoid truncate warning (git-fixes). - drm/panel-edp: Add Starry 116KHD024006 (stable-fixes). - drm/panel: samsung-sofef00: Drop s6e3fc2x01 support (git-fixes). - drm/rockchip: vop2: Add uv swap for cluster window (stable-fixes). - drm/ssd130x: fix ssd132x_clear_screen() columns (git-fixes). - drm/tegra: Assign plane type before registration (git-fixes). - drm/tegra: Fix a possible null pointer dereference (git-fixes). - drm/tegra: rgb: Fix the unbound reference count (git-fixes). - drm/udl: Unregister device before cleaning up on disconnect (git-fixes). - drm/v3d: Add clock handling (stable-fixes). - drm/vc4: tests: Use return instead of assert (git-fixes). - drm/vkms: Adjust vkms_state->active_planes allocation type (git-fixes). - drm/vmwgfx: Add seqno waiter for sync_files (git-fixes). - drm: Add valid clones check (stable-fixes). - drm: bridge: adv7511: fill stream capabilities (stable-fixes). - drm: rcar-du: Fix memory leak in rcar_du_vsps_init() (git-fixes). - e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13 (git-fixes). - fbcon: Make sure modelist not set on unregistered console (stable-fixes). - fbcon: Use correct erase colour for clearing in fbcon (stable-fixes). - fbdev/efifb: Remove PM for parent device (bsc#1244261). - fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var (git-fixes). - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (git-fixes). - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (git-fixes). - fbdev: core: tileblit: Implement missing margin clearing for tileblit (stable-fixes). - fbdev: fsl-diu-fb: add missing device_remove_file() (stable-fixes). - fgraph: Still initialize idle shadow stacks when starting (git-fixes). - firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES (git-fixes). - firmware: arm_ffa: Reject higher major version as incompatible (stable-fixes). - firmware: arm_ffa: Set dma_mask for ffa devices (stable-fixes). - firmware: arm_scmi: Relax duplicate name constraint across protocol ids (stable-fixes). - firmware: psci: Fix refcount leak in psci_dt_init (git-fixes). - fpga: altera-cvp: Increase credit timeout (stable-fixes). - fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio() (git-fixes). - gpio: mlxbf3: only get IRQ for device instance 0 (git-fixes). - gpio: pca953x: Simplify code with cleanup helpers (stable-fixes). - gpio: pca953x: Split pca953x_restore_context() and pca953x_save_context() (stable-fixes). - gpio: pca953x: fix IRQ storm on system wake up (git-fixes). - gpiolib: Revert 'Do not WARN on gpiod_put() for optional GPIO' (stable-fixes). - gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt (git-fixes). - gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO (git-fixes). - hwmon: (asus-ec-sensors) check sensor index in read_string() (git-fixes). - hwmon: (dell-smm) Increment the number of fans (stable-fixes). - hwmon: (ftsteutates) Fix TOCTOU race in fts_read() (git-fixes). - hwmon: (gpio-fan) Add missing mutex locks (stable-fixes). - hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace (git-fixes). - hwmon: (occ) Rework attribute registration for stack usage (git-fixes). - hwmon: (occ) fix unaligned accesses (git-fixes). - hwmon: (peci/dimmtemp) Do not provide fake thresholds data (git-fixes). - hwmon: (xgene-hwmon) use appropriate type for the latency value (stable-fixes). - hwmon: corsair-psu: add USB id of HX1200i Series 2023 psu (git-fixes). - i2c: designware: Invoke runtime suspend on quick slave re-registration (stable-fixes). - i2c: npcm: Add clock toggle recovery (stable-fixes). - i2c: pxa: fix call balance of i2c->clk handling routines (stable-fixes). - i2c: qup: Vote for interconnect bandwidth to DRAM (stable-fixes). - i2c: robotfuzz-osif: disable zero-length read messages (git-fixes). - i2c: tegra: check msg length in SMBUS block read (bsc#1242086) - i2c: tiny-usb: disable zero-length read messages (git-fixes). - i3c: master: svc: Fix implicit fallthrough in svc_i3c_master_ibi_work() (git-fixes). - i3c: master: svc: Fix missing STOP for master request (stable-fixes). - i3c: master: svc: Flush FIFO before sending Dynamic Address Assignment(DAA) (stable-fixes). - i40e: retry VFLR handling if there is ongoing VF reset (git-fixes). - i40e: return false from i40e_reset_vf if reset is in progress (git-fixes). - ice: Fix LACP bonds without SRIOV environment (git-fixes). - ice: create new Tx scheduler nodes for new queues only (git-fixes). - ice: fix Tx scheduler error handling in XDP callback (git-fixes). - ice: fix rebuilding the Tx scheduler tree for large queue counts (git-fixes). - ice: fix vf->num_mac count with port representors (git-fixes). - ieee802154: ca8210: Use proper setters and getters for bitwise types (stable-fixes). - iio: accel: fxls8962af: Fix temperature scan element sign (git-fixes). - iio: adc: ad7124: Fix 3dB filter frequency reading (git-fixes). - iio: adc: ad7606_spi: fix reg write value mask (git-fixes). - iio: filter: admv8818: Support frequencies >= 2^32 (git-fixes). - iio: filter: admv8818: fix band 4, state 15 (git-fixes). - iio: filter: admv8818: fix integer overflow (git-fixes). - iio: filter: admv8818: fix range calculation (git-fixes). - iio: imu: inv_icm42600: Fix temperature calculation (git-fixes). - ima: Suspend PCR extends and log appends when rebooting (bsc#1210025 ltc#196650). - ima: process_measurement() needlessly takes inode_lock() on MAY_READ (stable-fixes). - intel_th: avoid using deprecated page->mapping, index fields (stable-fixes). - iommu: Protect against overflow in iommu_pgsize() (git-fixes). - iommu: Skip PASID validation for devices without PASID capability (bsc#1244100) - iommu: Validate the PASID in iommu_attach_device_pasid() (bsc#1244100) - ip6mr: fix tables suspicious RCU usage (git-fixes). - ip_tunnel: annotate data-races around t->parms.link (git-fixes). - ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function (git-fixes). - ipmr: fix tables suspicious RCU usage (git-fixes). - ipv4: Convert ip_route_input() to dscp_t (git-fixes). - ipv4: Correct/silence an endian warning in __ip_do_redirect (git-fixes). - ipv6: save dontfrag in cork (git-fixes). - ipvs: Always clear ipvs_property flag in skb_scrub_packet() (git-fixes). - isolcpus: fix bug in returning number of allocated cpumask (bsc#1243774). - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places (git-fixes). - jffs2: check that raw node were preallocated before writing summary (git-fixes). - kABI workaround for hda_codec.beep_just_power_on flag (git-fixes). - kABI: PCI: endpoint: Retain fixed-size BAR size as well as aligned size (git-fixes). - kABI: ipv6: save dontfrag in cork (git-fixes). - kABI: serial: mctrl_gpio: split disable_ms into sync and no_sync APIs (git-fixes). - kabi: restore layout of struct cgroup_subsys (bsc#1241166). - kabi: restore layout of struct mem_control (jsc#PED-12551). - kabi: restore layout of struct page_counter (jsc#PED-12551). - kernel-source: Do not use multiple -r in sed parameters - kernel-source: Remove log.sh from sources - leds: pwm-multicolor: Add check for fwnode_property_read_u32 (stable-fixes). - loop: add file_start_write() and file_end_write() (git-fixes). - mailbox: use error ret code of of_parse_phandle_with_args() (stable-fixes). - md/raid1,raid10: do not handle IO error for REQ_RAHEAD and REQ_NOWAIT (git-fixes). - media: adv7180: Disable test-pattern control on adv7180 (stable-fixes). - media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() (stable-fixes). - media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case (git-fixes). - media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div (git-fixes). - media: ccs-pll: Start OP pre-PLL multiplier search from correct value (git-fixes). - media: ccs-pll: Start VT pre-PLL multiplier search from correct value (git-fixes). - media: cx231xx: set device_caps for 417 (stable-fixes). - media: cxusb: no longer judge rbuf when the write fails (git-fixes). - media: davinci: vpif: Fix memory leak in probe error path (git-fixes). - media: gspca: Add error handling for stv06xx_read_sensor() (git-fixes). - media: i2c: imx219: Correct the minimum vblanking value (stable-fixes). - media: imx-jpeg: Cleanup after an allocation error (git-fixes). - media: imx-jpeg: Drop the first error frames (git-fixes). - media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead (git-fixes). - media: imx-jpeg: Reset slot data pointers when freed (git-fixes). - media: nxp: imx8-isi: better handle the m2m usage_count (git-fixes). - media: omap3isp: use sgtable-based scatterlist wrappers (git-fixes). - media: ov5675: suppress probe deferral errors (git-fixes). - media: ov8856: suppress probe deferral errors (git-fixes). - media: qcom: camss: csid: Only add TPG v4l2 ctrl if TPG hardware is available (stable-fixes). - media: rkvdec: Fix frame size enumeration (git-fixes). - media: tc358746: improve calculation of the D-PHY timing registers (stable-fixes). - media: test-drivers: vivid: do not call schedule in loop (stable-fixes). - media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map (stable-fixes). - media: uvcvideo: Fix deferred probing error (git-fixes). - media: uvcvideo: Handle uvc menu translation inside uvc_get_le_value (stable-fixes). - media: uvcvideo: Return the number of processed controls (git-fixes). - media: v4l2-dev: fix error handling in __video_register_device() (git-fixes). - media: v4l: Memset argument to 0 before calling get_mbus_config pad op (stable-fixes). - media: venus: Fix probe error handling (git-fixes). - media: videobuf2: use sgtable-based scatterlist wrappers (git-fixes). - media: vidtv: Terminating the subsequent process of initialization failure (git-fixes). - media: vivid: Change the siize of the composing (git-fixes). - mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() (git-fixes). - mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE (git-fixes). - mfd: tps65219: Remove TPS65219_REG_TI_DEV_ID check (stable-fixes). - mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337). - mm, memcg: cg2 memory{.swap,}.peak write handlers (jsc#PED-12551). - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431). - mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431). - mm/memcontrol: export memcg.swap watermark via sysfs for v2 memcg (jsc#PED-12551). - mmc: Add quirk to disable DDR50 tuning (stable-fixes). - mmc: dw_mmc: add exynos7870 DW MMC support (stable-fixes). - mmc: host: Wait for Vdd to settle on card power off (stable-fixes). - mmc: sdhci: Disable SD card clock before changing parameters (stable-fixes). - mtd: nand: ecc-mxic: Fix use of uninitialized variable ret (git-fixes). - mtd: nand: sunxi: Add randomizer configuration before randomizer enable (git-fixes). - mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk (git-fixes). - neighbour: Do not let neigh_forced_gc() disable preemption for long (git-fixes). - net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (git-fixes). - net/mdiobus: Fix potential out-of-bounds read/write access (git-fixes). - net/mlx4_en: Prevent potential integer overflow calculating Hz (git-fixes). - net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() (git-fixes). - net/mlx5: Ensure fw pages are always allocated on same NUMA (git-fixes). - net/mlx5: Fix ECVF vports unload on shutdown flow (git-fixes). - net/mlx5: Fix return value when searching for existing flow group (git-fixes). - net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() (git-fixes). - net/mlx5e: Fix leak of Geneve TLV option object (git-fixes). - net/neighbor: clear error in case strict check is not set (git-fixes). - net/sched: fix use-after-free in taprio_dev_notifier (git-fixes). - net: Fix TOCTOU issue in sk_is_readable() (git-fixes). - net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) (git-fixes). - net: add rcu safety to rtnl_prop_list_size() (git-fixes). - net: fix udp gso skb_segment after pull from frag_list (git-fixes). - net: give more chances to rcu in netdev_wait_allrefs_any() (git-fixes). - net: ice: Perform accurate aRFS flow match (git-fixes). - net: ipv4: fix a memleak in ip_setup_cork (git-fixes). - net: linkwatch: use system_unbound_wq (git-fixes). - net: mana: Add support for Multi Vports on Bare metal (bsc#1244229). - net: mana: Record doorbell physical address in PF mode (bsc#1244229). - net: page_pool: fix warning code (git-fixes). - net: phy: clear phydev->devlink when the link is deleted (git-fixes). - net: phy: fix up const issues in to_mdio_device() and to_phy_device() (git-fixes). - net: phy: move phy_link_change() prior to mdio_bus_phy_may_suspend() (bsc#1243538) - net: phy: mscc: Fix memory leak when using one step timestamping (git-fixes). - net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames (git-fixes). - net: sched: cls_u32: Fix allocation size in u32_init() (git-fixes). - net: sched: consistently use rcu_replace_pointer() in taprio_change() (git-fixes). - net: sched: em_text: fix possible memory leak in em_text_destroy() (git-fixes). - net: sched: fix erspan_opt settings in cls_flower (git-fixes). - net: usb: aqc111: debug info before sanitation (git-fixes). - net: usb: aqc111: fix error handling of usbnet read calls (git-fixes). - net: wwan: t7xx: Fix napi rx poll issue (git-fixes). - net_sched: ets: fix a race in ets_qdisc_change() (git-fixes). - net_sched: prio: fix a race in prio_tune() (git-fixes). - net_sched: red: fix a race in __red_change() (git-fixes). - net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312) - net_sched: sch_sfq: reject invalid perturb period (git-fixes). - net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504) - net_sched: tbf: fix a race in tbf_change() (git-fixes). - netdev-genl: Hold rcu_read_lock in napi_get (git-fixes). - netlink: fix potential sleeping issue in mqueue_flush_file (git-fixes). - netlink: specs: dpll: replace underscores with dashes in names (git-fixes). - netpoll: Use rcu_access_pointer() in __netpoll_setup (git-fixes). - netpoll: hold rcu read lock in __netpoll_send_skb() (git-fixes). - nfsd: Initialize ssc before laundromat_work to prevent NULL dereference (git-fixes). - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (git-fixes). - nfsd: validate the nfsd_serv pointer before calling svc_wake_up (git-fixes). - ntp: Clamp maxerror and esterror to operating range (git-fixes) - ntp: Remove invalid cast in time offset math (git-fixes) - ntp: Safeguard against time_constant overflow (git-fixes) - nvme-fc: do not reference lsrsp after failure (bsc#1245193). - nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro (git-fixes). - nvme-pci: add quirks for WDC Blue SN550 15b7:5009 (git-fixes). - nvme-pci: add quirks for device 126f:1001 (git-fixes). - nvme: always punt polled uring_cmd end_io work to task_work (git-fixes). - nvme: fix command limits status code (git-fixes). - nvme: fix implicit bool to flags conversion (git-fixes). - nvmet-fc: free pending reqs on tgtport unregister (bsc#1245193). - nvmet-fc: take tgtport refs for portentry (bsc#1245193). - nvmet-fcloop: access fcpreq only when holding reqlock (bsc#1245193). - nvmet-fcloop: add missing fcloop_callback_host_done (bsc#1245193). - nvmet-fcloop: allocate/free fcloop_lsreq directly (bsc#1245193). - nvmet-fcloop: do not wait for lport cleanup (bsc#1245193). - nvmet-fcloop: drop response if targetport is gone (bsc#1245193). - nvmet-fcloop: prevent double port deletion (bsc#1245193). - nvmet-fcloop: refactor fcloop_delete_local_port (bsc#1245193). - nvmet-fcloop: refactor fcloop_nport_alloc and track lport (bsc#1245193). - nvmet-fcloop: remove nport from list on last user (bsc#1245193). - nvmet-fcloop: track ref counts for nports (bsc#1245193). - nvmet-fcloop: update refs on tfcp_req (bsc#1245193). - orangefs: Do not truncate file size (git-fixes). - pNFS/flexfiles: Report ENETDOWN as a connection error (git-fixes). - page_pool: Fix use-after-free in page_pool_recycle_in_ring (git-fixes). - phy: core: do not require set_mode() callback for phy_get_mode() to work (stable-fixes). - phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug (git-fixes). - phy: renesas: rcar-gen3-usb2: Add support to initialize the bus (stable-fixes). - phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off (git-fixes). - phy: renesas: rcar-gen3-usb2: Lock around hardware registers and driver data (git-fixes). - phy: renesas: rcar-gen3-usb2: Move IRQ request in probe (stable-fixes). - pinctrl-tegra: Restore SFSEL bit when freeing pins (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() (stable-fixes). - pinctrl: armada-37xx: set GPIO output value before setting direction (git-fixes). - pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 (git-fixes). - pinctrl: at91: Fix possible out-of-boundary access (git-fixes). - pinctrl: bcm281xx: Use 'unsigned int' instead of bare 'unsigned' (stable-fixes). - pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map (stable-fixes). - pinctrl: mcp23s08: Reset all pins to input at probe (stable-fixes). - pinctrl: meson: define the pull up/down resistor value as 60 kOhm (stable-fixes). - pinctrl: qcom: pinctrl-qcm2290: Add missing pins (git-fixes). - pinctrl: st: Drop unused st_gpio_bank() function (git-fixes). - pinctrl: tegra: Fix off by one in tegra_pinctrl_get_group() (git-fixes). - platform/x86/amd: pmc: Clear metrics table at start of cycle (git-fixes). - platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL (git-fixes). - platform/x86: dell_rbu: Fix list usage (git-fixes). - platform/x86: dell_rbu: Stop overwriting data buffer (git-fixes). - platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys (git-fixes). - platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys (stable-fixes). - platform/x86: ideapad-laptop: use usleep_range() for EC polling (git-fixes). - platform/x86: thinkpad_acpi: Ignore battery threshold change event notification (stable-fixes). - platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS (git-fixes). - platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS (stable-fixes). - power: reset: at91-reset: Optimize at91_reset() (git-fixes). - power: supply: bq27xxx: Retrieve again when busy (stable-fixes). - power: supply: collie: Fix wakeup source leaks on device unbind (stable-fixes). - powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery (bsc#1215199). - powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790). - powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states (bsc#1215199). - powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790). - pstore: Change kmsg_bytes storage size to u32 (git-fixes). - ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() (git-fixes). - r8152: add vendor/device ID pair for Dell Alienware AW1022z (git-fixes). - regulator: ad5398: Add device tree support (stable-fixes). - regulator: max14577: Add error check for max14577_read_reg() (git-fixes). - regulator: max20086: Change enable gpio to optional (git-fixes). - regulator: max20086: Fix MAX200086 chip id (git-fixes). - regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() (git-fixes). - rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang. - rpm/kernel-source.changes.old: Drop bogus bugzilla reference (bsc#1244725) - rpm: Stop using is_kotd_qa macro This macro is set by bs-upload-kernel, and a conditional in each spec file is used to determine when to build the spec file. This logic should not really be in the spec file. Previously this was done with package links and package meta for the individula links. However, the use of package links is rejected for packages in git based release projects (nothing to do with git actually, new policy). An alternative to package links is multibuild. However, for multibuild packages package meta cannot be used to set which spec file gets built. Use prjcon buildflags instead, and remove this conditional. Depends on bs-upload-kernel adding the build flag. - rtc: Fix offset calculation for .start_secs < 0 (git-fixes). - rtc: Make rtc_time64_to_tm() support dates before 1970 (stable-fixes). - rtc: at91rm9200: drop unused module alias (git-fixes). - rtc: cmos: use spin_lock_irqsave in cmos_interrupt (git-fixes). - rtc: cpcap: drop unused module alias (git-fixes). - rtc: da9063: drop unused module alias (git-fixes). - rtc: ds1307: stop disabling alarms on probe (stable-fixes). - rtc: jz4740: drop unused module alias (git-fixes). - rtc: pm8xxx: drop unused module alias (git-fixes). - rtc: rv3032: fix EERD location (stable-fixes). - rtc: s3c: drop unused module alias (git-fixes). - rtc: sh: assign correct interrupts with DT (git-fixes). - rtc: stm32: drop unused module alias (git-fixes). - s390/pci: Allow re-add of a reserved but not yet removed device (bsc#1244145). - s390/pci: Fix __pcilg_mio_inuser() inline assembly (git-fixes bsc#1245226). - s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs (git-fixes bsc#1244145). - s390/pci: Fix potential double remove of hotplug slot (bsc#1244145). - s390/pci: Prevent self deletion in disable_slot() (bsc#1244145). - s390/pci: Remove redundant bus removal and disable from zpci_release_device() (bsc#1244145). - s390/pci: Serialize device addition and removal (bsc#1244145). - s390/pci: introduce lock to synchronize state of zpci_dev's (jsc#PED-10253 bsc#1244145). - s390/pci: remove hotplug slot when releasing the device (bsc#1244145). - s390/pci: rename lock member in struct zpci_dev (jsc#PED-10253 bsc#1244145). - s390/tty: Fix a potential memory leak bug (git-fixes bsc#1245228). - scsi: dc395x: Remove DEBUG conditional compilation (git-fixes). - scsi: dc395x: Remove leftover if statement in reselect() (git-fixes). - scsi: elx: efct: Fix memory leak in efct_hw_parse_filter() (git-fixes). - scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk (git-fixes). - scsi: iscsi: Fix incorrect error path labels for flashnode operations (git-fixes). - scsi: mpi3mr: Add level check to control event logging (git-fixes). - scsi: mpt3sas: Send a diag reset if target reset fails (git-fixes). - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops (git-fixes). - scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer (git-fixes). - scsi: st: ERASE does not change tape location (git-fixes). - scsi: st: Restore some drive settings after reset (git-fixes). - scsi: st: Tighten the page format heuristics with MODE SELECT (git-fixes). - scsi: storvsc: Do not report the host packet status as the hv status (git-fixes). - scsi: storvsc: Increase the timeouts to storvsc_timeout (git-fixes). - selftests/bpf: Fix bpf_nf selftest failure (git-fixes). - selftests/mm: restore default nr_hugepages value during cleanup in hugetlb_reparenting_test.sh (git-fixes). - selftests/net: have `gro.sh -t` return a correct exit code (stable-fixes). - selftests/seccomp: fix syscall_restart test for arm compat (git-fixes). - serial: Fix potential null-ptr-deref in mlb_usio_probe() (git-fixes). - serial: imx: Restore original RXTL for console to fix data loss (git-fixes). - serial: mctrl_gpio: split disable_ms into sync and no_sync APIs (git-fixes). - serial: sh-sci: Move runtime PM enable to sci_probe_single() (stable-fixes). - serial: sh-sci: Save and restore more registers (git-fixes). - serial: sh-sci: Update the suspend/resume support (stable-fixes). - soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() (git-fixes). - soc: aspeed: lpc: Fix impossible judgment condition (git-fixes). - soc: qcom: smp2p: Fix fallback to qcom,ipc parse (git-fixes). - soc: ti: k3-socinfo: Do not use syscon helper to build regmap (stable-fixes). - software node: Correct a OOB check in software_node_get_reference_args() (stable-fixes). - soundwire: amd: change the soundwire wake enable/disable sequence (stable-fixes). - spi-rockchip: Fix register out of bounds access (stable-fixes). - spi: bcm63xx-hsspi: fix shared reset (git-fixes). - spi: bcm63xx-spi: fix shared reset (git-fixes). - spi: sh-msiof: Fix maximum DMA transfer size (git-fixes). - spi: spi-sun4i: fix early activation (stable-fixes). - spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers (git-fixes). - spi: tegra210-quad: modify chip select (CS) deactivation (git-fixes). - spi: tegra210-quad: remove redundant error handling code (git-fixes). - spi: zynqmp-gqspi: Always acknowledge interrupts (stable-fixes). - staging: iio: ad5933: Correct settling cycles encoding per datasheet (git-fixes). - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() (git-fixes). - struct usci: hide additional member (git-fixes). - sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (git-fixes). - tcp/dccp: allow a connection when sk_max_ack_backlog is zero (git-fixes). - tcp/dccp: bypass empty buckets in inet_twsk_purge() (git-fixes). - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog (git-fixes). - tcp: bring back NUMA dispersion in inet_ehash_locks_alloc() (git-fixes). - tcp_metrics: optimize tcp_metrics_flush_all() (git-fixes). - thermal/drivers/qoriq: Power down TMU on system suspend (stable-fixes). - thunderbolt: Do not add non-active NVM if NVM upgrade is disabled for retimer (stable-fixes). - thunderbolt: Do not double dequeue a configuration request (stable-fixes). - thunderbolt: Fix a logic error in wake on connect (git-fixes). - timekeeping: Fix bogus clock_was_set() invocation in (git-fixes) - timekeeping: Fix cross-timestamp interpolation corner case (git-fixes) - timekeeping: Fix cross-timestamp interpolation for non-x86 (git-fixes) - timekeeping: Fix cross-timestamp interpolation on counter (git-fixes) - trace/trace_event_perf: remove duplicate samples on the first tracepoint event (git-fixes). - tracing/eprobe: Fix to release eprobe when failed to add dyn_event (git-fixes). - tracing: Add __print_dynamic_array() helper (bsc#1243544). - tracing: Add __string_len() example (bsc#1243544). - tracing: Fix cmp_entries_dup() to respect sort() comparison rules (git-fixes). - tracing: Fix compilation warning on arm32 (bsc#1243551). - tracing: Use atomic64_inc_return() in trace_clock_counter() (git-fixes). - truct dwc3 hide new member wakeup_pending_funcs (git-fixes). - ucsi_debugfs_entry: hide signedness change (git-fixes). - udp: annotate data-races around up->pending (git-fixes). - udp: fix incorrect parameter validation in the udp_lib_getsockopt() function (git-fixes). - udp: fix receiving fraglist GSO packets (git-fixes). - udp: preserve the connected status if only UDP cmsg (git-fixes). - uprobes: Use kzalloc to allocate xol area (git-fixes). - usb: Flush altsetting 0 endpoints before reinitializating them after reset (git-fixes). - usb: cdnsp: Fix issue with detecting USB 3.2 speed (git-fixes). - usb: cdnsp: Fix issue with detecting command completion event (git-fixes). - usb: dwc3: gadget: Make gadget_wakeup asynchronous (git-fixes). - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE (stable-fixes). - usb: renesas_usbhs: Reorder clock handling and power management in probe (git-fixes). - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device (stable-fixes). - usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() (git-fixes). - usb: typec: ucsi: Only enable supported notifications (git-fixes). - usb: typec: ucsi: allow non-partner GET_PDOS for Qualcomm devices (git-fixes). - usb: typec: ucsi: fix Clang -Wsign-conversion warning (git-fixes). - usb: typec: ucsi: fix UCSI on buggy Qualcomm devices (git-fixes). - usb: typec: ucsi: limit the UCSI_NO_PARTNER_PDOS even further (git-fixes). - usb: usbtmc: Fix read_stb function and get_stb ioctl (git-fixes). - usb: usbtmc: Fix timeout value in get_stb (git-fixes). - usb: xhci: Do not change the status of stalled TDs on failed Stop EP (stable-fixes). - usbnet: asix AX88772: leave the carrier control to phylink (stable-fixes). - vgacon: Add check for vc_origin address range in vgacon_scroll() (git-fixes). - vmxnet3: correctly report gso type for UDP tunnels (bsc#1244626). - vmxnet3: support higher link speeds from vmxnet3 v9 (bsc#1244626). - vmxnet3: update MTU after device quiesce (bsc#1244626). - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() (git-fixes). - watchdog: da9052_wdt: respect TWDMIN (stable-fixes). - watchdog: exar: Shorten identity name to fit correctly (git-fixes). - watchdog: fix watchdog may detect false positive of softlockup (stable-fixes). - watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04 (git-fixes). - watchdog: mediatek: Add support for MT6735 TOPRGU/WDT (git-fixes). - wifi: ath11k: Fix QMI memory reuse logic (stable-fixes). - wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() (git-fixes). - wifi: ath11k: convert timeouts to secs_to_jiffies() (stable-fixes). - wifi: ath11k: do not use static variables in ath11k_debugfs_fw_stats_process() (git-fixes). - wifi: ath11k: do not wait when there is no vdev started (git-fixes). - wifi: ath11k: fix node corruption in ar->arvifs list (git-fixes). - wifi: ath11k: fix ring-buffer corruption (git-fixes). - wifi: ath11k: fix rx completion meta data corruption (git-fixes). - wifi: ath11k: fix soc_dp_stats debugfs file permission (stable-fixes). - wifi: ath11k: move some firmware stats related functions outside of debugfs (git-fixes). - wifi: ath11k: update channel list in worker when wait flag is set (bsc#1243847). - wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready (git-fixes). - wifi: ath12k: Add MSDU length validation for TKIP MIC error (git-fixes). - wifi: ath12k: Avoid napi_sync() before napi_enable() (stable-fixes). - wifi: ath12k: Fix WMI tag for EHT rate in peer assoc (git-fixes). - wifi: ath12k: Fix end offset bit definition in monitor ring descriptor (stable-fixes). - wifi: ath12k: Fix invalid memory access while forming 802.11 header (git-fixes). - wifi: ath12k: Fix memory leak during vdev_id mismatch (git-fixes). - wifi: ath12k: Fix the QoS control field offset to build QoS header (git-fixes). - wifi: ath12k: Improve BSS discovery with hidden SSID in 6 GHz band (stable-fixes). - wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz (stable-fixes). - wifi: ath12k: Report proper tx completion status to mac80211 (stable-fixes). - wifi: ath12k: fix a possible dead lock caused by ab->base_lock (stable-fixes). - wifi: ath12k: fix ath12k_hal_tx_cmd_ext_desc_setup() info1 override (stable-fixes). - wifi: ath12k: fix cleanup path after mhi init (git-fixes). - wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping (stable-fixes). - wifi: ath12k: fix incorrect CE addresses (stable-fixes). - wifi: ath12k: fix invalid access to memory (git-fixes). - wifi: ath12k: fix link valid field initialization in the monitor Rx (stable-fixes). - wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET (stable-fixes). - wifi: ath12k: fix node corruption in ar->arvifs list (git-fixes). - wifi: ath12k: fix ring-buffer corruption (git-fixes). - wifi: ath9k: return by of_get_mac_address (stable-fixes). - wifi: ath9k_htc: Abort software beacon handling if disabled (git-fixes). - wifi: carl9170: do not ping device which has failed to load firmware (git-fixes). - wifi: iwlfiwi: mvm: Fix the rate reporting (git-fixes). - wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0 (stable-fixes). - wifi: iwlwifi: add support for Killer on MTL (stable-fixes). - wifi: iwlwifi: fix debug actions order (stable-fixes). - wifi: iwlwifi: pcie: make sure to lock rxq->read (stable-fixes). - wifi: mac80211: VLAN traffic in multicast path (stable-fixes). - wifi: mac80211: do not offer a mesh path if forwarding is disabled (stable-fixes). - wifi: mac80211: do not unconditionally call drv_mgd_complete_tx() (stable-fixes). - wifi: mac80211: fix beacon interval calculation overflow (git-fixes). - wifi: mac80211: remove misplaced drv_mgd_complete_tx() call (stable-fixes). - wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled (stable-fixes). - wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R (stable-fixes). - wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() (git-fixes). - wifi: mt76: mt7921: add 160 MHz AP for mt7922 device (stable-fixes). - wifi: mt76: mt7925: ensure all MCU commands wait for response (git-fixes). - wifi: mt76: mt7925: fix host interrupt register initialization (git-fixes). - wifi: mt76: mt7925: prevent multiple scan commands (git-fixes). - wifi: mt76: mt7925: refine the sniffer commnad (git-fixes). - wifi: mt76: mt7996: drop fragments with multicast or broadcast RA (stable-fixes). - wifi: mt76: mt7996: fix RX buffer size of MCU event (git-fixes). - wifi: mt76: mt7996: revise TXS size (stable-fixes). - wifi: mt76: mt7996: set EHT max ampdu length capability (git-fixes). - wifi: mt76: only mark tx-status-failed frames as ACKed on mt76x0/2 (stable-fixes). - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() (git-fixes). - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 (git-fixes). - wifi: rtw88: Do not use static local variable in rtw8822b_set_tx_power_index_by_rate (stable-fixes). - wifi: rtw88: Fix __rtw_download_firmware() for RTL8814AU (stable-fixes). - wifi: rtw88: Fix download_firmware_validate() for RTL8814AU (stable-fixes). - wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31 (stable-fixes). - wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU (stable-fixes). - wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU (stable-fixes). - wifi: rtw88: do not ignore hardware read error during DPK (git-fixes). - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (git-fixes). - wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally (git-fixes). - wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT (git-fixes). - wifi: rtw88: usb: Reduce control message timeout to 500 ms (git-fixes). - wifi: rtw89: add wiphy_lock() to work that isn't held wiphy_lock() yet (stable-fixes). - wifi: rtw89: fw: propagate error code from rtw89_h2c_tx() (stable-fixes). - wifi: rtw89: leave idle mode when setting WEP encryption for AP mode (stable-fixes). - wifi: rtw89: pci: enlarge retry times of RX tag to 1000 (git-fixes). - x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() (git-fixes). - x86/kaslr: Reduce KASLR entropy on most x86 systems (git-fixes). - x86/microcode/AMD: Add get_patch_level() (git-fixes). - x86/microcode/AMD: Do not return error when microcode update is not necessary (git-fixes). - x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration (git-fixes). - x86/microcode/AMD: Have __apply_microcode_amd() return bool (git-fixes). - x86/microcode/AMD: Make __verify_patch_size() return bool (git-fixes). - x86/microcode/AMD: Merge early_apply_microcode() into its single callsite (git-fixes). - x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section() signature (git-fixes). - x86/microcode/AMD: Return bool from find_blobs_in_containers() (git-fixes). - x86/microcode: Consolidate the loader enablement checking (git-fixes). - x86/mm/init: Handle the special case of device private pages in add_pages(), to not increase max_pfn and trigger dma_addressing_limited() bounce buffers (git-fixes). - x86/xen: fix balloon target initialization for PVH dom0 (git-fixes). - xen/arm: call uaccess_ttbr0_enable for dm_op hypercall (git-fixes) - xen/x86: fix initial memory balloon target (git-fixes). - xsk: always clear DMA mapping information when unmapping the pool (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2543-1 Released: Tue Jul 29 11:09:01 2025 Summary: Recommended update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 Type: recommended Severity: moderate References: 1233012 This update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2558-1 Released: Wed Jul 30 22:14:27 2025 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: 1230267,1243279,1243457,1243486,1244042,1244710,1245220,1245452,1245496,1245672 This update for libsolv fixes the following issues: - Allow easy migration from SLE Micro 5.5 + SUMA to SL Micro 6.1+MLM (bsc#1243457). - implement color filtering when adding update targets. - support orderwithrequires dependencies in susedata.xml. - Fix SEGV in MediaDISK handler (bsc#1245452). - Fix evaluation of libproxy results (bsc#1244710). - Enhancements regarding mirror handling during repo refresh. Adapt to libzypp API changes (bsc#1230267). - Explicitly selecting DownloadAsNeeded also selects the classic_rpmtrans backend. - Enhancements with mirror handling during repo refresh, needs zypper 1.14.91. - Fix autotestcase when ZYPP_FULLLOG=1 (bsc#1244042) There was no testcase written for the very first solver run. - zypper does not allow distinctions between install and upgrade in %postinstall (bsc#1243279). - Ignore DeltaRpm download errors, in case of a failure the full rpm is downloaded (bsc#1245672). - Improve fix for incorrect filesize handling and download data exceeded errors on HTTP responses (bsc#1245220). - sh: Reset solver options after command (bsc#1245496). - BuildRequires: Now %{libsolv_devel_package} greater or equal to 0.7.34 is required (bsc#1243486). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2572-1 Released: Thu Jul 31 11:11:10 2025 Summary: Recommended update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp Type: recommended Severity: moderate References: 1233012 This update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2573-1 Released: Thu Jul 31 11:15:06 2025 Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six Type: recommended Severity: moderate References: 1233012 This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2574-1 Released: Thu Jul 31 11:19:37 2025 Summary: Recommended update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools Type: recommended Severity: moderate References: 1233012 This update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2536-1 Released: Thu Jul 31 16:44:39 2025 Summary: Security update for boost Type: security Severity: important References: 1245936,CVE-2016-9840 This update for boost fixes the following issues: - CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2595-1 Released: Fri Aug 1 17:13:59 2025 Summary: Security update for gnutls Type: security Severity: important References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2713-1 Released: Wed Aug 6 11:21:54 2025 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1245950 This update for hwinfo fixes the following issues: - Fix usb network card detection (bsc#1245950) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2758-1 Released: Tue Aug 12 12:05:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2761-1 Released: Tue Aug 12 14:17:29 2025 Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa Type: recommended Severity: moderate References: 1233012 This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:2763-1 Released: Tue Aug 12 14:45:40 2025 Summary: Optional update for libyaml Type: optional Severity: moderate References: 1246570 This update for libyaml ships the missing libyaml-0-2 library package to SUSE MicroOS 5.1 and 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2772-1 Released: Tue Aug 12 19:35:08 2025 Summary: Recommended update for grub2 Type: security Severity: moderate References: 1234959,1246157,1246231,1246237,CVE-2024-56738 This update for grub2 fixes the following issues: - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959) Other fixes: - Fix test -f and -s do not work properly over the network files served via tftp and http (bsc#1246157, bsc#1246237) - Skip mount point in grub_find_device function (bsc#1246231) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2776-1 Released: Wed Aug 13 08:10:36 2025 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1237143 This update for systemd-rpm-macros fixes the following issues: - Introduce %udev_trigger_with_reload() for packages that need to trigger events in theirs scriplets. The new macro automatically triggers a reload of the udev rule files as this step is often overlooked by packages (bsc#1237143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2838-1 Released: Mon Aug 18 10:56:16 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1245223 This update for suse-build-key fixes the following issue: - adjust SLES16 signing key UID (name,email) with official names (bsc#1245223). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2841-1 Released: Mon Aug 18 13:01:25 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2888-1 Released: Tue Aug 19 09:47:17 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1228929,1241038 This update for suse-module-tools fixes the following issues: - Version update 15.6.11. - Add missing util-linux requirement to the spec file (bsc#1241038) - Kernel installation fails to build initrd (bsc#1228929). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2914-1 Released: Tue Aug 19 14:54:30 2025 Summary: Security update for docker Type: security Severity: moderate References: 1246556,1247367,CVE-2025-54388 This update for docker fixes the following issues: - Update to Docker 28.3.3-ce. - CVE-2025-54388: Fixed a bug where firewalld when reloaded can make published container ports accessible from remote hosts. (bsc#1247367) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2915-1 Released: Tue Aug 19 14:56:35 2025 Summary: Security update for jq Type: security Severity: moderate References: 1244116,CVE-2025-48060 This update for jq fixes the following issues: - CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116) The following package changes have been done: - boost-license1_66_0-1.66.0-150200.12.7.1 updated - coreutils-8.32-150400.9.9.1 updated - crypto-policies-20230920.570ea89-150600.3.12.1 updated - docker-28.3.3_ce-150000.230.1 updated - grub2-i386-pc-2.12-150600.8.34.1 updated - grub2-x86_64-efi-2.12-150600.8.34.1 updated - grub2-2.12-150600.8.34.1 updated - hwinfo-21.89-150500.3.12.1 updated - iputils-20221126-150500.3.14.1 updated - jq-1.6-150000.3.9.1 updated - kernel-default-6.4.0-150600.23.60.5 updated - libboost_system1_66_0-1.66.0-150200.12.7.1 updated - libboost_thread1_66_0-1.66.0-150200.12.7.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.10.3-150600.3.9.1 updated - libgnutls30-3.8.3-150600.4.9.1 updated - libjq1-1.6-150000.3.9.1 updated - libopenssl1_1-1.1.1w-150600.5.15.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - libsasl2-3-2.1.28-150600.7.6.2 updated - libsolv-tools-base-0.7.34-150600.8.17.2 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libsystemd0-254.27-150600.4.43.3 updated - libudev1-254.27-150600.4.43.3 updated - libxml2-2-2.10.3-150500.5.32.1 updated - libyaml-0-2-0.1.7-150000.3.4.1 updated - libzypp-17.37.10-150600.3.74.1 updated - python3-PyYAML-5.4.1-150300.3.6.1 updated - python3-appdirs-1.4.3-150000.3.3.1 updated - python3-asn1crypto-0.24.0-150000.3.5.1 updated - python3-attrs-19.3.0-150200.3.9.1 updated - python3-base-3.6.15-150300.10.97.1 updated - python3-certifi-2018.1.18-150000.3.6.1 updated - python3-cffi-1.13.2-150200.3.5.1 updated - python3-chardet-3.0.4-150000.5.6.1 updated - python3-cryptography-3.3.2-150400.26.1 updated - python3-idna-2.6-150000.3.6.1 updated - python3-importlib-metadata-1.5.0-150100.3.8.1 updated - python3-iniconfig-1.1.1-150000.1.13.1 updated - python3-more-itertools-8.10.0-150400.10.1 updated - python3-packaging-21.3-150200.3.6.1 updated - python3-pyOpenSSL-21.0.0-150400.10.1 updated - python3-pyasn1-0.4.2-150000.3.8.1 updated - python3-pycparser-2.17-150000.3.5.1 updated - python3-pyparsing-2.4.7-150300.3.3.1 updated - python3-pytz-2022.1-150300.3.9.1 updated - python3-py-1.10.0-150100.5.15.1 updated - python3-requests-2.25.1-150300.3.18.1 updated - python3-setuptools-44.1.1-150400.9.15.1 updated - python3-six-1.14.0-150200.15.1 updated - python3-urllib3-1.25.10-150300.4.15.1 updated - python3-zipp-0.6.0-150100.3.8.1 updated - python3-3.6.15-150300.10.97.2 updated - samba-client-libs-4.19.8+git.430.a10fe64854c-150600.3.18.2 updated - suse-build-key-12.0-150000.8.61.2 updated - suse-module-tools-15.6.11-150600.3.9.2 updated - systemd-rpm-macros-16-150000.7.42.1 updated - systemd-254.27-150600.4.43.3 updated - udev-254.27-150600.4.43.3 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - xen-libs-4.18.5_04-150600.3.28.1 updated - zypper-1.14.92-150600.10.46.2 updated From sle-container-updates at lists.suse.com Wed Aug 20 07:02:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 09:02:57 +0200 (CEST) Subject: SUSE-IU-2025:2331-1: Security update of suse-sles-15-sp6-chost-byos-v20250819-hvm-ssd-x86_64 Message-ID: <20250820070257.01518FF2D@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20250819-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2331-1 Image Tags : suse-sles-15-sp6-chost-byos-v20250819-hvm-ssd-x86_64:20250819 Image Release : Severity : important Type : security References : 1012628 1151679 1151680 1151794 1151927 1210025 1211226 1215199 1218184 1218459 1221107 1223008 1228557 1228854 1228929 1229655 1230262 1230267 1232504 1232526 1232882 1233012 1233012 1233012 1233012 1233012 1233012 1234959 1235490 1235728 1236208 1237143 1237312 1237442 1237913 1238491 1238859 1238896 1238982 1239566 1239938 1240180 1240577 1240610 1240686 1240723 1240788 1240814 1240823 1241038 1241166 1241278 1241414 1241544 1241549 1241572 1241592 1241617 1242086 1242163 1242504 1242515 1242521 1242556 1242573 1242725 1242846 1242849 1242850 1242907 1242940 1242946 1242954 1242982 1243051 1243060 1243273 1243279 1243342 1243450 1243457 1243467 1243475 1243480 1243486 1243506 1243523 1243537 1243538 1243542 1243544 1243551 1243571 1243572 1243620 1243628 1243698 1243767 1243772 1243774 1243782 1243823 1243827 1243832 1243836 1243847 1243991 1244032 1244042 1244050 1244056 1244059 1244060 1244061 1244100 1244116 1244145 1244172 1244176 1244229 1244234 1244241 1244261 1244274 1244275 1244277 1244309 1244313 1244337 1244401 1244554 1244555 1244557 1244590 1244626 1244644 1244700 1244705 1244710 1244725 1244727 1244729 1244731 1244732 1244736 1244737 1244738 1244739 1244743 1244746 1244759 1244789 1244862 1244906 1244938 1244995 1244996 1244999 1245001 1245003 1245004 1245025 1245042 1245046 1245078 1245081 1245082 1245083 1245155 1245183 1245193 1245210 1245217 1245220 1245220 1245223 1245225 1245226 1245228 1245431 1245452 1245455 1245496 1245573 1245672 1245936 1245950 1245985 1246038 1246112 1246149 1246157 1246231 1246232 1246233 1246237 1246267 1246296 1246299 1246431 1246466 1246556 1246570 1246597 1246697 1247054 1247249 1247367 1247690 831629 CVE-2016-9840 CVE-2023-52888 CVE-2024-12718 CVE-2024-2236 CVE-2024-23337 CVE-2024-26831 CVE-2024-36350 CVE-2024-36357 CVE-2024-49568 CVE-2024-50106 CVE-2024-56613 CVE-2024-56699 CVE-2024-56738 CVE-2024-57982 CVE-2024-58053 CVE-2025-21658 CVE-2025-21720 CVE-2025-21868 CVE-2025-21898 CVE-2025-21899 CVE-2025-21920 CVE-2025-21938 CVE-2025-21959 CVE-2025-21997 CVE-2025-22035 CVE-2025-22083 CVE-2025-22111 CVE-2025-22113 CVE-2025-22120 CVE-2025-23155 CVE-2025-27465 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-37738 CVE-2025-37743 CVE-2025-37752 CVE-2025-37756 CVE-2025-37757 CVE-2025-37786 CVE-2025-37800 CVE-2025-37801 CVE-2025-37811 CVE-2025-37844 CVE-2025-37859 CVE-2025-37862 CVE-2025-37865 CVE-2025-37874 CVE-2025-37884 CVE-2025-37909 CVE-2025-37917 CVE-2025-37921 CVE-2025-37923 CVE-2025-37927 CVE-2025-37933 CVE-2025-37936 CVE-2025-37938 CVE-2025-37945 CVE-2025-37946 CVE-2025-37961 CVE-2025-37967 CVE-2025-37968 CVE-2025-37973 CVE-2025-37987 CVE-2025-37992 CVE-2025-37994 CVE-2025-37995 CVE-2025-37997 CVE-2025-37998 CVE-2025-38000 CVE-2025-38001 CVE-2025-38003 CVE-2025-38004 CVE-2025-38005 CVE-2025-38007 CVE-2025-38009 CVE-2025-38010 CVE-2025-38011 CVE-2025-38013 CVE-2025-38014 CVE-2025-38015 CVE-2025-38018 CVE-2025-38020 CVE-2025-38022 CVE-2025-38023 CVE-2025-38024 CVE-2025-38027 CVE-2025-38031 CVE-2025-38040 CVE-2025-38043 CVE-2025-38044 CVE-2025-38045 CVE-2025-38053 CVE-2025-38057 CVE-2025-38059 CVE-2025-38060 CVE-2025-38065 CVE-2025-38068 CVE-2025-38072 CVE-2025-38077 CVE-2025-38078 CVE-2025-38079 CVE-2025-38080 CVE-2025-38081 CVE-2025-38083 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-48060 CVE-2025-48964 CVE-2025-49794 CVE-2025-49795 CVE-2025-49796 CVE-2025-5278 CVE-2025-54388 CVE-2025-6021 CVE-2025-6069 CVE-2025-6170 CVE-2025-6297 CVE-2025-6395 CVE-2025-6965 CVE-2025-7425 CVE-2025-8194 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20250819-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2301-1 Released: Mon Jul 14 11:48:57 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1229655 This update for cyrus-sasl fixes the following issues: - Add Channel Binding support for GSSAPI/GSS-SPNEGO (bsc#1229655, jsc#PED-12097) - Add support for setting max ssf 0 to GSS-SPNEGO (bsc#1229655, jsc#PED-12097). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2314-1 Released: Tue Jul 15 14:34:08 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1244554,1244555,1244557,1244590,1244700,CVE-2025-49794,CVE-2025-49795,CVE-2025-49796,CVE-2025-6021,CVE-2025-6170 This update for libxml2 fixes the following issues: - CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554) - CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557) - CVE-2025-49795: Fixed a null pointer dereference which could lead to denial of service. (bsc#1244555) - CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700) - CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2316-1 Released: Tue Jul 15 14:59:23 2025 Summary: Security update for xen Type: security Severity: important References: 1238896,1244644,1246112,CVE-2024-36350,CVE-2024-36357,CVE-2025-27465 This update for xen fixes the following issues: - CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471) - CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2344-1 Released: Thu Jul 17 13:09:02 2025 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1246431 This update for samba fixes the following issues: - Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName (bsc#1246431). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2362-1 Released: Fri Jul 18 11:07:24 2025 Summary: Security update for coreutils Type: security Severity: moderate References: 1243767,CVE-2025-5278 This update for coreutils fixes the following issues: - CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2384-1 Released: Fri Jul 18 18:45:53 2025 Summary: Security update for jq Type: security Severity: moderate References: 1243450,CVE-2024-23337 This update for jq fixes the following issues: - CVE-2024-23337: Fixed signed integer overflow in jv.c:jvp_array_write (bsc#1243450). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2430-1 Released: Mon Jul 21 13:23:17 2025 Summary: Security update for iputils Type: security Severity: moderate References: 1243772,CVE-2025-48964 This update for iputils fixes the following issues: - CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp (bsc#1243772). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2447-1 Released: Mon Jul 21 16:45:25 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: Fixed timing based side-channel in RSA implementation. (bsc#1221107) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2538-1 Released: Mon Jul 28 17:10:28 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1151679,1151680,1151794,1151927,1210025,1211226,1215199,1218184,1223008,1228557,1228854,1232504,1232882,1235490,1235728,1236208,1237312,1237913,1238859,1238982,1240180,1240577,1240610,1240686,1240723,1240814,1240823,1241166,1241278,1241414,1241544,1241572,1241592,1241617,1242086,1242163,1242504,1242515,1242521,1242556,1242573,1242725,1242846,1242849,1242850,1242907,1242940,1242946,1242954,1242982,1243051,1243060,1243342,1243467,1243475,1243480,1243506,1243523,1243537,1243538,1243542,1243544,1243551,1243571,1243572,1243620,1243628,1243698,1243774,1243782,1243823,1243827,1243832,1243836,1243847,1244100,1244145,1244172,1244176,1244229,1244234,1244241,1244261,1244274,1244275,1244277,1244309,1244313,1244337,1244626,1244725,1244727,1244729,1244731,1244732,1244736,1244737,1244738,1244739,1244743,1244746,1244759,1244789,1244862,1244906,1244938,1244995,1244996,1244999,1245001,1245003,1245004,1245025,1245042,1245046,1245078,1245081,1245082,1245083,1245155,1245183,1245193,1 245210,1245217,1245225,1245226,1245228,1245431,1245455,CVE-2023-52888,CVE-2024-26831,CVE-2024-49568,CVE-2024-50106,CVE-2024-56613,CVE-2024-56699,CVE-2024-57982,CVE-2024-58053,CVE-2025-21658,CVE-2025-21720,CVE-2025-21868,CVE-2025-21898,CVE-2025-21899,CVE-2025-21920,CVE-2025-21938,CVE-2025-21959,CVE-2025-21997,CVE-2025-22035,CVE-2025-22083,CVE-2025-22111,CVE-2025-22113,CVE-2025-22120,CVE-2025-23155,CVE-2025-37738,CVE-2025-37743,CVE-2025-37752,CVE-2025-37756,CVE-2025-37757,CVE-2025-37786,CVE-2025-37800,CVE-2025-37801,CVE-2025-37811,CVE-2025-37844,CVE-2025-37859,CVE-2025-37862,CVE-2025-37865,CVE-2025-37874,CVE-2025-37884,CVE-2025-37909,CVE-2025-37917,CVE-2025-37921,CVE-2025-37923,CVE-2025-37927,CVE-2025-37933,CVE-2025-37936,CVE-2025-37938,CVE-2025-37945,CVE-2025-37946,CVE-2025-37961,CVE-2025-37967,CVE-2025-37968,CVE-2025-37973,CVE-2025-37987,CVE-2025-37992,CVE-2025-37994,CVE-2025-37995,CVE-2025-37997,CVE-2025-37998,CVE-2025-38000,CVE-2025-38001,CVE-2025-38003,CVE-2025-38004,CVE-2025-380 05,CVE-2025-38007,CVE-2025-38009,CVE-2025-38010,CVE-2025-38011,CVE-2025-38013,CVE-2025-38014,CVE-2025-38015,CVE-2025-38018,CVE-2025-38020,CVE-2025-38022,CVE-2025-38023,CVE-2025-38024,CVE-2025-38027,CVE-2025-38031,CVE-2025-38040,CVE-2025-38043,CVE-2025-38044,CVE-2025-38045,CVE-2025-38053,CVE-2025-38057,CVE-2025-38059,CVE-2025-38060,CVE-2025-38065,CVE-2025-38068,CVE-2025-38072,CVE-2025-38077,CVE-2025-38078,CVE-2025-38079,CVE-2025-38080,CVE-2025-38081,CVE-2025-38083 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52888: media: mediatek: vcodec: Only free buffer VA that is not NULL (bsc#1228557). - CVE-2024-49568: net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg (bsc#1235728). - CVE-2024-57982: xfrm: state: fix out-of-bounds read during lookup (bsc#1237913). - CVE-2024-58053: rxrpc: Fix handling of received connection abort (bsc#1238982). - CVE-2025-21720: xfrm: delete intermediate secpath entry in packet offload mode (bsc#1238859). - CVE-2025-21868: kABI workaround for adding an header (bsc#1240180). - CVE-2025-21898: ftrace: Avoid potential division by zero in function_stat_show() (bsc#1240610). - CVE-2025-21899: tracing: Fix bad hist from corrupting named_triggers list (bsc#1240577). - CVE-2025-21920: vlan: enforce underlying device type (bsc#1240686). - CVE-2025-21938: mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr (bsc#1240723). - CVE-2025-21959: netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (bsc#1240814). - CVE-2025-21997: xsk: fix an integer overflow in xp_create_and_assign_umem() (bsc#1240823). - CVE-2025-22035: tracing: Fix use-after-free in print_graph_function_flags during tracer switching (bsc#1241544). - CVE-2025-22111: kABI fix for net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF (bsc#1241572). - CVE-2025-22113: ext4: define ext4_journal_destroy wrapper (bsc#1241617). - CVE-2025-23155: net: stmmac: Fix accessing freed irq affinity_hint (bsc#1242573). - CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846). - CVE-2025-37743: wifi: ath12k: Avoid memory leak while enabling statistics (bsc#1242163). - CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504). - CVE-2025-37756: net: tls: explicitly disallow disconnect (bsc#1242515). - CVE-2025-37757: tipc: fix memory leak in tipc_link_xmit (bsc#1242521). - CVE-2025-37786: net: dsa: free routing table on probe failure (bsc#1242725). - CVE-2025-37800: driver core: fix potential NULL pointer dereference in dev_uevent() (bsc#1242849). - CVE-2025-37801: spi: spi-imx: Add check for spi_imx_setupxfer() (bsc#1242850). - CVE-2025-37811: usb: chipidea: ci_hdrc_imx: fix usbmisc handling (bsc#1242907). - CVE-2025-37844: cifs: avoid NULL pointer dereference in dbg call (bsc#1242946). - CVE-2025-37859: page_pool: avoid infinite loop to schedule delayed worker (bsc#1243051). - CVE-2025-37862: HID: pidff: Fix null pointer dereference in pidff_find_fields (bsc#1242982). - CVE-2025-37865: net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported (bsc#1242954). - CVE-2025-37874: net: ngbe: fix memory leak in ngbe_probe() error path (bsc#1242940). - CVE-2025-37884: bpf: Fix deadlock between rcu_tasks_trace and event_mutex (bsc#1243060). - CVE-2025-37909: net: lan743x: Fix memleak issue when GSO enabled (bsc#1243467). - CVE-2025-37917: net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll (bsc#1243475). - CVE-2025-37921: vxlan: vnifilter: Fix unlocked deletion of default FDB entry (bsc#1243480). - CVE-2025-37923: tracing: Fix oob write in trace_seq_to_buffer() (bsc#1243551). - CVE-2025-37927: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid (bsc#1243620). - CVE-2025-37933: octeon_ep: Fix host hang issue during device reboot (bsc#1243628). - CVE-2025-37936: perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value (bsc#1243537). - CVE-2025-37938: tracing: Verify event formats that have '%*p..' (bsc#1243544). - CVE-2025-37945: net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY (bsc#1243538). - CVE-2025-37961: ipvs: fix uninit-value for saddr in do_output_route4 (bsc#1243523). - CVE-2025-37967: usb: typec: ucsi: displayport: Fix deadlock (bsc#1243572). - CVE-2025-37968: iio: light: opt3001: fix deadlock due to concurrent flag access (bsc#1243571). - CVE-2025-37987: pds_core: Prevent possible adminq overflow/stuck condition (bsc#1243542). - CVE-2025-37992: net_sched: Flush gso_skb list too during ->change() (bsc#1243698). - CVE-2025-37995: module: ensure that kobject_put() is safe for module type kobjects (bsc#1243827). - CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832). - CVE-2025-37998: openvswitch: Fix unsafe attribute parsing in output_userspace() (bsc#1243836). - CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277). - CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234). - CVE-2025-38011: drm/amdgpu: csa unmap use uninterruptible lock (bsc#1244729). - CVE-2025-38018: net/tls: fix kernel panic when alloc_page failed (bsc#1244999). - CVE-2025-38053: idpf: fix null-ptr-deref in idpf_features_check (bsc#1244746). - CVE-2025-38057: espintcp: fix skb leaks (bsc#1244862). - CVE-2025-38060: bpf: abort verification if env->cur_state->loop_entry != NULL (bsc#1245155). - CVE-2025-38072: libnvdimm/labels: Fix divide error in nd_label_data_init() (bsc#1244743). The following non-security bugs were fixed: - ACPI: CPPC: Fix NULL pointer dereference when nosmp is used (git-fixes). - ACPI: HED: Always initialize before evged (stable-fixes). - ACPI: OSI: Stop advertising support for '3.0 _SCP Extensions' (git-fixes). - ACPI: PNP: Add Intel OC Watchdog IDs to non-PNP device list (stable-fixes). - ACPI: battery: negate current when discharging (stable-fixes). - ACPI: bus: Bail out if acpi_kobj registration fails (stable-fixes). - ACPICA: Avoid sequence overread in call to strncmp() (stable-fixes). - ACPICA: Utilities: Fix spelling mistake 'Incremement' -> 'Increment' (git-fixes). - ACPICA: exserial: do not forget to handle FFixedHW opregions for reading (git-fixes). - ACPICA: fix acpi operand cache leak in dswstate.c (stable-fixes). - ACPICA: fix acpi parse and parseext cache leaks (stable-fixes). - ACPICA: utilities: Fix overflow check in vsnprintf() (stable-fixes). - ALSA: hda/intel: Add Thinkpad E15 to PM deny list (stable-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx (stable-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14ASP10 (stable-fixes). - ALSA: hda/realtek: Enable PC beep passthrough for HP EliteBook 855 G7 (stable-fixes). - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR (git-fixes). - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X513EA (git-fixes). - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged (stable-fixes). - ALSA: pcm: Fix race of buffer access at PCM OSS layer (stable-fixes). - ALSA: seq: Improve data consistency at polling (stable-fixes). - ALSA: usb-audio: Accept multiple protocols in GTBs (stable-fixes). - ALSA: usb-audio: Add Pioneer DJ DJM-V10 support (stable-fixes). - ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock (stable-fixes). - ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 (stable-fixes). - ALSA: usb-audio: Add name for HP Engage Go dock (stable-fixes). - ALSA: usb-audio: Check shutdown at endpoint_set_interface() (stable-fixes). - ALSA: usb-audio: Fix NULL pointer deref in snd_usb_power_domain_set() (git-fixes). - ALSA: usb-audio: Fix duplicated name in MIDI substream names (stable-fixes). - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (git-fixes). - ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card (stable-fixes). - ALSA: usb-audio: Rename Pioneer mixer channel controls (git-fixes). - ALSA: usb-audio: Set MIDI1 flag appropriately for GTB MIDI 1.0 entry (stable-fixes). - ALSA: usb-audio: Skip setting clock selector for single connections (stable-fixes). - ALSA: usb-audio: Support multiple control interfaces (stable-fixes). - ALSA: usb-audio: Support read-only clock selector control (stable-fixes). - ALSA: usb-audio: enable support for Presonus Studio 1824c within 1810c file (stable-fixes). - ALSA: usb-audio: mixer: Remove temporary string use in parse_clock_source_unit (stable-fixes). - ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX (git-fixes). - ASoC: Intel: avs: Verify content returned by parse_int_array() (git-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 (stable-fixes). - ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type (git-fixes). - ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9 (stable-fixes). - ASoC: apple: mca: Constrain channels according to TDM mask (git-fixes). - ASoC: codecs: hda: Fix RPM usage count underflow (git-fixes). - ASoC: codecs: pcm3168a: Allow for 24-bit in provider mode (stable-fixes). - ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of() (stable-fixes). - ASoC: mediatek: mt6359: Add stub for mt6359_accdet_enable_jack_detect (stable-fixes). - ASoC: mediatek: mt8188: Add reference for dmic clocks (stable-fixes). - ASoC: mediatek: mt8188: Treat DMIC_GAINx_CUR as non-volatile (stable-fixes). - ASoC: meson: meson-card-utils: use of_property_present() for DT parsing (git-fixes). - ASoC: ops: Enforce platform maximum on initial value (stable-fixes). - ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() (git-fixes). - ASoC: qcom: sm8250: explicitly set format in sm8250_be_hw_params_fixup() (stable-fixes). - ASoC: rt722-sdca: Add some missing readable registers (stable-fixes). - ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot() (stable-fixes). - ASoC: sun4i-codec: support hp-det-gpios property (stable-fixes). - ASoC: tas2764: Add reg defaults for TAS2764_INT_CLK_CFG (stable-fixes). - ASoC: tas2764: Enable main IRQs (git-fixes). - ASoC: tas2764: Mark SW_RESET as volatile (stable-fixes). - ASoC: tas2764: Power up/down amp on mute ops (stable-fixes). - ASoC: tas2764: Reinit cache on part reset (git-fixes). - ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change (stable-fixes). - ASoC: tegra210_ahub: Add check to of_device_get_match_data() (stable-fixes). - Bluetooth: Fix NULL pointer deference on eir_get_service_data (git-fixes). - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION (git-fixes). - Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete (git-fixes). - Bluetooth: MGMT: Fix sparse errors (git-fixes). - Bluetooth: MGMT: Remove unused mgmt_pending_find_data (stable-fixes). - Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() (git-fixes). - Bluetooth: Remove pending ACL connection attempts (stable-fixes). - Bluetooth: hci_conn: Fix UAF Write in __hci_acl_create_connection_sync (git-fixes). - Bluetooth: hci_conn: Only do ACL connections sequentially (stable-fixes). - Bluetooth: hci_core: fix list_for_each_entry_rcu usage (git-fixes). - Bluetooth: hci_event: Fix not using key encryption size when its known (git-fixes). - Bluetooth: hci_qca: move the SoC type check to the right place (git-fixes). - Bluetooth: hci_sync: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync (git-fixes). - Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance (git-fixes). - Documentation/rtla: Fix duplicate text about timerlat tracer (git-fixes). - Documentation/rtla: Fix typo in common_timerlat_description.rst (git-fixes). - Documentation/rtla: Fix typo in rtla-timerlat.rst (git-fixes). - Documentation: fix typo in root= kernel parameter description (git-fixes). - HID: lenovo: Restrict F7/9/11 mode to compact keyboards only (git-fixes). - HID: quirks: Add ADATA XPG alpha wireless mouse support (stable-fixes). - HID: usbkbd: Fix the bit shift number for LED_KANA (stable-fixes). - HID: wacom: fix kobject reference count leak (git-fixes). - HID: wacom: fix memory leak on kobject creation failure (git-fixes). - HID: wacom: fix memory leak on sysfs attribute creation failure (git-fixes). - Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer() (git-fixes). - Input: ims-pcu - check record size in ims_pcu_flash_firmware() (git-fixes). - Input: sparcspkr - avoid unannotated fall-through (stable-fixes). - Input: xpad - add more controllers (stable-fixes). - KVM: powerpc: Enable commented out BUILD_BUG_ON() assertion (bsc#1215199). - KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY (git-fixes bsc#1245225). - MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') - MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild') - MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed. - NFC: nci: uart: Set tty->disc_data only in success path (git-fixes). - NFS: Do not allow waiting for exiting tasks (git-fixes). - NFSD: Insulate nfsd4_encode_read_plus() from page boundaries in the encode buffer (git-fixes). - NFSv4: Check for delegation validity in nfs_start_delegation_return_locked() (git-fixes). - NFSv4: Treat ENETUNREACH errors as fatal for state recovery (git-fixes). - PCI/DPC: Initialize aer_err_info before using it (git-fixes). - PCI/DPC: Log Error Source ID only when valid (git-fixes). - PCI/DPC: Use defines with DPC reason fields (git-fixes). - PCI/MSI: Size device MSI domain with the maximum number of vectors (git-fixes). - PCI/PM: Set up runtime PM even for devices without PCI PM (git-fixes). - PCI: Explicitly put devices into D0 when initializing (git-fixes). - PCI: Fix lock symmetry in pci_slot_unlock() (git-fixes). - PCI: Fix old_size lower bound in calculate_iosize() too (stable-fixes). - PCI: apple: Set only available ports up (git-fixes). - PCI: apple: Use gpiod_set_value_cansleep in probe flow (git-fixes). - PCI: brcmstb: Add a softdep to MIP MSI-X driver (stable-fixes). - PCI: brcmstb: Expand inbound window size up to 64GB (stable-fixes). - PCI: cadence-ep: Correct PBA offset in .set_msix() callback (git-fixes). - PCI: cadence: Fix runtime atomic count underflow (git-fixes). - PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit() (git-fixes). - PCI: dw-rockchip: Remove PCIE_L0S_ENTRY check from rockchip_pcie_link_up() (git-fixes). - PCI: dwc: ep: Correct PBA offset in .set_msix() callback (git-fixes). - PCI: dwc: ep: Ensure proper iteration over outbound map windows (stable-fixes). - PCI: endpoint: Retain fixed-size BAR size as well as aligned size (git-fixes). - PCI: vmd: Disable MSI remapping bypass under Xen (stable-fixes). - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() (stable-fixes). - PM: sleep: Fix power.is_suspended cleanup for direct-complete devices (git-fixes). - PM: sleep: Print PM debug messages during hibernation (git-fixes). - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() (git-fixes). - RDMA/core: Fix best page size finding when it can cross SG entries (git-fixes) - RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject() (git-fixes) - Remove compress-vmlinux.sh /usr/lib/rpm/brp-suse.d/brp-99-compress-vmlinux was added in pesign-obs-integration during SLE12 RC. This workaround can be removed. - Remove host-memcpy-hack.h This might have been usefult at some point but we have more things that depend on specific library versions today. - Remove try-disable-staging-driver The config for linux-next is autogenerated from master config, and defaults filled for missing options. This is unlikely to enable any staging driver in the first place. - Revert 'ALSA: usb-audio: Skip setting clock selector for single connections' (stable-fixes). - Revert 'arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC (git-fixes) - Revert 'bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first' (stable-fixes). - Revert 'drm/amdgpu: do not allow userspace to create a doorbell BO' (stable-fixes). - Revert 'ipv6: save dontfrag in cork (git-fixes).' - Revert 'kABI: ipv6: save dontfrag in cork (git-fixes).' - Revert 'wifi: mt76: mt7996: fill txd by host driver' (stable-fixes). - SUNRPC: Do not allow waiting for exiting tasks (git-fixes). - SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls (git-fixes). - SUNRPC: rpc_clnt_set_transport() must not change the autobind setting (git-fixes). - SUNRPC: rpcbind should never reset the port to the value '0' (git-fixes). - USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB (stable-fixes). - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (git-fixes). - accel/qaic: Mask out SR-IOV PCI resources (stable-fixes). - acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() (git-fixes). - add bug reference to existing hv_storvsc change (bsc#1245455). - arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs (git-fixes) - ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode (stable-fixes). - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (stable-fixes). - ath10k: snoc: fix unbalanced IRQ enable in crash recovery (git-fixes). - backlight: pm8941: Add NULL check in wled_configure() (git-fixes). - bnxt: properly flush XDP redirect lists (git-fixes). - bpf: Force uprobe bpf program to always return 0 (git-fixes). - bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)') - btrfs: fix fsync of files with no hard links not persisting deletion (git-fixes). - btrfs: fix invalid data space release when truncating block in NOCOW mode (git-fixes). - btrfs: fix qgroup reservation leak on failure to allocate ordered extent (git-fixes). - btrfs: fix wrong start offset for delalloc space release during mmap write (git-fixes). - btrfs: remove end_no_trans label from btrfs_log_inode_parent() (git-fixes). - btrfs: simplify condition for logging new dentries at btrfs_log_inode_parent() (git-fixes). - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device (git-fixes). - bus: fsl-mc: fix GET/SET_TAILDROP command ids (git-fixes). - bus: fsl-mc: fix double-free on mc_dev (git-fixes). - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value (stable-fixes). - bus: mhi: host: Fix conflict between power_up and SYSERR (git-fixes). - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (git-fixes). - can: c_can: Use of_property_present() to test existence of DT property (stable-fixes). - can: tcan4x5x: fix power regulator retrieval during probe (git-fixes). - ceph: Fix incorrect flush end position calculation (git-fixes). - ceph: allocate sparse_ext map only for sparse reads (git-fixes). - ceph: fix memory leaks in __ceph_sync_read() (git-fixes). - cgroup/cpuset: Fix race between newly created partition and dying one (bsc#1241166). - clocksource: Fix brown-bag boolean thinko in (git-fixes) - clocksource: Make watchdog and suspend-timing multiplication (git-fixes) - crypto: lrw - Only add ecb if it is not already there (git-fixes). - crypto: lzo - Fix compression buffer overrun (stable-fixes). - crypto: marvell/cesa - Avoid empty transfer descriptor (git-fixes). - crypto: marvell/cesa - Do not chain submitted requests (git-fixes). - crypto: marvell/cesa - Handle zero-length skcipher requests (git-fixes). - crypto: octeontx2 - suppress auth failure screaming due to negative tests (stable-fixes). - crypto: qat - add shutdown handler to qat_420xx (git-fixes). - crypto: qat - add shutdown handler to qat_4xxx (git-fixes). - crypto: skcipher - Zap type in crypto_alloc_sync_skcipher (stable-fixes). - crypto: sun8i-ce - move fallback ahash_request to the end of the struct (git-fixes). - crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() (git-fixes). - crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions (git-fixes). - crypto: xts - Only add ecb if it is not already there (git-fixes). - devlink: Fix referring to hw_addr attribute during state validation (git-fixes). - devlink: fix port dump cmd type (git-fixes). - dlm: mask sk_shutdown value (bsc#1228854). - dlm: use SHUT_RDWR for SCTP shutdown (bsc#1228854). - dmaengine: idxd: cdev: Fix uninitialized use of sva in idxd_cdev_open (stable-fixes). - dmaengine: ti: Add NULL check in udma_probe() (git-fixes). - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (stable-fixes). - drm/amd/display/dm: drop hw_support check in amdgpu_dm_i2c_xfer() (stable-fixes). - drm/amd/display: Add null pointer check for get_first_active_display() (git-fixes). - drm/amd/display: Do not try AUX transactions on disconnected link (stable-fixes). - drm/amd/display: Fix incorrect DPCD configs while Replay/PSR switch (stable-fixes). - drm/amd/display: Guard against setting dispclk low for dcn31x (stable-fixes). - drm/amd/display: Increase block_sequence array size (stable-fixes). - drm/amd/display: Initial psr_version with correct setting (stable-fixes). - drm/amd/display: Skip checking FRL_MODE bit for PCON BW determination (stable-fixes). - drm/amd/display: Update CR AUX RD interval interpretation (stable-fixes). - drm/amd/display: fix link_set_dpms_off multi-display MST corner case (stable-fixes). - drm/amd/display: remove minimum Dispclk and apply oem panel timing (stable-fixes). - drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table (git-fixes). - drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c (stable-fixes). - drm/amdgpu: Set snoop bit for SDMA for MI series (stable-fixes). - drm/amdgpu: Update SRIOV video codec caps (stable-fixes). - drm/amdgpu: enlarge the VBIOS binary size limit (stable-fixes). - drm/amdgpu: reset psp->cmd to NULL after releasing the buffer (stable-fixes). - drm/amdgpu: switch job hw_fence to amdgpu_fence (git-fixes). - drm/amdkfd: KFD release_work possible circular locking (stable-fixes). - drm/amdkfd: Set per-process flags only once cik/vi (stable-fixes). - drm/ast: Find VBIOS mode from regular display size (stable-fixes). - drm/ast: Fix comment on modeset lock (git-fixes). - drm/atomic: clarify the rules around drm_atomic_state->allow_modeset (stable-fixes). - drm/bridge: cdns-dsi: Check return value when getting default PHY config (git-fixes). - drm/bridge: cdns-dsi: Fix connecting to next bridge (git-fixes). - drm/bridge: cdns-dsi: Fix phy de-init and flag it so (git-fixes). - drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() (git-fixes). - drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready (git-fixes). - drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() (git-fixes). - drm/etnaviv: Protect the scheduler's pending list with its lock (git-fixes). - drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1 (git-fixes). - drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled (git-fixes). - drm/i915: fix build error some more (git-fixes). - drm/mediatek: Fix kobject put for component sub-drivers (git-fixes). - drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence (stable-fixes). - drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr (git-fixes). - drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err (git-fixes). - drm/msm/disp: Correct porch timing for SDM845 (git-fixes). - drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate (git-fixes). - drm/msm/gpu: Fix crash when throttling GPU immediately during boot (git-fixes). - drm/nouveau/bl: increase buffer size to avoid truncate warning (git-fixes). - drm/panel-edp: Add Starry 116KHD024006 (stable-fixes). - drm/panel: samsung-sofef00: Drop s6e3fc2x01 support (git-fixes). - drm/rockchip: vop2: Add uv swap for cluster window (stable-fixes). - drm/ssd130x: fix ssd132x_clear_screen() columns (git-fixes). - drm/tegra: Assign plane type before registration (git-fixes). - drm/tegra: Fix a possible null pointer dereference (git-fixes). - drm/tegra: rgb: Fix the unbound reference count (git-fixes). - drm/udl: Unregister device before cleaning up on disconnect (git-fixes). - drm/v3d: Add clock handling (stable-fixes). - drm/vc4: tests: Use return instead of assert (git-fixes). - drm/vkms: Adjust vkms_state->active_planes allocation type (git-fixes). - drm/vmwgfx: Add seqno waiter for sync_files (git-fixes). - drm: Add valid clones check (stable-fixes). - drm: bridge: adv7511: fill stream capabilities (stable-fixes). - drm: rcar-du: Fix memory leak in rcar_du_vsps_init() (git-fixes). - e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13 (git-fixes). - fbcon: Make sure modelist not set on unregistered console (stable-fixes). - fbcon: Use correct erase colour for clearing in fbcon (stable-fixes). - fbdev/efifb: Remove PM for parent device (bsc#1244261). - fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var (git-fixes). - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (git-fixes). - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (git-fixes). - fbdev: core: tileblit: Implement missing margin clearing for tileblit (stable-fixes). - fbdev: fsl-diu-fb: add missing device_remove_file() (stable-fixes). - fgraph: Still initialize idle shadow stacks when starting (git-fixes). - firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES (git-fixes). - firmware: arm_ffa: Reject higher major version as incompatible (stable-fixes). - firmware: arm_ffa: Set dma_mask for ffa devices (stable-fixes). - firmware: arm_scmi: Relax duplicate name constraint across protocol ids (stable-fixes). - firmware: psci: Fix refcount leak in psci_dt_init (git-fixes). - fpga: altera-cvp: Increase credit timeout (stable-fixes). - fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio() (git-fixes). - gpio: mlxbf3: only get IRQ for device instance 0 (git-fixes). - gpio: pca953x: Simplify code with cleanup helpers (stable-fixes). - gpio: pca953x: Split pca953x_restore_context() and pca953x_save_context() (stable-fixes). - gpio: pca953x: fix IRQ storm on system wake up (git-fixes). - gpiolib: Revert 'Do not WARN on gpiod_put() for optional GPIO' (stable-fixes). - gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt (git-fixes). - gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO (git-fixes). - hwmon: (asus-ec-sensors) check sensor index in read_string() (git-fixes). - hwmon: (dell-smm) Increment the number of fans (stable-fixes). - hwmon: (ftsteutates) Fix TOCTOU race in fts_read() (git-fixes). - hwmon: (gpio-fan) Add missing mutex locks (stable-fixes). - hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace (git-fixes). - hwmon: (occ) Rework attribute registration for stack usage (git-fixes). - hwmon: (occ) fix unaligned accesses (git-fixes). - hwmon: (peci/dimmtemp) Do not provide fake thresholds data (git-fixes). - hwmon: (xgene-hwmon) use appropriate type for the latency value (stable-fixes). - hwmon: corsair-psu: add USB id of HX1200i Series 2023 psu (git-fixes). - i2c: designware: Invoke runtime suspend on quick slave re-registration (stable-fixes). - i2c: npcm: Add clock toggle recovery (stable-fixes). - i2c: pxa: fix call balance of i2c->clk handling routines (stable-fixes). - i2c: qup: Vote for interconnect bandwidth to DRAM (stable-fixes). - i2c: robotfuzz-osif: disable zero-length read messages (git-fixes). - i2c: tegra: check msg length in SMBUS block read (bsc#1242086) - i2c: tiny-usb: disable zero-length read messages (git-fixes). - i3c: master: svc: Fix implicit fallthrough in svc_i3c_master_ibi_work() (git-fixes). - i3c: master: svc: Fix missing STOP for master request (stable-fixes). - i3c: master: svc: Flush FIFO before sending Dynamic Address Assignment(DAA) (stable-fixes). - i40e: retry VFLR handling if there is ongoing VF reset (git-fixes). - i40e: return false from i40e_reset_vf if reset is in progress (git-fixes). - ice: Fix LACP bonds without SRIOV environment (git-fixes). - ice: create new Tx scheduler nodes for new queues only (git-fixes). - ice: fix Tx scheduler error handling in XDP callback (git-fixes). - ice: fix rebuilding the Tx scheduler tree for large queue counts (git-fixes). - ice: fix vf->num_mac count with port representors (git-fixes). - ieee802154: ca8210: Use proper setters and getters for bitwise types (stable-fixes). - iio: accel: fxls8962af: Fix temperature scan element sign (git-fixes). - iio: adc: ad7124: Fix 3dB filter frequency reading (git-fixes). - iio: adc: ad7606_spi: fix reg write value mask (git-fixes). - iio: filter: admv8818: Support frequencies >= 2^32 (git-fixes). - iio: filter: admv8818: fix band 4, state 15 (git-fixes). - iio: filter: admv8818: fix integer overflow (git-fixes). - iio: filter: admv8818: fix range calculation (git-fixes). - iio: imu: inv_icm42600: Fix temperature calculation (git-fixes). - ima: Suspend PCR extends and log appends when rebooting (bsc#1210025 ltc#196650). - ima: process_measurement() needlessly takes inode_lock() on MAY_READ (stable-fixes). - intel_th: avoid using deprecated page->mapping, index fields (stable-fixes). - iommu: Protect against overflow in iommu_pgsize() (git-fixes). - iommu: Skip PASID validation for devices without PASID capability (bsc#1244100) - iommu: Validate the PASID in iommu_attach_device_pasid() (bsc#1244100) - ip6mr: fix tables suspicious RCU usage (git-fixes). - ip_tunnel: annotate data-races around t->parms.link (git-fixes). - ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function (git-fixes). - ipmr: fix tables suspicious RCU usage (git-fixes). - ipv4: Convert ip_route_input() to dscp_t (git-fixes). - ipv4: Correct/silence an endian warning in __ip_do_redirect (git-fixes). - ipv6: save dontfrag in cork (git-fixes). - ipvs: Always clear ipvs_property flag in skb_scrub_packet() (git-fixes). - isolcpus: fix bug in returning number of allocated cpumask (bsc#1243774). - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places (git-fixes). - jffs2: check that raw node were preallocated before writing summary (git-fixes). - kABI workaround for hda_codec.beep_just_power_on flag (git-fixes). - kABI: PCI: endpoint: Retain fixed-size BAR size as well as aligned size (git-fixes). - kABI: ipv6: save dontfrag in cork (git-fixes). - kABI: serial: mctrl_gpio: split disable_ms into sync and no_sync APIs (git-fixes). - kabi: restore layout of struct cgroup_subsys (bsc#1241166). - kabi: restore layout of struct mem_control (jsc#PED-12551). - kabi: restore layout of struct page_counter (jsc#PED-12551). - kernel-source: Do not use multiple -r in sed parameters - kernel-source: Remove log.sh from sources - leds: pwm-multicolor: Add check for fwnode_property_read_u32 (stable-fixes). - loop: add file_start_write() and file_end_write() (git-fixes). - mailbox: use error ret code of of_parse_phandle_with_args() (stable-fixes). - md/raid1,raid10: do not handle IO error for REQ_RAHEAD and REQ_NOWAIT (git-fixes). - media: adv7180: Disable test-pattern control on adv7180 (stable-fixes). - media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() (stable-fixes). - media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case (git-fixes). - media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div (git-fixes). - media: ccs-pll: Start OP pre-PLL multiplier search from correct value (git-fixes). - media: ccs-pll: Start VT pre-PLL multiplier search from correct value (git-fixes). - media: cx231xx: set device_caps for 417 (stable-fixes). - media: cxusb: no longer judge rbuf when the write fails (git-fixes). - media: davinci: vpif: Fix memory leak in probe error path (git-fixes). - media: gspca: Add error handling for stv06xx_read_sensor() (git-fixes). - media: i2c: imx219: Correct the minimum vblanking value (stable-fixes). - media: imx-jpeg: Cleanup after an allocation error (git-fixes). - media: imx-jpeg: Drop the first error frames (git-fixes). - media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead (git-fixes). - media: imx-jpeg: Reset slot data pointers when freed (git-fixes). - media: nxp: imx8-isi: better handle the m2m usage_count (git-fixes). - media: omap3isp: use sgtable-based scatterlist wrappers (git-fixes). - media: ov5675: suppress probe deferral errors (git-fixes). - media: ov8856: suppress probe deferral errors (git-fixes). - media: qcom: camss: csid: Only add TPG v4l2 ctrl if TPG hardware is available (stable-fixes). - media: rkvdec: Fix frame size enumeration (git-fixes). - media: tc358746: improve calculation of the D-PHY timing registers (stable-fixes). - media: test-drivers: vivid: do not call schedule in loop (stable-fixes). - media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map (stable-fixes). - media: uvcvideo: Fix deferred probing error (git-fixes). - media: uvcvideo: Handle uvc menu translation inside uvc_get_le_value (stable-fixes). - media: uvcvideo: Return the number of processed controls (git-fixes). - media: v4l2-dev: fix error handling in __video_register_device() (git-fixes). - media: v4l: Memset argument to 0 before calling get_mbus_config pad op (stable-fixes). - media: venus: Fix probe error handling (git-fixes). - media: videobuf2: use sgtable-based scatterlist wrappers (git-fixes). - media: vidtv: Terminating the subsequent process of initialization failure (git-fixes). - media: vivid: Change the siize of the composing (git-fixes). - mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() (git-fixes). - mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE (git-fixes). - mfd: tps65219: Remove TPS65219_REG_TI_DEV_ID check (stable-fixes). - mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337). - mm, memcg: cg2 memory{.swap,}.peak write handlers (jsc#PED-12551). - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431). - mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431). - mm/memcontrol: export memcg.swap watermark via sysfs for v2 memcg (jsc#PED-12551). - mmc: Add quirk to disable DDR50 tuning (stable-fixes). - mmc: dw_mmc: add exynos7870 DW MMC support (stable-fixes). - mmc: host: Wait for Vdd to settle on card power off (stable-fixes). - mmc: sdhci: Disable SD card clock before changing parameters (stable-fixes). - mtd: nand: ecc-mxic: Fix use of uninitialized variable ret (git-fixes). - mtd: nand: sunxi: Add randomizer configuration before randomizer enable (git-fixes). - mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk (git-fixes). - neighbour: Do not let neigh_forced_gc() disable preemption for long (git-fixes). - net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (git-fixes). - net/mdiobus: Fix potential out-of-bounds read/write access (git-fixes). - net/mlx4_en: Prevent potential integer overflow calculating Hz (git-fixes). - net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() (git-fixes). - net/mlx5: Ensure fw pages are always allocated on same NUMA (git-fixes). - net/mlx5: Fix ECVF vports unload on shutdown flow (git-fixes). - net/mlx5: Fix return value when searching for existing flow group (git-fixes). - net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() (git-fixes). - net/mlx5e: Fix leak of Geneve TLV option object (git-fixes). - net/neighbor: clear error in case strict check is not set (git-fixes). - net/sched: fix use-after-free in taprio_dev_notifier (git-fixes). - net: Fix TOCTOU issue in sk_is_readable() (git-fixes). - net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) (git-fixes). - net: add rcu safety to rtnl_prop_list_size() (git-fixes). - net: fix udp gso skb_segment after pull from frag_list (git-fixes). - net: give more chances to rcu in netdev_wait_allrefs_any() (git-fixes). - net: ice: Perform accurate aRFS flow match (git-fixes). - net: ipv4: fix a memleak in ip_setup_cork (git-fixes). - net: linkwatch: use system_unbound_wq (git-fixes). - net: mana: Add support for Multi Vports on Bare metal (bsc#1244229). - net: mana: Record doorbell physical address in PF mode (bsc#1244229). - net: page_pool: fix warning code (git-fixes). - net: phy: clear phydev->devlink when the link is deleted (git-fixes). - net: phy: fix up const issues in to_mdio_device() and to_phy_device() (git-fixes). - net: phy: move phy_link_change() prior to mdio_bus_phy_may_suspend() (bsc#1243538) - net: phy: mscc: Fix memory leak when using one step timestamping (git-fixes). - net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames (git-fixes). - net: sched: cls_u32: Fix allocation size in u32_init() (git-fixes). - net: sched: consistently use rcu_replace_pointer() in taprio_change() (git-fixes). - net: sched: em_text: fix possible memory leak in em_text_destroy() (git-fixes). - net: sched: fix erspan_opt settings in cls_flower (git-fixes). - net: usb: aqc111: debug info before sanitation (git-fixes). - net: usb: aqc111: fix error handling of usbnet read calls (git-fixes). - net: wwan: t7xx: Fix napi rx poll issue (git-fixes). - net_sched: ets: fix a race in ets_qdisc_change() (git-fixes). - net_sched: prio: fix a race in prio_tune() (git-fixes). - net_sched: red: fix a race in __red_change() (git-fixes). - net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312) - net_sched: sch_sfq: reject invalid perturb period (git-fixes). - net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504) - net_sched: tbf: fix a race in tbf_change() (git-fixes). - netdev-genl: Hold rcu_read_lock in napi_get (git-fixes). - netlink: fix potential sleeping issue in mqueue_flush_file (git-fixes). - netlink: specs: dpll: replace underscores with dashes in names (git-fixes). - netpoll: Use rcu_access_pointer() in __netpoll_setup (git-fixes). - netpoll: hold rcu read lock in __netpoll_send_skb() (git-fixes). - nfsd: Initialize ssc before laundromat_work to prevent NULL dereference (git-fixes). - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (git-fixes). - nfsd: validate the nfsd_serv pointer before calling svc_wake_up (git-fixes). - ntp: Clamp maxerror and esterror to operating range (git-fixes) - ntp: Remove invalid cast in time offset math (git-fixes) - ntp: Safeguard against time_constant overflow (git-fixes) - nvme-fc: do not reference lsrsp after failure (bsc#1245193). - nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro (git-fixes). - nvme-pci: add quirks for WDC Blue SN550 15b7:5009 (git-fixes). - nvme-pci: add quirks for device 126f:1001 (git-fixes). - nvme: always punt polled uring_cmd end_io work to task_work (git-fixes). - nvme: fix command limits status code (git-fixes). - nvme: fix implicit bool to flags conversion (git-fixes). - nvmet-fc: free pending reqs on tgtport unregister (bsc#1245193). - nvmet-fc: take tgtport refs for portentry (bsc#1245193). - nvmet-fcloop: access fcpreq only when holding reqlock (bsc#1245193). - nvmet-fcloop: add missing fcloop_callback_host_done (bsc#1245193). - nvmet-fcloop: allocate/free fcloop_lsreq directly (bsc#1245193). - nvmet-fcloop: do not wait for lport cleanup (bsc#1245193). - nvmet-fcloop: drop response if targetport is gone (bsc#1245193). - nvmet-fcloop: prevent double port deletion (bsc#1245193). - nvmet-fcloop: refactor fcloop_delete_local_port (bsc#1245193). - nvmet-fcloop: refactor fcloop_nport_alloc and track lport (bsc#1245193). - nvmet-fcloop: remove nport from list on last user (bsc#1245193). - nvmet-fcloop: track ref counts for nports (bsc#1245193). - nvmet-fcloop: update refs on tfcp_req (bsc#1245193). - orangefs: Do not truncate file size (git-fixes). - pNFS/flexfiles: Report ENETDOWN as a connection error (git-fixes). - page_pool: Fix use-after-free in page_pool_recycle_in_ring (git-fixes). - phy: core: do not require set_mode() callback for phy_get_mode() to work (stable-fixes). - phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug (git-fixes). - phy: renesas: rcar-gen3-usb2: Add support to initialize the bus (stable-fixes). - phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off (git-fixes). - phy: renesas: rcar-gen3-usb2: Lock around hardware registers and driver data (git-fixes). - phy: renesas: rcar-gen3-usb2: Move IRQ request in probe (stable-fixes). - pinctrl-tegra: Restore SFSEL bit when freeing pins (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() (stable-fixes). - pinctrl: armada-37xx: set GPIO output value before setting direction (git-fixes). - pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 (git-fixes). - pinctrl: at91: Fix possible out-of-boundary access (git-fixes). - pinctrl: bcm281xx: Use 'unsigned int' instead of bare 'unsigned' (stable-fixes). - pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map (stable-fixes). - pinctrl: mcp23s08: Reset all pins to input at probe (stable-fixes). - pinctrl: meson: define the pull up/down resistor value as 60 kOhm (stable-fixes). - pinctrl: qcom: pinctrl-qcm2290: Add missing pins (git-fixes). - pinctrl: st: Drop unused st_gpio_bank() function (git-fixes). - pinctrl: tegra: Fix off by one in tegra_pinctrl_get_group() (git-fixes). - platform/x86/amd: pmc: Clear metrics table at start of cycle (git-fixes). - platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL (git-fixes). - platform/x86: dell_rbu: Fix list usage (git-fixes). - platform/x86: dell_rbu: Stop overwriting data buffer (git-fixes). - platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys (git-fixes). - platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys (stable-fixes). - platform/x86: ideapad-laptop: use usleep_range() for EC polling (git-fixes). - platform/x86: thinkpad_acpi: Ignore battery threshold change event notification (stable-fixes). - platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS (git-fixes). - platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS (stable-fixes). - power: reset: at91-reset: Optimize at91_reset() (git-fixes). - power: supply: bq27xxx: Retrieve again when busy (stable-fixes). - power: supply: collie: Fix wakeup source leaks on device unbind (stable-fixes). - powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery (bsc#1215199). - powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790). - powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states (bsc#1215199). - powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790). - pstore: Change kmsg_bytes storage size to u32 (git-fixes). - ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() (git-fixes). - r8152: add vendor/device ID pair for Dell Alienware AW1022z (git-fixes). - regulator: ad5398: Add device tree support (stable-fixes). - regulator: max14577: Add error check for max14577_read_reg() (git-fixes). - regulator: max20086: Change enable gpio to optional (git-fixes). - regulator: max20086: Fix MAX200086 chip id (git-fixes). - regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() (git-fixes). - rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang. - rpm/kernel-source.changes.old: Drop bogus bugzilla reference (bsc#1244725) - rpm: Stop using is_kotd_qa macro This macro is set by bs-upload-kernel, and a conditional in each spec file is used to determine when to build the spec file. This logic should not really be in the spec file. Previously this was done with package links and package meta for the individula links. However, the use of package links is rejected for packages in git based release projects (nothing to do with git actually, new policy). An alternative to package links is multibuild. However, for multibuild packages package meta cannot be used to set which spec file gets built. Use prjcon buildflags instead, and remove this conditional. Depends on bs-upload-kernel adding the build flag. - rtc: Fix offset calculation for .start_secs < 0 (git-fixes). - rtc: Make rtc_time64_to_tm() support dates before 1970 (stable-fixes). - rtc: at91rm9200: drop unused module alias (git-fixes). - rtc: cmos: use spin_lock_irqsave in cmos_interrupt (git-fixes). - rtc: cpcap: drop unused module alias (git-fixes). - rtc: da9063: drop unused module alias (git-fixes). - rtc: ds1307: stop disabling alarms on probe (stable-fixes). - rtc: jz4740: drop unused module alias (git-fixes). - rtc: pm8xxx: drop unused module alias (git-fixes). - rtc: rv3032: fix EERD location (stable-fixes). - rtc: s3c: drop unused module alias (git-fixes). - rtc: sh: assign correct interrupts with DT (git-fixes). - rtc: stm32: drop unused module alias (git-fixes). - s390/pci: Allow re-add of a reserved but not yet removed device (bsc#1244145). - s390/pci: Fix __pcilg_mio_inuser() inline assembly (git-fixes bsc#1245226). - s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs (git-fixes bsc#1244145). - s390/pci: Fix potential double remove of hotplug slot (bsc#1244145). - s390/pci: Prevent self deletion in disable_slot() (bsc#1244145). - s390/pci: Remove redundant bus removal and disable from zpci_release_device() (bsc#1244145). - s390/pci: Serialize device addition and removal (bsc#1244145). - s390/pci: introduce lock to synchronize state of zpci_dev's (jsc#PED-10253 bsc#1244145). - s390/pci: remove hotplug slot when releasing the device (bsc#1244145). - s390/pci: rename lock member in struct zpci_dev (jsc#PED-10253 bsc#1244145). - s390/tty: Fix a potential memory leak bug (git-fixes bsc#1245228). - scsi: dc395x: Remove DEBUG conditional compilation (git-fixes). - scsi: dc395x: Remove leftover if statement in reselect() (git-fixes). - scsi: elx: efct: Fix memory leak in efct_hw_parse_filter() (git-fixes). - scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk (git-fixes). - scsi: iscsi: Fix incorrect error path labels for flashnode operations (git-fixes). - scsi: mpi3mr: Add level check to control event logging (git-fixes). - scsi: mpt3sas: Send a diag reset if target reset fails (git-fixes). - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops (git-fixes). - scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer (git-fixes). - scsi: st: ERASE does not change tape location (git-fixes). - scsi: st: Restore some drive settings after reset (git-fixes). - scsi: st: Tighten the page format heuristics with MODE SELECT (git-fixes). - scsi: storvsc: Do not report the host packet status as the hv status (git-fixes). - scsi: storvsc: Increase the timeouts to storvsc_timeout (git-fixes). - selftests/bpf: Fix bpf_nf selftest failure (git-fixes). - selftests/mm: restore default nr_hugepages value during cleanup in hugetlb_reparenting_test.sh (git-fixes). - selftests/net: have `gro.sh -t` return a correct exit code (stable-fixes). - selftests/seccomp: fix syscall_restart test for arm compat (git-fixes). - serial: Fix potential null-ptr-deref in mlb_usio_probe() (git-fixes). - serial: imx: Restore original RXTL for console to fix data loss (git-fixes). - serial: mctrl_gpio: split disable_ms into sync and no_sync APIs (git-fixes). - serial: sh-sci: Move runtime PM enable to sci_probe_single() (stable-fixes). - serial: sh-sci: Save and restore more registers (git-fixes). - serial: sh-sci: Update the suspend/resume support (stable-fixes). - soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() (git-fixes). - soc: aspeed: lpc: Fix impossible judgment condition (git-fixes). - soc: qcom: smp2p: Fix fallback to qcom,ipc parse (git-fixes). - soc: ti: k3-socinfo: Do not use syscon helper to build regmap (stable-fixes). - software node: Correct a OOB check in software_node_get_reference_args() (stable-fixes). - soundwire: amd: change the soundwire wake enable/disable sequence (stable-fixes). - spi-rockchip: Fix register out of bounds access (stable-fixes). - spi: bcm63xx-hsspi: fix shared reset (git-fixes). - spi: bcm63xx-spi: fix shared reset (git-fixes). - spi: sh-msiof: Fix maximum DMA transfer size (git-fixes). - spi: spi-sun4i: fix early activation (stable-fixes). - spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers (git-fixes). - spi: tegra210-quad: modify chip select (CS) deactivation (git-fixes). - spi: tegra210-quad: remove redundant error handling code (git-fixes). - spi: zynqmp-gqspi: Always acknowledge interrupts (stable-fixes). - staging: iio: ad5933: Correct settling cycles encoding per datasheet (git-fixes). - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() (git-fixes). - struct usci: hide additional member (git-fixes). - sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (git-fixes). - tcp/dccp: allow a connection when sk_max_ack_backlog is zero (git-fixes). - tcp/dccp: bypass empty buckets in inet_twsk_purge() (git-fixes). - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog (git-fixes). - tcp: bring back NUMA dispersion in inet_ehash_locks_alloc() (git-fixes). - tcp_metrics: optimize tcp_metrics_flush_all() (git-fixes). - thermal/drivers/qoriq: Power down TMU on system suspend (stable-fixes). - thunderbolt: Do not add non-active NVM if NVM upgrade is disabled for retimer (stable-fixes). - thunderbolt: Do not double dequeue a configuration request (stable-fixes). - thunderbolt: Fix a logic error in wake on connect (git-fixes). - timekeeping: Fix bogus clock_was_set() invocation in (git-fixes) - timekeeping: Fix cross-timestamp interpolation corner case (git-fixes) - timekeeping: Fix cross-timestamp interpolation for non-x86 (git-fixes) - timekeeping: Fix cross-timestamp interpolation on counter (git-fixes) - trace/trace_event_perf: remove duplicate samples on the first tracepoint event (git-fixes). - tracing/eprobe: Fix to release eprobe when failed to add dyn_event (git-fixes). - tracing: Add __print_dynamic_array() helper (bsc#1243544). - tracing: Add __string_len() example (bsc#1243544). - tracing: Fix cmp_entries_dup() to respect sort() comparison rules (git-fixes). - tracing: Fix compilation warning on arm32 (bsc#1243551). - tracing: Use atomic64_inc_return() in trace_clock_counter() (git-fixes). - truct dwc3 hide new member wakeup_pending_funcs (git-fixes). - ucsi_debugfs_entry: hide signedness change (git-fixes). - udp: annotate data-races around up->pending (git-fixes). - udp: fix incorrect parameter validation in the udp_lib_getsockopt() function (git-fixes). - udp: fix receiving fraglist GSO packets (git-fixes). - udp: preserve the connected status if only UDP cmsg (git-fixes). - uprobes: Use kzalloc to allocate xol area (git-fixes). - usb: Flush altsetting 0 endpoints before reinitializating them after reset (git-fixes). - usb: cdnsp: Fix issue with detecting USB 3.2 speed (git-fixes). - usb: cdnsp: Fix issue with detecting command completion event (git-fixes). - usb: dwc3: gadget: Make gadget_wakeup asynchronous (git-fixes). - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE (stable-fixes). - usb: renesas_usbhs: Reorder clock handling and power management in probe (git-fixes). - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device (stable-fixes). - usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() (git-fixes). - usb: typec: ucsi: Only enable supported notifications (git-fixes). - usb: typec: ucsi: allow non-partner GET_PDOS for Qualcomm devices (git-fixes). - usb: typec: ucsi: fix Clang -Wsign-conversion warning (git-fixes). - usb: typec: ucsi: fix UCSI on buggy Qualcomm devices (git-fixes). - usb: typec: ucsi: limit the UCSI_NO_PARTNER_PDOS even further (git-fixes). - usb: usbtmc: Fix read_stb function and get_stb ioctl (git-fixes). - usb: usbtmc: Fix timeout value in get_stb (git-fixes). - usb: xhci: Do not change the status of stalled TDs on failed Stop EP (stable-fixes). - usbnet: asix AX88772: leave the carrier control to phylink (stable-fixes). - vgacon: Add check for vc_origin address range in vgacon_scroll() (git-fixes). - vmxnet3: correctly report gso type for UDP tunnels (bsc#1244626). - vmxnet3: support higher link speeds from vmxnet3 v9 (bsc#1244626). - vmxnet3: update MTU after device quiesce (bsc#1244626). - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() (git-fixes). - watchdog: da9052_wdt: respect TWDMIN (stable-fixes). - watchdog: exar: Shorten identity name to fit correctly (git-fixes). - watchdog: fix watchdog may detect false positive of softlockup (stable-fixes). - watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04 (git-fixes). - watchdog: mediatek: Add support for MT6735 TOPRGU/WDT (git-fixes). - wifi: ath11k: Fix QMI memory reuse logic (stable-fixes). - wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() (git-fixes). - wifi: ath11k: convert timeouts to secs_to_jiffies() (stable-fixes). - wifi: ath11k: do not use static variables in ath11k_debugfs_fw_stats_process() (git-fixes). - wifi: ath11k: do not wait when there is no vdev started (git-fixes). - wifi: ath11k: fix node corruption in ar->arvifs list (git-fixes). - wifi: ath11k: fix ring-buffer corruption (git-fixes). - wifi: ath11k: fix rx completion meta data corruption (git-fixes). - wifi: ath11k: fix soc_dp_stats debugfs file permission (stable-fixes). - wifi: ath11k: move some firmware stats related functions outside of debugfs (git-fixes). - wifi: ath11k: update channel list in worker when wait flag is set (bsc#1243847). - wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready (git-fixes). - wifi: ath12k: Add MSDU length validation for TKIP MIC error (git-fixes). - wifi: ath12k: Avoid napi_sync() before napi_enable() (stable-fixes). - wifi: ath12k: Fix WMI tag for EHT rate in peer assoc (git-fixes). - wifi: ath12k: Fix end offset bit definition in monitor ring descriptor (stable-fixes). - wifi: ath12k: Fix invalid memory access while forming 802.11 header (git-fixes). - wifi: ath12k: Fix memory leak during vdev_id mismatch (git-fixes). - wifi: ath12k: Fix the QoS control field offset to build QoS header (git-fixes). - wifi: ath12k: Improve BSS discovery with hidden SSID in 6 GHz band (stable-fixes). - wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz (stable-fixes). - wifi: ath12k: Report proper tx completion status to mac80211 (stable-fixes). - wifi: ath12k: fix a possible dead lock caused by ab->base_lock (stable-fixes). - wifi: ath12k: fix ath12k_hal_tx_cmd_ext_desc_setup() info1 override (stable-fixes). - wifi: ath12k: fix cleanup path after mhi init (git-fixes). - wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping (stable-fixes). - wifi: ath12k: fix incorrect CE addresses (stable-fixes). - wifi: ath12k: fix invalid access to memory (git-fixes). - wifi: ath12k: fix link valid field initialization in the monitor Rx (stable-fixes). - wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET (stable-fixes). - wifi: ath12k: fix node corruption in ar->arvifs list (git-fixes). - wifi: ath12k: fix ring-buffer corruption (git-fixes). - wifi: ath9k: return by of_get_mac_address (stable-fixes). - wifi: ath9k_htc: Abort software beacon handling if disabled (git-fixes). - wifi: carl9170: do not ping device which has failed to load firmware (git-fixes). - wifi: iwlfiwi: mvm: Fix the rate reporting (git-fixes). - wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0 (stable-fixes). - wifi: iwlwifi: add support for Killer on MTL (stable-fixes). - wifi: iwlwifi: fix debug actions order (stable-fixes). - wifi: iwlwifi: pcie: make sure to lock rxq->read (stable-fixes). - wifi: mac80211: VLAN traffic in multicast path (stable-fixes). - wifi: mac80211: do not offer a mesh path if forwarding is disabled (stable-fixes). - wifi: mac80211: do not unconditionally call drv_mgd_complete_tx() (stable-fixes). - wifi: mac80211: fix beacon interval calculation overflow (git-fixes). - wifi: mac80211: remove misplaced drv_mgd_complete_tx() call (stable-fixes). - wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled (stable-fixes). - wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R (stable-fixes). - wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() (git-fixes). - wifi: mt76: mt7921: add 160 MHz AP for mt7922 device (stable-fixes). - wifi: mt76: mt7925: ensure all MCU commands wait for response (git-fixes). - wifi: mt76: mt7925: fix host interrupt register initialization (git-fixes). - wifi: mt76: mt7925: prevent multiple scan commands (git-fixes). - wifi: mt76: mt7925: refine the sniffer commnad (git-fixes). - wifi: mt76: mt7996: drop fragments with multicast or broadcast RA (stable-fixes). - wifi: mt76: mt7996: fix RX buffer size of MCU event (git-fixes). - wifi: mt76: mt7996: revise TXS size (stable-fixes). - wifi: mt76: mt7996: set EHT max ampdu length capability (git-fixes). - wifi: mt76: only mark tx-status-failed frames as ACKed on mt76x0/2 (stable-fixes). - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() (git-fixes). - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 (git-fixes). - wifi: rtw88: Do not use static local variable in rtw8822b_set_tx_power_index_by_rate (stable-fixes). - wifi: rtw88: Fix __rtw_download_firmware() for RTL8814AU (stable-fixes). - wifi: rtw88: Fix download_firmware_validate() for RTL8814AU (stable-fixes). - wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31 (stable-fixes). - wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU (stable-fixes). - wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU (stable-fixes). - wifi: rtw88: do not ignore hardware read error during DPK (git-fixes). - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (git-fixes). - wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally (git-fixes). - wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT (git-fixes). - wifi: rtw88: usb: Reduce control message timeout to 500 ms (git-fixes). - wifi: rtw89: add wiphy_lock() to work that isn't held wiphy_lock() yet (stable-fixes). - wifi: rtw89: fw: propagate error code from rtw89_h2c_tx() (stable-fixes). - wifi: rtw89: leave idle mode when setting WEP encryption for AP mode (stable-fixes). - wifi: rtw89: pci: enlarge retry times of RX tag to 1000 (git-fixes). - x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() (git-fixes). - x86/kaslr: Reduce KASLR entropy on most x86 systems (git-fixes). - x86/microcode/AMD: Add get_patch_level() (git-fixes). - x86/microcode/AMD: Do not return error when microcode update is not necessary (git-fixes). - x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration (git-fixes). - x86/microcode/AMD: Have __apply_microcode_amd() return bool (git-fixes). - x86/microcode/AMD: Make __verify_patch_size() return bool (git-fixes). - x86/microcode/AMD: Merge early_apply_microcode() into its single callsite (git-fixes). - x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section() signature (git-fixes). - x86/microcode/AMD: Return bool from find_blobs_in_containers() (git-fixes). - x86/microcode: Consolidate the loader enablement checking (git-fixes). - x86/mm/init: Handle the special case of device private pages in add_pages(), to not increase max_pfn and trigger dma_addressing_limited() bounce buffers (git-fixes). - x86/xen: fix balloon target initialization for PVH dom0 (git-fixes). - xen/arm: call uaccess_ttbr0_enable for dm_op hypercall (git-fixes) - xen/x86: fix initial memory balloon target (git-fixes). - xsk: always clear DMA mapping information when unmapping the pool (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2543-1 Released: Tue Jul 29 11:09:01 2025 Summary: Recommended update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 Type: recommended Severity: moderate References: 1233012 This update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2558-1 Released: Wed Jul 30 22:14:27 2025 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: 1230267,1243279,1243457,1243486,1244042,1244710,1245220,1245452,1245496,1245672 This update for libsolv fixes the following issues: - Allow easy migration from SLE Micro 5.5 + SUMA to SL Micro 6.1+MLM (bsc#1243457). - implement color filtering when adding update targets. - support orderwithrequires dependencies in susedata.xml. - Fix SEGV in MediaDISK handler (bsc#1245452). - Fix evaluation of libproxy results (bsc#1244710). - Enhancements regarding mirror handling during repo refresh. Adapt to libzypp API changes (bsc#1230267). - Explicitly selecting DownloadAsNeeded also selects the classic_rpmtrans backend. - Enhancements with mirror handling during repo refresh, needs zypper 1.14.91. - Fix autotestcase when ZYPP_FULLLOG=1 (bsc#1244042) There was no testcase written for the very first solver run. - zypper does not allow distinctions between install and upgrade in %postinstall (bsc#1243279). - Ignore DeltaRpm download errors, in case of a failure the full rpm is downloaded (bsc#1245672). - Improve fix for incorrect filesize handling and download data exceeded errors on HTTP responses (bsc#1245220). - sh: Reset solver options after command (bsc#1245496). - BuildRequires: Now %{libsolv_devel_package} greater or equal to 0.7.34 is required (bsc#1243486). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2572-1 Released: Thu Jul 31 11:11:10 2025 Summary: Recommended update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp Type: recommended Severity: moderate References: 1233012 This update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2573-1 Released: Thu Jul 31 11:15:06 2025 Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six Type: recommended Severity: moderate References: 1233012 This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2574-1 Released: Thu Jul 31 11:19:37 2025 Summary: Recommended update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools Type: recommended Severity: moderate References: 1233012 This update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2536-1 Released: Thu Jul 31 16:44:39 2025 Summary: Security update for boost Type: security Severity: important References: 1245936,CVE-2016-9840 This update for boost fixes the following issues: - CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2595-1 Released: Fri Aug 1 17:13:59 2025 Summary: Security update for gnutls Type: security Severity: important References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2713-1 Released: Wed Aug 6 11:21:54 2025 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1245950 This update for hwinfo fixes the following issues: - Fix usb network card detection (bsc#1245950) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2758-1 Released: Tue Aug 12 12:05:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2761-1 Released: Tue Aug 12 14:17:29 2025 Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa Type: recommended Severity: moderate References: 1233012 This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:2763-1 Released: Tue Aug 12 14:45:40 2025 Summary: Optional update for libyaml Type: optional Severity: moderate References: 1246570 This update for libyaml ships the missing libyaml-0-2 library package to SUSE MicroOS 5.1 and 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2772-1 Released: Tue Aug 12 19:35:08 2025 Summary: Recommended update for grub2 Type: security Severity: moderate References: 1234959,1246157,1246231,1246237,CVE-2024-56738 This update for grub2 fixes the following issues: - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959) Other fixes: - Fix test -f and -s do not work properly over the network files served via tftp and http (bsc#1246157, bsc#1246237) - Skip mount point in grub_find_device function (bsc#1246231) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2776-1 Released: Wed Aug 13 08:10:36 2025 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1237143 This update for systemd-rpm-macros fixes the following issues: - Introduce %udev_trigger_with_reload() for packages that need to trigger events in theirs scriplets. The new macro automatically triggers a reload of the udev rule files as this step is often overlooked by packages (bsc#1237143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2838-1 Released: Mon Aug 18 10:56:16 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1245223 This update for suse-build-key fixes the following issue: - adjust SLES16 signing key UID (name,email) with official names (bsc#1245223). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2841-1 Released: Mon Aug 18 13:01:25 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2888-1 Released: Tue Aug 19 09:47:17 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1228929,1241038 This update for suse-module-tools fixes the following issues: - Version update 15.6.11. - Add missing util-linux requirement to the spec file (bsc#1241038) - Kernel installation fails to build initrd (bsc#1228929). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2914-1 Released: Tue Aug 19 14:54:30 2025 Summary: Security update for docker Type: security Severity: moderate References: 1246556,1247367,CVE-2025-54388 This update for docker fixes the following issues: - Update to Docker 28.3.3-ce. - CVE-2025-54388: Fixed a bug where firewalld when reloaded can make published container ports accessible from remote hosts. (bsc#1247367) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2915-1 Released: Tue Aug 19 14:56:35 2025 Summary: Security update for jq Type: security Severity: moderate References: 1244116,CVE-2025-48060 This update for jq fixes the following issues: - CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2921-1 Released: Tue Aug 19 16:54:12 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1218459,1245220,1245985,1246038,1246149,1246466,1247054,1247690 This update for libzypp, zypper fixes the following issues: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 - Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149) - Add regression test for (bsc#1245220) and some other filesize related tests. - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) The following package changes have been done: - boost-license1_66_0-1.66.0-150200.12.7.1 updated - coreutils-8.32-150400.9.9.1 updated - crypto-policies-20230920.570ea89-150600.3.12.1 updated - docker-28.3.3_ce-150000.230.1 updated - grub2-i386-pc-2.12-150600.8.34.1 updated - grub2-x86_64-efi-2.12-150600.8.34.1 updated - grub2-x86_64-xen-2.12-150600.8.34.1 updated - grub2-2.12-150600.8.34.1 updated - hwinfo-21.89-150500.3.12.1 updated - iputils-20221126-150500.3.14.1 updated - jq-1.6-150000.3.9.1 updated - kernel-default-6.4.0-150600.23.60.5 updated - libboost_system1_66_0-1.66.0-150200.12.7.1 updated - libboost_thread1_66_0-1.66.0-150200.12.7.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.10.3-150600.3.9.1 updated - libgnutls30-3.8.3-150600.4.9.1 updated - libjq1-1.6-150000.3.9.1 updated - libopenssl1_1-1.1.1w-150600.5.15.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - libsasl2-3-2.1.28-150600.7.6.2 updated - libsolv-tools-base-0.7.34-150600.8.17.2 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libsystemd0-254.27-150600.4.43.3 updated - libudev1-254.27-150600.4.43.3 updated - libxml2-2-2.10.3-150500.5.32.1 updated - libyaml-0-2-0.1.7-150000.3.4.1 updated - libzypp-17.37.16-150600.3.79.1 updated - python3-PyYAML-5.4.1-150300.3.6.1 updated - python3-appdirs-1.4.3-150000.3.3.1 updated - python3-asn1crypto-0.24.0-150000.3.5.1 updated - python3-attrs-19.3.0-150200.3.9.1 updated - python3-base-3.6.15-150300.10.97.1 updated - python3-certifi-2018.1.18-150000.3.6.1 updated - python3-cffi-1.13.2-150200.3.5.1 updated - python3-chardet-3.0.4-150000.5.6.1 updated - python3-cryptography-3.3.2-150400.26.1 updated - python3-idna-2.6-150000.3.6.1 updated - python3-importlib-metadata-1.5.0-150100.3.8.1 updated - python3-iniconfig-1.1.1-150000.1.13.1 updated - python3-more-itertools-8.10.0-150400.10.1 updated - python3-packaging-21.3-150200.3.6.1 updated - python3-pyOpenSSL-21.0.0-150400.10.1 updated - python3-pyasn1-0.4.2-150000.3.8.1 updated - python3-pycparser-2.17-150000.3.5.1 updated - python3-pyparsing-2.4.7-150300.3.3.1 updated - python3-pytz-2022.1-150300.3.9.1 updated - python3-py-1.10.0-150100.5.15.1 updated - python3-requests-2.25.1-150300.3.18.1 updated - python3-setuptools-44.1.1-150400.9.15.1 updated - python3-six-1.14.0-150200.15.1 updated - python3-urllib3-1.25.10-150300.4.15.1 updated - python3-zipp-0.6.0-150100.3.8.1 updated - python3-3.6.15-150300.10.97.2 updated - samba-client-libs-4.19.8+git.430.a10fe64854c-150600.3.18.2 updated - suse-build-key-12.0-150000.8.61.2 updated - suse-module-tools-15.6.11-150600.3.9.2 updated - systemd-rpm-macros-16-150000.7.42.1 updated - systemd-254.27-150600.4.43.3 updated - udev-254.27-150600.4.43.3 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - xen-libs-4.18.5_04-150600.3.28.1 updated - xen-tools-domU-4.18.5_04-150600.3.28.1 updated - zypper-1.14.93-150600.10.49.2 updated From sle-container-updates at lists.suse.com Tue Aug 26 07:06:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 09:06:47 +0200 (CEST) Subject: SUSE-IU-2025:2380-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20250826070647.BE14CFF2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2380-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.44 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.44 Severity : important Type : security References : 1204142 1219338 1225707 1230216 1233300 1235613 1235837 1236333 1236897 1238896 1239061 1240323 1240885 1240966 1241166 1241345 1242086 1242414 1242837 1242960 1242965 1242993 1243068 1243100 1243479 1243669 1243806 1244309 1244337 1244457 1244735 1244749 1244750 1244792 1244801 1245151 1245201 1245202 1245216 1245260 1245431 1245440 1245457 1245498 1245499 1245504 1245506 1245508 1245510 1245540 1245598 1245599 1245646 1245647 1245649 1245650 1245654 1245658 1245660 1245665 1245666 1245668 1245669 1245670 1245671 1245675 1245676 1245677 1245679 1245682 1245683 1245684 1245688 1245689 1245690 1245691 1245695 1245705 1245708 1245711 1245713 1245714 1245719 1245723 1245729 1245730 1245731 1245735 1245737 1245744 1245745 1245746 1245747 1245748 1245749 1245750 1245751 1245752 1245757 1245758 1245765 1245768 1245769 1245777 1245781 1245789 1245937 1245945 1245951 1245952 1245954 1245957 1245966 1245970 1245976 1245980 1245983 1245986 1246000 1246002 1246006 1246008 1246020 1246023 1246029 1246031 1246037 1246041 1246042 1246044 1246045 1246047 1246049 1246050 1246055 1246073 1246093 1246098 1246109 1246122 1246125 1246171 1246173 1246178 1246182 1246183 1246186 1246195 1246203 1246212 1246220 1246236 1246240 1246243 1246246 1246249 1246250 1246253 1246258 1246262 1246264 1246266 1246268 1246273 1246283 1246287 1246292 1246293 1246295 1246334 1246337 1246342 1246349 1246354 1246358 1246361 1246364 1246370 1246375 1246384 1246386 1246387 1246438 1246453 1246473 1246490 1246506 1246547 1246777 1246781 1246870 1246879 1246911 1247018 1247023 1247028 1247031 1247033 1247035 1247061 1247089 1247091 1247097 1247098 1247101 1247103 1247104 1247113 1247118 1247123 1247125 1247128 1247132 1247138 1247141 1247143 1247145 1247146 1247147 1247149 1247150 1247151 1247153 1247154 1247156 1247160 1247164 1247169 1247170 1247171 1247172 1247174 1247176 1247177 1247178 1247181 1247209 1247210 1247227 1247233 1247236 1247238 1247241 1247251 1247252 1247253 1247255 1247271 1247273 1247274 1247276 1247277 1247278 1247279 1247284 1247285 1247288 1247289 1247293 1247311 1247314 1247317 1247347 1247348 1247349 1247374 1247437 1247450 CVE-2019-11135 CVE-2024-36028 CVE-2024-36348 CVE-2024-36349 CVE-2024-36350 CVE-2024-36357 CVE-2024-44963 CVE-2024-56742 CVE-2024-57947 CVE-2025-21839 CVE-2025-21872 CVE-2025-23163 CVE-2025-37798 CVE-2025-37856 CVE-2025-37864 CVE-2025-37885 CVE-2025-37920 CVE-2025-37984 CVE-2025-38034 CVE-2025-38035 CVE-2025-38051 CVE-2025-38052 CVE-2025-38058 CVE-2025-38061 CVE-2025-38062 CVE-2025-38063 CVE-2025-38064 CVE-2025-38074 CVE-2025-38084 CVE-2025-38085 CVE-2025-38087 CVE-2025-38088 CVE-2025-38089 CVE-2025-38090 CVE-2025-38094 CVE-2025-38095 CVE-2025-38097 CVE-2025-38098 CVE-2025-38099 CVE-2025-38100 CVE-2025-38102 CVE-2025-38105 CVE-2025-38107 CVE-2025-38108 CVE-2025-38109 CVE-2025-38110 CVE-2025-38111 CVE-2025-38112 CVE-2025-38113 CVE-2025-38115 CVE-2025-38117 CVE-2025-38118 CVE-2025-38120 CVE-2025-38122 CVE-2025-38123 CVE-2025-38124 CVE-2025-38126 CVE-2025-38127 CVE-2025-38129 CVE-2025-38131 CVE-2025-38132 CVE-2025-38135 CVE-2025-38136 CVE-2025-38138 CVE-2025-38142 CVE-2025-38143 CVE-2025-38145 CVE-2025-38147 CVE-2025-38148 CVE-2025-38149 CVE-2025-38151 CVE-2025-38153 CVE-2025-38154 CVE-2025-38155 CVE-2025-38157 CVE-2025-38158 CVE-2025-38159 CVE-2025-38161 CVE-2025-38162 CVE-2025-38165 CVE-2025-38166 CVE-2025-38173 CVE-2025-38174 CVE-2025-38177 CVE-2025-38180 CVE-2025-38181 CVE-2025-38182 CVE-2025-38183 CVE-2025-38187 CVE-2025-38188 CVE-2025-38192 CVE-2025-38193 CVE-2025-38194 CVE-2025-38197 CVE-2025-38198 CVE-2025-38200 CVE-2025-38202 CVE-2025-38203 CVE-2025-38204 CVE-2025-38206 CVE-2025-38210 CVE-2025-38211 CVE-2025-38212 CVE-2025-38213 CVE-2025-38214 CVE-2025-38215 CVE-2025-38217 CVE-2025-38220 CVE-2025-38222 CVE-2025-38225 CVE-2025-38226 CVE-2025-38227 CVE-2025-38229 CVE-2025-38231 CVE-2025-38236 CVE-2025-38239 CVE-2025-38244 CVE-2025-38246 CVE-2025-38248 CVE-2025-38249 CVE-2025-38250 CVE-2025-38257 CVE-2025-38259 CVE-2025-38264 CVE-2025-38272 CVE-2025-38273 CVE-2025-38275 CVE-2025-38277 CVE-2025-38279 CVE-2025-38283 CVE-2025-38286 CVE-2025-38289 CVE-2025-38290 CVE-2025-38292 CVE-2025-38293 CVE-2025-38300 CVE-2025-38303 CVE-2025-38304 CVE-2025-38305 CVE-2025-38307 CVE-2025-38310 CVE-2025-38312 CVE-2025-38313 CVE-2025-38319 CVE-2025-38323 CVE-2025-38326 CVE-2025-38328 CVE-2025-38332 CVE-2025-38334 CVE-2025-38335 CVE-2025-38336 CVE-2025-38337 CVE-2025-38338 CVE-2025-38342 CVE-2025-38343 CVE-2025-38344 CVE-2025-38345 CVE-2025-38348 CVE-2025-38349 CVE-2025-38350 CVE-2025-38352 CVE-2025-38354 CVE-2025-38362 CVE-2025-38363 CVE-2025-38364 CVE-2025-38365 CVE-2025-38369 CVE-2025-38371 CVE-2025-38373 CVE-2025-38375 CVE-2025-38376 CVE-2025-38377 CVE-2025-38380 CVE-2025-38382 CVE-2025-38384 CVE-2025-38385 CVE-2025-38386 CVE-2025-38387 CVE-2025-38389 CVE-2025-38391 CVE-2025-38392 CVE-2025-38393 CVE-2025-38395 CVE-2025-38396 CVE-2025-38399 CVE-2025-38400 CVE-2025-38401 CVE-2025-38403 CVE-2025-38404 CVE-2025-38406 CVE-2025-38409 CVE-2025-38410 CVE-2025-38412 CVE-2025-38414 CVE-2025-38415 CVE-2025-38416 CVE-2025-38420 CVE-2025-38424 CVE-2025-38425 CVE-2025-38426 CVE-2025-38428 CVE-2025-38429 CVE-2025-38430 CVE-2025-38436 CVE-2025-38443 CVE-2025-38448 CVE-2025-38449 CVE-2025-38455 CVE-2025-38457 CVE-2025-38460 CVE-2025-38461 CVE-2025-38462 CVE-2025-38463 CVE-2025-38465 CVE-2025-38467 CVE-2025-38468 CVE-2025-38470 CVE-2025-38471 CVE-2025-38473 CVE-2025-38474 CVE-2025-38476 CVE-2025-38477 CVE-2025-38478 CVE-2025-38480 CVE-2025-38481 CVE-2025-38482 CVE-2025-38483 CVE-2025-38485 CVE-2025-38487 CVE-2025-38489 CVE-2025-38494 CVE-2025-38495 CVE-2025-38496 CVE-2025-38497 CVE-2025-38498 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-82 Released: Mon Aug 25 15:33:57 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1204142,1219338,1225707,1230216,1233300,1235613,1235837,1236333,1236897,1238896,1239061,1240323,1240885,1240966,1241166,1241345,1242086,1242414,1242837,1242960,1242965,1242993,1243068,1243100,1243479,1243669,1243806,1244309,1244337,1244457,1244735,1244749,1244750,1244792,1244801,1245151,1245201,1245202,1245216,1245260,1245431,1245440,1245457,1245498,1245499,1245504,1245506,1245508,1245510,1245540,1245598,1245599,1245646,1245647,1245649,1245650,1245654,1245658,1245660,1245665,1245666,1245668,1245669,1245670,1245671,1245675,1245676,1245677,1245679,1245682,1245683,1245684,1245688,1245689,1245690,1245691,1245695,1245705,1245708,1245711,1245713,1245714,1245719,1245723,1245729,1245730,1245731,1245735,1245737,1245744,1245745,1245746,1245747,1245748,1245749,1245750,1245751,1245752,1245757,1245758,1245765,1245768,1245769,1245777,1245781,1245789,1245937,1245945,1245951,1245952,1245954,1245957,1245966,1245970,1245976,1245980,1245983,1245986,1246000,1246002,1246006,1246008,1246020,1 246023,1246029,1246031,1246037,1246041,1246042,1246044,1246045,1246047,1246049,1246050,1246055,1246073,1246093,1246098,1246109,1246122,1246125,1246171,1246173,1246178,1246182,1246183,1246186,1246195,1246203,1246212,1246220,1246236,1246240,1246243,1246246,1246249,1246250,1246253,1246258,1246262,1246264,1246266,1246268,1246273,1246283,1246287,1246292,1246293,1246295,1246334,1246337,1246342,1246349,1246354,1246358,1246361,1246364,1246370,1246375,1246384,1246386,1246387,1246438,1246453,1246473,1246490,1246506,1246547,1246777,1246781,1246870,1246879,1246911,1247018,1247023,1247028,1247031,1247033,1247035,1247061,1247089,1247091,1247097,1247098,1247101,1247103,1247104,1247113,1247118,1247123,1247125,1247128,1247132,1247138,1247141,1247143,1247145,1247146,1247147,1247149,1247150,1247151,1247153,1247154,1247156,1247160,1247164,1247169,1247170,1247171,1247172,1247174,1247176,1247177,1247178,1247181,1247209,1247210,1247227,1247233,1247236,1247238,1247241,1247251,1247252,1247253,1247255,124727 1,1247273,1247274,1247276,1247277,1247278,1247279,1247284,1247285,1247288,1247289,1247293,1247311,1247314,1247317,1247347,1247348,1247349,1247374,1247437,1247450,CVE-2019-11135,CVE-2024-36028,CVE-2024-36348,CVE-2024-36349,CVE-2024-36350,CVE-2024-36357,CVE-2024-44963,CVE-2024-56742,CVE-2024-57947,CVE-2025-21839,CVE-2025-21872,CVE-2025-23163,CVE-2025-37798,CVE-2025-37856,CVE-2025-37864,CVE-2025-37885,CVE-2025-37920,CVE-2025-37984,CVE-2025-38034,CVE-2025-38035,CVE-2025-38051,CVE-2025-38052,CVE-2025-38058,CVE-2025-38061,CVE-2025-38062,CVE-2025-38063,CVE-2025-38064,CVE-2025-38074,CVE-2025-38084,CVE-2025-38085,CVE-2025-38087,CVE-2025-38088,CVE-2025-38089,CVE-2025-38090,CVE-2025-38094,CVE-2025-38095,CVE-2025-38097,CVE-2025-38098,CVE-2025-38099,CVE-2025-38100,CVE-2025-38102,CVE-2025-38105,CVE-2025-38107,CVE-2025-38108,CVE-2025-38109,CVE-2025-38110,CVE-2025-38111,CVE-2025-38112,CVE-2025-38113,CVE-2025-38115,CVE-2025-38117,CVE-2025-38118,CVE-2025-38120,CVE-2025-38122,CVE-2025-38123,CVE-2025-3 8124,CVE-2025-38126,CVE-2025-38127,CVE-2025-38129,CVE-2025-38131,CVE-2025-38132,CVE-2025-38135,CVE-2025-38136,CVE-2025-38138,CVE-2025-38142,CVE-2025-38143,CVE-2025-38145,CVE-2025-38147,CVE-2025-38148,CVE-2025-38149,CVE-2025-38151,CVE-2025-38153,CVE-2025-38154,CVE-2025-38155,CVE-2025-38157,CVE-2025-38158,CVE-2025-38159,CVE-2025-38161,CVE-2025-38162,CVE-2025-38165,CVE-2025-38166,CVE-2025-38173,CVE-2025-38174,CVE-2025-38177,CVE-2025-38180,CVE-2025-38181,CVE-2025-38182,CVE-2025-38183,CVE-2025-38187,CVE-2025-38188,CVE-2025-38192,CVE-2025-38193,CVE-2025-38194,CVE-2025-38197,CVE-2025-38198,CVE-2025-38200,CVE-2025-38202,CVE-2025-38203,CVE-2025-38204,CVE-2025-38206,CVE-2025-38210,CVE-2025-38211,CVE-2025-38212,CVE-2025-38213,CVE-2025-38214,CVE-2025-38215,CVE-2025-38217,CVE-2025-38220,CVE-2025-38222,CVE-2025-38225,CVE-2025-38226,CVE-2025-38227,CVE-2025-38229,CVE-2025-38231,CVE-2025-38236,CVE-2025-38239,CVE-2025-38244,CVE-2025-38246,CVE-2025-38248,CVE-2025-38249,CVE-2025-38250,CVE-2025-38257,CV E-2025-38259,CVE-2025-38264,CVE-2025-38272,CVE-2025-38273,CVE-2025-38275,CVE-2025-38277,CVE-2025-38279,CVE-2025-38283,CVE-2025-38286,CVE-2025-38289,CVE-2025-38290,CVE-2025-38292,CVE-2025-38293,CVE-2025-38300,CVE-2025-38303,CVE-2025-38304,CVE-2025-38305,CVE-2025-38307,CVE-2025-38310,CVE-2025-38312,CVE-2025-38313,CVE-2025-38319,CVE-2025-38323,CVE-2025-38326,CVE-2025-38328,CVE-2025-38332,CVE-2025-38334,CVE-2025-38335,CVE-2025-38336,CVE-2025-38337,CVE-2025-38338,CVE-2025-38342,CVE-2025-38343,CVE-2025-38344,CVE-2025-38345,CVE-2025-38348,CVE-2025-38349,CVE-2025-38350,CVE-2025-38352,CVE-2025-38354,CVE-2025-38362,CVE-2025-38363,CVE-2025-38364,CVE-2025-38365,CVE-2025-38369,CVE-2025-38371,CVE-2025-38373,CVE-2025-38375,CVE-2025-38376,CVE-2025-38377,CVE-2025-38380,CVE-2025-38382,CVE-2025-38384,CVE-2025-38385,CVE-2025-38386,CVE-2025-38387,CVE-2025-38389,CVE-2025-38391,CVE-2025-38392,CVE-2025-38393,CVE-2025-38395,CVE-2025-38396,CVE-2025-38399,CVE-2025-38400,CVE-2025-38401,CVE-2025-38403,CVE-2025- 38404,CVE-2025-38406,CVE-2025-38409,CVE-2025-38410,CVE-2025-38412,CVE-2025-38414,CVE-2025-38415,CVE-2025-38416,CVE-2025-38420,CVE-2025-38424,CVE-2025-38425,CVE-2025-38426,CVE-2025-38428,CVE-2025-38429,CVE-2025-38430,CVE-2025-38436,CVE-2025-38443,CVE-2025-38448,CVE-2025-38449,CVE-2025-38455,CVE-2025-38457,CVE-2025-38460,CVE-2025-38461,CVE-2025-38462,CVE-2025-38463,CVE-2025-38465,CVE-2025-38467,CVE-2025-38468,CVE-2025-38470,CVE-2025-38471,CVE-2025-38473,CVE-2025-38474,CVE-2025-38476,CVE-2025-38477,CVE-2025-38478,CVE-2025-38480,CVE-2025-38481,CVE-2025-38482,CVE-2025-38483,CVE-2025-38485,CVE-2025-38487,CVE-2025-38489,CVE-2025-38494,CVE-2025-38495,CVE-2025-38496,CVE-2025-38497,CVE-2025-38498 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2019-11135: TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may - CVE-2024-36028: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (bsc#1225707). - CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357: x86/process: Move the buffer clearing before MONITOR (bsc#1238896). - CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (bsc#1230216). - CVE-2024-56742: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (bsc#1235613). - CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061). - CVE-2025-21872: efi/mokvar-table: Avoid repeated map/unmap of the same page (bsc#1240323). - CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837). - CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068). - CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479). - CVE-2025-37984: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (bsc#1243669). - CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792). - CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801). - CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750). - CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151). - CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440). - CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216). - CVE-2025-38063: dm: fix unconditional IO throttle caused by REQ_PREFLUSH (bsc#1245202). - CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201). - CVE-2025-38074: vhost-scsi: protect vq->log_used with vq->mutex (bsc#1244735). - CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649). - CVE-2025-38097: kabi: restore encap_sk in struct xfrm_state (bsc#1245660). - CVE-2025-38098: drm/amd/display: Do not treat wb connector as physical in (bsc#1245654). - CVE-2025-38099: Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers (bsc#1245671). - CVE-2025-38100: x86/iopl: Cure TIF_IO_BITMAP inconsistencies (bsc#1245650). - CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682). - CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689). - CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695). - CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708). - CVE-2025-38131: coresight: prevent deactivate active config while enabling the config (bsc#1245677). - CVE-2025-38132: coresight: holding cscfg_csdev_lock while removing cscfg from csdev (bsc#1245679). - CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768). - CVE-2025-38158: hisi_acc_vfio_pci: fix XQE dma address error (bsc#1245750). - CVE-2025-38162: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (bsc#1245752). - CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937). - CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() (bsc#1246006). - CVE-2025-38187: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951). - CVE-2025-38188: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (bsc#1246098). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38202: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (bsc#1245980). - CVE-2025-38203: jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044). - CVE-2025-38204: jfs: fix array-index-out-of-bounds read in add_missing_indices (bsc#1245983). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073). - CVE-2025-38210: configfs-tsm-report: Fix NULL dereference of tsm_ops (bsc#1246020). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966). - CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976). - CVE-2025-38236: af_unix: Disable MSG_OOB for unprivileged users (bsc#1246093). - CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index (bsc#1246178). - CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183). - CVE-2025-38248: bridge: mcast: Fix use-after-free during router port configuration (bsc#1246173). - CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182). - CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387). - CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268). - CVE-2025-38279: selftests/bpf: Add tests with stack ptr register in conditional jmp (bsc#1246264). - CVE-2025-38283: hisi_acc_vfio_pci: bugfix live migration function without VF device driver (bsc#1246273). - CVE-2025-38303: Bluetooth: eir: Fix possible crashes on eir_create_adv_data (bsc#1246354). - CVE-2025-38310: seg6: Fix validation of nexthop addresses (bsc#1246361). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38334: x86/sgx: Prevent attempts to reclaim poisoned pages (bsc#1246384). - CVE-2025-38335: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (bsc#1246250). - CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253). - CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911). - CVE-2025-38364: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() (bsc#1247091). - CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023). - CVE-2025-38371: drm/v3d: Disable interrupts before resetting the GPU (bsc#1247178). - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177). - CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031). - CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169). - CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156). - CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097). - CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141). - CVE-2025-38414: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (bsc#1247145). - CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252). - CVE-2025-38429: bus: mhi: ep: Update read pointer only after buffer is written (bsc#1247253). - CVE-2025-38455: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (bsc#1247101). - CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098). - CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143). - CVE-2025-38461: vsock: Fix transport_* TOCTOU (bsc#1247103). - CVE-2025-38462: vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1247104). - CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113). - CVE-2025-38465: netlink: make sure we allow at least one dump skb (bsc#1247118). - CVE-2025-38470: kABI fix for net: vlan: fix VLAN 0 refcount imbalance of toggling (bsc#1247288). - CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247450). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). - CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374). The following non-security bugs were fixed: - ACPI: LPSS: Remove AudioDSP related ID (git-fixes). - ACPI: PRM: Reduce unnecessary printing to avoid user confusion (bsc#1246122). - ACPI: processor: perflib: Fix initial _PPC limit application (git-fixes). - ACPICA: Refuse to evaluate a method if arguments are missing (stable-fixes). - ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes). - ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes). - ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (stable-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes). - ALSA: hda/tegra: Add Tegra264 support (stable-fixes). - ALSA: hda: Add missing NVIDIA HDA codec IDs (stable-fixes). - ALSA: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes). - ALSA: hda: Ignore unsol events for cards being shut down (stable-fixes). - ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes). - ALSA: sb: Do not allow changing the DMA mode during operations (stable-fixes). - ALSA: sb: Force to disable DMAs once when DMA mode is changed (stable-fixes). - ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 (stable-fixes). - ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (stable-fixes). - ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (stable-fixes). - ASoC: amd: yc: update quirk data for HP Victus (stable-fixes). - ASoC: codec: wcd9335: Convert to GPIO descriptors (stable-fixes). - ASoC: codecs: wcd9335: Fix missing free of regulator supplies (git-fixes). - ASoC: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() (stable-fixes). - ASoC: cs35l56: probe() should fail if the device ID is not recognized (git-fixes). - ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode (git-fixes). - ASoC: fsl_xcvr: get channel status data when PHY is not exists (git-fixes). - ASoC: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes). - ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes). - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (git-fixes). - Bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes). - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (git-fixes). - Bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT (git-fixes). - Bluetooth: MGMT: mesh_send: check instances prior disabling advertising (git-fixes). - Bluetooth: MGMT: set_mesh: update LE scan interval and window (git-fixes). - Bluetooth: Prevent unintended pause by checking if advertising is active (git-fixes). - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (git-fixes). - Bluetooth: SMP: If an unallowed command is received consider it a failure (git-fixes). - Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (git-fixes). - Bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes). - Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (git-fixes). - Bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes). - Bluetooth: hci_sync: Attempt to dequeue connection attempt (git-fixes). - Bluetooth: hci_sync: Fix UAF on create_le_conn_complete (git-fixes). - Bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL (git-fixes). - Bluetooth: hci_sync: Fix not disabling advertising instance (git-fixes). - Bluetooth: hci_sync: fix connectable extended advertising when using static random address (git-fixes). - Bluetooth: hci_sync: revert some mesh modifications (git-fixes). - Docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes). - Documentation: ACPI: Fix parent device references (git-fixes). - Documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes). - Fix dma_unmap_sg() nents value (git-fixes) - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes). - HID: core: do not bypass hid_hw_raw_request (stable-fixes). - HID: core: ensure __hid_request reserves the report ID as the first byte (git-fixes). - HID: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes). - HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (stable-fixes). - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (stable-fixes). - IB/mlx5: Fix potential deadlock in MR deregistration (git-fixes) - Input: iqs7222 - explicitly define number of external channels (git-fixes). - Input: xpad - adjust error handling for disconnect (git-fixes). - Input: xpad - set correct controller type for Acer NGR200 (git-fixes). - Input: xpad - support Acer NGR 200 Controller (stable-fixes). - Logitech C-270 even more broken (stable-fixes). - Move upstreamed SCSI and ACPI patches into sorted section - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes). - NFS: Fix the setting of capabilities when automounting a new filesystem (git-fixes). - NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes). - NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes). - NFSD: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes). - NFSv4.2: another fix for listxattr (git-fixes). - NFSv4.2: fix listxattr to return selinux security label (git-fixes). - NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes). - NFSv4: Always set NLINK even if the server does not support it (git-fixes). - NFSv4: xattr handlers should check for absent nfs filehandles (git-fixes). - PCI/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457). - PCI: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes). - PCI: endpoint: Fix configfs group list head handling (git-fixes). - PCI: endpoint: Fix configfs group removal on driver teardown (git-fixes). - PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes). - PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes). - PCI: hv: Allow dynamic MSI-X vector allocation (bsc#1245457). - PCI: rockchip-host: Fix 'Unexpected Completion' log message (git-fixes). - PM / devfreq: Check governor before using governor->name (git-fixes). - RDMA/core: Rate limit GID cache warning messages (git-fixes) - RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes) - RDMA/hns: Drop GFP_NOWARN (git-fixes) - RDMA/hns: Fix -Wframe-larger-than issue (git-fixes) - RDMA/hns: Fix HW configurations not cleared in error flow (git-fixes) - RDMA/hns: Fix accessing uninitialized resources (git-fixes) - RDMA/hns: Fix double destruction of rsv_qp (git-fixes) - RDMA/hns: Get message length of ack_req from FW (git-fixes) - RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes) - RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes) - RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - RDMA/mlx5: Fix CC counters query for MPV (git-fixes) - RDMA/mlx5: Fix HW counters query for non-representor devices (git-fixes) - RDMA/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes) - RDMA/mlx5: Fix vport loopback for MPV device (git-fixes) - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (git-fixes) - RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes) - RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes) - RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes) - RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes) - RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes) - RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - Reapply 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes). - Revert 'ACPI: battery: negate current when discharging' (stable-fixes). - Revert 'cgroup_freezer: cgroup_freezing: Check if not frozen' (bsc#1219338). - Revert 'drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1' (stable-fixes). - Revert 'mmc: sdhci: Disable SD card clock before changing parameters' (git-fixes). - Revert 'usb: xhci: Implement xhci_handshake_check_state() helper' (git-fixes). - Revert 'vgacon: Add check for vc_origin address range in vgacon_scroll()' (stable-fixes). - SMB3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion (git-fixes). - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes). - USB: serial: option: add Foxconn T99W640 (stable-fixes). - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes). - [SMB3] send channel sequence number in SMB3 requests after reconnects (git-fixes). - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (git-fixes). - af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093). - amd/amdkfd: fix a kfd_process ref leak (stable-fixes). - aoe: clean device rq_list in aoedev_downdev() (git-fixes). - apple-mfi-fastcharge: protect first device name (git-fixes). - ata: pata_cs5536: fix build on 32-bit UML (stable-fixes). - audit,module: restore audit logging in load failure case (git-fixes). - bpf, sockmap: Fix sk_msg_reset_curr (git-fixes). - bpf/lpm_trie: Inline longest_prefix_match for fastpath (git-fixes). - bpf/selftests: Check errno when percpu map value size exceeds (git-fixes). - bpf: Add a possibly-zero-sized read test (git-fixes). - bpf: Avoid __hidden__ attribute in static object (git-fixes). - bpf: Check percpu map value size first (git-fixes). - bpf: Disable some `attribute ignored' warnings in GCC (git-fixes). - bpf: Fix memory leak in bpf_core_apply (git-fixes). - bpf: Fix potential integer overflow in resolve_btfids (git-fixes). - bpf: Harden __bpf_kfunc tag against linker kfunc removal (git-fixes). - bpf: Make the pointer returned by iter next method valid (git-fixes). - bpf: Simplify checking size of helper accesses (git-fixes). - bpf: fix order of args in call to bpf_map_kvcalloc (git-fixes). - bpf: sockmap, updating the sg structure should also update curr (git-fixes). - bpftool: Fix missing pids during link show (git-fixes). - bpftool: Fix undefined behavior caused by shifting into the sign bit (git-fixes). - bpftool: Mount bpffs on provided dir instead of parent dir (git-fixes). - bpftool: Remove unnecessary source files from bootstrap version (git-fixes). - bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer (git-fixes). - btrfs: do not ignore inode missing when replaying log tree (git-fixes). - btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes). - btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes). - btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068) - btrfs: fix assertion when building free space tree (git-fixes). - btrfs: fix inode lookup error handling during log replay (git-fixes). - btrfs: fix invalid inode pointer dereferences during log replay (git-fixes). - btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes). - btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes). - btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes). - btrfs: fix ssd_spread overallocation (git-fixes). - btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068) - btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes). - btrfs: rename err to ret in btrfs_rmdir() (git-fixes). - btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes). - btrfs: return a btrfs_inode from read_one_inode() (git-fixes). - btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes). - btrfs: update superblock's device bytes_used when dropping chunk (git-fixes). - btrfs: use NOFS context when getting inodes during logging and log replay (git-fixes). - btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes). - bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes). - bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes). - can: dev: can_restart(): move debug message and stats after successful restart (stable-fixes). - can: dev: can_restart(): reverse logic to remove need for goto (stable-fixes). - can: kvaser_pciefd: Store device channel index (git-fixes). - can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes). - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (git-fixes). - can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes). - can: peak_usb: fix USB FD devices potential malfunction (git-fixes). - cdc-acm: fix race between initial clearing halt and open (git-fixes). - cgroup,freezer: fix incomplete freezing when attaching tasks (bsc#1245789). - cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks (bsc#1241166). - cifs: reconnect helper should set reconnect for the right channel (git-fixes). - clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes). - clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes). - clk: sunxi-ng: v3s: Fix de clock definition (git-fixes). - clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes). - clocksource: Scale the watchdog read retries automatically (bsc#1241345 bsc#1244457). - clocksource: Set cs_watchdog_read() checks based on .uncertainty_margin (bsc#1241345 bsc#1244457). - comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (git-fixes). - comedi: Fix initialization of data for instructions that write to subdevice (git-fixes). - comedi: Fix some signed shift left operations (git-fixes). - comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (git-fixes). - comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes). - comedi: das16m1: Fix bit shift out of bounds (git-fixes). - comedi: das6402: Fix bit shift out of bounds (git-fixes). - comedi: pcl812: Fix bit shift out of bounds (git-fixes). - compiler_types.h: Define __retain for __attribute__((__retain__)) (git-fixes). - config: enable RBD (jsc#PED-13238) - crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes). - crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes). - crypto: ccp - Fix locking on alloc failure handling (git-fixes). - crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes). - crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes). - crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes). - crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes). - crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes). - crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes). - crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes). - crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes). - crypto: qat - fix state restore for banks with exceptions (git-fixes). - crypto: qat - flush misc workqueue during device shutdown (git-fixes). - crypto: qat - use unmanaged allocation for dc_data (git-fixes). - crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes). - dm-bufio: fix sched in atomic context (git-fixes). - dm-flakey: error all IOs when num_features is absent (git-fixes). - dm-flakey: make corrupting read bios work (git-fixes). - dm-mirror: fix a tiny race condition (git-fixes). - dm-raid: fix variable in journal device check (git-fixes). - dm-verity: fix a memory leak if some arguments are specified multiple times (git-fixes). - dm: do not change md if dm_table_set_restrictions() fails (git-fixes). - dm: free table mempools if not used in __bind (git-fixes). - dm: restrict dm device size to 2^63-512 bytes (git-fixes). - dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (stable-fixes). - dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes). - dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (stable-fixes). - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes). - dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes). - dmaengine: nbpfaxi: Fix memory corruption in probe() (git-fixes). - dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes). - dmaengine: xilinx_dma: Set dma_device directions (stable-fixes). - drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes). - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes). - drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (git-fixes). - drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram (stable-fixes). - drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes). - drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed (git-fixes). - drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type (git-fixes). - drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes). - drm/bridge: ti-sn65dsi86: make use of debugfs_init callback (stable-fixes). - drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (git-fixes). - drm/exynos: fimd: Guard display clock control with runtime PM calls (git-fixes). - drm/framebuffer: Acquire internal references on GEM handles (git-fixes). - drm/gem: Acquire references on GEM handles for framebuffers (stable-fixes). - drm/gem: Fix race in drm_gem_handle_create_tail() (stable-fixes). - drm/i915/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/i915/gt: Fix timeline left held on VMA alloc error (git-fixes). - drm/i915/selftests: Change mock_request() to return error pointers (git-fixes). - drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes). - drm/msm: Fix a fence leak in submit error path (stable-fixes). - drm/msm: Fix another leak in the submit error path (stable-fixes). - drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes). - drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes). - drm/sched: Increment job count before swapping tail spsc queue (git-fixes). - drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes). - drm/scheduler: signal scheduled fence when kill job (stable-fixes). - drm/tegra: nvdec: Fix dma_alloc_coherent error check (git-fixes). - drm/ttm: fix error handling in ttm_buffer_object_transfer (git-fixes). - drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes). - exfat: fdatasync flag should be same like generic_write_sync() (git-fixes). - fbcon: Fix outdated registered_fb reference in comment (git-fixes). - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes). - firewire: ohci: correct code comments about bus_reset tasklet (git-fixes). - fs/jfs: consolidate sanity checking in dbMount (git-fixes). - fs/orangefs: Allow 2 more characters in do_c_string() (git-fixes). - gpio: mlxbf2: use platform_get_irq_optional() (git-fixes). - gpio: pca953x: log an error when failing to get the reset GPIO (git-fixes). - gpio: sim: include a missing header (git-fixes). - gpio: vf610: add locking to gpio direction functions (git-fixes). - gpio: virtio: Fix config space reading (git-fixes). - gpiolib: Fix debug messaging in gpiod_find_and_request() (git-fixes). - gpiolib: Handle no pin_ranges in gpiochip_generic_config() (git-fixes). - gpiolib: acpi: Do not use GPIO chip fwnode in acpi_gpiochip_find() (bsc#1233300). - gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match (bsc#1233300). - gpiolib: cdev: Ignore reconfiguration without direction (git-fixes). - gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes). - hfs: make splice write available again (git-fixes). - hfsplus: make splice write available again (git-fixes). - hfsplus: remove mutex_lock check in hfsplus_free_extents (git-fixes). - hv_netvsc: Use VF's tso_max_size value when data path is VF (bsc#1246203). - hwmon: (corsair-cpro) Validate the size of the received input buffer (git-fixes). - hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes). - hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes). - hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes). - i2c/designware: Fix an initialization issue (git-fixes). - i2c: qup: jump out of the loop in case of timeout (git-fixes). - i2c: stm32: fix the device used for the DMA map (git-fixes). - i2c: tegra: Fix reset error handling with ACPI (git-fixes). - i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes). - i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes). - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (git-fixes). - iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes). - iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos (stable-fixes). - iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes). - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes). - iio: adc: max1363: Reorder mode_list[] entries (stable-fixes). - iio: adc: stm32-adc: Fix race in installing chained IRQ handler (git-fixes). - iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes). - iio: pressure: zpa2326: Use aligned_s64 for the timestamp (stable-fixes). - iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes). - iommu/amd: Set the pgsize_bitmap correctly (git-fixes). - iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes). - iommu/vt-d: Fix possible circular locking dependency (git-fixes). - iommu/vt-d: Fix system hang on reboot -f (git-fixes). - ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes). - ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (git-fixes). - ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes). - ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes). - iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes). - jfs: fix metapage reference count leak in dbAllocCtl (git-fixes). - kABI workaround for struct drm_framebuffer changes (git-fixes). - kABI: Fix the module::name type in audit_context (git-fixes). - kasan: remove kasan_find_vm_area() to prevent possible deadlock (git-fixes). - kernel-syms.spec: Drop old rpm release number hack (bsc#1247172). - leds: multicolor: Fix intensity setting while SW blinking (stable-fixes). - lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1236897). - lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897). - maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes). - md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes). - media: gspca: Add bounds checking to firmware parser (git-fixes). - media: hi556: correct the test pattern configuration (git-fixes). - media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes). - media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes). - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes). - media: usbtv: Lock resolution while streaming (git-fixes). - media: uvcvideo: Do not mark valid metadata as invalid (git-fixes). - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes). - media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes). - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes). - media: venus: Add a check for packet size after reading from shared memory (git-fixes). - media: venus: hfi: explicitly release IRQ during teardown (git-fixes). - media: venus: protect against spurious interrupts during probe (git-fixes). - media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: vivid: fix wrong pixel_array control size (git-fixes). - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (git-fixes). - mfd: max14577: Fix wakeup source leaks on device unbind (stable-fixes). - misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes). - mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes). - mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (git-fixes). - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (git-fixes). - mmc: sdhci: Add a helper function for dump register in dynamic debug mode (stable-fixes). - mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes). - module: Fix memory deallocation on error path in move_module() (git-fixes). - module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes). - module: Restore the moduleparam prefix length check (git-fixes). - mtd: fix possible integer overflow in erase_xfer() (git-fixes). - mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes). - mtd: rawnand: atmel: set pmecc data setup time (git-fixes). - mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes). - mtd: rawnand: renesas: Add missing check after DMA map (git-fixes). - mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes). - mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes). - mtd: spinand: fix memory leak of ECC engine conf (stable-fixes). - mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes). - mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (git-fixes). - mtk-sd: Prevent memory corruption from DMA map failure (git-fixes). - mtk-sd: reset host->mrq on prepare_data() error (git-fixes). - mwl8k: Add missing check after DMA map (git-fixes). - nbd: fix uaf in nbd_genl_connect() error path (git-fixes). - net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes). - net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes). - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (git-fixes). - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes). - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes). - net/sched: sch_qfq: Fix race condition on qfq_aggregate (git-fixes). - net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes). - net: mana: Add debug logs in MANA network driver (bsc#1246212). - net: mana: Add handler for hardware servicing events (bsc#1245730). - net: mana: Allocate MSI-X vectors dynamically (bsc#1245457). - net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457). - net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (bsc#1246203). - net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729). - net: mana: Set tx_packets to post gso processing packet count (bsc#1245731). - net: mana: explain irq_setup() algorithm (bsc#1245457). - net: phy: Do not register LEDs for genphy (git-fixes). - net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes). - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (git-fixes). - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (git-fixes). - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (git-fixes). - net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (git-fixes). - net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes). - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes). - net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes). - netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes). - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (git-fixes). - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes). - nilfs2: reject invalid file types when reading inodes (git-fixes). - nvme-pci: refresh visible attrs after being checked (git-fixes). - nvme: Fix incorrect cdw15 value in passthru error logging (git-fixes). - nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes). - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes). - nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes). - nvmet-tcp: fix callback lock for TLS handshake (git-fixes). - objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (git-fixes). - objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks (git-fixes). - objtool: Fix _THIS_IP_ detection for cold functions (git-fixes). - objtool: Fix error handling inconsistencies in check() (git-fixes). - objtool: Ignore dangling jump table entries (git-fixes). - objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes). - objtool: Properly disable uaccess validation (git-fixes). - objtool: Silence more KCOV warnings (git-fixes). - objtool: Silence more KCOV warnings, part 2 (git-fixes). - objtool: Stop UNRET validation on UD2 (git-fixes). - pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes). - pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes). - perf: Fix sample vs do_exit() (bsc#1246547). - phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (git-fixes). - pinctrl: amd: Clear GPIO debounce for suspend (git-fixes). - pinctrl: qcom: msm: mark certain pins as invalid for interrupts (git-fixes). - pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes). - pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes). - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes). - platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (git-fixes). - platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (git-fixes). - platform/mellanox: mlxreg-lc: Fix logic error in power state check (git-fixes). - platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (git-fixes). - platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (stable-fixes). - platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (git-fixes). - platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes). - platform/x86: think-lmi: Create ksets consecutively (stable-fixes). - platform/x86: think-lmi: Fix kobject cleanup (git-fixes). - platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes). - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes). - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes). - powercap: call put_device() on an error path in powercap_register_control_type() (stable-fixes). - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes). - powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (git-fixes). - powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH (git-fixes). - ptp: fix breakage after ptp_vclock_in_use() rework (bsc#1246506). - pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes). - pwm: mediatek: Ensure to disable clocks in error path (git-fixes). - regmap: fix potential memory leak of regmap_bus (git-fixes). - regulator: fan53555: add enable_time support and soft-start times (stable-fixes). - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (git-fixes). - regulator: pwm-regulator: Calculate the output voltage for disabled PWMs (stable-fixes). - resource: fix false warning in __request_region() (git-fixes). - restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes). - ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes). - rose: fix dangling neighbour pointers in rose_rt_device_down() (git-fixes). - rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes). - rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337) - rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes). - rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes). - rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes). - rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes). - s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246870). - s390/entry: Fix last breaking event handling in case of stack corruption (git-fixes bsc#1243806). - s390/pci: Do not try re-enabling load/store if device is disabled (git-fixes bsc#1245646). - s390/pci: Fix stale function handles in error handling (git-fixes bsc#1245647). - s390/pkey: Prevent overflow in size calculation for memdup_user() (git-fixes bsc#1245598). - s390: Add z17 elf platform (LTC#214086 bsc#1245540). - samples: mei: Fix building on musl libc (git-fixes). - sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1219338). - sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (git-fixes). - scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (git-fixes). - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Copyright updates for 14.4.0.10 patches (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Modify end-of-life adapters' model descriptions (bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142). - scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Revise logging format for failed CT MIB requests (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Update debugfs trace ring initialization messages (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: megaraid_sas: Fix invalid node index (git-fixes). - scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (git-fixes). - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (git-fixes). - scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes bsc#1245599). - selftests/bpf: Add CFLAGS per source file and runner (git-fixes). - selftests/bpf: Add tests for iter next method returning valid pointer (git-fixes). - selftests/bpf: Change functions definitions to support GCC (git-fixes). - selftests/bpf: Fix a few tests for GCC related warnings (git-fixes). - selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect (git-fixes). - selftests/bpf: Fix prog numbers in test_sockmap (git-fixes). - smb3: move server check earlier when setting channel sequence number (git-fixes). - soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes). - soc: aspeed: lpc-snoop: Cleanup resources in stack-order (git-fixes). - soc: aspeed: lpc-snoop: Do not disable channels that are not enabled (git-fixes). - soc: qcom: QMI encoding/decoding for big endian (git-fixes). - soc: qcom: fix endianness for QMI header (git-fixes). - soc: qcom: pmic_glink: fix OF node leak (git-fixes). - soundwire: amd: fix for clearing command status register (git-fixes). - soundwire: stream: restore params when prepare ports fail (git-fixes). - spi: spi-fsl-dspi: Clear completion counter before initiating transfer (git-fixes). - staging: axis-fifo: remove sysfs interface (git-fixes). - staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes). - staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes). - struct cdns: move new member to the end (git-fixes). - struct ucsi_operations: use padding for new operation (git-fixes). - sunrpc: do not immediately retransmit on seqno miss (git-fixes). - sunrpc: fix client side handling of tls alerts (git-fixes). - tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes). - thunderbolt: Fix bit masking in tb_dp_port_set_hops() (git-fixes). - thunderbolt: Fix copy+paste error in match_service_id() (git-fixes). - thunderbolt: Fix wake on connect at runtime (git-fixes). - tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes). - tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes). - types: Complement the aligned types with signed 64-bit one (stable-fixes). - ucount: fix atomic_long_inc_below() argument type (git-fixes). - ucsi-glink: adapt to kABI consistency (git-fixes). - ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes). - ucsi_operations: add stubs for all operations (git-fixes). - ucsi_ops: adapt update_connector to kABI consistency (git-fixes). - usb: Add checks for snprintf() calls in usb_alloc_dev() (stable-fixes). - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes). - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes). - usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes). - usb: cdnsp: Fix issue with resuming from L1 (git-fixes). - usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (stable-fixes). - usb: cdnsp: do not disable slot for disabled slot (git-fixes). - usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (git-fixes). - usb: common: usb-conn-gpio: use a unique name for usb connector device (stable-fixes). - usb: dwc2: also exit clock_gating when stopping udc while suspended (stable-fixes). - usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes). - usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes). - usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes). - usb: gadget: u_serial: Fix race condition in TTY wakeup (git-fixes). - usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes). - usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes). - usb: hub: Do not try to recover devices lost during warm reset (git-fixes). - usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes). - usb: musb: fix gadget state on disconnect (git-fixes). - usb: musb: omap2430: fix device leak at unbind (git-fixes). - usb: net: sierra: check for no status endpoint (git-fixes). - usb: potential integer overflow in usbg_make_tpg() (stable-fixes). - usb: typec: Update sysfs when setting ops (git-fixes). - usb: typec: altmodes/displayport: do not index invalid pin_assignments (git-fixes). - usb: typec: displayport: Fix potential deadlock (git-fixes). - usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (stable-fixes). - usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set (stable-fixes). - usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes). - usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes). - usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes). - usb: typec: ucsi: Add DATA_RESET option of Connector Reset command (git-fixes). - usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk (git-fixes). - usb: typec: ucsi: Delay alternate mode discovery (git-fixes). - usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes). - usb: typec: ucsi: Fix the partner PD revision (git-fixes). - usb: typec: ucsi: Get PD revision for partner (git-fixes). - usb: typec: ucsi: Set orientation as none when connector is unplugged (git-fixes). - usb: typec: ucsi: Update power_supply on power role change (git-fixes). - usb: typec: ucsi: add callback for connector status updates (git-fixes). - usb: typec: ucsi: add update_connector callback (git-fixes). - usb: typec: ucsi: do not retrieve PDOs if not supported (git-fixes). - usb: typec: ucsi: extract code to read PD caps (git-fixes). - usb: typec: ucsi: fix UCSI on SM8550 & SM8650 Qualcomm devices (git-fixes). - usb: typec: ucsi: glink: fix off-by-one in connector_status (git-fixes). - usb: typec: ucsi: glink: increase max ports for x1e80100 (git-fixes). - usb: typec: ucsi: glink: move GPIO reading into connector_status callback (git-fixes). - usb: typec: ucsi: glink: use typec_set_orientation (git-fixes). - usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error() (git-fixes). - usb: typec: ucsi: properly register partner's PD device (git-fixes). - usb: typec: ucsi: support delaying GET_PDOS for device (git-fixes). - usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes). - usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 / sm8650 (git-fixes). - usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk (git-fixes). - usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk on qcm6490 (git-fixes). - usb: typec: ucsi_glink: rework quirks implementation (git-fixes). - usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (git-fixes). - usb: xhci: quirk for data loss in ISOC transfers (stable-fixes). - usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes). - virtgpu: do not reset on shutdown (git-fixes). - vmci: Prevent the dispatching of uninitialized payloads (git-fixes). - vt: add missing notification when switching back to text mode (stable-fixes). - vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes). - vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes). - watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes). - wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes). - wifi: ath11k: fix source ring-buffer corruption (git-fixes). - wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes). - wifi: ath12k: fix source ring-buffer corruption (git-fixes). - wifi: ath6kl: remove WARN on bad firmware input (stable-fixes). - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes). - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes). - wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes). - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes). - wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes). - wifi: mac80211: Add link iteration macro for link data (stable-fixes). - wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes). - wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes). - wifi: mac80211: Do not schedule stopped TXQs (git-fixes). - wifi: mac80211: chan: chandef is non-NULL for reserved (stable-fixes). - wifi: mac80211: drop invalid source address OCB frames (stable-fixes). - wifi: mac80211: reject TDLS operations when station is not associated (git-fixes). - wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (git-fixes). - wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (git-fixes). - wifi: mt76: mt7925: fix the wrong config for tx interrupt (git-fixes). - wifi: plfxlc: Fix error handling in usb driver probe (git-fixes). - wifi: prevent A-MSDU attacks in mesh networks (stable-fixes). - wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes). - wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes). - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (git-fixes). - x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes). - x86/mce/amd: Add default names for MCA banks and blocks (git-fixes). - x86/mce/amd: Fix threshold limit reset (git-fixes). - x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes). - x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes). - x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes). - x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes). - x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes). - x86: UV RTC: Add parameter to disable RTC clocksource (bsc#1241345). - xfs: fix off-by-one error in fsmap's end_daddr usage (bsc#1235837). - xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes). - xfs: remove unused event xfs_alloc_near_error (git-fixes). - xfs: remove unused event xfs_alloc_near_nominleft (git-fixes). - xfs: remove unused event xfs_attr_node_removename (git-fixes). - xfs: remove unused event xfs_ioctl_clone (git-fixes). - xfs: remove unused event xfs_pagecache_inval (git-fixes). - xfs: remove unused event xlog_iclog_want_sync (git-fixes). - xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes). - xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes). - xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes). - xfs: remove unused xfs_attr events (git-fixes). - xfs: remove unused xfs_reflink_compare_extents events (git-fixes). - xfs: remove usused xfs_end_io_direct events (git-fixes). - xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (git-fixes). - xhci: dbc: Flush queued requests before stopping dbc (git-fixes). - xhci: dbctty: disable ECHO flag by default (git-fixes). The following package changes have been done: - kernel-default-6.4.0-32.1 updated From sle-container-updates at lists.suse.com Tue Aug 26 07:07:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 09:07:38 +0200 (CEST) Subject: SUSE-IU-2025:2381-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250826070738.ACEE6FF2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2381-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.67 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.67 Severity : important Type : security References : 1204142 1219338 1225707 1230216 1233300 1235613 1235837 1236333 1236897 1238896 1239061 1240323 1240885 1240966 1241166 1241345 1242086 1242414 1242837 1242960 1242965 1242993 1243068 1243100 1243479 1243669 1243806 1244309 1244337 1244457 1244735 1244749 1244750 1244792 1244801 1245151 1245201 1245202 1245216 1245260 1245431 1245440 1245457 1245498 1245499 1245504 1245506 1245508 1245510 1245540 1245598 1245599 1245646 1245647 1245649 1245650 1245654 1245658 1245660 1245665 1245666 1245668 1245669 1245670 1245671 1245675 1245676 1245677 1245679 1245682 1245683 1245684 1245688 1245689 1245690 1245691 1245695 1245705 1245708 1245711 1245713 1245714 1245719 1245723 1245729 1245730 1245731 1245735 1245737 1245744 1245745 1245746 1245747 1245748 1245749 1245750 1245751 1245752 1245757 1245758 1245765 1245768 1245769 1245777 1245781 1245789 1245937 1245945 1245951 1245952 1245954 1245957 1245966 1245970 1245976 1245980 1245983 1245986 1246000 1246002 1246006 1246008 1246020 1246023 1246029 1246031 1246037 1246041 1246042 1246044 1246045 1246047 1246049 1246050 1246055 1246073 1246093 1246098 1246109 1246122 1246125 1246171 1246173 1246178 1246182 1246183 1246186 1246195 1246203 1246212 1246220 1246236 1246240 1246243 1246246 1246249 1246250 1246253 1246258 1246262 1246264 1246266 1246268 1246273 1246283 1246287 1246292 1246293 1246295 1246334 1246337 1246342 1246349 1246354 1246358 1246361 1246364 1246370 1246375 1246384 1246386 1246387 1246438 1246453 1246473 1246490 1246506 1246547 1246777 1246781 1246870 1246879 1246911 1247018 1247023 1247028 1247031 1247033 1247035 1247061 1247089 1247091 1247097 1247098 1247101 1247103 1247104 1247113 1247118 1247123 1247125 1247128 1247132 1247138 1247141 1247143 1247145 1247146 1247147 1247149 1247150 1247151 1247153 1247154 1247156 1247160 1247164 1247169 1247170 1247171 1247172 1247174 1247176 1247177 1247178 1247181 1247209 1247210 1247227 1247233 1247236 1247238 1247241 1247251 1247252 1247253 1247255 1247271 1247273 1247274 1247276 1247277 1247278 1247279 1247284 1247285 1247288 1247289 1247293 1247311 1247314 1247317 1247347 1247348 1247349 1247374 1247437 1247450 CVE-2019-11135 CVE-2024-36028 CVE-2024-36348 CVE-2024-36349 CVE-2024-36350 CVE-2024-36357 CVE-2024-44963 CVE-2024-56742 CVE-2024-57947 CVE-2025-21839 CVE-2025-21872 CVE-2025-23163 CVE-2025-37798 CVE-2025-37856 CVE-2025-37864 CVE-2025-37885 CVE-2025-37920 CVE-2025-37984 CVE-2025-38034 CVE-2025-38035 CVE-2025-38051 CVE-2025-38052 CVE-2025-38058 CVE-2025-38061 CVE-2025-38062 CVE-2025-38063 CVE-2025-38064 CVE-2025-38074 CVE-2025-38084 CVE-2025-38085 CVE-2025-38087 CVE-2025-38088 CVE-2025-38089 CVE-2025-38090 CVE-2025-38094 CVE-2025-38095 CVE-2025-38097 CVE-2025-38098 CVE-2025-38099 CVE-2025-38100 CVE-2025-38102 CVE-2025-38105 CVE-2025-38107 CVE-2025-38108 CVE-2025-38109 CVE-2025-38110 CVE-2025-38111 CVE-2025-38112 CVE-2025-38113 CVE-2025-38115 CVE-2025-38117 CVE-2025-38118 CVE-2025-38120 CVE-2025-38122 CVE-2025-38123 CVE-2025-38124 CVE-2025-38126 CVE-2025-38127 CVE-2025-38129 CVE-2025-38131 CVE-2025-38132 CVE-2025-38135 CVE-2025-38136 CVE-2025-38138 CVE-2025-38142 CVE-2025-38143 CVE-2025-38145 CVE-2025-38147 CVE-2025-38148 CVE-2025-38149 CVE-2025-38151 CVE-2025-38153 CVE-2025-38154 CVE-2025-38155 CVE-2025-38157 CVE-2025-38158 CVE-2025-38159 CVE-2025-38161 CVE-2025-38162 CVE-2025-38165 CVE-2025-38166 CVE-2025-38173 CVE-2025-38174 CVE-2025-38177 CVE-2025-38180 CVE-2025-38181 CVE-2025-38182 CVE-2025-38183 CVE-2025-38187 CVE-2025-38188 CVE-2025-38192 CVE-2025-38193 CVE-2025-38194 CVE-2025-38197 CVE-2025-38198 CVE-2025-38200 CVE-2025-38202 CVE-2025-38203 CVE-2025-38204 CVE-2025-38206 CVE-2025-38210 CVE-2025-38211 CVE-2025-38212 CVE-2025-38213 CVE-2025-38214 CVE-2025-38215 CVE-2025-38217 CVE-2025-38220 CVE-2025-38222 CVE-2025-38225 CVE-2025-38226 CVE-2025-38227 CVE-2025-38229 CVE-2025-38231 CVE-2025-38236 CVE-2025-38239 CVE-2025-38244 CVE-2025-38246 CVE-2025-38248 CVE-2025-38249 CVE-2025-38250 CVE-2025-38257 CVE-2025-38259 CVE-2025-38264 CVE-2025-38272 CVE-2025-38273 CVE-2025-38275 CVE-2025-38277 CVE-2025-38279 CVE-2025-38283 CVE-2025-38286 CVE-2025-38289 CVE-2025-38290 CVE-2025-38292 CVE-2025-38293 CVE-2025-38300 CVE-2025-38303 CVE-2025-38304 CVE-2025-38305 CVE-2025-38307 CVE-2025-38310 CVE-2025-38312 CVE-2025-38313 CVE-2025-38319 CVE-2025-38323 CVE-2025-38326 CVE-2025-38328 CVE-2025-38332 CVE-2025-38334 CVE-2025-38335 CVE-2025-38336 CVE-2025-38337 CVE-2025-38338 CVE-2025-38342 CVE-2025-38343 CVE-2025-38344 CVE-2025-38345 CVE-2025-38348 CVE-2025-38349 CVE-2025-38350 CVE-2025-38352 CVE-2025-38354 CVE-2025-38362 CVE-2025-38363 CVE-2025-38364 CVE-2025-38365 CVE-2025-38369 CVE-2025-38371 CVE-2025-38373 CVE-2025-38375 CVE-2025-38376 CVE-2025-38377 CVE-2025-38380 CVE-2025-38382 CVE-2025-38384 CVE-2025-38385 CVE-2025-38386 CVE-2025-38387 CVE-2025-38389 CVE-2025-38391 CVE-2025-38392 CVE-2025-38393 CVE-2025-38395 CVE-2025-38396 CVE-2025-38399 CVE-2025-38400 CVE-2025-38401 CVE-2025-38403 CVE-2025-38404 CVE-2025-38406 CVE-2025-38409 CVE-2025-38410 CVE-2025-38412 CVE-2025-38414 CVE-2025-38415 CVE-2025-38416 CVE-2025-38420 CVE-2025-38424 CVE-2025-38425 CVE-2025-38426 CVE-2025-38428 CVE-2025-38429 CVE-2025-38430 CVE-2025-38436 CVE-2025-38443 CVE-2025-38448 CVE-2025-38449 CVE-2025-38455 CVE-2025-38457 CVE-2025-38460 CVE-2025-38461 CVE-2025-38462 CVE-2025-38463 CVE-2025-38465 CVE-2025-38467 CVE-2025-38468 CVE-2025-38470 CVE-2025-38471 CVE-2025-38473 CVE-2025-38474 CVE-2025-38476 CVE-2025-38477 CVE-2025-38478 CVE-2025-38480 CVE-2025-38481 CVE-2025-38482 CVE-2025-38483 CVE-2025-38485 CVE-2025-38487 CVE-2025-38489 CVE-2025-38494 CVE-2025-38495 CVE-2025-38496 CVE-2025-38497 CVE-2025-38498 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-82 Released: Mon Aug 25 15:33:57 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1204142,1219338,1225707,1230216,1233300,1235613,1235837,1236333,1236897,1238896,1239061,1240323,1240885,1240966,1241166,1241345,1242086,1242414,1242837,1242960,1242965,1242993,1243068,1243100,1243479,1243669,1243806,1244309,1244337,1244457,1244735,1244749,1244750,1244792,1244801,1245151,1245201,1245202,1245216,1245260,1245431,1245440,1245457,1245498,1245499,1245504,1245506,1245508,1245510,1245540,1245598,1245599,1245646,1245647,1245649,1245650,1245654,1245658,1245660,1245665,1245666,1245668,1245669,1245670,1245671,1245675,1245676,1245677,1245679,1245682,1245683,1245684,1245688,1245689,1245690,1245691,1245695,1245705,1245708,1245711,1245713,1245714,1245719,1245723,1245729,1245730,1245731,1245735,1245737,1245744,1245745,1245746,1245747,1245748,1245749,1245750,1245751,1245752,1245757,1245758,1245765,1245768,1245769,1245777,1245781,1245789,1245937,1245945,1245951,1245952,1245954,1245957,1245966,1245970,1245976,1245980,1245983,1245986,1246000,1246002,1246006,1246008,1246020,1 246023,1246029,1246031,1246037,1246041,1246042,1246044,1246045,1246047,1246049,1246050,1246055,1246073,1246093,1246098,1246109,1246122,1246125,1246171,1246173,1246178,1246182,1246183,1246186,1246195,1246203,1246212,1246220,1246236,1246240,1246243,1246246,1246249,1246250,1246253,1246258,1246262,1246264,1246266,1246268,1246273,1246283,1246287,1246292,1246293,1246295,1246334,1246337,1246342,1246349,1246354,1246358,1246361,1246364,1246370,1246375,1246384,1246386,1246387,1246438,1246453,1246473,1246490,1246506,1246547,1246777,1246781,1246870,1246879,1246911,1247018,1247023,1247028,1247031,1247033,1247035,1247061,1247089,1247091,1247097,1247098,1247101,1247103,1247104,1247113,1247118,1247123,1247125,1247128,1247132,1247138,1247141,1247143,1247145,1247146,1247147,1247149,1247150,1247151,1247153,1247154,1247156,1247160,1247164,1247169,1247170,1247171,1247172,1247174,1247176,1247177,1247178,1247181,1247209,1247210,1247227,1247233,1247236,1247238,1247241,1247251,1247252,1247253,1247255,124727 1,1247273,1247274,1247276,1247277,1247278,1247279,1247284,1247285,1247288,1247289,1247293,1247311,1247314,1247317,1247347,1247348,1247349,1247374,1247437,1247450,CVE-2019-11135,CVE-2024-36028,CVE-2024-36348,CVE-2024-36349,CVE-2024-36350,CVE-2024-36357,CVE-2024-44963,CVE-2024-56742,CVE-2024-57947,CVE-2025-21839,CVE-2025-21872,CVE-2025-23163,CVE-2025-37798,CVE-2025-37856,CVE-2025-37864,CVE-2025-37885,CVE-2025-37920,CVE-2025-37984,CVE-2025-38034,CVE-2025-38035,CVE-2025-38051,CVE-2025-38052,CVE-2025-38058,CVE-2025-38061,CVE-2025-38062,CVE-2025-38063,CVE-2025-38064,CVE-2025-38074,CVE-2025-38084,CVE-2025-38085,CVE-2025-38087,CVE-2025-38088,CVE-2025-38089,CVE-2025-38090,CVE-2025-38094,CVE-2025-38095,CVE-2025-38097,CVE-2025-38098,CVE-2025-38099,CVE-2025-38100,CVE-2025-38102,CVE-2025-38105,CVE-2025-38107,CVE-2025-38108,CVE-2025-38109,CVE-2025-38110,CVE-2025-38111,CVE-2025-38112,CVE-2025-38113,CVE-2025-38115,CVE-2025-38117,CVE-2025-38118,CVE-2025-38120,CVE-2025-38122,CVE-2025-38123,CVE-2025-3 8124,CVE-2025-38126,CVE-2025-38127,CVE-2025-38129,CVE-2025-38131,CVE-2025-38132,CVE-2025-38135,CVE-2025-38136,CVE-2025-38138,CVE-2025-38142,CVE-2025-38143,CVE-2025-38145,CVE-2025-38147,CVE-2025-38148,CVE-2025-38149,CVE-2025-38151,CVE-2025-38153,CVE-2025-38154,CVE-2025-38155,CVE-2025-38157,CVE-2025-38158,CVE-2025-38159,CVE-2025-38161,CVE-2025-38162,CVE-2025-38165,CVE-2025-38166,CVE-2025-38173,CVE-2025-38174,CVE-2025-38177,CVE-2025-38180,CVE-2025-38181,CVE-2025-38182,CVE-2025-38183,CVE-2025-38187,CVE-2025-38188,CVE-2025-38192,CVE-2025-38193,CVE-2025-38194,CVE-2025-38197,CVE-2025-38198,CVE-2025-38200,CVE-2025-38202,CVE-2025-38203,CVE-2025-38204,CVE-2025-38206,CVE-2025-38210,CVE-2025-38211,CVE-2025-38212,CVE-2025-38213,CVE-2025-38214,CVE-2025-38215,CVE-2025-38217,CVE-2025-38220,CVE-2025-38222,CVE-2025-38225,CVE-2025-38226,CVE-2025-38227,CVE-2025-38229,CVE-2025-38231,CVE-2025-38236,CVE-2025-38239,CVE-2025-38244,CVE-2025-38246,CVE-2025-38248,CVE-2025-38249,CVE-2025-38250,CVE-2025-38257,CV E-2025-38259,CVE-2025-38264,CVE-2025-38272,CVE-2025-38273,CVE-2025-38275,CVE-2025-38277,CVE-2025-38279,CVE-2025-38283,CVE-2025-38286,CVE-2025-38289,CVE-2025-38290,CVE-2025-38292,CVE-2025-38293,CVE-2025-38300,CVE-2025-38303,CVE-2025-38304,CVE-2025-38305,CVE-2025-38307,CVE-2025-38310,CVE-2025-38312,CVE-2025-38313,CVE-2025-38319,CVE-2025-38323,CVE-2025-38326,CVE-2025-38328,CVE-2025-38332,CVE-2025-38334,CVE-2025-38335,CVE-2025-38336,CVE-2025-38337,CVE-2025-38338,CVE-2025-38342,CVE-2025-38343,CVE-2025-38344,CVE-2025-38345,CVE-2025-38348,CVE-2025-38349,CVE-2025-38350,CVE-2025-38352,CVE-2025-38354,CVE-2025-38362,CVE-2025-38363,CVE-2025-38364,CVE-2025-38365,CVE-2025-38369,CVE-2025-38371,CVE-2025-38373,CVE-2025-38375,CVE-2025-38376,CVE-2025-38377,CVE-2025-38380,CVE-2025-38382,CVE-2025-38384,CVE-2025-38385,CVE-2025-38386,CVE-2025-38387,CVE-2025-38389,CVE-2025-38391,CVE-2025-38392,CVE-2025-38393,CVE-2025-38395,CVE-2025-38396,CVE-2025-38399,CVE-2025-38400,CVE-2025-38401,CVE-2025-38403,CVE-2025- 38404,CVE-2025-38406,CVE-2025-38409,CVE-2025-38410,CVE-2025-38412,CVE-2025-38414,CVE-2025-38415,CVE-2025-38416,CVE-2025-38420,CVE-2025-38424,CVE-2025-38425,CVE-2025-38426,CVE-2025-38428,CVE-2025-38429,CVE-2025-38430,CVE-2025-38436,CVE-2025-38443,CVE-2025-38448,CVE-2025-38449,CVE-2025-38455,CVE-2025-38457,CVE-2025-38460,CVE-2025-38461,CVE-2025-38462,CVE-2025-38463,CVE-2025-38465,CVE-2025-38467,CVE-2025-38468,CVE-2025-38470,CVE-2025-38471,CVE-2025-38473,CVE-2025-38474,CVE-2025-38476,CVE-2025-38477,CVE-2025-38478,CVE-2025-38480,CVE-2025-38481,CVE-2025-38482,CVE-2025-38483,CVE-2025-38485,CVE-2025-38487,CVE-2025-38489,CVE-2025-38494,CVE-2025-38495,CVE-2025-38496,CVE-2025-38497,CVE-2025-38498 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2019-11135: TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may - CVE-2024-36028: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (bsc#1225707). - CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357: x86/process: Move the buffer clearing before MONITOR (bsc#1238896). - CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (bsc#1230216). - CVE-2024-56742: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (bsc#1235613). - CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061). - CVE-2025-21872: efi/mokvar-table: Avoid repeated map/unmap of the same page (bsc#1240323). - CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837). - CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068). - CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479). - CVE-2025-37984: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (bsc#1243669). - CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792). - CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801). - CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750). - CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151). - CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440). - CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216). - CVE-2025-38063: dm: fix unconditional IO throttle caused by REQ_PREFLUSH (bsc#1245202). - CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201). - CVE-2025-38074: vhost-scsi: protect vq->log_used with vq->mutex (bsc#1244735). - CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649). - CVE-2025-38097: kabi: restore encap_sk in struct xfrm_state (bsc#1245660). - CVE-2025-38098: drm/amd/display: Do not treat wb connector as physical in (bsc#1245654). - CVE-2025-38099: Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers (bsc#1245671). - CVE-2025-38100: x86/iopl: Cure TIF_IO_BITMAP inconsistencies (bsc#1245650). - CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682). - CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689). - CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695). - CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708). - CVE-2025-38131: coresight: prevent deactivate active config while enabling the config (bsc#1245677). - CVE-2025-38132: coresight: holding cscfg_csdev_lock while removing cscfg from csdev (bsc#1245679). - CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768). - CVE-2025-38158: hisi_acc_vfio_pci: fix XQE dma address error (bsc#1245750). - CVE-2025-38162: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (bsc#1245752). - CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937). - CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() (bsc#1246006). - CVE-2025-38187: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951). - CVE-2025-38188: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (bsc#1246098). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38202: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (bsc#1245980). - CVE-2025-38203: jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044). - CVE-2025-38204: jfs: fix array-index-out-of-bounds read in add_missing_indices (bsc#1245983). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073). - CVE-2025-38210: configfs-tsm-report: Fix NULL dereference of tsm_ops (bsc#1246020). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966). - CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976). - CVE-2025-38236: af_unix: Disable MSG_OOB for unprivileged users (bsc#1246093). - CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index (bsc#1246178). - CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183). - CVE-2025-38248: bridge: mcast: Fix use-after-free during router port configuration (bsc#1246173). - CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182). - CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387). - CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268). - CVE-2025-38279: selftests/bpf: Add tests with stack ptr register in conditional jmp (bsc#1246264). - CVE-2025-38283: hisi_acc_vfio_pci: bugfix live migration function without VF device driver (bsc#1246273). - CVE-2025-38303: Bluetooth: eir: Fix possible crashes on eir_create_adv_data (bsc#1246354). - CVE-2025-38310: seg6: Fix validation of nexthop addresses (bsc#1246361). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38334: x86/sgx: Prevent attempts to reclaim poisoned pages (bsc#1246384). - CVE-2025-38335: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (bsc#1246250). - CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253). - CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911). - CVE-2025-38364: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() (bsc#1247091). - CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023). - CVE-2025-38371: drm/v3d: Disable interrupts before resetting the GPU (bsc#1247178). - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177). - CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031). - CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169). - CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156). - CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097). - CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141). - CVE-2025-38414: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (bsc#1247145). - CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252). - CVE-2025-38429: bus: mhi: ep: Update read pointer only after buffer is written (bsc#1247253). - CVE-2025-38455: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (bsc#1247101). - CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098). - CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143). - CVE-2025-38461: vsock: Fix transport_* TOCTOU (bsc#1247103). - CVE-2025-38462: vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1247104). - CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113). - CVE-2025-38465: netlink: make sure we allow at least one dump skb (bsc#1247118). - CVE-2025-38470: kABI fix for net: vlan: fix VLAN 0 refcount imbalance of toggling (bsc#1247288). - CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247450). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). - CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374). The following non-security bugs were fixed: - ACPI: LPSS: Remove AudioDSP related ID (git-fixes). - ACPI: PRM: Reduce unnecessary printing to avoid user confusion (bsc#1246122). - ACPI: processor: perflib: Fix initial _PPC limit application (git-fixes). - ACPICA: Refuse to evaluate a method if arguments are missing (stable-fixes). - ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes). - ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes). - ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (stable-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes). - ALSA: hda/tegra: Add Tegra264 support (stable-fixes). - ALSA: hda: Add missing NVIDIA HDA codec IDs (stable-fixes). - ALSA: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes). - ALSA: hda: Ignore unsol events for cards being shut down (stable-fixes). - ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes). - ALSA: sb: Do not allow changing the DMA mode during operations (stable-fixes). - ALSA: sb: Force to disable DMAs once when DMA mode is changed (stable-fixes). - ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 (stable-fixes). - ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (stable-fixes). - ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (stable-fixes). - ASoC: amd: yc: update quirk data for HP Victus (stable-fixes). - ASoC: codec: wcd9335: Convert to GPIO descriptors (stable-fixes). - ASoC: codecs: wcd9335: Fix missing free of regulator supplies (git-fixes). - ASoC: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() (stable-fixes). - ASoC: cs35l56: probe() should fail if the device ID is not recognized (git-fixes). - ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode (git-fixes). - ASoC: fsl_xcvr: get channel status data when PHY is not exists (git-fixes). - ASoC: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes). - ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes). - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (git-fixes). - Bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes). - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (git-fixes). - Bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT (git-fixes). - Bluetooth: MGMT: mesh_send: check instances prior disabling advertising (git-fixes). - Bluetooth: MGMT: set_mesh: update LE scan interval and window (git-fixes). - Bluetooth: Prevent unintended pause by checking if advertising is active (git-fixes). - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (git-fixes). - Bluetooth: SMP: If an unallowed command is received consider it a failure (git-fixes). - Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (git-fixes). - Bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes). - Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (git-fixes). - Bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes). - Bluetooth: hci_sync: Attempt to dequeue connection attempt (git-fixes). - Bluetooth: hci_sync: Fix UAF on create_le_conn_complete (git-fixes). - Bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL (git-fixes). - Bluetooth: hci_sync: Fix not disabling advertising instance (git-fixes). - Bluetooth: hci_sync: fix connectable extended advertising when using static random address (git-fixes). - Bluetooth: hci_sync: revert some mesh modifications (git-fixes). - Docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes). - Documentation: ACPI: Fix parent device references (git-fixes). - Documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes). - Fix dma_unmap_sg() nents value (git-fixes) - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes). - HID: core: do not bypass hid_hw_raw_request (stable-fixes). - HID: core: ensure __hid_request reserves the report ID as the first byte (git-fixes). - HID: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes). - HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (stable-fixes). - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (stable-fixes). - IB/mlx5: Fix potential deadlock in MR deregistration (git-fixes) - Input: iqs7222 - explicitly define number of external channels (git-fixes). - Input: xpad - adjust error handling for disconnect (git-fixes). - Input: xpad - set correct controller type for Acer NGR200 (git-fixes). - Input: xpad - support Acer NGR 200 Controller (stable-fixes). - Logitech C-270 even more broken (stable-fixes). - Move upstreamed SCSI and ACPI patches into sorted section - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes). - NFS: Fix the setting of capabilities when automounting a new filesystem (git-fixes). - NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes). - NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes). - NFSD: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes). - NFSv4.2: another fix for listxattr (git-fixes). - NFSv4.2: fix listxattr to return selinux security label (git-fixes). - NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes). - NFSv4: Always set NLINK even if the server does not support it (git-fixes). - NFSv4: xattr handlers should check for absent nfs filehandles (git-fixes). - PCI/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457). - PCI: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes). - PCI: endpoint: Fix configfs group list head handling (git-fixes). - PCI: endpoint: Fix configfs group removal on driver teardown (git-fixes). - PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes). - PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes). - PCI: hv: Allow dynamic MSI-X vector allocation (bsc#1245457). - PCI: rockchip-host: Fix 'Unexpected Completion' log message (git-fixes). - PM / devfreq: Check governor before using governor->name (git-fixes). - RDMA/core: Rate limit GID cache warning messages (git-fixes) - RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes) - RDMA/hns: Drop GFP_NOWARN (git-fixes) - RDMA/hns: Fix -Wframe-larger-than issue (git-fixes) - RDMA/hns: Fix HW configurations not cleared in error flow (git-fixes) - RDMA/hns: Fix accessing uninitialized resources (git-fixes) - RDMA/hns: Fix double destruction of rsv_qp (git-fixes) - RDMA/hns: Get message length of ack_req from FW (git-fixes) - RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes) - RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes) - RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - RDMA/mlx5: Fix CC counters query for MPV (git-fixes) - RDMA/mlx5: Fix HW counters query for non-representor devices (git-fixes) - RDMA/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes) - RDMA/mlx5: Fix vport loopback for MPV device (git-fixes) - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (git-fixes) - RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes) - RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes) - RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes) - RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes) - RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes) - RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - Reapply 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes). - Revert 'ACPI: battery: negate current when discharging' (stable-fixes). - Revert 'cgroup_freezer: cgroup_freezing: Check if not frozen' (bsc#1219338). - Revert 'drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1' (stable-fixes). - Revert 'mmc: sdhci: Disable SD card clock before changing parameters' (git-fixes). - Revert 'usb: xhci: Implement xhci_handshake_check_state() helper' (git-fixes). - Revert 'vgacon: Add check for vc_origin address range in vgacon_scroll()' (stable-fixes). - SMB3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion (git-fixes). - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes). - USB: serial: option: add Foxconn T99W640 (stable-fixes). - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes). - [SMB3] send channel sequence number in SMB3 requests after reconnects (git-fixes). - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (git-fixes). - af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093). - amd/amdkfd: fix a kfd_process ref leak (stable-fixes). - aoe: clean device rq_list in aoedev_downdev() (git-fixes). - apple-mfi-fastcharge: protect first device name (git-fixes). - ata: pata_cs5536: fix build on 32-bit UML (stable-fixes). - audit,module: restore audit logging in load failure case (git-fixes). - bpf, sockmap: Fix sk_msg_reset_curr (git-fixes). - bpf/lpm_trie: Inline longest_prefix_match for fastpath (git-fixes). - bpf/selftests: Check errno when percpu map value size exceeds (git-fixes). - bpf: Add a possibly-zero-sized read test (git-fixes). - bpf: Avoid __hidden__ attribute in static object (git-fixes). - bpf: Check percpu map value size first (git-fixes). - bpf: Disable some `attribute ignored' warnings in GCC (git-fixes). - bpf: Fix memory leak in bpf_core_apply (git-fixes). - bpf: Fix potential integer overflow in resolve_btfids (git-fixes). - bpf: Harden __bpf_kfunc tag against linker kfunc removal (git-fixes). - bpf: Make the pointer returned by iter next method valid (git-fixes). - bpf: Simplify checking size of helper accesses (git-fixes). - bpf: fix order of args in call to bpf_map_kvcalloc (git-fixes). - bpf: sockmap, updating the sg structure should also update curr (git-fixes). - bpftool: Fix missing pids during link show (git-fixes). - bpftool: Fix undefined behavior caused by shifting into the sign bit (git-fixes). - bpftool: Mount bpffs on provided dir instead of parent dir (git-fixes). - bpftool: Remove unnecessary source files from bootstrap version (git-fixes). - bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer (git-fixes). - btrfs: do not ignore inode missing when replaying log tree (git-fixes). - btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes). - btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes). - btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068) - btrfs: fix assertion when building free space tree (git-fixes). - btrfs: fix inode lookup error handling during log replay (git-fixes). - btrfs: fix invalid inode pointer dereferences during log replay (git-fixes). - btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes). - btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes). - btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes). - btrfs: fix ssd_spread overallocation (git-fixes). - btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068) - btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes). - btrfs: rename err to ret in btrfs_rmdir() (git-fixes). - btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes). - btrfs: return a btrfs_inode from read_one_inode() (git-fixes). - btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes). - btrfs: update superblock's device bytes_used when dropping chunk (git-fixes). - btrfs: use NOFS context when getting inodes during logging and log replay (git-fixes). - btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes). - bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes). - bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes). - can: dev: can_restart(): move debug message and stats after successful restart (stable-fixes). - can: dev: can_restart(): reverse logic to remove need for goto (stable-fixes). - can: kvaser_pciefd: Store device channel index (git-fixes). - can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes). - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (git-fixes). - can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes). - can: peak_usb: fix USB FD devices potential malfunction (git-fixes). - cdc-acm: fix race between initial clearing halt and open (git-fixes). - cgroup,freezer: fix incomplete freezing when attaching tasks (bsc#1245789). - cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks (bsc#1241166). - cifs: reconnect helper should set reconnect for the right channel (git-fixes). - clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes). - clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes). - clk: sunxi-ng: v3s: Fix de clock definition (git-fixes). - clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes). - clocksource: Scale the watchdog read retries automatically (bsc#1241345 bsc#1244457). - clocksource: Set cs_watchdog_read() checks based on .uncertainty_margin (bsc#1241345 bsc#1244457). - comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (git-fixes). - comedi: Fix initialization of data for instructions that write to subdevice (git-fixes). - comedi: Fix some signed shift left operations (git-fixes). - comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (git-fixes). - comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes). - comedi: das16m1: Fix bit shift out of bounds (git-fixes). - comedi: das6402: Fix bit shift out of bounds (git-fixes). - comedi: pcl812: Fix bit shift out of bounds (git-fixes). - compiler_types.h: Define __retain for __attribute__((__retain__)) (git-fixes). - config: enable RBD (jsc#PED-13238) - crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes). - crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes). - crypto: ccp - Fix locking on alloc failure handling (git-fixes). - crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes). - crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes). - crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes). - crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes). - crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes). - crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes). - crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes). - crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes). - crypto: qat - fix state restore for banks with exceptions (git-fixes). - crypto: qat - flush misc workqueue during device shutdown (git-fixes). - crypto: qat - use unmanaged allocation for dc_data (git-fixes). - crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes). - dm-bufio: fix sched in atomic context (git-fixes). - dm-flakey: error all IOs when num_features is absent (git-fixes). - dm-flakey: make corrupting read bios work (git-fixes). - dm-mirror: fix a tiny race condition (git-fixes). - dm-raid: fix variable in journal device check (git-fixes). - dm-verity: fix a memory leak if some arguments are specified multiple times (git-fixes). - dm: do not change md if dm_table_set_restrictions() fails (git-fixes). - dm: free table mempools if not used in __bind (git-fixes). - dm: restrict dm device size to 2^63-512 bytes (git-fixes). - dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (stable-fixes). - dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes). - dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (stable-fixes). - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes). - dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes). - dmaengine: nbpfaxi: Fix memory corruption in probe() (git-fixes). - dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes). - dmaengine: xilinx_dma: Set dma_device directions (stable-fixes). - drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes). - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes). - drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (git-fixes). - drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram (stable-fixes). - drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes). - drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed (git-fixes). - drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type (git-fixes). - drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes). - drm/bridge: ti-sn65dsi86: make use of debugfs_init callback (stable-fixes). - drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (git-fixes). - drm/exynos: fimd: Guard display clock control with runtime PM calls (git-fixes). - drm/framebuffer: Acquire internal references on GEM handles (git-fixes). - drm/gem: Acquire references on GEM handles for framebuffers (stable-fixes). - drm/gem: Fix race in drm_gem_handle_create_tail() (stable-fixes). - drm/i915/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/i915/gt: Fix timeline left held on VMA alloc error (git-fixes). - drm/i915/selftests: Change mock_request() to return error pointers (git-fixes). - drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes). - drm/msm: Fix a fence leak in submit error path (stable-fixes). - drm/msm: Fix another leak in the submit error path (stable-fixes). - drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes). - drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes). - drm/sched: Increment job count before swapping tail spsc queue (git-fixes). - drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes). - drm/scheduler: signal scheduled fence when kill job (stable-fixes). - drm/tegra: nvdec: Fix dma_alloc_coherent error check (git-fixes). - drm/ttm: fix error handling in ttm_buffer_object_transfer (git-fixes). - drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes). - exfat: fdatasync flag should be same like generic_write_sync() (git-fixes). - fbcon: Fix outdated registered_fb reference in comment (git-fixes). - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes). - firewire: ohci: correct code comments about bus_reset tasklet (git-fixes). - fs/jfs: consolidate sanity checking in dbMount (git-fixes). - fs/orangefs: Allow 2 more characters in do_c_string() (git-fixes). - gpio: mlxbf2: use platform_get_irq_optional() (git-fixes). - gpio: pca953x: log an error when failing to get the reset GPIO (git-fixes). - gpio: sim: include a missing header (git-fixes). - gpio: vf610: add locking to gpio direction functions (git-fixes). - gpio: virtio: Fix config space reading (git-fixes). - gpiolib: Fix debug messaging in gpiod_find_and_request() (git-fixes). - gpiolib: Handle no pin_ranges in gpiochip_generic_config() (git-fixes). - gpiolib: acpi: Do not use GPIO chip fwnode in acpi_gpiochip_find() (bsc#1233300). - gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match (bsc#1233300). - gpiolib: cdev: Ignore reconfiguration without direction (git-fixes). - gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes). - hfs: make splice write available again (git-fixes). - hfsplus: make splice write available again (git-fixes). - hfsplus: remove mutex_lock check in hfsplus_free_extents (git-fixes). - hv_netvsc: Use VF's tso_max_size value when data path is VF (bsc#1246203). - hwmon: (corsair-cpro) Validate the size of the received input buffer (git-fixes). - hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes). - hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes). - hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes). - i2c/designware: Fix an initialization issue (git-fixes). - i2c: qup: jump out of the loop in case of timeout (git-fixes). - i2c: stm32: fix the device used for the DMA map (git-fixes). - i2c: tegra: Fix reset error handling with ACPI (git-fixes). - i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes). - i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes). - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (git-fixes). - iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes). - iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos (stable-fixes). - iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes). - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes). - iio: adc: max1363: Reorder mode_list[] entries (stable-fixes). - iio: adc: stm32-adc: Fix race in installing chained IRQ handler (git-fixes). - iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes). - iio: pressure: zpa2326: Use aligned_s64 for the timestamp (stable-fixes). - iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes). - iommu/amd: Set the pgsize_bitmap correctly (git-fixes). - iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes). - iommu/vt-d: Fix possible circular locking dependency (git-fixes). - iommu/vt-d: Fix system hang on reboot -f (git-fixes). - ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes). - ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (git-fixes). - ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes). - ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes). - iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes). - jfs: fix metapage reference count leak in dbAllocCtl (git-fixes). - kABI workaround for struct drm_framebuffer changes (git-fixes). - kABI: Fix the module::name type in audit_context (git-fixes). - kasan: remove kasan_find_vm_area() to prevent possible deadlock (git-fixes). - kernel-syms.spec: Drop old rpm release number hack (bsc#1247172). - leds: multicolor: Fix intensity setting while SW blinking (stable-fixes). - lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1236897). - lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897). - maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes). - md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes). - media: gspca: Add bounds checking to firmware parser (git-fixes). - media: hi556: correct the test pattern configuration (git-fixes). - media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes). - media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes). - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes). - media: usbtv: Lock resolution while streaming (git-fixes). - media: uvcvideo: Do not mark valid metadata as invalid (git-fixes). - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes). - media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes). - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes). - media: venus: Add a check for packet size after reading from shared memory (git-fixes). - media: venus: hfi: explicitly release IRQ during teardown (git-fixes). - media: venus: protect against spurious interrupts during probe (git-fixes). - media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: vivid: fix wrong pixel_array control size (git-fixes). - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (git-fixes). - mfd: max14577: Fix wakeup source leaks on device unbind (stable-fixes). - misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes). - mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes). - mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (git-fixes). - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (git-fixes). - mmc: sdhci: Add a helper function for dump register in dynamic debug mode (stable-fixes). - mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes). - module: Fix memory deallocation on error path in move_module() (git-fixes). - module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes). - module: Restore the moduleparam prefix length check (git-fixes). - mtd: fix possible integer overflow in erase_xfer() (git-fixes). - mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes). - mtd: rawnand: atmel: set pmecc data setup time (git-fixes). - mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes). - mtd: rawnand: renesas: Add missing check after DMA map (git-fixes). - mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes). - mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes). - mtd: spinand: fix memory leak of ECC engine conf (stable-fixes). - mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes). - mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (git-fixes). - mtk-sd: Prevent memory corruption from DMA map failure (git-fixes). - mtk-sd: reset host->mrq on prepare_data() error (git-fixes). - mwl8k: Add missing check after DMA map (git-fixes). - nbd: fix uaf in nbd_genl_connect() error path (git-fixes). - net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes). - net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes). - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (git-fixes). - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes). - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes). - net/sched: sch_qfq: Fix race condition on qfq_aggregate (git-fixes). - net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes). - net: mana: Add debug logs in MANA network driver (bsc#1246212). - net: mana: Add handler for hardware servicing events (bsc#1245730). - net: mana: Allocate MSI-X vectors dynamically (bsc#1245457). - net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457). - net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (bsc#1246203). - net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729). - net: mana: Set tx_packets to post gso processing packet count (bsc#1245731). - net: mana: explain irq_setup() algorithm (bsc#1245457). - net: phy: Do not register LEDs for genphy (git-fixes). - net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes). - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (git-fixes). - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (git-fixes). - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (git-fixes). - net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (git-fixes). - net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes). - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes). - net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes). - netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes). - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (git-fixes). - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes). - nilfs2: reject invalid file types when reading inodes (git-fixes). - nvme-pci: refresh visible attrs after being checked (git-fixes). - nvme: Fix incorrect cdw15 value in passthru error logging (git-fixes). - nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes). - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes). - nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes). - nvmet-tcp: fix callback lock for TLS handshake (git-fixes). - objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (git-fixes). - objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks (git-fixes). - objtool: Fix _THIS_IP_ detection for cold functions (git-fixes). - objtool: Fix error handling inconsistencies in check() (git-fixes). - objtool: Ignore dangling jump table entries (git-fixes). - objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes). - objtool: Properly disable uaccess validation (git-fixes). - objtool: Silence more KCOV warnings (git-fixes). - objtool: Silence more KCOV warnings, part 2 (git-fixes). - objtool: Stop UNRET validation on UD2 (git-fixes). - pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes). - pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes). - perf: Fix sample vs do_exit() (bsc#1246547). - phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (git-fixes). - pinctrl: amd: Clear GPIO debounce for suspend (git-fixes). - pinctrl: qcom: msm: mark certain pins as invalid for interrupts (git-fixes). - pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes). - pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes). - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes). - platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (git-fixes). - platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (git-fixes). - platform/mellanox: mlxreg-lc: Fix logic error in power state check (git-fixes). - platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (git-fixes). - platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (stable-fixes). - platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (git-fixes). - platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes). - platform/x86: think-lmi: Create ksets consecutively (stable-fixes). - platform/x86: think-lmi: Fix kobject cleanup (git-fixes). - platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes). - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes). - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes). - powercap: call put_device() on an error path in powercap_register_control_type() (stable-fixes). - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes). - powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (git-fixes). - powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH (git-fixes). - ptp: fix breakage after ptp_vclock_in_use() rework (bsc#1246506). - pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes). - pwm: mediatek: Ensure to disable clocks in error path (git-fixes). - regmap: fix potential memory leak of regmap_bus (git-fixes). - regulator: fan53555: add enable_time support and soft-start times (stable-fixes). - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (git-fixes). - regulator: pwm-regulator: Calculate the output voltage for disabled PWMs (stable-fixes). - resource: fix false warning in __request_region() (git-fixes). - restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes). - ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes). - rose: fix dangling neighbour pointers in rose_rt_device_down() (git-fixes). - rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes). - rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337) - rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes). - rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes). - rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes). - rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes). - s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246870). - s390/entry: Fix last breaking event handling in case of stack corruption (git-fixes bsc#1243806). - s390/pci: Do not try re-enabling load/store if device is disabled (git-fixes bsc#1245646). - s390/pci: Fix stale function handles in error handling (git-fixes bsc#1245647). - s390/pkey: Prevent overflow in size calculation for memdup_user() (git-fixes bsc#1245598). - s390: Add z17 elf platform (LTC#214086 bsc#1245540). - samples: mei: Fix building on musl libc (git-fixes). - sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1219338). - sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (git-fixes). - scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (git-fixes). - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Copyright updates for 14.4.0.10 patches (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Modify end-of-life adapters' model descriptions (bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142). - scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Revise logging format for failed CT MIB requests (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Update debugfs trace ring initialization messages (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: megaraid_sas: Fix invalid node index (git-fixes). - scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (git-fixes). - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (git-fixes). - scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes bsc#1245599). - selftests/bpf: Add CFLAGS per source file and runner (git-fixes). - selftests/bpf: Add tests for iter next method returning valid pointer (git-fixes). - selftests/bpf: Change functions definitions to support GCC (git-fixes). - selftests/bpf: Fix a few tests for GCC related warnings (git-fixes). - selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect (git-fixes). - selftests/bpf: Fix prog numbers in test_sockmap (git-fixes). - smb3: move server check earlier when setting channel sequence number (git-fixes). - soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes). - soc: aspeed: lpc-snoop: Cleanup resources in stack-order (git-fixes). - soc: aspeed: lpc-snoop: Do not disable channels that are not enabled (git-fixes). - soc: qcom: QMI encoding/decoding for big endian (git-fixes). - soc: qcom: fix endianness for QMI header (git-fixes). - soc: qcom: pmic_glink: fix OF node leak (git-fixes). - soundwire: amd: fix for clearing command status register (git-fixes). - soundwire: stream: restore params when prepare ports fail (git-fixes). - spi: spi-fsl-dspi: Clear completion counter before initiating transfer (git-fixes). - staging: axis-fifo: remove sysfs interface (git-fixes). - staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes). - staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes). - struct cdns: move new member to the end (git-fixes). - struct ucsi_operations: use padding for new operation (git-fixes). - sunrpc: do not immediately retransmit on seqno miss (git-fixes). - sunrpc: fix client side handling of tls alerts (git-fixes). - tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes). - thunderbolt: Fix bit masking in tb_dp_port_set_hops() (git-fixes). - thunderbolt: Fix copy+paste error in match_service_id() (git-fixes). - thunderbolt: Fix wake on connect at runtime (git-fixes). - tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes). - tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes). - types: Complement the aligned types with signed 64-bit one (stable-fixes). - ucount: fix atomic_long_inc_below() argument type (git-fixes). - ucsi-glink: adapt to kABI consistency (git-fixes). - ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes). - ucsi_operations: add stubs for all operations (git-fixes). - ucsi_ops: adapt update_connector to kABI consistency (git-fixes). - usb: Add checks for snprintf() calls in usb_alloc_dev() (stable-fixes). - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes). - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes). - usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes). - usb: cdnsp: Fix issue with resuming from L1 (git-fixes). - usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (stable-fixes). - usb: cdnsp: do not disable slot for disabled slot (git-fixes). - usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (git-fixes). - usb: common: usb-conn-gpio: use a unique name for usb connector device (stable-fixes). - usb: dwc2: also exit clock_gating when stopping udc while suspended (stable-fixes). - usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes). - usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes). - usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes). - usb: gadget: u_serial: Fix race condition in TTY wakeup (git-fixes). - usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes). - usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes). - usb: hub: Do not try to recover devices lost during warm reset (git-fixes). - usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes). - usb: musb: fix gadget state on disconnect (git-fixes). - usb: musb: omap2430: fix device leak at unbind (git-fixes). - usb: net: sierra: check for no status endpoint (git-fixes). - usb: potential integer overflow in usbg_make_tpg() (stable-fixes). - usb: typec: Update sysfs when setting ops (git-fixes). - usb: typec: altmodes/displayport: do not index invalid pin_assignments (git-fixes). - usb: typec: displayport: Fix potential deadlock (git-fixes). - usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (stable-fixes). - usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set (stable-fixes). - usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes). - usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes). - usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes). - usb: typec: ucsi: Add DATA_RESET option of Connector Reset command (git-fixes). - usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk (git-fixes). - usb: typec: ucsi: Delay alternate mode discovery (git-fixes). - usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes). - usb: typec: ucsi: Fix the partner PD revision (git-fixes). - usb: typec: ucsi: Get PD revision for partner (git-fixes). - usb: typec: ucsi: Set orientation as none when connector is unplugged (git-fixes). - usb: typec: ucsi: Update power_supply on power role change (git-fixes). - usb: typec: ucsi: add callback for connector status updates (git-fixes). - usb: typec: ucsi: add update_connector callback (git-fixes). - usb: typec: ucsi: do not retrieve PDOs if not supported (git-fixes). - usb: typec: ucsi: extract code to read PD caps (git-fixes). - usb: typec: ucsi: fix UCSI on SM8550 & SM8650 Qualcomm devices (git-fixes). - usb: typec: ucsi: glink: fix off-by-one in connector_status (git-fixes). - usb: typec: ucsi: glink: increase max ports for x1e80100 (git-fixes). - usb: typec: ucsi: glink: move GPIO reading into connector_status callback (git-fixes). - usb: typec: ucsi: glink: use typec_set_orientation (git-fixes). - usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error() (git-fixes). - usb: typec: ucsi: properly register partner's PD device (git-fixes). - usb: typec: ucsi: support delaying GET_PDOS for device (git-fixes). - usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes). - usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 / sm8650 (git-fixes). - usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk (git-fixes). - usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk on qcm6490 (git-fixes). - usb: typec: ucsi_glink: rework quirks implementation (git-fixes). - usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (git-fixes). - usb: xhci: quirk for data loss in ISOC transfers (stable-fixes). - usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes). - virtgpu: do not reset on shutdown (git-fixes). - vmci: Prevent the dispatching of uninitialized payloads (git-fixes). - vt: add missing notification when switching back to text mode (stable-fixes). - vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes). - vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes). - watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes). - wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes). - wifi: ath11k: fix source ring-buffer corruption (git-fixes). - wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes). - wifi: ath12k: fix source ring-buffer corruption (git-fixes). - wifi: ath6kl: remove WARN on bad firmware input (stable-fixes). - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes). - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes). - wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes). - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes). - wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes). - wifi: mac80211: Add link iteration macro for link data (stable-fixes). - wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes). - wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes). - wifi: mac80211: Do not schedule stopped TXQs (git-fixes). - wifi: mac80211: chan: chandef is non-NULL for reserved (stable-fixes). - wifi: mac80211: drop invalid source address OCB frames (stable-fixes). - wifi: mac80211: reject TDLS operations when station is not associated (git-fixes). - wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (git-fixes). - wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (git-fixes). - wifi: mt76: mt7925: fix the wrong config for tx interrupt (git-fixes). - wifi: plfxlc: Fix error handling in usb driver probe (git-fixes). - wifi: prevent A-MSDU attacks in mesh networks (stable-fixes). - wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes). - wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes). - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (git-fixes). - x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes). - x86/mce/amd: Add default names for MCA banks and blocks (git-fixes). - x86/mce/amd: Fix threshold limit reset (git-fixes). - x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes). - x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes). - x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes). - x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes). - x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes). - x86: UV RTC: Add parameter to disable RTC clocksource (bsc#1241345). - xfs: fix off-by-one error in fsmap's end_daddr usage (bsc#1235837). - xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes). - xfs: remove unused event xfs_alloc_near_error (git-fixes). - xfs: remove unused event xfs_alloc_near_nominleft (git-fixes). - xfs: remove unused event xfs_attr_node_removename (git-fixes). - xfs: remove unused event xfs_ioctl_clone (git-fixes). - xfs: remove unused event xfs_pagecache_inval (git-fixes). - xfs: remove unused event xlog_iclog_want_sync (git-fixes). - xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes). - xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes). - xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes). - xfs: remove unused xfs_attr events (git-fixes). - xfs: remove unused xfs_reflink_compare_extents events (git-fixes). - xfs: remove usused xfs_end_io_direct events (git-fixes). - xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (git-fixes). - xhci: dbc: Flush queued requests before stopping dbc (git-fixes). - xhci: dbctty: disable ECHO flag by default (git-fixes). The following package changes have been done: - kernel-default-base-6.4.0-32.1.21.10 updated - container:SL-Micro-base-container-2.1.3-7.44 updated From sle-container-updates at lists.suse.com Wed Aug 20 07:03:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 09:03:15 +0200 (CEST) Subject: SUSE-IU-2025:2332-1: Security update of sles-15-sp6-chost-byos-v20250711-arm64 Message-ID: <20250820070315.9CE19FF2D@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp6-chost-byos-v20250711-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2332-1 Image Tags : sles-15-sp6-chost-byos-v20250711-arm64:20250711 Image Release : Severity : important Type : security References : 1220112 1223096 1226498 1228776 1229491 1230092 1230581 1231016 1232649 1232882 1233192 1234154 1235149 1235968 1236142 1236208 1236931 1237312 1238212 1238473 1238774 1238992 1239012 1239119 1239543 1239602 1239691 1239765 1239817 1239925 1239948 1240132 1240150 1240593 1240866 1240899 1240966 1241112 1241148 1241282 1241305 1241340 1241351 1241376 1241448 1241457 1241463 1241492 1241519 1241525 1241533 1241538 1241576 1241590 1241595 1241596 1241597 1241625 1241627 1241635 1241638 1241644 1241654 1241657 1241667 1241830 1242006 1242012 1242035 1242044 1242114 1242203 1242343 1242414 1242417 1242501 1242502 1242506 1242507 1242509 1242510 1242512 1242513 1242514 1242520 1242523 1242524 1242529 1242530 1242531 1242532 1242559 1242563 1242564 1242565 1242566 1242567 1242568 1242569 1242574 1242575 1242578 1242584 1242585 1242587 1242591 1242709 1242727 1242758 1242760 1242761 1242762 1242763 1242764 1242766 1242770 1242778 1242781 1242782 1242785 1242786 1242792 1242827 1242844 1242852 1242854 1242856 1242859 1242860 1242861 1242866 1242867 1242868 1242871 1242873 1242875 1242906 1242908 1242924 1242930 1242944 1242945 1242948 1242949 1242951 1242953 1242955 1242957 1242959 1242961 1242962 1242973 1242974 1242977 1242990 1242993 1243000 1243006 1243011 1243015 1243044 1243049 1243056 1243074 1243076 1243077 1243082 1243090 1243226 1243226 1243330 1243342 1243456 1243469 1243470 1243471 1243472 1243473 1243476 1243488 1243509 1243511 1243513 1243515 1243516 1243517 1243519 1243522 1243524 1243528 1243529 1243530 1243534 1243536 1243539 1243540 1243541 1243543 1243545 1243547 1243559 1243560 1243562 1243567 1243573 1243574 1243575 1243589 1243621 1243624 1243625 1243626 1243627 1243649 1243657 1243658 1243659 1243660 1243664 1243737 1243805 1243833 1243887 1243901 1243935 1243963 1243997 1244035 1244079 1244105 1244135 1244304 1244503 1244509 1244596 1245274 1245275 1245309 1245310 1245311 1245314 CVE-2023-53146 CVE-2024-28956 CVE-2024-41965 CVE-2024-43869 CVE-2024-45310 CVE-2024-45339 CVE-2024-46713 CVE-2024-50106 CVE-2024-50223 CVE-2024-53135 CVE-2024-54458 CVE-2024-58098 CVE-2024-58099 CVE-2024-58100 CVE-2024-58237 CVE-2025-0495 CVE-2025-21629 CVE-2025-21648 CVE-2025-21702 CVE-2025-21787 CVE-2025-21814 CVE-2025-21919 CVE-2025-22005 CVE-2025-22021 CVE-2025-22030 CVE-2025-22056 CVE-2025-22057 CVE-2025-22063 CVE-2025-22066 CVE-2025-22070 CVE-2025-22089 CVE-2025-22095 CVE-2025-22103 CVE-2025-22119 CVE-2025-22124 CVE-2025-22125 CVE-2025-22126 CVE-2025-22872 CVE-2025-23140 CVE-2025-23141 CVE-2025-23142 CVE-2025-23144 CVE-2025-23146 CVE-2025-23147 CVE-2025-23148 CVE-2025-23149 CVE-2025-23150 CVE-2025-23151 CVE-2025-23156 CVE-2025-23157 CVE-2025-23158 CVE-2025-23159 CVE-2025-23160 CVE-2025-23161 CVE-2025-29768 CVE-2025-30258 CVE-2025-32462 CVE-2025-32463 CVE-2025-37740 CVE-2025-37741 CVE-2025-37742 CVE-2025-37747 CVE-2025-37748 CVE-2025-37749 CVE-2025-37750 CVE-2025-37754 CVE-2025-37755 CVE-2025-37758 CVE-2025-37765 CVE-2025-37766 CVE-2025-37767 CVE-2025-37768 CVE-2025-37769 CVE-2025-37770 CVE-2025-37771 CVE-2025-37772 CVE-2025-37773 CVE-2025-37780 CVE-2025-37781 CVE-2025-37782 CVE-2025-37787 CVE-2025-37788 CVE-2025-37789 CVE-2025-37790 CVE-2025-37792 CVE-2025-37793 CVE-2025-37794 CVE-2025-37796 CVE-2025-37797 CVE-2025-37798 CVE-2025-37803 CVE-2025-37804 CVE-2025-37805 CVE-2025-37809 CVE-2025-37810 CVE-2025-37812 CVE-2025-37815 CVE-2025-37819 CVE-2025-37820 CVE-2025-37823 CVE-2025-37824 CVE-2025-37829 CVE-2025-37830 CVE-2025-37831 CVE-2025-37833 CVE-2025-37836 CVE-2025-37839 CVE-2025-37840 CVE-2025-37841 CVE-2025-37842 CVE-2025-37849 CVE-2025-37850 CVE-2025-37851 CVE-2025-37852 CVE-2025-37853 CVE-2025-37854 CVE-2025-37858 CVE-2025-37867 CVE-2025-37870 CVE-2025-37871 CVE-2025-37873 CVE-2025-37875 CVE-2025-37879 CVE-2025-37881 CVE-2025-37886 CVE-2025-37887 CVE-2025-37889 CVE-2025-37890 CVE-2025-37891 CVE-2025-37892 CVE-2025-37897 CVE-2025-37900 CVE-2025-37901 CVE-2025-37903 CVE-2025-37905 CVE-2025-37911 CVE-2025-37912 CVE-2025-37913 CVE-2025-37914 CVE-2025-37915 CVE-2025-37918 CVE-2025-37925 CVE-2025-37928 CVE-2025-37929 CVE-2025-37930 CVE-2025-37931 CVE-2025-37932 CVE-2025-37937 CVE-2025-37943 CVE-2025-37944 CVE-2025-37948 CVE-2025-37949 CVE-2025-37951 CVE-2025-37953 CVE-2025-37954 CVE-2025-37957 CVE-2025-37958 CVE-2025-37959 CVE-2025-37960 CVE-2025-37963 CVE-2025-37969 CVE-2025-37970 CVE-2025-37972 CVE-2025-37974 CVE-2025-37978 CVE-2025-37979 CVE-2025-37980 CVE-2025-37982 CVE-2025-37983 CVE-2025-37985 CVE-2025-37986 CVE-2025-37989 CVE-2025-37990 CVE-2025-38104 CVE-2025-38152 CVE-2025-38240 CVE-2025-38637 CVE-2025-39735 CVE-2025-40014 CVE-2025-40325 CVE-2025-40909 CVE-2025-4373 CVE-2025-4598 CVE-2025-4877 CVE-2025-4878 CVE-2025-5318 CVE-2025-5372 CVE-2025-6018 CVE-2025-6018 CVE-2025-6020 CVE-2025-6052 ----------------------------------------------------------------- The container sles-15-sp6-chost-byos-v20250711-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2000-1 Released: Wed Jun 18 13:08:14 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1220112,1223096,1226498,1229491,1230581,1231016,1232649,1232882,1233192,1234154,1235149,1235968,1236142,1236208,1237312,1238212,1238473,1238774,1238992,1239691,1239925,1240593,1240866,1240966,1241148,1241282,1241305,1241340,1241351,1241376,1241448,1241457,1241492,1241519,1241525,1241533,1241538,1241576,1241590,1241595,1241596,1241597,1241625,1241627,1241635,1241638,1241644,1241654,1241657,1242006,1242012,1242035,1242044,1242203,1242343,1242414,1242417,1242501,1242502,1242506,1242507,1242509,1242510,1242512,1242513,1242514,1242520,1242523,1242524,1242529,1242530,1242531,1242532,1242559,1242563,1242564,1242565,1242566,1242567,1242568,1242569,1242574,1242575,1242578,1242584,1242585,1242587,1242591,1242709,1242727,1242758,1242760,1242761,1242762,1242763,1242764,1242766,1242770,1242778,1242781,1242782,1242785,1242786,1242792,1242852,1242854,1242856,1242859,1242860,1242861,1242866,1242867,1242868,1242871,1242873,1242875,1242906,1242908,1242924,1242930,1242944,1242945,1242948,1 242949,1242951,1242953,1242955,1242957,1242959,1242961,1242962,1242973,1242974,1242977,1242990,1242993,1243000,1243006,1243011,1243015,1243044,1243049,1243056,1243074,1243076,1243077,1243082,1243090,1243330,1243342,1243456,1243469,1243470,1243471,1243472,1243473,1243476,1243509,1243511,1243513,1243515,1243516,1243517,1243519,1243522,1243524,1243528,1243529,1243530,1243534,1243536,1243539,1243540,1243541,1243543,1243545,1243547,1243559,1243560,1243562,1243567,1243573,1243574,1243575,1243589,1243621,1243624,1243625,1243626,1243627,1243649,1243657,1243658,1243659,1243660,1243664,1243737,1243805,1243963,CVE-2023-53146,CVE-2024-28956,CVE-2024-43869,CVE-2024-46713,CVE-2024-50106,CVE-2024-50223,CVE-2024-53135,CVE-2024-54458,CVE-2024-58098,CVE-2024-58099,CVE-2024-58100,CVE-2024-58237,CVE-2025-21629,CVE-2025-21648,CVE-2025-21702,CVE-2025-21787,CVE-2025-21814,CVE-2025-21919,CVE-2025-22005,CVE-2025-22021,CVE-2025-22030,CVE-2025-22056,CVE-2025-22057,CVE-2025-22063,CVE-2025-22066,CVE-2025-22070, CVE-2025-22089,CVE-2025-22095,CVE-2025-22103,CVE-2025-22119,CVE-2025-22124,CVE-2025-22125,CVE-2025-22126,CVE-2025-23140,CVE-2025-23141,CVE-2025-23142,CVE-2025-23144,CVE-2025-23146,CVE-2025-23147,CVE-2025-23148,CVE-2025-23149,CVE-2025-23150,CVE-2025-23151,CVE-2025-23156,CVE-2025-23157,CVE-2025-23158,CVE-2025-23159,CVE-2025-23160,CVE-2025-23161,CVE-2025-37740,CVE-2025-37741,CVE-2025-37742,CVE-2025-37747,CVE-2025-37748,CVE-2025-37749,CVE-2025-37750,CVE-2025-37754,CVE-2025-37755,CVE-2025-37758,CVE-2025-37765,CVE-2025-37766,CVE-2025-37767,CVE-2025-37768,CVE-2025-37769,CVE-2025-37770,CVE-2025-37771,CVE-2025-37772,CVE-2025-37773,CVE-2025-37780,CVE-2025-37781,CVE-2025-37782,CVE-2025-37787,CVE-2025-37788,CVE-2025-37789,CVE-2025-37790,CVE-2025-37792,CVE-2025-37793,CVE-2025-37794,CVE-2025-37796,CVE-2025-37797,CVE-2025-37798,CVE-2025-37803,CVE-2025-37804,CVE-2025-37805,CVE-2025-37809,CVE-2025-37810,CVE-2025-37812,CVE-2025-37815,CVE-2025-37819,CVE-2025-37820,CVE-2025-37823,CVE-2025-37824,CVE-202 5-37829,CVE-2025-37830,CVE-2025-37831,CVE-2025-37833,CVE-2025-37836,CVE-2025-37839,CVE-2025-37840,CVE-2025-37841,CVE-2025-37842,CVE-2025-37849,CVE-2025-37850,CVE-2025-37851,CVE-2025-37852,CVE-2025-37853,CVE-2025-37854,CVE-2025-37858,CVE-2025-37867,CVE-2025-37870,CVE-2025-37871,CVE-2025-37873,CVE-2025-37875,CVE-2025-37879,CVE-2025-37881,CVE-2025-37886,CVE-2025-37887,CVE-2025-37889,CVE-2025-37890,CVE-2025-37891,CVE-2025-37892,CVE-2025-37897,CVE-2025-37900,CVE-2025-37901,CVE-2025-37903,CVE-2025-37905,CVE-2025-37911,CVE-2025-37912,CVE-2025-37913,CVE-2025-37914,CVE-2025-37915,CVE-2025-37918,CVE-2025-37925,CVE-2025-37928,CVE-2025-37929,CVE-2025-37930,CVE-2025-37931,CVE-2025-37932,CVE-2025-37937,CVE-2025-37943,CVE-2025-37944,CVE-2025-37948,CVE-2025-37949,CVE-2025-37951,CVE-2025-37953,CVE-2025-37954,CVE-2025-37957,CVE-2025-37958,CVE-2025-37959,CVE-2025-37960,CVE-2025-37963,CVE-2025-37969,CVE-2025-37970,CVE-2025-37972,CVE-2025-37974,CVE-2025-37978,CVE-2025-37979,CVE-2025-37980,CVE-2025-37982 ,CVE-2025-37983,CVE-2025-37985,CVE-2025-37986,CVE-2025-37989,CVE-2025-37990,CVE-2025-38104,CVE-2025-38152,CVE-2025-38240,CVE-2025-38637,CVE-2025-39735,CVE-2025-40014,CVE-2025-40325 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006). - CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serialization (bsc#1230581). - CVE-2024-50223: sched/numa: Fix the potential null pointer dereference in (bsc#1233192). - CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154). - CVE-2024-54458: scsi: ufs: bsg: Set bsg_queue to NULL after removal (bsc#1238992). - CVE-2025-21648: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (bsc#1236142). - CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312). - CVE-2025-21787: team: better TEAM_OPTION_TYPE_STRING validation (bsc#1238774). - CVE-2025-21814: ptp: Ensure info->enable callback is always set (bsc#1238473). - CVE-2025-21919: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (bsc#1240593). - CVE-2025-22021: netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1241282). - CVE-2025-22030: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() (bsc#1241376). - CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525). - CVE-2025-22057: net: decrease cached dst counters in dst_release (bsc#1241533). - CVE-2025-22063: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (bsc#1241351). - CVE-2025-22070: fs/9p: fix NULL pointer dereference on mkdir (bsc#1241305). - CVE-2025-22103: net: fix NULL pointer dereference in l3mdev_l3_rcv (bsc#1241448). - CVE-2025-23140: misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (bsc#1242763). - CVE-2025-23150: ext4: fix off-by-one error in do_split (bsc#1242513). - CVE-2025-23160: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization (bsc#1242507). - CVE-2025-37748: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group (bsc#1242523). - CVE-2025-37749: net: ppp: Add bound checking for skb data on ppp_sync_txmung (bsc#1242859). - CVE-2025-37750: smb: client: fix UAF in decryption with multichannel (bsc#1242510). - CVE-2025-37755: net: libwx: handle page_pool_dev_alloc_pages error (bsc#1242506). - CVE-2025-37773: virtiofs: add filesystem context source name check (bsc#1242502). - CVE-2025-37780: isofs: Prevent the use of too small fid (bsc#1242786). - CVE-2025-37787: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered (bsc#1242585). - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762). - CVE-2025-37790: net: mctp: Set SOCK_RCU_FREE (bsc#1242509). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-37803: udmabuf: fix a buf size overflow issue during udmabuf creation (bsc#1242852). - CVE-2025-37804: io_uring: always do atomic put from iowq (bsc#1242854). - CVE-2025-37809: usb: typec: class: Unlocked on error in typec_register_partner() (bsc#1242856). - CVE-2025-37820: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() (bsc#1242866). - CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924). - CVE-2025-37824: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (bsc#1242867). - CVE-2025-37829: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (bsc#1242875). - CVE-2025-37830: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() (bsc#1242860). - CVE-2025-37831: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() (bsc#1242861). - CVE-2025-37833: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (bsc#1242868). - CVE-2025-37842: spi: fsl-qspi: Fix double cleanup in probe error path (bsc#1242951). - CVE-2025-37870: drm/amd/display: prevent hang on link training fail (bsc#1243056). - CVE-2025-37879: 9p/net: fix improper handling of bogus negative read/write replies (bsc#1243077). - CVE-2025-37886: pds_core: make wait_context part of q_info (bsc#1242944). - CVE-2025-37887: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result (bsc#1242962). - CVE-2025-37949: xenbus: Use kref to track req lifetime (bsc#1243541). - CVE-2025-37954: smb: client: Avoid race in open_cached_dir with lease breaks (bsc#1243664). - CVE-2025-37957: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception (bsc#1243513). - CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539). - CVE-2025-37960: memblock: Accept allocated memory before use in memblock_double_array() (bsc#1243519). - CVE-2025-37974: s390/pci: Fix missing check for zpci_create_device() error return (bsc#1243547). - CVE-2025-38152: remoteproc: core: Clear table_sz when rproc_shutdown (bsc#1241627). - CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions (bsc#1241657). The following non-security bugs were fixed: - ACPI: PPTT: Fix processor subtable walk (git-fixes). - ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() (git-fixes). - ALSA: seq: Fix delivery of UMP events to group ports (git-fixes). - ALSA: sh: SND_AICA should depend on SH_DMA_API (git-fixes). - ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info (git-fixes). - ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes). - ALSA: usb-audio: Add sample rate quirk for Audioengine D1 (git-fixes). - ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera (stable-fixes). - ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes). - ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext (git-fixes). - ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction (git-fixes). - ASoC: Use of_property_read_bool() (stable-fixes). - ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes). - ASoc: SOF: topology: connect DAI to a single DAI link (git-fixes). - Bluetooth: L2CAP: Fix not checking l2cap_chan security level (git-fixes). - Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags (git-fixes). - Bluetooth: btusb: use skb_pull to avoid unsafe access in QCA dump handling (git-fixes). - Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (git-fixes). - Fix write to cloned skb in ipv6_hop_ioam() (git-fixes). - HID: thrustmaster: fix memory leak in thrustmaster_interrupts() (git-fixes). - HID: uclogic: Add NULL check in uclogic_input_configured() (git-fixes). - IB/cm: use rwlock for MAD agent lock (git-fixes) - Input: cyttsp5 - ensure minimum reset pulse width (git-fixes). - Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes). - Input: synaptics - enable InterTouch on Dell Precision M3800 (stable-fixes). - Input: synaptics - enable InterTouch on Dynabook Portege X30-D (stable-fixes). - Input: synaptics - enable InterTouch on Dynabook Portege X30L-G (stable-fixes). - Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 (stable-fixes). - Input: synaptics - enable SMBus for HP Elitebook 850 G1 (stable-fixes). - Input: synaptics-rmi - fix crash with unsupported versions of F34 (git-fixes). - Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller (stable-fixes). - Input: xpad - fix Share button on Xbox One controllers (stable-fixes). - Input: xpad - fix two controller table values (git-fixes). - KVM: SVM: Allocate IR data using atomic allocation (git-fixes). - KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value (git-fixes). - KVM: SVM: Suppress DEBUGCTL.BTF on AMD (git-fixes). - KVM: SVM: Update dump_ghcb() to use the GHCB snapshot fields (git-fixes). - KVM: VMX: Do not modify guest XFD_ERR if CR0.TS=1 (git-fixes). - KVM: arm64: Change kvm_handle_mmio_return() return polarity (git-fixes). - KVM: arm64: Fix RAS trapping in pKVM for protected VMs (git-fixes). - KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (git-fixes). - KVM: arm64: Mark some header functions as inline (git-fixes). - KVM: arm64: Tear down vGIC on failed vCPU creation (git-fixes). - KVM: arm64: timer: Always evaluate the need for a soft timer (git-fixes). - KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (git-fixes). - KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (git-fixes). - KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (git-fixes). - KVM: arm64: vgic-v4: Fall back to software irqbypass if LPI not found (git-fixes). - KVM: arm64: vgic-v4: Only attempt vLPI mapping for actual MSIs (git-fixes). - KVM: nSVM: Pass next RIP, not current RIP, for nested VM-Exit on emulation (git-fixes). - KVM: nVMX: Allow emulating RDPID on behalf of L2 (git-fixes). - KVM: nVMX: Check PAUSE_EXITING, not BUS_LOCK_DETECTION, on PAUSE emulation (git-fixes). - KVM: s390: Do not use %pK through debug printing (git-fixes bsc#1243657). - KVM: s390: Do not use %pK through tracepoints (git-fixes bsc#1243658). - KVM: x86/xen: Use guest's copy of pvclock when starting timer (git-fixes). - KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (git-fixes). - KVM: x86: Do not take kvm->lock when iterating over vCPUs in suspend notifier (git-fixes). - KVM: x86: Explicitly treat routing entry type changes as changes (git-fixes). - KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM (git-fixes). - KVM: x86: Explicitly zero-initialize on-stack CPUID unions (git-fixes). - KVM: x86: Make x2APIC ID 100% readonly (git-fixes). - KVM: x86: Reject disabling of MWAIT/HLT interception when not allowed (git-fixes). - KVM: x86: Remove the unreachable case for 0x80000022 leaf in __do_cpuid_func() (git-fixes). - KVM: x86: Wake vCPU for PIC interrupt injection iff a valid IRQ was found (git-fixes). - NFS: O_DIRECT writes must check and adjust the file length (git-fixes). - NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up (git-fixes). - NFSv4/pnfs: Reset the layout state after a layoutreturn (git-fixes). - NFSv4: Do not trigger uneccessary scans for return-on-close delegations (git-fixes). - RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work (git-fixes) - RDMA/core: Fix 'KASAN: slab-use-after-free Read in ib_register_device' problem (git-fixes) - RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (git-fixes) - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (git-fixes) - RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (git-fixes) - RDMA/rxe: Fix 'trying to register non-static key in rxe_qp_do_cleanup' bug (git-fixes) - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (git-fixes) - Squashfs: check return result of sb_min_blocksize (git-fixes). - USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes). - Xen/swiotlb: mark xen_swiotlb_fixup() __init (git-fixes). - add bug reference for an existing hv_netvsc change (bsc#1243737). - afs: Fix the server_list to unuse a displaced server rather than putting it (git-fixes). - afs: Make it possible to find the volumes that are using a server (git-fixes). - arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (git-fixes) - arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (git-fixes) - arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes) - arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2 (git-fixes) - arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (git-fixes) - arm64: insn: Add support for encoding DSB (git-fixes) - arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (git-fixes) - arm64: proton-pack: Expose whether the branchy loop k value (git-fixes) - arm64: proton-pack: Expose whether the platform is mitigated by (git-fixes) - arp: switch to dev_getbyhwaddr() in arp_req_set_public() (git-fixes). - bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() (git-fixes). - bnxt_en: Fix coredump logic to free allocated buffer (git-fixes). - bnxt_en: Fix ethtool -d byte order for 32-bit values (git-fixes). - bnxt_en: Fix out-of-bound memcpy() during ethtool -w (git-fixes). - bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 (git-fixes). - bpf: Scrub packet on bpf_redirect_peer (git-fixes). - btrfs: adjust subpage bit start based on sectorsize (bsc#1241492). - btrfs: avoid NULL pointer dereference if no valid csum tree (bsc#1243342). - btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1236208). - btrfs: avoid monopolizing a core when activating a swap file (git-fixes). - btrfs: do not loop for nowait writes when checking for cross references (git-fixes). - btrfs: fix a leaked chunk map issue in read_one_chunk() (git-fixes). - btrfs: fix discard worker infinite loop after disabling discard (bsc#1242012). - btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers (git-fixes). - cBPF: Refresh fixes for cBPF issue (bsc#1242778) - can: bcm: add locking for bcm_op runtime updates (git-fixes). - can: bcm: add missing rcu read protection for procfs content (git-fixes). - can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes). - can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes). - can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes). - can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes). - can: slcan: allow reception of short error messages (git-fixes). - check-for-config-changes: Fix flag name typo - cifs: change tcon status when need_reconnect is set on it (git-fixes). - cifs: reduce warning log level for server not advertising interfaces (git-fixes). - crypto: algif_hash - fix double free in hash_accept (git-fixes). - devlink: fix port new reply cmd type (git-fixes). - dm-integrity: fix a warning on invalid table line (git-fixes). - dma-buf: insert memory barrier before updating num_fences (git-fixes). - dmaengine: Revert 'dmaengine: dmatest: Fix dmatest waiting less when interrupted' (git-fixes). - dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals (git-fixes). - dmaengine: idxd: Add missing cleanups in cleanup internals (git-fixes). - dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call (git-fixes). - dmaengine: idxd: Fix ->poll() return value (git-fixes). - dmaengine: idxd: Fix allowing write() from different address spaces (git-fixes). - dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs (git-fixes). - dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: mediatek: drop unused variable (git-fixes). - dmaengine: ti: k3-udma: Add missing locking (git-fixes). - dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy (git-fixes). - drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes). - drm/amd/display: Avoid flooding unnecessary info messages (git-fixes). - drm/amd/display: Copy AUX read reply data whenever length > 0 (git-fixes). - drm/amd/display: Correct the reply value when AUX write incomplete (git-fixes). - drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes). - drm/amd/display: Fix the checking condition in dmub aux handling (stable-fixes). - drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes). - drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes). - drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes). - drm/amd/display: more liberal vmin/vmax update for freesync (stable-fixes). - drm/amd: Add Suspend/Hibernate notification callback support (stable-fixes). - drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu: Queue KFD reset workitem in VF FED (stable-fixes). - drm/amdgpu: fix pm notifier handling (git-fixes). - drm/amdgpu: trigger flr_work if reading pf2vf data failed (stable-fixes). - drm/edid: fixed the bug that hdr metadata was not reset (git-fixes). - drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes). - drm/v3d: Add job to pending list if the reset was skipped (stable-fixes). - exfat: fix potential wrong error return from get_block (git-fixes). - hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (git-fixes). - hv_netvsc: Remove rmsg_pgcnt (git-fixes). - hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (git-fixes). - i2c: designware: Fix an error handling path in i2c_dw_pci_probe() (git-fixes). - ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (git-fixes). - idpf: fix offloads support for encapsulated packets (git-fixes). - idpf: fix potential memory leak on kcalloc() failure (git-fixes). - idpf: protect shutdown from reset (git-fixes). - igc: fix lock order in igc_ptp_reset (git-fixes). - iio: accel: adxl367: fix setting odr for activity time update (git-fixes). - iio: adc: ad7606: fix serial register access (git-fixes). - iio: adis16201: Correct inclinometer channel resolution (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes). - iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes). - inetpeer: remove create argument of inet_getpeer_v() (git-fixes). - inetpeer: update inetpeer timestamp in inet_getpeer() (git-fixes). - ipv4/route: avoid unused-but-set-variable warning (git-fixes). - ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR) (git-fixes). - ipv4: Convert icmp_route_lookup() to dscp_t (git-fixes). - ipv4: Fix incorrect source address in Record Route option (git-fixes). - ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family (git-fixes). - ipv4: fix source address selection with route leak (git-fixes). - ipv4: give an IPv4 dev to blackhole_netdev (git-fixes). - ipv4: icmp: Pass full DS field to ip_route_input() (git-fixes). - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (git-fixes). - ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit() (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev() (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit() (git-fixes). - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid (git-fixes). - ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels (git-fixes). - ipv6: Align behavior across nexthops during path selection (git-fixes). - ipv6: Do not consider link down nexthops in path selection (git-fixes). - ipv6: Start path selection from the first nexthop (git-fixes). - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (git-fixes). - irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes). - jiffies: Cast to unsigned long in secs_to_jiffies() conversion (bsc#1242993). - jiffies: Define secs_to_jiffies() (bsc#1242993). - kernel-obs-qa: Use srchash for dependency as well - loop: Add sanity check for read/write_iter (git-fixes). - loop: aio inherit the ioprio of original request (git-fixes). - loop: do not require ->write_iter for writable files in loop_configure (git-fixes). - md/raid1,raid10: do not ignore IO flags (git-fixes). - md/raid10: fix missing discard IO accounting (git-fixes). - md/raid10: wait barrier before returning discard request with REQ_NOWAIT (git-fixes). - md/raid1: Add check for missing source disk in process_checks() (git-fixes). - md/raid1: fix memory leak in raid1_run() if no active rdev (git-fixes). - md/raid5: implement pers->bitmap_sector() (git-fixes). - md: add a new callback pers->bitmap_sector() (git-fixes). - md: ensure resync is prioritized over recovery (git-fixes). - md: fix mddev uaf while iterating all_mddevs list (git-fixes). - md: preserve KABI in struct md_personality v2 (git-fixes). - media: videobuf2: Add missing doc comment for waiting_in_dqbuf (git-fixes). - mtd: phram: Add the kernel lock down check (bsc#1232649). - neighbour: delete redundant judgment statements (git-fixes). - net/handshake: Fix handshake_req_destroy_test1 (git-fixes). - net/handshake: Fix memory leak in __sock_create() and sock_alloc_file() (git-fixes). - net/ipv6: Fix route deleting failure when metric equals 0 (git-fixes). - net/ipv6: Fix the RT cache flush via sysctl using a previous delay (git-fixes). - net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged (git-fixes). - net/mlx5: E-Switch, Initialize MAC Address for Default GID (git-fixes). - net/mlx5: E-switch, Fix error handling for enabling roce (git-fixes). - net/mlx5e: Disable MACsec offload for uplink representor profile (git-fixes). - net: Add non-RCU dev_getbyhwaddr() helper (git-fixes). - net: Clear old fragment checksum value in napi_reuse_skb (git-fixes). - net: Handle napi_schedule() calls from non-interrupt (git-fixes). - net: Implement missing SO_TIMESTAMPING_NEW cmsg support (git-fixes). - net: Remove acked SYN flag from packet in the transmit queue correctly (git-fixes). - net: do not dump stack on queue timeout (git-fixes). - net: gro: parse ipv6 ext headers without frag0 invalidation (git-fixes). - net: ipv6: ioam6: fix lwtunnel_output() loop (git-fixes). - net: loopback: Avoid sending IP packets without an Ethernet header (git-fixes). - net: qede: Initialize qede_ll_ops with designated initializer (git-fixes). - net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets (git-fixes). - net: set the minimum for net_hotdata.netdev_budget_usecs (git-fixes). - net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (git-fixes). - netdev-genl: avoid empty messages in queue dump (git-fixes). - netdev: fix repeated netlink messages in queue dump (git-fixes). - netlink: annotate data-races around sk->sk_err (git-fixes). - netpoll: Ensure clean state on setup failures (git-fixes). - nfs: handle failure of nfs_get_lock_context in unlock path (git-fixes). - nfsd: add list_head nf_gc to struct nfsd_file (git-fixes). - nilfs2: add pointer check for nilfs_direct_propagate() (git-fixes). - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (git-fixes). - nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (git-fixes bsc#1223096). - nvme-pci: add quirk for Samsung PM173x/PM173xa disk (bsc#1241148). - nvme-pci: fix queue unquiesce check on slot_reset (git-fixes). - nvme-pci: make nvme_pci_npages_prp() __always_inline (git-fixes). - nvme-tcp: fix premature queue removal and I/O failover (git-fixes). - nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS (git-fixes). - nvme: Add 'partial_nid' quirk (bsc#1241148). - nvme: Add warning when a partiually unique NID is detected (bsc#1241148). - nvme: Update patch nvme-fixup-scan-failure-for-non-ANA-multipath-contro.patch (git-fixes bsc#1235149). - nvme: Update patch nvme-re-read-ANA-log-page-after-ns-scan-completes.patch (git-fixes bsc#1235149). - nvme: fixup scan failure for non-ANA multipath controllers (git-fixes). - nvme: multipath: fix return value of nvme_available_path (git-fixes). - nvme: re-read ANA log page after ns scan completes (git-fixes). - nvme: requeue namespace scan on missed AENs (git-fixes). - nvme: unblock ctrl state transition for firmware update (git-fixes). - nvmet-fc: inline nvmet_fc_delete_assoc (git-fixes). - nvmet-fc: inline nvmet_fc_free_hostport (git-fixes). - nvmet-fc: put ref when assoc->del_work is already scheduled (git-fixes). - nvmet-fc: take tgtport reference only once (git-fixes). - nvmet-fc: update tgtport ref per assoc (git-fixes). - nvmet-fcloop: Remove remote port from list when unlinking (git-fixes). - nvmet-fcloop: add ref counting to lport (git-fixes). - nvmet-fcloop: replace kref with refcount (git-fixes). - nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS (git-fixes). - objtool, panic: Disable SMAP in __stack_chk_fail() (bsc#1243963). - ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes). - octeontx2-pf: qos: fix VF root node parent queue index (git-fixes). - padata: do not leak refcount in reorder_work (git-fixes). - phy: Fix error handling in tegra_xusb_port_init (git-fixes). - phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind (git-fixes). - phy: renesas: rcar-gen3-usb2: Set timing registers only once (git-fixes). - phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking (git-fixes). - phy: tegra: xusb: remove a stray unlock (git-fixes). - platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes). - platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes). - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes). - platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() (git-fixes). - powercap: intel_rapl: Fix locking in TPMI RAPL (git-fixes). - powerpc/pseries/iommu: create DDW for devices with DMA mask less than 64-bits (bsc#1239691 bsc#1243044 ltc#212555). - qibfs: fix _another_ leak (git-fixes) - rcu/tasks-trace: Handle new PF_IDLE semantics (git-fixes) - rcu/tasks: Handle new PF_IDLE semantics (git-fixes) - rcu: Break rcu_node_0 --> &rq->__lock order (git-fixes) - rcu: Introduce rcu_cpu_online() (git-fixes) - regulator: max20086: fix invalid memory access (git-fixes). - rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN - s390/bpf: Store backchain even for leaf progs (git-fixes bsc#1243805). - scsi: Improve CDL control (git-fixes). - scsi: core: Clear flags for scsi_cmnd that did not complete (git-fixes). - scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes (git-fixes). - scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1242993). - scsi: lpfc: Convert timeouts to secs_to_jiffies() (bsc#1242993). - scsi: lpfc: Copyright updates for 14.4.0.9 patches (bsc#1242993). - scsi: lpfc: Create lpfc_vmid_info sysfs entry (bsc#1242993). - scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands (bsc#1242993). - scsi: lpfc: Fix spelling mistake 'Toplogy' -> 'Topology' (bsc#1242993). - scsi: lpfc: Notify FC transport of rport disappearance during PCI fcn reset (bsc#1242993). - scsi: lpfc: Prevent failure to reregister with NVMe transport after PRLI retry (bsc#1242993). - scsi: lpfc: Restart eratt_poll timer if HBA_SETUP flag still unset (bsc#1242993). - scsi: lpfc: Update lpfc version to 14.4.0.9 (bsc#1242993). - scsi: lpfc: Use memcpy() for BIOS version (bsc#1240966). - scsi: lpfc: convert timeouts to secs_to_jiffies() (bsc#1242993). - scsi: megaraid_sas: Block zero-length ATA VPD inquiry (git-fixes). - scsi: pm80xx: Set phy_attached to zero when device is gone (git-fixes). - scsi: qla2xxx: Fix typos in a comment (bsc#1243090). - scsi: qla2xxx: Mark device strings as nonstring (bsc#1243090). - scsi: qla2xxx: Remove duplicate struct crb_addr_pair (bsc#1243090). - scsi: qla2xxx: Remove unused module parameters (bsc#1243090). - scsi: qla2xxx: Remove unused ql_log_qp (bsc#1243090). - scsi: qla2xxx: Remove unused qla2x00_gpsc() (bsc#1243090). - scsi: qla2xxx: Remove unused qla82xx_pci_region_offset() (bsc#1243090). - scsi: qla2xxx: Remove unused qla82xx_wait_for_state_change() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_83xx_iospace_config() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_fc_port_deleted() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_free_qfull_cmds() (bsc#1243090). - selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test (bsc#1242203). - smb3: fix Open files on server counter going negative (git-fixes). - smb: client: Use str_yes_no() helper function (git-fixes). - smb: client: allow more DFS referrals to be cached (git-fixes). - smb: client: avoid unnecessary reconnects when refreshing referrals (git-fixes). - smb: client: change return value in open_cached_dir_by_dentry() if !cfids (git-fixes). - smb: client: do not retry DFS targets on server shutdown (git-fixes). - smb: client: do not trust DFSREF_STORAGE_SERVER bit (git-fixes). - smb: client: do not try following DFS links in cifs_tree_connect() (git-fixes). - smb: client: fix DFS interlink failover (git-fixes). - smb: client: fix DFS mount against old servers with NTLMSSP (git-fixes). - smb: client: fix hang in wait_for_response() for negproto (bsc#1242709). - smb: client: fix potential race in cifs_put_tcon() (git-fixes). - smb: client: fix return value of parse_dfs_referrals() (git-fixes). - smb: client: get rid of @nlsc param in cifs_tree_connect() (git-fixes). - smb: client: get rid of TCP_Server_Info::refpath_lock (git-fixes). - smb: client: get rid of kstrdup() in get_ses_refpath() (git-fixes). - smb: client: improve purging of cached referrals (git-fixes). - smb: client: introduce av_for_each_entry() helper (git-fixes). - smb: client: optimize referral walk on failed link targets (git-fixes). - smb: client: parse DNS domain name from domain= option (git-fixes). - smb: client: parse av pair type 4 in CHALLENGE_MESSAGE (git-fixes). - smb: client: provide dns_resolve_{unc,name} helpers (git-fixes). - smb: client: refresh referral without acquiring refpath_lock (git-fixes). - smb: client: remove unnecessary checks in open_cached_dir() (git-fixes). - spi: loopback-test: Do not split 1024-byte hexdumps (git-fixes). - spi: spi-fsl-dspi: Halt the module after a new message transfer (git-fixes). - spi: spi-fsl-dspi: Reset SR flags before sending a new message (git-fixes). - spi: spi-fsl-dspi: restrict register range for regmap access (git-fixes). - spi: tegra114: Use value to check for invalid delays (git-fixes). - staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes). - staging: axis-fifo: Remove hardware resets for user errors (git-fixes). - staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes). - tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress() (git-fixes). - tcp_cubic: fix incorrect HyStart round start detection (git-fixes). - thermal: intel: x86_pkg_temp_thermal: Fix bogus trip temperature (git-fixes). - usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes). - usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes). - usb: gadget: f_ecm: Add get_status callback (git-fixes). - usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes). - usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes). - usb: typec: class: Invalidate USB device pointers on partner unregistration (git-fixes). - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes). - usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes). - usb: uhci-platform: Make the clock really optional (git-fixes). - usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes). - usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes). - usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes). - vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint (git-fixes). - virtio_console: fix missing byte order handling for cols and rows (git-fixes). - wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes). - wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request (git-fixes). - wifi: mt76: disable napi on driver removal (git-fixes). - x86/its: Fix build errors when CONFIG_MODULES=n (git-fixes). - x86/xen: move xen_reserve_extra_memory() (git-fixes). - xen/mcelog: Add __nonstring annotations for unterminated strings (git-fixes). - xen: Change xen-acpi-processor dom0 dependency (git-fixes). - xenfs/xensyms: respect hypervisor's 'next' indication (git-fixes). - xhci: Add helper to set an interrupters interrupt moderation interval (git-fixes). - xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes). - xhci: split free interrupter into separate remove and free parts (git-fixes). - xsk: Add truesize to skb_add_rx_frag() (git-fixes). - xsk: Do not assume metadata is always requested in TX completion (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2007-1 Released: Wed Jun 18 16:03:17 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1239012,1239543,1240132,1241463,1243887,1243901,1244105 This update for libzypp, zypper fixes the following issues: - Fix credential handling in HEAD requests (bsc#1244105) - RepoInfo: use pathNameSetTrailingSlash - Fix wrong userdata parameter type when running zypp with debug verbosity (bsc#1239012) - Do not warn about no mirrors if mirrorlist was switched on automatically. (bsc#1243901) - Relax permission of cached packages to 0644 & ~umask (bsc#1243887) - Add a note to service maintained .repo file entries - Support using %{url} variable in a RIS service's repo section. - Use a cookie file to validate mirrorlist cache. This patch extends the mirrorlist code to use a cookie file to validate the contents of the cache against the source URL, making sure that we do not accidentially use a old cache when the mirrorlist url was changed. For example when migrating a system from one release to the next where the same repo alias might just have a different URL. - Let Service define and update gpgkey, mirrorlist and metalink. - Preserve a mirrorlist file in the raw cache during refresh. - Enable curl2 backend and parallel package download by default. Environment variables ZYPP_CURL2=<0|1> and ZYPP_PCK_PRELOAD=<0|1> can be used to turn the features on or off. - Make gpgKeyUrl the default source for gpg keys. When refreshing zypp now primarily uses gpgKeyUrl information from the repo files and only falls back to a automatically generated key Url if a gpgKeyUrl was not specified. - Introduce mirrors into the Media backends (bsc#1240132) - Drop MediaMultiCurl backend. - Throttle progress updates when preloading packages (bsc#1239543) - Check if request is in valid state in CURL callbacks - spec/CMake: add conditional build '--with[out] classic_rpmtrans_as_default'. classic_rpmtrans is the current builtin default for SUSE, otherwise it's single_rpmtrans. The `enable_preview_single_rpmtrans_as_default_for_zypper` switch was removed from the spec file. Accordingly the CMake option ENABLE_PREVIEW_SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER was removed. - BuildRequires: libzypp-devel >= 17.37.0. - Use libzypp improvements for preload and mirror handling. - xmlout.rnc: Update repo-element (bsc#1241463) Add the 'metalink' attribute and reflect that the 'url' elements list may in fact be empty, if no baseurls are defined in the .repo files. - man: update --allow-unsigned-rpm description. Explain how to achieve the same for packages provided by repositories. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2013-1 Released: Wed Jun 18 20:05:07 2025 Summary: Security update for pam Type: security Severity: important References: 1243226,1244509,CVE-2025-6018,CVE-2025-6020 This update for pam fixes the following issues: - CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226). - CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2025-1 Released: Thu Jun 19 15:17:49 2025 Summary: Recommended update for google-guest-configs Type: recommended Severity: important References: 1241112 This update for google-guest-configs fixes the following issues: - Check that %{_sysconfdir}/sysconfig/network/ifcfg-eth0 actually exists before making any modifications to it (bsc#1241112) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2027-1 Released: Thu Jun 19 17:15:41 2025 Summary: Security update for perl Type: security Severity: moderate References: 1244079,CVE-2025-40909 This update for perl fixes the following issues: - CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2080-1 Released: Tue Jun 24 12:26:23 2025 Summary: Security update for pam-config Type: security Severity: important References: 1243226,CVE-2025-6018 This update for pam-config fixes the following issues: - CVE-2025-6018: Stop adding pam_env in AUTH stack, and be sure to put this module at the really end of the SESSION stack (bsc#1243226). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2103-1 Released: Wed Jun 25 10:26:23 2025 Summary: Recommended update for cifs-utils Type: recommended Severity: important References: 1243488 This update for cifs-utils fixes the following issues: - Add patches: * Fix cifs.mount with krb5 auth (bsc#1243488) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2104-1 Released: Wed Jun 25 10:26:59 2025 Summary: Recommended update for nfs-utils Type: recommended Severity: important References: 1240899 This update for nfs-utils fixes the following issues: - gssd: add support for an 'allowed-enctypes' option in nfs.conf (bsc#1240899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2149-1 Released: Fri Jun 27 07:21:48 2025 Summary: Security update for google-osconfig-agent Type: security Severity: important References: 1239948,1244304,1244503,CVE-2024-45339 This update for google-osconfig-agent fixes the following issues: - Update to version 20250416.02 (bsc#1244304, bsc#1244503) * defaultSleeper: tolerate 10% difference to reduce test flakiness * Add output of some packagemanagers to the testdata - from version 20250416.01 * Refactor OS Info package - from version 20250416.00 * Report RPM inventory as YUM instead of empty SoftwarePackage when neither Zypper nor YUM are installed. - from version 20250414.00 * Update hash computation algorithm - Update to version 20250320.00 * Bump github.com/envoyproxy/protoc-gen-validate from 1.1.0 to 1.2.1 - from version 20250318.00 * Bump go.opentelemetry.io/otel/sdk/metric from 1.32.0 to 1.35.0 - from version 20250317.02 * Bump cel.dev/expr from 0.18.0 to 0.22.0 * Bump github.com/golang/glog from 1.2.3 to 1.2.4 in the go_modules group - from version 20250317.01 * Bump cloud.google.com/go/logging from 1.12.0 to 1.13.0 - from version 20250317.00 * Add tests for retryutil package. - from version 20250306.00 * Update OWNERS - from version 20250206.01 * Use separate counters for pre- and post-patch reboots. - from version 20250206.00 * Update owners - from version 20250203.00 * Fix the vet errors for contants in logging - from version 20250122.00 * change available package check - from version 20250121.00 * Fix Inventory reporting e2e tests. - from version 20250120.00 * fix e2e tests - Add -buildmode=pie to go build command line (bsc#1239948) - merged upstream - Renumber patches ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2167-1 Released: Mon Jun 30 09:14:40 2025 Summary: Security update for glib2 Type: security Severity: important References: 1242844,1244596,CVE-2025-4373,CVE-2025-6052 This update for glib2 fixes the following issues: - CVE-2025-6052: Fixed integer overflow in g_string_maybe_expand() leads to potential buffer overflow in GString (bsc#1244596). - CVE-2025-4373: Fixed buffer underflow through glib/gstring.c via function g_string_insert_unichar (bsc#1242844). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2177-1 Released: Mon Jun 30 19:53:04 2025 Summary: Security update for sudo Type: security Severity: important References: 1245274,1245275,CVE-2025-32462,CVE-2025-32463 This update for sudo fixes the following issues: - CVE-2025-32462: Fixed a possible local privilege escalation via the --host option (bsc#1245274). - CVE-2025-32463: Fixed a possible local privilege Escalation via chroot option (bsc#1245275). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2198-1 Released: Wed Jul 2 11:22:33 2025 Summary: Security update for runc Type: security Severity: low References: 1230092,CVE-2024-45310 This update for runc fixes the following issues: - CVE-2024-45310: Fixed unintentional creation of empty files/directories on host (bsc#1230092) Other fixes: - Update to runc v1.2.6. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2226-1 Released: Fri Jul 4 15:31:04 2025 Summary: Security update for vim Type: security Severity: moderate References: 1228776,1239602,CVE-2024-41965,CVE-2025-29768 This update for vim fixes the following issues: - CVE-2024-41965: Fixed improper neutralization of argument delimiters in zip.vim that could have led to data loss (bsc#1228776). - CVE-2025-29768: Fixed double-free in dialog_changed() (bsc#1239602). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2229-1 Released: Fri Jul 4 18:02:30 2025 Summary: Security update for libssh Type: security Severity: important References: 1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372 This update for libssh fixes the following issues: - CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311). - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309). - CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310). - CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2237-1 Released: Mon Jul 7 14:59:13 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: This update for openssl-3 fixes the following issues: - Backport mdless cms signing support [jsc#PED-12895] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2239-1 Released: Mon Jul 7 15:32:03 2025 Summary: Recommended update for libbpf Type: recommended Severity: moderate References: 1244135 This update for libbpf fixes the following issue: - Workaround kernel module size increase, 6.15 modules are 2-4 times larger than 6.14's (bsc#1244135). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2240-1 Released: Mon Jul 7 18:16:10 2025 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1241667 This update for openssh fixes the following issue: - 'scp' on SLE 15 ignores write directory permissions for group and world (bsc#1241667). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2244-1 Released: Tue Jul 8 10:44:02 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1242827,1243935,CVE-2025-4598 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). Other bugfixes: - logs-show: get timestamp and boot ID only when necessary (bsc#1242827). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2259-1 Released: Wed Jul 9 17:18:02 2025 Summary: Recommended update for gpg2 Type: security Severity: low References: 1236931,1239119,1239817,CVE-2025-30258 This update for gpg2 fixes the following issues: - CVE-2025-30258: Fixed DoS due to a malicious subkey in the keyring (bsc#1239119). Other bugfixes: - Do not install expired sks certificate (bsc#1243069). - gpg hangs when importing a key (bsc#1236931). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2263-1 Released: Thu Jul 10 07:25:48 2025 Summary: Recommended update for google-guest-oslogin Type: recommended Severity: important References: 1243997 This update for google-guest-oslogin fixes the following issues: - Override upstream version to address upgrade problems (bsc#1243997) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2289-1 Released: Fri Jul 11 13:12:28 2025 Summary: Security update for docker Type: security Severity: moderate References: 1239765,1240150,1241830,1242114,1243833,1244035,CVE-2025-0495,CVE-2025-22872 This update for docker fixes the following issues: Update to Docker 28.2.2-ce (bsc#1243833, bsc#1242114): - CVE-2025-0495: Fixed credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration.(bsc#1239765) - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241830). Other fixes: - Update to docker-buildx v0.22.0. - Always clear SUSEConnect suse_* secrets when starting containers (bsc#1244035). - Disable transparent SUSEConnect support for SLE-16. (jsc#PED-12534) - Now that the only blocker for docker-buildx support was removed for SLE-16, enable docker-buildx for SLE-16 as well. (jsc#PED-8905) - SUSEConnect secrets fails in SLES rootless docker containers (bsc#1240150). The following package changes have been done: - cifs-utils-6.15-150400.3.15.1 updated - docker-28.2.2_ce-150000.227.1 updated - glib2-tools-2.78.6-150600.4.16.1 updated - google-guest-configs-20241205.00-150400.13.22.1 updated - google-guest-oslogin-20240311.01-150000.1.53.1 updated - google-osconfig-agent-20250416.02-150000.1.50.1 updated - gpg2-2.4.4-150600.3.9.1 updated - kernel-default-6.4.0-150600.23.53.1 updated - libbpf1-1.2.2-150600.3.6.2 updated - libgio-2_0-0-2.78.6-150600.4.16.1 updated - libglib-2_0-0-2.78.6-150600.4.16.1 updated - libgmodule-2_0-0-2.78.6-150600.4.16.1 updated - libgobject-2_0-0-2.78.6-150600.4.16.1 updated - libnfsidmap1-1.0-150600.28.12.1 updated - libopenssl3-3.1.4-150600.5.33.1 updated - libssh-config-0.9.8-150600.11.3.1 updated - libssh4-0.9.8-150600.11.3.1 updated - libsystemd0-254.25-150600.4.40.1 updated - libudev1-254.25-150600.4.40.1 updated - libzypp-17.37.5-150600.3.60.1 updated - nfs-client-2.6.4-150600.28.12.1 updated - openssh-clients-9.6p1-150600.6.29.2 updated - openssh-common-9.6p1-150600.6.29.2 updated - openssh-server-config-disallow-rootlogin-9.6p1-150600.6.29.2 updated - openssh-server-9.6p1-150600.6.29.2 updated - openssh-9.6p1-150600.6.29.2 updated - openssl-3-3.1.4-150600.5.33.1 updated - pam-config-1.1-150600.16.8.1 updated - pam-1.3.0-150000.6.83.1 updated - perl-base-5.26.1-150300.17.20.1 updated - perl-5.26.1-150300.17.20.1 updated - runc-1.2.6-150000.73.2 updated - sudo-1.9.15p5-150600.3.9.1 updated - systemd-254.25-150600.4.40.1 updated - udev-254.25-150600.4.40.1 updated - vim-data-common-9.1.1406-150500.20.27.1 updated - vim-9.1.1406-150500.20.27.1 updated - zypper-1.14.90-150600.10.34.3 updated - e2fsprogs-1.47.0-150600.4.6.2 removed - libext2fs2-1.47.0-150600.4.6.2 removed From sle-container-updates at lists.suse.com Wed Aug 20 07:03:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Aug 2025 09:03:17 +0200 (CEST) Subject: SUSE-IU-2025:2333-1: Security update of sles-15-sp6-chost-byos-v20250819-arm64 Message-ID: <20250820070317.3F70AFF2D@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp6-chost-byos-v20250819-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2333-1 Image Tags : sles-15-sp6-chost-byos-v20250819-arm64:20250819 Image Release : Severity : important Type : security References : 1012628 1151679 1151680 1151794 1151927 1210025 1211226 1215199 1218184 1221107 1223008 1228557 1228854 1228929 1229655 1230262 1230267 1232504 1232526 1232882 1233012 1233012 1233012 1233012 1233012 1234959 1235490 1235728 1236208 1237143 1237312 1237442 1237913 1238491 1238859 1238896 1238982 1239566 1239938 1240180 1240577 1240610 1240686 1240723 1240788 1240814 1240823 1241038 1241166 1241278 1241414 1241544 1241549 1241572 1241592 1241617 1242086 1242163 1242504 1242515 1242521 1242556 1242573 1242725 1242846 1242849 1242850 1242907 1242940 1242946 1242954 1242982 1243051 1243060 1243273 1243279 1243342 1243450 1243457 1243467 1243475 1243480 1243486 1243506 1243523 1243537 1243538 1243542 1243544 1243551 1243571 1243572 1243620 1243628 1243698 1243716 1243767 1243772 1243774 1243782 1243823 1243827 1243832 1243836 1243847 1243991 1243992 1244032 1244042 1244050 1244056 1244059 1244060 1244061 1244100 1244116 1244145 1244172 1244176 1244229 1244234 1244241 1244261 1244274 1244275 1244277 1244309 1244313 1244337 1244401 1244554 1244555 1244557 1244590 1244626 1244644 1244700 1244705 1244710 1244725 1244727 1244729 1244731 1244732 1244736 1244737 1244738 1244739 1244743 1244746 1244759 1244789 1244862 1244906 1244938 1244995 1244996 1244999 1245001 1245003 1245004 1245025 1245042 1245046 1245078 1245081 1245082 1245083 1245155 1245183 1245193 1245210 1245217 1245220 1245223 1245225 1245226 1245228 1245352 1245431 1245452 1245455 1245496 1245573 1245672 1245936 1245950 1246112 1246157 1246231 1246232 1246233 1246237 1246267 1246296 1246299 1246431 1246556 1246597 1246599 1246697 1247249 1247367 831629 CVE-2016-9840 CVE-2023-52888 CVE-2024-12718 CVE-2024-2236 CVE-2024-23337 CVE-2024-26831 CVE-2024-36350 CVE-2024-36357 CVE-2024-49568 CVE-2024-50106 CVE-2024-56613 CVE-2024-56699 CVE-2024-56738 CVE-2024-57982 CVE-2024-58053 CVE-2025-21658 CVE-2025-21720 CVE-2025-21868 CVE-2025-21898 CVE-2025-21899 CVE-2025-21920 CVE-2025-21938 CVE-2025-21959 CVE-2025-21997 CVE-2025-22035 CVE-2025-22083 CVE-2025-22111 CVE-2025-22113 CVE-2025-22120 CVE-2025-23155 CVE-2025-27465 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-37738 CVE-2025-37743 CVE-2025-37752 CVE-2025-37756 CVE-2025-37757 CVE-2025-37786 CVE-2025-37800 CVE-2025-37801 CVE-2025-37811 CVE-2025-37844 CVE-2025-37859 CVE-2025-37862 CVE-2025-37865 CVE-2025-37874 CVE-2025-37884 CVE-2025-37909 CVE-2025-37917 CVE-2025-37921 CVE-2025-37923 CVE-2025-37927 CVE-2025-37933 CVE-2025-37936 CVE-2025-37938 CVE-2025-37945 CVE-2025-37946 CVE-2025-37961 CVE-2025-37967 CVE-2025-37968 CVE-2025-37973 CVE-2025-37987 CVE-2025-37992 CVE-2025-37994 CVE-2025-37995 CVE-2025-37997 CVE-2025-37998 CVE-2025-38000 CVE-2025-38001 CVE-2025-38003 CVE-2025-38004 CVE-2025-38005 CVE-2025-38007 CVE-2025-38009 CVE-2025-38010 CVE-2025-38011 CVE-2025-38013 CVE-2025-38014 CVE-2025-38015 CVE-2025-38018 CVE-2025-38020 CVE-2025-38022 CVE-2025-38023 CVE-2025-38024 CVE-2025-38027 CVE-2025-38031 CVE-2025-38040 CVE-2025-38043 CVE-2025-38044 CVE-2025-38045 CVE-2025-38053 CVE-2025-38057 CVE-2025-38059 CVE-2025-38060 CVE-2025-38065 CVE-2025-38068 CVE-2025-38072 CVE-2025-38077 CVE-2025-38078 CVE-2025-38079 CVE-2025-38080 CVE-2025-38081 CVE-2025-38083 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-48060 CVE-2025-48964 CVE-2025-49794 CVE-2025-49795 CVE-2025-49796 CVE-2025-5278 CVE-2025-54388 CVE-2025-6021 CVE-2025-6069 CVE-2025-6170 CVE-2025-6297 CVE-2025-6395 CVE-2025-6965 CVE-2025-7425 CVE-2025-8194 ----------------------------------------------------------------- The container sles-15-sp6-chost-byos-v20250819-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2301-1 Released: Mon Jul 14 11:48:57 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1229655 This update for cyrus-sasl fixes the following issues: - Add Channel Binding support for GSSAPI/GSS-SPNEGO (bsc#1229655, jsc#PED-12097) - Add support for setting max ssf 0 to GSS-SPNEGO (bsc#1229655, jsc#PED-12097). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2314-1 Released: Tue Jul 15 14:34:08 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1244554,1244555,1244557,1244590,1244700,CVE-2025-49794,CVE-2025-49795,CVE-2025-49796,CVE-2025-6021,CVE-2025-6170 This update for libxml2 fixes the following issues: - CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554) - CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557) - CVE-2025-49795: Fixed a null pointer dereference which could lead to denial of service. (bsc#1244555) - CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700) - CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2316-1 Released: Tue Jul 15 14:59:23 2025 Summary: Security update for xen Type: security Severity: important References: 1238896,1244644,1246112,CVE-2024-36350,CVE-2024-36357,CVE-2025-27465 This update for xen fixes the following issues: - CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471) - CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2344-1 Released: Thu Jul 17 13:09:02 2025 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1246431 This update for samba fixes the following issues: - Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName (bsc#1246431). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2362-1 Released: Fri Jul 18 11:07:24 2025 Summary: Security update for coreutils Type: security Severity: moderate References: 1243767,CVE-2025-5278 This update for coreutils fixes the following issues: - CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2384-1 Released: Fri Jul 18 18:45:53 2025 Summary: Security update for jq Type: security Severity: moderate References: 1243450,CVE-2024-23337 This update for jq fixes the following issues: - CVE-2024-23337: Fixed signed integer overflow in jv.c:jvp_array_write (bsc#1243450). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2430-1 Released: Mon Jul 21 13:23:17 2025 Summary: Security update for iputils Type: security Severity: moderate References: 1243772,CVE-2025-48964 This update for iputils fixes the following issues: - CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp (bsc#1243772). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2447-1 Released: Mon Jul 21 16:45:25 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: Fixed timing based side-channel in RSA implementation. (bsc#1221107) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2538-1 Released: Mon Jul 28 17:10:28 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1151679,1151680,1151794,1151927,1210025,1211226,1215199,1218184,1223008,1228557,1228854,1232504,1232882,1235490,1235728,1236208,1237312,1237913,1238859,1238982,1240180,1240577,1240610,1240686,1240723,1240814,1240823,1241166,1241278,1241414,1241544,1241572,1241592,1241617,1242086,1242163,1242504,1242515,1242521,1242556,1242573,1242725,1242846,1242849,1242850,1242907,1242940,1242946,1242954,1242982,1243051,1243060,1243342,1243467,1243475,1243480,1243506,1243523,1243537,1243538,1243542,1243544,1243551,1243571,1243572,1243620,1243628,1243698,1243774,1243782,1243823,1243827,1243832,1243836,1243847,1244100,1244145,1244172,1244176,1244229,1244234,1244241,1244261,1244274,1244275,1244277,1244309,1244313,1244337,1244626,1244725,1244727,1244729,1244731,1244732,1244736,1244737,1244738,1244739,1244743,1244746,1244759,1244789,1244862,1244906,1244938,1244995,1244996,1244999,1245001,1245003,1245004,1245025,1245042,1245046,1245078,1245081,1245082,1245083,1245155,1245183,1245193,1 245210,1245217,1245225,1245226,1245228,1245431,1245455,CVE-2023-52888,CVE-2024-26831,CVE-2024-49568,CVE-2024-50106,CVE-2024-56613,CVE-2024-56699,CVE-2024-57982,CVE-2024-58053,CVE-2025-21658,CVE-2025-21720,CVE-2025-21868,CVE-2025-21898,CVE-2025-21899,CVE-2025-21920,CVE-2025-21938,CVE-2025-21959,CVE-2025-21997,CVE-2025-22035,CVE-2025-22083,CVE-2025-22111,CVE-2025-22113,CVE-2025-22120,CVE-2025-23155,CVE-2025-37738,CVE-2025-37743,CVE-2025-37752,CVE-2025-37756,CVE-2025-37757,CVE-2025-37786,CVE-2025-37800,CVE-2025-37801,CVE-2025-37811,CVE-2025-37844,CVE-2025-37859,CVE-2025-37862,CVE-2025-37865,CVE-2025-37874,CVE-2025-37884,CVE-2025-37909,CVE-2025-37917,CVE-2025-37921,CVE-2025-37923,CVE-2025-37927,CVE-2025-37933,CVE-2025-37936,CVE-2025-37938,CVE-2025-37945,CVE-2025-37946,CVE-2025-37961,CVE-2025-37967,CVE-2025-37968,CVE-2025-37973,CVE-2025-37987,CVE-2025-37992,CVE-2025-37994,CVE-2025-37995,CVE-2025-37997,CVE-2025-37998,CVE-2025-38000,CVE-2025-38001,CVE-2025-38003,CVE-2025-38004,CVE-2025-380 05,CVE-2025-38007,CVE-2025-38009,CVE-2025-38010,CVE-2025-38011,CVE-2025-38013,CVE-2025-38014,CVE-2025-38015,CVE-2025-38018,CVE-2025-38020,CVE-2025-38022,CVE-2025-38023,CVE-2025-38024,CVE-2025-38027,CVE-2025-38031,CVE-2025-38040,CVE-2025-38043,CVE-2025-38044,CVE-2025-38045,CVE-2025-38053,CVE-2025-38057,CVE-2025-38059,CVE-2025-38060,CVE-2025-38065,CVE-2025-38068,CVE-2025-38072,CVE-2025-38077,CVE-2025-38078,CVE-2025-38079,CVE-2025-38080,CVE-2025-38081,CVE-2025-38083 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52888: media: mediatek: vcodec: Only free buffer VA that is not NULL (bsc#1228557). - CVE-2024-49568: net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg (bsc#1235728). - CVE-2024-57982: xfrm: state: fix out-of-bounds read during lookup (bsc#1237913). - CVE-2024-58053: rxrpc: Fix handling of received connection abort (bsc#1238982). - CVE-2025-21720: xfrm: delete intermediate secpath entry in packet offload mode (bsc#1238859). - CVE-2025-21868: kABI workaround for adding an header (bsc#1240180). - CVE-2025-21898: ftrace: Avoid potential division by zero in function_stat_show() (bsc#1240610). - CVE-2025-21899: tracing: Fix bad hist from corrupting named_triggers list (bsc#1240577). - CVE-2025-21920: vlan: enforce underlying device type (bsc#1240686). - CVE-2025-21938: mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr (bsc#1240723). - CVE-2025-21959: netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (bsc#1240814). - CVE-2025-21997: xsk: fix an integer overflow in xp_create_and_assign_umem() (bsc#1240823). - CVE-2025-22035: tracing: Fix use-after-free in print_graph_function_flags during tracer switching (bsc#1241544). - CVE-2025-22111: kABI fix for net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF (bsc#1241572). - CVE-2025-22113: ext4: define ext4_journal_destroy wrapper (bsc#1241617). - CVE-2025-23155: net: stmmac: Fix accessing freed irq affinity_hint (bsc#1242573). - CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846). - CVE-2025-37743: wifi: ath12k: Avoid memory leak while enabling statistics (bsc#1242163). - CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504). - CVE-2025-37756: net: tls: explicitly disallow disconnect (bsc#1242515). - CVE-2025-37757: tipc: fix memory leak in tipc_link_xmit (bsc#1242521). - CVE-2025-37786: net: dsa: free routing table on probe failure (bsc#1242725). - CVE-2025-37800: driver core: fix potential NULL pointer dereference in dev_uevent() (bsc#1242849). - CVE-2025-37801: spi: spi-imx: Add check for spi_imx_setupxfer() (bsc#1242850). - CVE-2025-37811: usb: chipidea: ci_hdrc_imx: fix usbmisc handling (bsc#1242907). - CVE-2025-37844: cifs: avoid NULL pointer dereference in dbg call (bsc#1242946). - CVE-2025-37859: page_pool: avoid infinite loop to schedule delayed worker (bsc#1243051). - CVE-2025-37862: HID: pidff: Fix null pointer dereference in pidff_find_fields (bsc#1242982). - CVE-2025-37865: net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported (bsc#1242954). - CVE-2025-37874: net: ngbe: fix memory leak in ngbe_probe() error path (bsc#1242940). - CVE-2025-37884: bpf: Fix deadlock between rcu_tasks_trace and event_mutex (bsc#1243060). - CVE-2025-37909: net: lan743x: Fix memleak issue when GSO enabled (bsc#1243467). - CVE-2025-37917: net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll (bsc#1243475). - CVE-2025-37921: vxlan: vnifilter: Fix unlocked deletion of default FDB entry (bsc#1243480). - CVE-2025-37923: tracing: Fix oob write in trace_seq_to_buffer() (bsc#1243551). - CVE-2025-37927: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid (bsc#1243620). - CVE-2025-37933: octeon_ep: Fix host hang issue during device reboot (bsc#1243628). - CVE-2025-37936: perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value (bsc#1243537). - CVE-2025-37938: tracing: Verify event formats that have '%*p..' (bsc#1243544). - CVE-2025-37945: net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY (bsc#1243538). - CVE-2025-37961: ipvs: fix uninit-value for saddr in do_output_route4 (bsc#1243523). - CVE-2025-37967: usb: typec: ucsi: displayport: Fix deadlock (bsc#1243572). - CVE-2025-37968: iio: light: opt3001: fix deadlock due to concurrent flag access (bsc#1243571). - CVE-2025-37987: pds_core: Prevent possible adminq overflow/stuck condition (bsc#1243542). - CVE-2025-37992: net_sched: Flush gso_skb list too during ->change() (bsc#1243698). - CVE-2025-37995: module: ensure that kobject_put() is safe for module type kobjects (bsc#1243827). - CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832). - CVE-2025-37998: openvswitch: Fix unsafe attribute parsing in output_userspace() (bsc#1243836). - CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277). - CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234). - CVE-2025-38011: drm/amdgpu: csa unmap use uninterruptible lock (bsc#1244729). - CVE-2025-38018: net/tls: fix kernel panic when alloc_page failed (bsc#1244999). - CVE-2025-38053: idpf: fix null-ptr-deref in idpf_features_check (bsc#1244746). - CVE-2025-38057: espintcp: fix skb leaks (bsc#1244862). - CVE-2025-38060: bpf: abort verification if env->cur_state->loop_entry != NULL (bsc#1245155). - CVE-2025-38072: libnvdimm/labels: Fix divide error in nd_label_data_init() (bsc#1244743). The following non-security bugs were fixed: - ACPI: CPPC: Fix NULL pointer dereference when nosmp is used (git-fixes). - ACPI: HED: Always initialize before evged (stable-fixes). - ACPI: OSI: Stop advertising support for '3.0 _SCP Extensions' (git-fixes). - ACPI: PNP: Add Intel OC Watchdog IDs to non-PNP device list (stable-fixes). - ACPI: battery: negate current when discharging (stable-fixes). - ACPI: bus: Bail out if acpi_kobj registration fails (stable-fixes). - ACPICA: Avoid sequence overread in call to strncmp() (stable-fixes). - ACPICA: Utilities: Fix spelling mistake 'Incremement' -> 'Increment' (git-fixes). - ACPICA: exserial: do not forget to handle FFixedHW opregions for reading (git-fixes). - ACPICA: fix acpi operand cache leak in dswstate.c (stable-fixes). - ACPICA: fix acpi parse and parseext cache leaks (stable-fixes). - ACPICA: utilities: Fix overflow check in vsnprintf() (stable-fixes). - ALSA: hda/intel: Add Thinkpad E15 to PM deny list (stable-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx (stable-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14ASP10 (stable-fixes). - ALSA: hda/realtek: Enable PC beep passthrough for HP EliteBook 855 G7 (stable-fixes). - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR (git-fixes). - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X513EA (git-fixes). - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged (stable-fixes). - ALSA: pcm: Fix race of buffer access at PCM OSS layer (stable-fixes). - ALSA: seq: Improve data consistency at polling (stable-fixes). - ALSA: usb-audio: Accept multiple protocols in GTBs (stable-fixes). - ALSA: usb-audio: Add Pioneer DJ DJM-V10 support (stable-fixes). - ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock (stable-fixes). - ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 (stable-fixes). - ALSA: usb-audio: Add name for HP Engage Go dock (stable-fixes). - ALSA: usb-audio: Check shutdown at endpoint_set_interface() (stable-fixes). - ALSA: usb-audio: Fix NULL pointer deref in snd_usb_power_domain_set() (git-fixes). - ALSA: usb-audio: Fix duplicated name in MIDI substream names (stable-fixes). - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (git-fixes). - ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card (stable-fixes). - ALSA: usb-audio: Rename Pioneer mixer channel controls (git-fixes). - ALSA: usb-audio: Set MIDI1 flag appropriately for GTB MIDI 1.0 entry (stable-fixes). - ALSA: usb-audio: Skip setting clock selector for single connections (stable-fixes). - ALSA: usb-audio: Support multiple control interfaces (stable-fixes). - ALSA: usb-audio: Support read-only clock selector control (stable-fixes). - ALSA: usb-audio: enable support for Presonus Studio 1824c within 1810c file (stable-fixes). - ALSA: usb-audio: mixer: Remove temporary string use in parse_clock_source_unit (stable-fixes). - ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX (git-fixes). - ASoC: Intel: avs: Verify content returned by parse_int_array() (git-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 (stable-fixes). - ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type (git-fixes). - ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9 (stable-fixes). - ASoC: apple: mca: Constrain channels according to TDM mask (git-fixes). - ASoC: codecs: hda: Fix RPM usage count underflow (git-fixes). - ASoC: codecs: pcm3168a: Allow for 24-bit in provider mode (stable-fixes). - ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of() (stable-fixes). - ASoC: mediatek: mt6359: Add stub for mt6359_accdet_enable_jack_detect (stable-fixes). - ASoC: mediatek: mt8188: Add reference for dmic clocks (stable-fixes). - ASoC: mediatek: mt8188: Treat DMIC_GAINx_CUR as non-volatile (stable-fixes). - ASoC: meson: meson-card-utils: use of_property_present() for DT parsing (git-fixes). - ASoC: ops: Enforce platform maximum on initial value (stable-fixes). - ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() (git-fixes). - ASoC: qcom: sm8250: explicitly set format in sm8250_be_hw_params_fixup() (stable-fixes). - ASoC: rt722-sdca: Add some missing readable registers (stable-fixes). - ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot() (stable-fixes). - ASoC: sun4i-codec: support hp-det-gpios property (stable-fixes). - ASoC: tas2764: Add reg defaults for TAS2764_INT_CLK_CFG (stable-fixes). - ASoC: tas2764: Enable main IRQs (git-fixes). - ASoC: tas2764: Mark SW_RESET as volatile (stable-fixes). - ASoC: tas2764: Power up/down amp on mute ops (stable-fixes). - ASoC: tas2764: Reinit cache on part reset (git-fixes). - ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change (stable-fixes). - ASoC: tegra210_ahub: Add check to of_device_get_match_data() (stable-fixes). - Bluetooth: Fix NULL pointer deference on eir_get_service_data (git-fixes). - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION (git-fixes). - Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete (git-fixes). - Bluetooth: MGMT: Fix sparse errors (git-fixes). - Bluetooth: MGMT: Remove unused mgmt_pending_find_data (stable-fixes). - Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() (git-fixes). - Bluetooth: Remove pending ACL connection attempts (stable-fixes). - Bluetooth: hci_conn: Fix UAF Write in __hci_acl_create_connection_sync (git-fixes). - Bluetooth: hci_conn: Only do ACL connections sequentially (stable-fixes). - Bluetooth: hci_core: fix list_for_each_entry_rcu usage (git-fixes). - Bluetooth: hci_event: Fix not using key encryption size when its known (git-fixes). - Bluetooth: hci_qca: move the SoC type check to the right place (git-fixes). - Bluetooth: hci_sync: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync (git-fixes). - Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance (git-fixes). - Documentation/rtla: Fix duplicate text about timerlat tracer (git-fixes). - Documentation/rtla: Fix typo in common_timerlat_description.rst (git-fixes). - Documentation/rtla: Fix typo in rtla-timerlat.rst (git-fixes). - Documentation: fix typo in root= kernel parameter description (git-fixes). - HID: lenovo: Restrict F7/9/11 mode to compact keyboards only (git-fixes). - HID: quirks: Add ADATA XPG alpha wireless mouse support (stable-fixes). - HID: usbkbd: Fix the bit shift number for LED_KANA (stable-fixes). - HID: wacom: fix kobject reference count leak (git-fixes). - HID: wacom: fix memory leak on kobject creation failure (git-fixes). - HID: wacom: fix memory leak on sysfs attribute creation failure (git-fixes). - Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer() (git-fixes). - Input: ims-pcu - check record size in ims_pcu_flash_firmware() (git-fixes). - Input: sparcspkr - avoid unannotated fall-through (stable-fixes). - Input: xpad - add more controllers (stable-fixes). - KVM: powerpc: Enable commented out BUILD_BUG_ON() assertion (bsc#1215199). - KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY (git-fixes bsc#1245225). - MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') - MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild') - MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed. - NFC: nci: uart: Set tty->disc_data only in success path (git-fixes). - NFS: Do not allow waiting for exiting tasks (git-fixes). - NFSD: Insulate nfsd4_encode_read_plus() from page boundaries in the encode buffer (git-fixes). - NFSv4: Check for delegation validity in nfs_start_delegation_return_locked() (git-fixes). - NFSv4: Treat ENETUNREACH errors as fatal for state recovery (git-fixes). - PCI/DPC: Initialize aer_err_info before using it (git-fixes). - PCI/DPC: Log Error Source ID only when valid (git-fixes). - PCI/DPC: Use defines with DPC reason fields (git-fixes). - PCI/MSI: Size device MSI domain with the maximum number of vectors (git-fixes). - PCI/PM: Set up runtime PM even for devices without PCI PM (git-fixes). - PCI: Explicitly put devices into D0 when initializing (git-fixes). - PCI: Fix lock symmetry in pci_slot_unlock() (git-fixes). - PCI: Fix old_size lower bound in calculate_iosize() too (stable-fixes). - PCI: apple: Set only available ports up (git-fixes). - PCI: apple: Use gpiod_set_value_cansleep in probe flow (git-fixes). - PCI: brcmstb: Add a softdep to MIP MSI-X driver (stable-fixes). - PCI: brcmstb: Expand inbound window size up to 64GB (stable-fixes). - PCI: cadence-ep: Correct PBA offset in .set_msix() callback (git-fixes). - PCI: cadence: Fix runtime atomic count underflow (git-fixes). - PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit() (git-fixes). - PCI: dw-rockchip: Remove PCIE_L0S_ENTRY check from rockchip_pcie_link_up() (git-fixes). - PCI: dwc: ep: Correct PBA offset in .set_msix() callback (git-fixes). - PCI: dwc: ep: Ensure proper iteration over outbound map windows (stable-fixes). - PCI: endpoint: Retain fixed-size BAR size as well as aligned size (git-fixes). - PCI: vmd: Disable MSI remapping bypass under Xen (stable-fixes). - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() (stable-fixes). - PM: sleep: Fix power.is_suspended cleanup for direct-complete devices (git-fixes). - PM: sleep: Print PM debug messages during hibernation (git-fixes). - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() (git-fixes). - RDMA/core: Fix best page size finding when it can cross SG entries (git-fixes) - RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject() (git-fixes) - Remove compress-vmlinux.sh /usr/lib/rpm/brp-suse.d/brp-99-compress-vmlinux was added in pesign-obs-integration during SLE12 RC. This workaround can be removed. - Remove host-memcpy-hack.h This might have been usefult at some point but we have more things that depend on specific library versions today. - Remove try-disable-staging-driver The config for linux-next is autogenerated from master config, and defaults filled for missing options. This is unlikely to enable any staging driver in the first place. - Revert 'ALSA: usb-audio: Skip setting clock selector for single connections' (stable-fixes). - Revert 'arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC (git-fixes) - Revert 'bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first' (stable-fixes). - Revert 'drm/amdgpu: do not allow userspace to create a doorbell BO' (stable-fixes). - Revert 'ipv6: save dontfrag in cork (git-fixes).' - Revert 'kABI: ipv6: save dontfrag in cork (git-fixes).' - Revert 'wifi: mt76: mt7996: fill txd by host driver' (stable-fixes). - SUNRPC: Do not allow waiting for exiting tasks (git-fixes). - SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls (git-fixes). - SUNRPC: rpc_clnt_set_transport() must not change the autobind setting (git-fixes). - SUNRPC: rpcbind should never reset the port to the value '0' (git-fixes). - USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB (stable-fixes). - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (git-fixes). - accel/qaic: Mask out SR-IOV PCI resources (stable-fixes). - acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() (git-fixes). - add bug reference to existing hv_storvsc change (bsc#1245455). - arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs (git-fixes) - ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode (stable-fixes). - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (stable-fixes). - ath10k: snoc: fix unbalanced IRQ enable in crash recovery (git-fixes). - backlight: pm8941: Add NULL check in wled_configure() (git-fixes). - bnxt: properly flush XDP redirect lists (git-fixes). - bpf: Force uprobe bpf program to always return 0 (git-fixes). - bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)') - btrfs: fix fsync of files with no hard links not persisting deletion (git-fixes). - btrfs: fix invalid data space release when truncating block in NOCOW mode (git-fixes). - btrfs: fix qgroup reservation leak on failure to allocate ordered extent (git-fixes). - btrfs: fix wrong start offset for delalloc space release during mmap write (git-fixes). - btrfs: remove end_no_trans label from btrfs_log_inode_parent() (git-fixes). - btrfs: simplify condition for logging new dentries at btrfs_log_inode_parent() (git-fixes). - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device (git-fixes). - bus: fsl-mc: fix GET/SET_TAILDROP command ids (git-fixes). - bus: fsl-mc: fix double-free on mc_dev (git-fixes). - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value (stable-fixes). - bus: mhi: host: Fix conflict between power_up and SYSERR (git-fixes). - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (git-fixes). - can: c_can: Use of_property_present() to test existence of DT property (stable-fixes). - can: tcan4x5x: fix power regulator retrieval during probe (git-fixes). - ceph: Fix incorrect flush end position calculation (git-fixes). - ceph: allocate sparse_ext map only for sparse reads (git-fixes). - ceph: fix memory leaks in __ceph_sync_read() (git-fixes). - cgroup/cpuset: Fix race between newly created partition and dying one (bsc#1241166). - clocksource: Fix brown-bag boolean thinko in (git-fixes) - clocksource: Make watchdog and suspend-timing multiplication (git-fixes) - crypto: lrw - Only add ecb if it is not already there (git-fixes). - crypto: lzo - Fix compression buffer overrun (stable-fixes). - crypto: marvell/cesa - Avoid empty transfer descriptor (git-fixes). - crypto: marvell/cesa - Do not chain submitted requests (git-fixes). - crypto: marvell/cesa - Handle zero-length skcipher requests (git-fixes). - crypto: octeontx2 - suppress auth failure screaming due to negative tests (stable-fixes). - crypto: qat - add shutdown handler to qat_420xx (git-fixes). - crypto: qat - add shutdown handler to qat_4xxx (git-fixes). - crypto: skcipher - Zap type in crypto_alloc_sync_skcipher (stable-fixes). - crypto: sun8i-ce - move fallback ahash_request to the end of the struct (git-fixes). - crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() (git-fixes). - crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions (git-fixes). - crypto: xts - Only add ecb if it is not already there (git-fixes). - devlink: Fix referring to hw_addr attribute during state validation (git-fixes). - devlink: fix port dump cmd type (git-fixes). - dlm: mask sk_shutdown value (bsc#1228854). - dlm: use SHUT_RDWR for SCTP shutdown (bsc#1228854). - dmaengine: idxd: cdev: Fix uninitialized use of sva in idxd_cdev_open (stable-fixes). - dmaengine: ti: Add NULL check in udma_probe() (git-fixes). - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (stable-fixes). - drm/amd/display/dm: drop hw_support check in amdgpu_dm_i2c_xfer() (stable-fixes). - drm/amd/display: Add null pointer check for get_first_active_display() (git-fixes). - drm/amd/display: Do not try AUX transactions on disconnected link (stable-fixes). - drm/amd/display: Fix incorrect DPCD configs while Replay/PSR switch (stable-fixes). - drm/amd/display: Guard against setting dispclk low for dcn31x (stable-fixes). - drm/amd/display: Increase block_sequence array size (stable-fixes). - drm/amd/display: Initial psr_version with correct setting (stable-fixes). - drm/amd/display: Skip checking FRL_MODE bit for PCON BW determination (stable-fixes). - drm/amd/display: Update CR AUX RD interval interpretation (stable-fixes). - drm/amd/display: fix link_set_dpms_off multi-display MST corner case (stable-fixes). - drm/amd/display: remove minimum Dispclk and apply oem panel timing (stable-fixes). - drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table (git-fixes). - drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c (stable-fixes). - drm/amdgpu: Set snoop bit for SDMA for MI series (stable-fixes). - drm/amdgpu: Update SRIOV video codec caps (stable-fixes). - drm/amdgpu: enlarge the VBIOS binary size limit (stable-fixes). - drm/amdgpu: reset psp->cmd to NULL after releasing the buffer (stable-fixes). - drm/amdgpu: switch job hw_fence to amdgpu_fence (git-fixes). - drm/amdkfd: KFD release_work possible circular locking (stable-fixes). - drm/amdkfd: Set per-process flags only once cik/vi (stable-fixes). - drm/ast: Find VBIOS mode from regular display size (stable-fixes). - drm/ast: Fix comment on modeset lock (git-fixes). - drm/atomic: clarify the rules around drm_atomic_state->allow_modeset (stable-fixes). - drm/bridge: cdns-dsi: Check return value when getting default PHY config (git-fixes). - drm/bridge: cdns-dsi: Fix connecting to next bridge (git-fixes). - drm/bridge: cdns-dsi: Fix phy de-init and flag it so (git-fixes). - drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() (git-fixes). - drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready (git-fixes). - drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() (git-fixes). - drm/etnaviv: Protect the scheduler's pending list with its lock (git-fixes). - drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1 (git-fixes). - drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled (git-fixes). - drm/i915: fix build error some more (git-fixes). - drm/mediatek: Fix kobject put for component sub-drivers (git-fixes). - drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence (stable-fixes). - drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr (git-fixes). - drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err (git-fixes). - drm/msm/disp: Correct porch timing for SDM845 (git-fixes). - drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate (git-fixes). - drm/msm/gpu: Fix crash when throttling GPU immediately during boot (git-fixes). - drm/nouveau/bl: increase buffer size to avoid truncate warning (git-fixes). - drm/panel-edp: Add Starry 116KHD024006 (stable-fixes). - drm/panel: samsung-sofef00: Drop s6e3fc2x01 support (git-fixes). - drm/rockchip: vop2: Add uv swap for cluster window (stable-fixes). - drm/ssd130x: fix ssd132x_clear_screen() columns (git-fixes). - drm/tegra: Assign plane type before registration (git-fixes). - drm/tegra: Fix a possible null pointer dereference (git-fixes). - drm/tegra: rgb: Fix the unbound reference count (git-fixes). - drm/udl: Unregister device before cleaning up on disconnect (git-fixes). - drm/v3d: Add clock handling (stable-fixes). - drm/vc4: tests: Use return instead of assert (git-fixes). - drm/vkms: Adjust vkms_state->active_planes allocation type (git-fixes). - drm/vmwgfx: Add seqno waiter for sync_files (git-fixes). - drm: Add valid clones check (stable-fixes). - drm: bridge: adv7511: fill stream capabilities (stable-fixes). - drm: rcar-du: Fix memory leak in rcar_du_vsps_init() (git-fixes). - e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13 (git-fixes). - fbcon: Make sure modelist not set on unregistered console (stable-fixes). - fbcon: Use correct erase colour for clearing in fbcon (stable-fixes). - fbdev/efifb: Remove PM for parent device (bsc#1244261). - fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var (git-fixes). - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (git-fixes). - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (git-fixes). - fbdev: core: tileblit: Implement missing margin clearing for tileblit (stable-fixes). - fbdev: fsl-diu-fb: add missing device_remove_file() (stable-fixes). - fgraph: Still initialize idle shadow stacks when starting (git-fixes). - firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES (git-fixes). - firmware: arm_ffa: Reject higher major version as incompatible (stable-fixes). - firmware: arm_ffa: Set dma_mask for ffa devices (stable-fixes). - firmware: arm_scmi: Relax duplicate name constraint across protocol ids (stable-fixes). - firmware: psci: Fix refcount leak in psci_dt_init (git-fixes). - fpga: altera-cvp: Increase credit timeout (stable-fixes). - fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio() (git-fixes). - gpio: mlxbf3: only get IRQ for device instance 0 (git-fixes). - gpio: pca953x: Simplify code with cleanup helpers (stable-fixes). - gpio: pca953x: Split pca953x_restore_context() and pca953x_save_context() (stable-fixes). - gpio: pca953x: fix IRQ storm on system wake up (git-fixes). - gpiolib: Revert 'Do not WARN on gpiod_put() for optional GPIO' (stable-fixes). - gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt (git-fixes). - gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO (git-fixes). - hwmon: (asus-ec-sensors) check sensor index in read_string() (git-fixes). - hwmon: (dell-smm) Increment the number of fans (stable-fixes). - hwmon: (ftsteutates) Fix TOCTOU race in fts_read() (git-fixes). - hwmon: (gpio-fan) Add missing mutex locks (stable-fixes). - hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace (git-fixes). - hwmon: (occ) Rework attribute registration for stack usage (git-fixes). - hwmon: (occ) fix unaligned accesses (git-fixes). - hwmon: (peci/dimmtemp) Do not provide fake thresholds data (git-fixes). - hwmon: (xgene-hwmon) use appropriate type for the latency value (stable-fixes). - hwmon: corsair-psu: add USB id of HX1200i Series 2023 psu (git-fixes). - i2c: designware: Invoke runtime suspend on quick slave re-registration (stable-fixes). - i2c: npcm: Add clock toggle recovery (stable-fixes). - i2c: pxa: fix call balance of i2c->clk handling routines (stable-fixes). - i2c: qup: Vote for interconnect bandwidth to DRAM (stable-fixes). - i2c: robotfuzz-osif: disable zero-length read messages (git-fixes). - i2c: tegra: check msg length in SMBUS block read (bsc#1242086) - i2c: tiny-usb: disable zero-length read messages (git-fixes). - i3c: master: svc: Fix implicit fallthrough in svc_i3c_master_ibi_work() (git-fixes). - i3c: master: svc: Fix missing STOP for master request (stable-fixes). - i3c: master: svc: Flush FIFO before sending Dynamic Address Assignment(DAA) (stable-fixes). - i40e: retry VFLR handling if there is ongoing VF reset (git-fixes). - i40e: return false from i40e_reset_vf if reset is in progress (git-fixes). - ice: Fix LACP bonds without SRIOV environment (git-fixes). - ice: create new Tx scheduler nodes for new queues only (git-fixes). - ice: fix Tx scheduler error handling in XDP callback (git-fixes). - ice: fix rebuilding the Tx scheduler tree for large queue counts (git-fixes). - ice: fix vf->num_mac count with port representors (git-fixes). - ieee802154: ca8210: Use proper setters and getters for bitwise types (stable-fixes). - iio: accel: fxls8962af: Fix temperature scan element sign (git-fixes). - iio: adc: ad7124: Fix 3dB filter frequency reading (git-fixes). - iio: adc: ad7606_spi: fix reg write value mask (git-fixes). - iio: filter: admv8818: Support frequencies >= 2^32 (git-fixes). - iio: filter: admv8818: fix band 4, state 15 (git-fixes). - iio: filter: admv8818: fix integer overflow (git-fixes). - iio: filter: admv8818: fix range calculation (git-fixes). - iio: imu: inv_icm42600: Fix temperature calculation (git-fixes). - ima: Suspend PCR extends and log appends when rebooting (bsc#1210025 ltc#196650). - ima: process_measurement() needlessly takes inode_lock() on MAY_READ (stable-fixes). - intel_th: avoid using deprecated page->mapping, index fields (stable-fixes). - iommu: Protect against overflow in iommu_pgsize() (git-fixes). - iommu: Skip PASID validation for devices without PASID capability (bsc#1244100) - iommu: Validate the PASID in iommu_attach_device_pasid() (bsc#1244100) - ip6mr: fix tables suspicious RCU usage (git-fixes). - ip_tunnel: annotate data-races around t->parms.link (git-fixes). - ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function (git-fixes). - ipmr: fix tables suspicious RCU usage (git-fixes). - ipv4: Convert ip_route_input() to dscp_t (git-fixes). - ipv4: Correct/silence an endian warning in __ip_do_redirect (git-fixes). - ipv6: save dontfrag in cork (git-fixes). - ipvs: Always clear ipvs_property flag in skb_scrub_packet() (git-fixes). - isolcpus: fix bug in returning number of allocated cpumask (bsc#1243774). - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places (git-fixes). - jffs2: check that raw node were preallocated before writing summary (git-fixes). - kABI workaround for hda_codec.beep_just_power_on flag (git-fixes). - kABI: PCI: endpoint: Retain fixed-size BAR size as well as aligned size (git-fixes). - kABI: ipv6: save dontfrag in cork (git-fixes). - kABI: serial: mctrl_gpio: split disable_ms into sync and no_sync APIs (git-fixes). - kabi: restore layout of struct cgroup_subsys (bsc#1241166). - kabi: restore layout of struct mem_control (jsc#PED-12551). - kabi: restore layout of struct page_counter (jsc#PED-12551). - kernel-source: Do not use multiple -r in sed parameters - kernel-source: Remove log.sh from sources - leds: pwm-multicolor: Add check for fwnode_property_read_u32 (stable-fixes). - loop: add file_start_write() and file_end_write() (git-fixes). - mailbox: use error ret code of of_parse_phandle_with_args() (stable-fixes). - md/raid1,raid10: do not handle IO error for REQ_RAHEAD and REQ_NOWAIT (git-fixes). - media: adv7180: Disable test-pattern control on adv7180 (stable-fixes). - media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() (stable-fixes). - media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case (git-fixes). - media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div (git-fixes). - media: ccs-pll: Start OP pre-PLL multiplier search from correct value (git-fixes). - media: ccs-pll: Start VT pre-PLL multiplier search from correct value (git-fixes). - media: cx231xx: set device_caps for 417 (stable-fixes). - media: cxusb: no longer judge rbuf when the write fails (git-fixes). - media: davinci: vpif: Fix memory leak in probe error path (git-fixes). - media: gspca: Add error handling for stv06xx_read_sensor() (git-fixes). - media: i2c: imx219: Correct the minimum vblanking value (stable-fixes). - media: imx-jpeg: Cleanup after an allocation error (git-fixes). - media: imx-jpeg: Drop the first error frames (git-fixes). - media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead (git-fixes). - media: imx-jpeg: Reset slot data pointers when freed (git-fixes). - media: nxp: imx8-isi: better handle the m2m usage_count (git-fixes). - media: omap3isp: use sgtable-based scatterlist wrappers (git-fixes). - media: ov5675: suppress probe deferral errors (git-fixes). - media: ov8856: suppress probe deferral errors (git-fixes). - media: qcom: camss: csid: Only add TPG v4l2 ctrl if TPG hardware is available (stable-fixes). - media: rkvdec: Fix frame size enumeration (git-fixes). - media: tc358746: improve calculation of the D-PHY timing registers (stable-fixes). - media: test-drivers: vivid: do not call schedule in loop (stable-fixes). - media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map (stable-fixes). - media: uvcvideo: Fix deferred probing error (git-fixes). - media: uvcvideo: Handle uvc menu translation inside uvc_get_le_value (stable-fixes). - media: uvcvideo: Return the number of processed controls (git-fixes). - media: v4l2-dev: fix error handling in __video_register_device() (git-fixes). - media: v4l: Memset argument to 0 before calling get_mbus_config pad op (stable-fixes). - media: venus: Fix probe error handling (git-fixes). - media: videobuf2: use sgtable-based scatterlist wrappers (git-fixes). - media: vidtv: Terminating the subsequent process of initialization failure (git-fixes). - media: vivid: Change the siize of the composing (git-fixes). - mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() (git-fixes). - mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE (git-fixes). - mfd: tps65219: Remove TPS65219_REG_TI_DEV_ID check (stable-fixes). - mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337). - mm, memcg: cg2 memory{.swap,}.peak write handlers (jsc#PED-12551). - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431). - mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431). - mm/memcontrol: export memcg.swap watermark via sysfs for v2 memcg (jsc#PED-12551). - mmc: Add quirk to disable DDR50 tuning (stable-fixes). - mmc: dw_mmc: add exynos7870 DW MMC support (stable-fixes). - mmc: host: Wait for Vdd to settle on card power off (stable-fixes). - mmc: sdhci: Disable SD card clock before changing parameters (stable-fixes). - mtd: nand: ecc-mxic: Fix use of uninitialized variable ret (git-fixes). - mtd: nand: sunxi: Add randomizer configuration before randomizer enable (git-fixes). - mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk (git-fixes). - neighbour: Do not let neigh_forced_gc() disable preemption for long (git-fixes). - net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (git-fixes). - net/mdiobus: Fix potential out-of-bounds read/write access (git-fixes). - net/mlx4_en: Prevent potential integer overflow calculating Hz (git-fixes). - net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() (git-fixes). - net/mlx5: Ensure fw pages are always allocated on same NUMA (git-fixes). - net/mlx5: Fix ECVF vports unload on shutdown flow (git-fixes). - net/mlx5: Fix return value when searching for existing flow group (git-fixes). - net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() (git-fixes). - net/mlx5e: Fix leak of Geneve TLV option object (git-fixes). - net/neighbor: clear error in case strict check is not set (git-fixes). - net/sched: fix use-after-free in taprio_dev_notifier (git-fixes). - net: Fix TOCTOU issue in sk_is_readable() (git-fixes). - net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) (git-fixes). - net: add rcu safety to rtnl_prop_list_size() (git-fixes). - net: fix udp gso skb_segment after pull from frag_list (git-fixes). - net: give more chances to rcu in netdev_wait_allrefs_any() (git-fixes). - net: ice: Perform accurate aRFS flow match (git-fixes). - net: ipv4: fix a memleak in ip_setup_cork (git-fixes). - net: linkwatch: use system_unbound_wq (git-fixes). - net: mana: Add support for Multi Vports on Bare metal (bsc#1244229). - net: mana: Record doorbell physical address in PF mode (bsc#1244229). - net: page_pool: fix warning code (git-fixes). - net: phy: clear phydev->devlink when the link is deleted (git-fixes). - net: phy: fix up const issues in to_mdio_device() and to_phy_device() (git-fixes). - net: phy: move phy_link_change() prior to mdio_bus_phy_may_suspend() (bsc#1243538) - net: phy: mscc: Fix memory leak when using one step timestamping (git-fixes). - net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames (git-fixes). - net: sched: cls_u32: Fix allocation size in u32_init() (git-fixes). - net: sched: consistently use rcu_replace_pointer() in taprio_change() (git-fixes). - net: sched: em_text: fix possible memory leak in em_text_destroy() (git-fixes). - net: sched: fix erspan_opt settings in cls_flower (git-fixes). - net: usb: aqc111: debug info before sanitation (git-fixes). - net: usb: aqc111: fix error handling of usbnet read calls (git-fixes). - net: wwan: t7xx: Fix napi rx poll issue (git-fixes). - net_sched: ets: fix a race in ets_qdisc_change() (git-fixes). - net_sched: prio: fix a race in prio_tune() (git-fixes). - net_sched: red: fix a race in __red_change() (git-fixes). - net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312) - net_sched: sch_sfq: reject invalid perturb period (git-fixes). - net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504) - net_sched: tbf: fix a race in tbf_change() (git-fixes). - netdev-genl: Hold rcu_read_lock in napi_get (git-fixes). - netlink: fix potential sleeping issue in mqueue_flush_file (git-fixes). - netlink: specs: dpll: replace underscores with dashes in names (git-fixes). - netpoll: Use rcu_access_pointer() in __netpoll_setup (git-fixes). - netpoll: hold rcu read lock in __netpoll_send_skb() (git-fixes). - nfsd: Initialize ssc before laundromat_work to prevent NULL dereference (git-fixes). - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (git-fixes). - nfsd: validate the nfsd_serv pointer before calling svc_wake_up (git-fixes). - ntp: Clamp maxerror and esterror to operating range (git-fixes) - ntp: Remove invalid cast in time offset math (git-fixes) - ntp: Safeguard against time_constant overflow (git-fixes) - nvme-fc: do not reference lsrsp after failure (bsc#1245193). - nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro (git-fixes). - nvme-pci: add quirks for WDC Blue SN550 15b7:5009 (git-fixes). - nvme-pci: add quirks for device 126f:1001 (git-fixes). - nvme: always punt polled uring_cmd end_io work to task_work (git-fixes). - nvme: fix command limits status code (git-fixes). - nvme: fix implicit bool to flags conversion (git-fixes). - nvmet-fc: free pending reqs on tgtport unregister (bsc#1245193). - nvmet-fc: take tgtport refs for portentry (bsc#1245193). - nvmet-fcloop: access fcpreq only when holding reqlock (bsc#1245193). - nvmet-fcloop: add missing fcloop_callback_host_done (bsc#1245193). - nvmet-fcloop: allocate/free fcloop_lsreq directly (bsc#1245193). - nvmet-fcloop: do not wait for lport cleanup (bsc#1245193). - nvmet-fcloop: drop response if targetport is gone (bsc#1245193). - nvmet-fcloop: prevent double port deletion (bsc#1245193). - nvmet-fcloop: refactor fcloop_delete_local_port (bsc#1245193). - nvmet-fcloop: refactor fcloop_nport_alloc and track lport (bsc#1245193). - nvmet-fcloop: remove nport from list on last user (bsc#1245193). - nvmet-fcloop: track ref counts for nports (bsc#1245193). - nvmet-fcloop: update refs on tfcp_req (bsc#1245193). - orangefs: Do not truncate file size (git-fixes). - pNFS/flexfiles: Report ENETDOWN as a connection error (git-fixes). - page_pool: Fix use-after-free in page_pool_recycle_in_ring (git-fixes). - phy: core: do not require set_mode() callback for phy_get_mode() to work (stable-fixes). - phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug (git-fixes). - phy: renesas: rcar-gen3-usb2: Add support to initialize the bus (stable-fixes). - phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off (git-fixes). - phy: renesas: rcar-gen3-usb2: Lock around hardware registers and driver data (git-fixes). - phy: renesas: rcar-gen3-usb2: Move IRQ request in probe (stable-fixes). - pinctrl-tegra: Restore SFSEL bit when freeing pins (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() (stable-fixes). - pinctrl: armada-37xx: set GPIO output value before setting direction (git-fixes). - pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 (git-fixes). - pinctrl: at91: Fix possible out-of-boundary access (git-fixes). - pinctrl: bcm281xx: Use 'unsigned int' instead of bare 'unsigned' (stable-fixes). - pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map (stable-fixes). - pinctrl: mcp23s08: Reset all pins to input at probe (stable-fixes). - pinctrl: meson: define the pull up/down resistor value as 60 kOhm (stable-fixes). - pinctrl: qcom: pinctrl-qcm2290: Add missing pins (git-fixes). - pinctrl: st: Drop unused st_gpio_bank() function (git-fixes). - pinctrl: tegra: Fix off by one in tegra_pinctrl_get_group() (git-fixes). - platform/x86/amd: pmc: Clear metrics table at start of cycle (git-fixes). - platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL (git-fixes). - platform/x86: dell_rbu: Fix list usage (git-fixes). - platform/x86: dell_rbu: Stop overwriting data buffer (git-fixes). - platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys (git-fixes). - platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys (stable-fixes). - platform/x86: ideapad-laptop: use usleep_range() for EC polling (git-fixes). - platform/x86: thinkpad_acpi: Ignore battery threshold change event notification (stable-fixes). - platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS (git-fixes). - platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS (stable-fixes). - power: reset: at91-reset: Optimize at91_reset() (git-fixes). - power: supply: bq27xxx: Retrieve again when busy (stable-fixes). - power: supply: collie: Fix wakeup source leaks on device unbind (stable-fixes). - powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery (bsc#1215199). - powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790). - powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states (bsc#1215199). - powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790). - pstore: Change kmsg_bytes storage size to u32 (git-fixes). - ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() (git-fixes). - r8152: add vendor/device ID pair for Dell Alienware AW1022z (git-fixes). - regulator: ad5398: Add device tree support (stable-fixes). - regulator: max14577: Add error check for max14577_read_reg() (git-fixes). - regulator: max20086: Change enable gpio to optional (git-fixes). - regulator: max20086: Fix MAX200086 chip id (git-fixes). - regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() (git-fixes). - rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang. - rpm/kernel-source.changes.old: Drop bogus bugzilla reference (bsc#1244725) - rpm: Stop using is_kotd_qa macro This macro is set by bs-upload-kernel, and a conditional in each spec file is used to determine when to build the spec file. This logic should not really be in the spec file. Previously this was done with package links and package meta for the individula links. However, the use of package links is rejected for packages in git based release projects (nothing to do with git actually, new policy). An alternative to package links is multibuild. However, for multibuild packages package meta cannot be used to set which spec file gets built. Use prjcon buildflags instead, and remove this conditional. Depends on bs-upload-kernel adding the build flag. - rtc: Fix offset calculation for .start_secs < 0 (git-fixes). - rtc: Make rtc_time64_to_tm() support dates before 1970 (stable-fixes). - rtc: at91rm9200: drop unused module alias (git-fixes). - rtc: cmos: use spin_lock_irqsave in cmos_interrupt (git-fixes). - rtc: cpcap: drop unused module alias (git-fixes). - rtc: da9063: drop unused module alias (git-fixes). - rtc: ds1307: stop disabling alarms on probe (stable-fixes). - rtc: jz4740: drop unused module alias (git-fixes). - rtc: pm8xxx: drop unused module alias (git-fixes). - rtc: rv3032: fix EERD location (stable-fixes). - rtc: s3c: drop unused module alias (git-fixes). - rtc: sh: assign correct interrupts with DT (git-fixes). - rtc: stm32: drop unused module alias (git-fixes). - s390/pci: Allow re-add of a reserved but not yet removed device (bsc#1244145). - s390/pci: Fix __pcilg_mio_inuser() inline assembly (git-fixes bsc#1245226). - s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs (git-fixes bsc#1244145). - s390/pci: Fix potential double remove of hotplug slot (bsc#1244145). - s390/pci: Prevent self deletion in disable_slot() (bsc#1244145). - s390/pci: Remove redundant bus removal and disable from zpci_release_device() (bsc#1244145). - s390/pci: Serialize device addition and removal (bsc#1244145). - s390/pci: introduce lock to synchronize state of zpci_dev's (jsc#PED-10253 bsc#1244145). - s390/pci: remove hotplug slot when releasing the device (bsc#1244145). - s390/pci: rename lock member in struct zpci_dev (jsc#PED-10253 bsc#1244145). - s390/tty: Fix a potential memory leak bug (git-fixes bsc#1245228). - scsi: dc395x: Remove DEBUG conditional compilation (git-fixes). - scsi: dc395x: Remove leftover if statement in reselect() (git-fixes). - scsi: elx: efct: Fix memory leak in efct_hw_parse_filter() (git-fixes). - scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk (git-fixes). - scsi: iscsi: Fix incorrect error path labels for flashnode operations (git-fixes). - scsi: mpi3mr: Add level check to control event logging (git-fixes). - scsi: mpt3sas: Send a diag reset if target reset fails (git-fixes). - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops (git-fixes). - scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer (git-fixes). - scsi: st: ERASE does not change tape location (git-fixes). - scsi: st: Restore some drive settings after reset (git-fixes). - scsi: st: Tighten the page format heuristics with MODE SELECT (git-fixes). - scsi: storvsc: Do not report the host packet status as the hv status (git-fixes). - scsi: storvsc: Increase the timeouts to storvsc_timeout (git-fixes). - selftests/bpf: Fix bpf_nf selftest failure (git-fixes). - selftests/mm: restore default nr_hugepages value during cleanup in hugetlb_reparenting_test.sh (git-fixes). - selftests/net: have `gro.sh -t` return a correct exit code (stable-fixes). - selftests/seccomp: fix syscall_restart test for arm compat (git-fixes). - serial: Fix potential null-ptr-deref in mlb_usio_probe() (git-fixes). - serial: imx: Restore original RXTL for console to fix data loss (git-fixes). - serial: mctrl_gpio: split disable_ms into sync and no_sync APIs (git-fixes). - serial: sh-sci: Move runtime PM enable to sci_probe_single() (stable-fixes). - serial: sh-sci: Save and restore more registers (git-fixes). - serial: sh-sci: Update the suspend/resume support (stable-fixes). - soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() (git-fixes). - soc: aspeed: lpc: Fix impossible judgment condition (git-fixes). - soc: qcom: smp2p: Fix fallback to qcom,ipc parse (git-fixes). - soc: ti: k3-socinfo: Do not use syscon helper to build regmap (stable-fixes). - software node: Correct a OOB check in software_node_get_reference_args() (stable-fixes). - soundwire: amd: change the soundwire wake enable/disable sequence (stable-fixes). - spi-rockchip: Fix register out of bounds access (stable-fixes). - spi: bcm63xx-hsspi: fix shared reset (git-fixes). - spi: bcm63xx-spi: fix shared reset (git-fixes). - spi: sh-msiof: Fix maximum DMA transfer size (git-fixes). - spi: spi-sun4i: fix early activation (stable-fixes). - spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers (git-fixes). - spi: tegra210-quad: modify chip select (CS) deactivation (git-fixes). - spi: tegra210-quad: remove redundant error handling code (git-fixes). - spi: zynqmp-gqspi: Always acknowledge interrupts (stable-fixes). - staging: iio: ad5933: Correct settling cycles encoding per datasheet (git-fixes). - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() (git-fixes). - struct usci: hide additional member (git-fixes). - sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (git-fixes). - tcp/dccp: allow a connection when sk_max_ack_backlog is zero (git-fixes). - tcp/dccp: bypass empty buckets in inet_twsk_purge() (git-fixes). - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog (git-fixes). - tcp: bring back NUMA dispersion in inet_ehash_locks_alloc() (git-fixes). - tcp_metrics: optimize tcp_metrics_flush_all() (git-fixes). - thermal/drivers/qoriq: Power down TMU on system suspend (stable-fixes). - thunderbolt: Do not add non-active NVM if NVM upgrade is disabled for retimer (stable-fixes). - thunderbolt: Do not double dequeue a configuration request (stable-fixes). - thunderbolt: Fix a logic error in wake on connect (git-fixes). - timekeeping: Fix bogus clock_was_set() invocation in (git-fixes) - timekeeping: Fix cross-timestamp interpolation corner case (git-fixes) - timekeeping: Fix cross-timestamp interpolation for non-x86 (git-fixes) - timekeeping: Fix cross-timestamp interpolation on counter (git-fixes) - trace/trace_event_perf: remove duplicate samples on the first tracepoint event (git-fixes). - tracing/eprobe: Fix to release eprobe when failed to add dyn_event (git-fixes). - tracing: Add __print_dynamic_array() helper (bsc#1243544). - tracing: Add __string_len() example (bsc#1243544). - tracing: Fix cmp_entries_dup() to respect sort() comparison rules (git-fixes). - tracing: Fix compilation warning on arm32 (bsc#1243551). - tracing: Use atomic64_inc_return() in trace_clock_counter() (git-fixes). - truct dwc3 hide new member wakeup_pending_funcs (git-fixes). - ucsi_debugfs_entry: hide signedness change (git-fixes). - udp: annotate data-races around up->pending (git-fixes). - udp: fix incorrect parameter validation in the udp_lib_getsockopt() function (git-fixes). - udp: fix receiving fraglist GSO packets (git-fixes). - udp: preserve the connected status if only UDP cmsg (git-fixes). - uprobes: Use kzalloc to allocate xol area (git-fixes). - usb: Flush altsetting 0 endpoints before reinitializating them after reset (git-fixes). - usb: cdnsp: Fix issue with detecting USB 3.2 speed (git-fixes). - usb: cdnsp: Fix issue with detecting command completion event (git-fixes). - usb: dwc3: gadget: Make gadget_wakeup asynchronous (git-fixes). - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE (stable-fixes). - usb: renesas_usbhs: Reorder clock handling and power management in probe (git-fixes). - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device (stable-fixes). - usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() (git-fixes). - usb: typec: ucsi: Only enable supported notifications (git-fixes). - usb: typec: ucsi: allow non-partner GET_PDOS for Qualcomm devices (git-fixes). - usb: typec: ucsi: fix Clang -Wsign-conversion warning (git-fixes). - usb: typec: ucsi: fix UCSI on buggy Qualcomm devices (git-fixes). - usb: typec: ucsi: limit the UCSI_NO_PARTNER_PDOS even further (git-fixes). - usb: usbtmc: Fix read_stb function and get_stb ioctl (git-fixes). - usb: usbtmc: Fix timeout value in get_stb (git-fixes). - usb: xhci: Do not change the status of stalled TDs on failed Stop EP (stable-fixes). - usbnet: asix AX88772: leave the carrier control to phylink (stable-fixes). - vgacon: Add check for vc_origin address range in vgacon_scroll() (git-fixes). - vmxnet3: correctly report gso type for UDP tunnels (bsc#1244626). - vmxnet3: support higher link speeds from vmxnet3 v9 (bsc#1244626). - vmxnet3: update MTU after device quiesce (bsc#1244626). - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() (git-fixes). - watchdog: da9052_wdt: respect TWDMIN (stable-fixes). - watchdog: exar: Shorten identity name to fit correctly (git-fixes). - watchdog: fix watchdog may detect false positive of softlockup (stable-fixes). - watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04 (git-fixes). - watchdog: mediatek: Add support for MT6735 TOPRGU/WDT (git-fixes). - wifi: ath11k: Fix QMI memory reuse logic (stable-fixes). - wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() (git-fixes). - wifi: ath11k: convert timeouts to secs_to_jiffies() (stable-fixes). - wifi: ath11k: do not use static variables in ath11k_debugfs_fw_stats_process() (git-fixes). - wifi: ath11k: do not wait when there is no vdev started (git-fixes). - wifi: ath11k: fix node corruption in ar->arvifs list (git-fixes). - wifi: ath11k: fix ring-buffer corruption (git-fixes). - wifi: ath11k: fix rx completion meta data corruption (git-fixes). - wifi: ath11k: fix soc_dp_stats debugfs file permission (stable-fixes). - wifi: ath11k: move some firmware stats related functions outside of debugfs (git-fixes). - wifi: ath11k: update channel list in worker when wait flag is set (bsc#1243847). - wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready (git-fixes). - wifi: ath12k: Add MSDU length validation for TKIP MIC error (git-fixes). - wifi: ath12k: Avoid napi_sync() before napi_enable() (stable-fixes). - wifi: ath12k: Fix WMI tag for EHT rate in peer assoc (git-fixes). - wifi: ath12k: Fix end offset bit definition in monitor ring descriptor (stable-fixes). - wifi: ath12k: Fix invalid memory access while forming 802.11 header (git-fixes). - wifi: ath12k: Fix memory leak during vdev_id mismatch (git-fixes). - wifi: ath12k: Fix the QoS control field offset to build QoS header (git-fixes). - wifi: ath12k: Improve BSS discovery with hidden SSID in 6 GHz band (stable-fixes). - wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz (stable-fixes). - wifi: ath12k: Report proper tx completion status to mac80211 (stable-fixes). - wifi: ath12k: fix a possible dead lock caused by ab->base_lock (stable-fixes). - wifi: ath12k: fix ath12k_hal_tx_cmd_ext_desc_setup() info1 override (stable-fixes). - wifi: ath12k: fix cleanup path after mhi init (git-fixes). - wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping (stable-fixes). - wifi: ath12k: fix incorrect CE addresses (stable-fixes). - wifi: ath12k: fix invalid access to memory (git-fixes). - wifi: ath12k: fix link valid field initialization in the monitor Rx (stable-fixes). - wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET (stable-fixes). - wifi: ath12k: fix node corruption in ar->arvifs list (git-fixes). - wifi: ath12k: fix ring-buffer corruption (git-fixes). - wifi: ath9k: return by of_get_mac_address (stable-fixes). - wifi: ath9k_htc: Abort software beacon handling if disabled (git-fixes). - wifi: carl9170: do not ping device which has failed to load firmware (git-fixes). - wifi: iwlfiwi: mvm: Fix the rate reporting (git-fixes). - wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0 (stable-fixes). - wifi: iwlwifi: add support for Killer on MTL (stable-fixes). - wifi: iwlwifi: fix debug actions order (stable-fixes). - wifi: iwlwifi: pcie: make sure to lock rxq->read (stable-fixes). - wifi: mac80211: VLAN traffic in multicast path (stable-fixes). - wifi: mac80211: do not offer a mesh path if forwarding is disabled (stable-fixes). - wifi: mac80211: do not unconditionally call drv_mgd_complete_tx() (stable-fixes). - wifi: mac80211: fix beacon interval calculation overflow (git-fixes). - wifi: mac80211: remove misplaced drv_mgd_complete_tx() call (stable-fixes). - wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled (stable-fixes). - wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R (stable-fixes). - wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() (git-fixes). - wifi: mt76: mt7921: add 160 MHz AP for mt7922 device (stable-fixes). - wifi: mt76: mt7925: ensure all MCU commands wait for response (git-fixes). - wifi: mt76: mt7925: fix host interrupt register initialization (git-fixes). - wifi: mt76: mt7925: prevent multiple scan commands (git-fixes). - wifi: mt76: mt7925: refine the sniffer commnad (git-fixes). - wifi: mt76: mt7996: drop fragments with multicast or broadcast RA (stable-fixes). - wifi: mt76: mt7996: fix RX buffer size of MCU event (git-fixes). - wifi: mt76: mt7996: revise TXS size (stable-fixes). - wifi: mt76: mt7996: set EHT max ampdu length capability (git-fixes). - wifi: mt76: only mark tx-status-failed frames as ACKed on mt76x0/2 (stable-fixes). - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() (git-fixes). - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 (git-fixes). - wifi: rtw88: Do not use static local variable in rtw8822b_set_tx_power_index_by_rate (stable-fixes). - wifi: rtw88: Fix __rtw_download_firmware() for RTL8814AU (stable-fixes). - wifi: rtw88: Fix download_firmware_validate() for RTL8814AU (stable-fixes). - wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31 (stable-fixes). - wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU (stable-fixes). - wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU (stable-fixes). - wifi: rtw88: do not ignore hardware read error during DPK (git-fixes). - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (git-fixes). - wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally (git-fixes). - wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT (git-fixes). - wifi: rtw88: usb: Reduce control message timeout to 500 ms (git-fixes). - wifi: rtw89: add wiphy_lock() to work that isn't held wiphy_lock() yet (stable-fixes). - wifi: rtw89: fw: propagate error code from rtw89_h2c_tx() (stable-fixes). - wifi: rtw89: leave idle mode when setting WEP encryption for AP mode (stable-fixes). - wifi: rtw89: pci: enlarge retry times of RX tag to 1000 (git-fixes). - x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() (git-fixes). - x86/kaslr: Reduce KASLR entropy on most x86 systems (git-fixes). - x86/microcode/AMD: Add get_patch_level() (git-fixes). - x86/microcode/AMD: Do not return error when microcode update is not necessary (git-fixes). - x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration (git-fixes). - x86/microcode/AMD: Have __apply_microcode_amd() return bool (git-fixes). - x86/microcode/AMD: Make __verify_patch_size() return bool (git-fixes). - x86/microcode/AMD: Merge early_apply_microcode() into its single callsite (git-fixes). - x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section() signature (git-fixes). - x86/microcode/AMD: Return bool from find_blobs_in_containers() (git-fixes). - x86/microcode: Consolidate the loader enablement checking (git-fixes). - x86/mm/init: Handle the special case of device private pages in add_pages(), to not increase max_pfn and trigger dma_addressing_limited() bounce buffers (git-fixes). - x86/xen: fix balloon target initialization for PVH dom0 (git-fixes). - xen/arm: call uaccess_ttbr0_enable for dm_op hypercall (git-fixes) - xen/x86: fix initial memory balloon target (git-fixes). - xsk: always clear DMA mapping information when unmapping the pool (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2539-1 Released: Tue Jul 29 09:03:00 2025 Summary: Recommended update for google-dracut-config Type: recommended Severity: moderate References: 1245352 This update for google-dracut-config fixes the following issues: - Add sed and find to requirements (bsc#1245352) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2543-1 Released: Tue Jul 29 11:09:01 2025 Summary: Recommended update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 Type: recommended Severity: moderate References: 1233012 This update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2558-1 Released: Wed Jul 30 22:14:27 2025 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: 1230267,1243279,1243457,1243486,1244042,1244710,1245220,1245452,1245496,1245672 This update for libsolv fixes the following issues: - Allow easy migration from SLE Micro 5.5 + SUMA to SL Micro 6.1+MLM (bsc#1243457). - implement color filtering when adding update targets. - support orderwithrequires dependencies in susedata.xml. - Fix SEGV in MediaDISK handler (bsc#1245452). - Fix evaluation of libproxy results (bsc#1244710). - Enhancements regarding mirror handling during repo refresh. Adapt to libzypp API changes (bsc#1230267). - Explicitly selecting DownloadAsNeeded also selects the classic_rpmtrans backend. - Enhancements with mirror handling during repo refresh, needs zypper 1.14.91. - Fix autotestcase when ZYPP_FULLLOG=1 (bsc#1244042) There was no testcase written for the very first solver run. - zypper does not allow distinctions between install and upgrade in %postinstall (bsc#1243279). - Ignore DeltaRpm download errors, in case of a failure the full rpm is downloaded (bsc#1245672). - Improve fix for incorrect filesize handling and download data exceeded errors on HTTP responses (bsc#1245220). - sh: Reset solver options after command (bsc#1245496). - BuildRequires: Now %{libsolv_devel_package} greater or equal to 0.7.34 is required (bsc#1243486). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2573-1 Released: Thu Jul 31 11:15:06 2025 Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six Type: recommended Severity: moderate References: 1233012 This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2574-1 Released: Thu Jul 31 11:19:37 2025 Summary: Recommended update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools Type: recommended Severity: moderate References: 1233012 This update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2536-1 Released: Thu Jul 31 16:44:39 2025 Summary: Security update for boost Type: security Severity: important References: 1245936,CVE-2016-9840 This update for boost fixes the following issues: - CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2595-1 Released: Fri Aug 1 17:13:59 2025 Summary: Security update for gnutls Type: security Severity: important References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2661-1 Released: Mon Aug 4 13:15:46 2025 Summary: Recommended update for google-guest-oslogin Type: recommended Severity: important References: 1243992 This update for google-guest-oslogin fixes the following issues: - Stop retrying bad requests causing timeouts during container startup (bsc#1243992) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2713-1 Released: Wed Aug 6 11:21:54 2025 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1245950 This update for hwinfo fixes the following issues: - Fix usb network card detection (bsc#1245950) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2758-1 Released: Tue Aug 12 12:05:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2761-1 Released: Tue Aug 12 14:17:29 2025 Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa Type: recommended Severity: moderate References: 1233012 This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2772-1 Released: Tue Aug 12 19:35:08 2025 Summary: Recommended update for grub2 Type: security Severity: moderate References: 1234959,1246157,1246231,1246237,CVE-2024-56738 This update for grub2 fixes the following issues: - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959) Other fixes: - Fix test -f and -s do not work properly over the network files served via tftp and http (bsc#1246157, bsc#1246237) - Skip mount point in grub_find_device function (bsc#1246231) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2776-1 Released: Wed Aug 13 08:10:36 2025 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1237143 This update for systemd-rpm-macros fixes the following issues: - Introduce %udev_trigger_with_reload() for packages that need to trigger events in theirs scriplets. The new macro automatically triggers a reload of the udev rule files as this step is often overlooked by packages (bsc#1237143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2838-1 Released: Mon Aug 18 10:56:16 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1245223 This update for suse-build-key fixes the following issue: - adjust SLES16 signing key UID (name,email) with official names (bsc#1245223). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2839-1 Released: Mon Aug 18 11:19:58 2025 Summary: Recommended update for libnvme, nvme-cli Type: recommended Severity: moderate References: 1243716,1246599 This update for libnvme, nvme-cli fixes the following issues: - Update to version 1.8+82.g9a64f8f4: - tree: free ctrl attributes when (re)configure ctrl (bsc#1243716) - tree: filter tree after scan has completed (bsc#1243716) - sysfs: minimize heap allocations of sysfs paths - Update to version 2.8+92.g998dceae: - nvme: fix mem leak in nvme copy (bsc#1243716) - nvme-print: suppress output when no ctrl is present for list-subsys (bsc#1243716) - nvme: extend filter to match device name (bsc#1243716) - udev-rules-ontap: switch to queue-depth iopolicy (bsc#1246599) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2841-1 Released: Mon Aug 18 13:01:25 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2888-1 Released: Tue Aug 19 09:47:17 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1228929,1241038 This update for suse-module-tools fixes the following issues: - Version update 15.6.11. - Add missing util-linux requirement to the spec file (bsc#1241038) - Kernel installation fails to build initrd (bsc#1228929). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2914-1 Released: Tue Aug 19 14:54:30 2025 Summary: Security update for docker Type: security Severity: moderate References: 1246556,1247367,CVE-2025-54388 This update for docker fixes the following issues: - Update to Docker 28.3.3-ce. - CVE-2025-54388: Fixed a bug where firewalld when reloaded can make published container ports accessible from remote hosts. (bsc#1247367) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2915-1 Released: Tue Aug 19 14:56:35 2025 Summary: Security update for jq Type: security Severity: moderate References: 1244116,CVE-2025-48060 This update for jq fixes the following issues: - CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116) The following package changes have been done: - boost-license1_66_0-1.66.0-150200.12.7.1 updated - coreutils-8.32-150400.9.9.1 updated - crypto-policies-20230920.570ea89-150600.3.12.1 updated - docker-28.3.3_ce-150000.230.1 updated - google-dracut-config-0.0.4-150300.7.12.1 updated - google-guest-oslogin-20240311.01-150000.1.56.1 updated - grub2-i386-pc-2.12-150600.8.34.1 updated - grub2-x86_64-efi-2.12-150600.8.34.1 updated - grub2-2.12-150600.8.34.1 updated - hwinfo-21.89-150500.3.12.1 updated - iputils-20221126-150500.3.14.1 updated - jq-1.6-150000.3.9.1 updated - kernel-default-6.4.0-150600.23.60.5 updated - libboost_system1_66_0-1.66.0-150200.12.7.1 updated - libboost_thread1_66_0-1.66.0-150200.12.7.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.10.3-150600.3.9.1 updated - libgnutls30-3.8.3-150600.4.9.1 updated - libjq1-1.6-150000.3.9.1 updated - libnvme-mi1-1.8+82.g9a64f8f4-150600.3.15.2 updated - libnvme1-1.8+82.g9a64f8f4-150600.3.15.2 updated - libopenssl1_1-1.1.1w-150600.5.15.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - libsasl2-3-2.1.28-150600.7.6.2 updated - libsolv-tools-base-0.7.34-150600.8.17.2 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libsystemd0-254.27-150600.4.43.3 updated - libudev1-254.27-150600.4.43.3 updated - libxml2-2-2.10.3-150500.5.32.1 updated - libzypp-17.37.10-150600.3.74.1 updated - nvme-cli-2.8+92.g998dceae-150600.3.18.2 updated - python3-appdirs-1.4.3-150000.3.3.1 updated - python3-base-3.6.15-150300.10.97.1 updated - python3-packaging-21.3-150200.3.6.1 updated - python3-pyparsing-2.4.7-150300.3.3.1 updated - python3-setuptools-44.1.1-150400.9.15.1 updated - python3-six-1.14.0-150200.15.1 updated - samba-client-libs-4.19.8+git.430.a10fe64854c-150600.3.18.2 updated - suse-build-key-12.0-150000.8.61.2 updated - suse-module-tools-15.6.11-150600.3.9.2 updated - systemd-rpm-macros-16-150000.7.42.1 updated - systemd-254.27-150600.4.43.3 updated - udev-254.27-150600.4.43.3 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - xen-libs-4.18.5_04-150600.3.28.1 updated - zypper-1.14.92-150600.10.46.2 updated From sle-container-updates at lists.suse.com Tue Aug 26 07:08:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 09:08:32 +0200 (CEST) Subject: SUSE-IU-2025:2382-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250826070832.51371FF2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2382-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.76 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.76 Severity : important Type : security References : 1204142 1219338 1225707 1230216 1233300 1235613 1235837 1236333 1236897 1238896 1239061 1240323 1240885 1240966 1241166 1241345 1242086 1242414 1242837 1242960 1242965 1242993 1243068 1243100 1243479 1243669 1243806 1244309 1244457 1244735 1244749 1244750 1244792 1244801 1245151 1245201 1245202 1245216 1245260 1245431 1245440 1245457 1245498 1245499 1245504 1245506 1245508 1245510 1245540 1245598 1245599 1245646 1245647 1245649 1245650 1245654 1245658 1245660 1245665 1245666 1245668 1245669 1245670 1245671 1245675 1245676 1245677 1245679 1245682 1245683 1245684 1245688 1245689 1245690 1245691 1245695 1245705 1245708 1245711 1245713 1245714 1245719 1245723 1245729 1245730 1245731 1245735 1245737 1245744 1245745 1245746 1245747 1245748 1245749 1245750 1245751 1245752 1245757 1245758 1245765 1245768 1245769 1245777 1245781 1245789 1245937 1245945 1245951 1245952 1245954 1245957 1245966 1245970 1245976 1245980 1245983 1245986 1246000 1246002 1246006 1246008 1246020 1246023 1246029 1246031 1246037 1246041 1246042 1246044 1246045 1246047 1246049 1246050 1246055 1246073 1246093 1246098 1246109 1246122 1246125 1246171 1246173 1246178 1246182 1246183 1246186 1246195 1246203 1246212 1246220 1246236 1246240 1246243 1246246 1246249 1246250 1246253 1246258 1246262 1246264 1246266 1246268 1246273 1246283 1246287 1246292 1246293 1246295 1246334 1246337 1246342 1246349 1246354 1246358 1246361 1246364 1246370 1246375 1246384 1246386 1246387 1246438 1246453 1246473 1246490 1246506 1246547 1246777 1246781 1246870 1246879 1246911 1247018 1247023 1247028 1247031 1247033 1247035 1247061 1247089 1247091 1247097 1247098 1247101 1247103 1247104 1247113 1247118 1247123 1247125 1247128 1247132 1247138 1247141 1247143 1247145 1247146 1247147 1247149 1247150 1247151 1247153 1247154 1247156 1247160 1247164 1247169 1247170 1247171 1247172 1247174 1247176 1247177 1247178 1247181 1247209 1247210 1247227 1247233 1247236 1247238 1247241 1247251 1247252 1247253 1247255 1247271 1247273 1247274 1247276 1247277 1247278 1247279 1247284 1247285 1247288 1247289 1247293 1247311 1247314 1247317 1247347 1247348 1247349 1247374 1247437 1247450 CVE-2019-11135 CVE-2024-36028 CVE-2024-36348 CVE-2024-36349 CVE-2024-36350 CVE-2024-36357 CVE-2024-44963 CVE-2024-56742 CVE-2024-57947 CVE-2025-21839 CVE-2025-21872 CVE-2025-23163 CVE-2025-37798 CVE-2025-37856 CVE-2025-37864 CVE-2025-37885 CVE-2025-37920 CVE-2025-37984 CVE-2025-38034 CVE-2025-38035 CVE-2025-38051 CVE-2025-38052 CVE-2025-38058 CVE-2025-38061 CVE-2025-38062 CVE-2025-38063 CVE-2025-38064 CVE-2025-38074 CVE-2025-38084 CVE-2025-38085 CVE-2025-38087 CVE-2025-38088 CVE-2025-38089 CVE-2025-38090 CVE-2025-38094 CVE-2025-38095 CVE-2025-38097 CVE-2025-38098 CVE-2025-38099 CVE-2025-38100 CVE-2025-38102 CVE-2025-38105 CVE-2025-38107 CVE-2025-38108 CVE-2025-38109 CVE-2025-38110 CVE-2025-38111 CVE-2025-38112 CVE-2025-38113 CVE-2025-38115 CVE-2025-38117 CVE-2025-38118 CVE-2025-38120 CVE-2025-38122 CVE-2025-38123 CVE-2025-38124 CVE-2025-38126 CVE-2025-38127 CVE-2025-38129 CVE-2025-38131 CVE-2025-38132 CVE-2025-38135 CVE-2025-38136 CVE-2025-38138 CVE-2025-38142 CVE-2025-38143 CVE-2025-38145 CVE-2025-38147 CVE-2025-38148 CVE-2025-38149 CVE-2025-38151 CVE-2025-38153 CVE-2025-38154 CVE-2025-38155 CVE-2025-38157 CVE-2025-38158 CVE-2025-38159 CVE-2025-38161 CVE-2025-38162 CVE-2025-38165 CVE-2025-38166 CVE-2025-38173 CVE-2025-38174 CVE-2025-38177 CVE-2025-38180 CVE-2025-38181 CVE-2025-38182 CVE-2025-38183 CVE-2025-38187 CVE-2025-38188 CVE-2025-38192 CVE-2025-38193 CVE-2025-38194 CVE-2025-38197 CVE-2025-38198 CVE-2025-38200 CVE-2025-38202 CVE-2025-38203 CVE-2025-38204 CVE-2025-38206 CVE-2025-38210 CVE-2025-38211 CVE-2025-38212 CVE-2025-38213 CVE-2025-38214 CVE-2025-38215 CVE-2025-38217 CVE-2025-38220 CVE-2025-38222 CVE-2025-38225 CVE-2025-38226 CVE-2025-38227 CVE-2025-38229 CVE-2025-38231 CVE-2025-38236 CVE-2025-38239 CVE-2025-38244 CVE-2025-38246 CVE-2025-38248 CVE-2025-38249 CVE-2025-38250 CVE-2025-38257 CVE-2025-38259 CVE-2025-38264 CVE-2025-38272 CVE-2025-38273 CVE-2025-38275 CVE-2025-38277 CVE-2025-38279 CVE-2025-38283 CVE-2025-38286 CVE-2025-38289 CVE-2025-38290 CVE-2025-38292 CVE-2025-38293 CVE-2025-38300 CVE-2025-38303 CVE-2025-38304 CVE-2025-38305 CVE-2025-38307 CVE-2025-38310 CVE-2025-38312 CVE-2025-38313 CVE-2025-38319 CVE-2025-38323 CVE-2025-38326 CVE-2025-38328 CVE-2025-38332 CVE-2025-38334 CVE-2025-38335 CVE-2025-38336 CVE-2025-38337 CVE-2025-38338 CVE-2025-38342 CVE-2025-38343 CVE-2025-38344 CVE-2025-38345 CVE-2025-38348 CVE-2025-38349 CVE-2025-38350 CVE-2025-38352 CVE-2025-38354 CVE-2025-38362 CVE-2025-38363 CVE-2025-38364 CVE-2025-38365 CVE-2025-38369 CVE-2025-38371 CVE-2025-38373 CVE-2025-38375 CVE-2025-38376 CVE-2025-38377 CVE-2025-38380 CVE-2025-38382 CVE-2025-38384 CVE-2025-38385 CVE-2025-38386 CVE-2025-38387 CVE-2025-38389 CVE-2025-38391 CVE-2025-38392 CVE-2025-38393 CVE-2025-38395 CVE-2025-38396 CVE-2025-38399 CVE-2025-38400 CVE-2025-38401 CVE-2025-38403 CVE-2025-38404 CVE-2025-38406 CVE-2025-38409 CVE-2025-38410 CVE-2025-38412 CVE-2025-38414 CVE-2025-38415 CVE-2025-38416 CVE-2025-38420 CVE-2025-38424 CVE-2025-38425 CVE-2025-38426 CVE-2025-38428 CVE-2025-38429 CVE-2025-38430 CVE-2025-38436 CVE-2025-38443 CVE-2025-38448 CVE-2025-38449 CVE-2025-38455 CVE-2025-38457 CVE-2025-38460 CVE-2025-38461 CVE-2025-38462 CVE-2025-38463 CVE-2025-38465 CVE-2025-38467 CVE-2025-38468 CVE-2025-38470 CVE-2025-38471 CVE-2025-38473 CVE-2025-38474 CVE-2025-38476 CVE-2025-38477 CVE-2025-38478 CVE-2025-38480 CVE-2025-38481 CVE-2025-38482 CVE-2025-38483 CVE-2025-38485 CVE-2025-38487 CVE-2025-38489 CVE-2025-38494 CVE-2025-38495 CVE-2025-38496 CVE-2025-38497 CVE-2025-38498 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-83 Released: Mon Aug 25 15:29:45 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1204142,1219338,1225707,1230216,1233300,1235613,1235837,1236333,1236897,1238896,1239061,1240323,1240885,1240966,1241166,1241345,1242086,1242414,1242837,1242960,1242965,1242993,1243068,1243100,1243479,1243669,1243806,1244309,1244457,1244735,1244749,1244750,1244792,1244801,1245151,1245201,1245202,1245216,1245260,1245431,1245440,1245457,1245498,1245499,1245504,1245506,1245508,1245510,1245540,1245598,1245599,1245646,1245647,1245649,1245650,1245654,1245658,1245660,1245665,1245666,1245668,1245669,1245670,1245671,1245675,1245676,1245677,1245679,1245682,1245683,1245684,1245688,1245689,1245690,1245691,1245695,1245705,1245708,1245711,1245713,1245714,1245719,1245723,1245729,1245730,1245731,1245735,1245737,1245744,1245745,1245746,1245747,1245748,1245749,1245750,1245751,1245752,1245757,1245758,1245765,1245768,1245769,1245777,1245781,1245789,1245937,1245945,1245951,1245952,1245954,1245957,1245966,1245970,1245976,1245980,1245983,1245986,1246000,1246002,1246006,1246008,1246020,1246023,1 246029,1246031,1246037,1246041,1246042,1246044,1246045,1246047,1246049,1246050,1246055,1246073,1246093,1246098,1246109,1246122,1246125,1246171,1246173,1246178,1246182,1246183,1246186,1246195,1246203,1246212,1246220,1246236,1246240,1246243,1246246,1246249,1246250,1246253,1246258,1246262,1246264,1246266,1246268,1246273,1246283,1246287,1246292,1246293,1246295,1246334,1246337,1246342,1246349,1246354,1246358,1246361,1246364,1246370,1246375,1246384,1246386,1246387,1246438,1246453,1246473,1246490,1246506,1246547,1246777,1246781,1246870,1246879,1246911,1247018,1247023,1247028,1247031,1247033,1247035,1247061,1247089,1247091,1247097,1247098,1247101,1247103,1247104,1247113,1247118,1247123,1247125,1247128,1247132,1247138,1247141,1247143,1247145,1247146,1247147,1247149,1247150,1247151,1247153,1247154,1247156,1247160,1247164,1247169,1247170,1247171,1247172,1247174,1247176,1247177,1247178,1247181,1247209,1247210,1247227,1247233,1247236,1247238,1247241,1247251,1247252,1247253,1247255,1247271,124727 3,1247274,1247276,1247277,1247278,1247279,1247284,1247285,1247288,1247289,1247293,1247311,1247314,1247317,1247347,1247348,1247349,1247374,1247437,1247450,CVE-2019-11135,CVE-2024-36028,CVE-2024-36348,CVE-2024-36349,CVE-2024-36350,CVE-2024-36357,CVE-2024-44963,CVE-2024-56742,CVE-2024-57947,CVE-2025-21839,CVE-2025-21872,CVE-2025-23163,CVE-2025-37798,CVE-2025-37856,CVE-2025-37864,CVE-2025-37885,CVE-2025-37920,CVE-2025-37984,CVE-2025-38034,CVE-2025-38035,CVE-2025-38051,CVE-2025-38052,CVE-2025-38058,CVE-2025-38061,CVE-2025-38062,CVE-2025-38063,CVE-2025-38064,CVE-2025-38074,CVE-2025-38084,CVE-2025-38085,CVE-2025-38087,CVE-2025-38088,CVE-2025-38089,CVE-2025-38090,CVE-2025-38094,CVE-2025-38095,CVE-2025-38097,CVE-2025-38098,CVE-2025-38099,CVE-2025-38100,CVE-2025-38102,CVE-2025-38105,CVE-2025-38107,CVE-2025-38108,CVE-2025-38109,CVE-2025-38110,CVE-2025-38111,CVE-2025-38112,CVE-2025-38113,CVE-2025-38115,CVE-2025-38117,CVE-2025-38118,CVE-2025-38120,CVE-2025-38122,CVE-2025-38123,CVE-2025-38124,CVE -2025-38126,CVE-2025-38127,CVE-2025-38129,CVE-2025-38131,CVE-2025-38132,CVE-2025-38135,CVE-2025-38136,CVE-2025-38138,CVE-2025-38142,CVE-2025-38143,CVE-2025-38145,CVE-2025-38147,CVE-2025-38148,CVE-2025-38149,CVE-2025-38151,CVE-2025-38153,CVE-2025-38154,CVE-2025-38155,CVE-2025-38157,CVE-2025-38158,CVE-2025-38159,CVE-2025-38161,CVE-2025-38162,CVE-2025-38165,CVE-2025-38166,CVE-2025-38173,CVE-2025-38174,CVE-2025-38177,CVE-2025-38180,CVE-2025-38181,CVE-2025-38182,CVE-2025-38183,CVE-2025-38187,CVE-2025-38188,CVE-2025-38192,CVE-2025-38193,CVE-2025-38194,CVE-2025-38197,CVE-2025-38198,CVE-2025-38200,CVE-2025-38202,CVE-2025-38203,CVE-2025-38204,CVE-2025-38206,CVE-2025-38210,CVE-2025-38211,CVE-2025-38212,CVE-2025-38213,CVE-2025-38214,CVE-2025-38215,CVE-2025-38217,CVE-2025-38220,CVE-2025-38222,CVE-2025-38225,CVE-2025-38226,CVE-2025-38227,CVE-2025-38229,CVE-2025-38231,CVE-2025-38236,CVE-2025-38239,CVE-2025-38244,CVE-2025-38246,CVE-2025-38248,CVE-2025-38249,CVE-2025-38250,CVE-2025-38257,CVE-2025-3 8259,CVE-2025-38264,CVE-2025-38272,CVE-2025-38273,CVE-2025-38275,CVE-2025-38277,CVE-2025-38279,CVE-2025-38283,CVE-2025-38286,CVE-2025-38289,CVE-2025-38290,CVE-2025-38292,CVE-2025-38293,CVE-2025-38300,CVE-2025-38303,CVE-2025-38304,CVE-2025-38305,CVE-2025-38307,CVE-2025-38310,CVE-2025-38312,CVE-2025-38313,CVE-2025-38319,CVE-2025-38323,CVE-2025-38326,CVE-2025-38328,CVE-2025-38332,CVE-2025-38334,CVE-2025-38335,CVE-2025-38336,CVE-2025-38337,CVE-2025-38338,CVE-2025-38342,CVE-2025-38343,CVE-2025-38344,CVE-2025-38345,CVE-2025-38348,CVE-2025-38349,CVE-2025-38350,CVE-2025-38352,CVE-2025-38354,CVE-2025-38362,CVE-2025-38363,CVE-2025-38364,CVE-2025-38365,CVE-2025-38369,CVE-2025-38371,CVE-2025-38373,CVE-2025-38375,CVE-2025-38376,CVE-2025-38377,CVE-2025-38380,CVE-2025-38382,CVE-2025-38384,CVE-2025-38385,CVE-2025-38386,CVE-2025-38387,CVE-2025-38389,CVE-2025-38391,CVE-2025-38392,CVE-2025-38393,CVE-2025-38395,CVE-2025-38396,CVE-2025-38399,CVE-2025-38400,CVE-2025-38401,CVE-2025-38403,CVE-2025-38404,CV E-2025-38406,CVE-2025-38409,CVE-2025-38410,CVE-2025-38412,CVE-2025-38414,CVE-2025-38415,CVE-2025-38416,CVE-2025-38420,CVE-2025-38424,CVE-2025-38425,CVE-2025-38426,CVE-2025-38428,CVE-2025-38429,CVE-2025-38430,CVE-2025-38436,CVE-2025-38443,CVE-2025-38448,CVE-2025-38449,CVE-2025-38455,CVE-2025-38457,CVE-2025-38460,CVE-2025-38461,CVE-2025-38462,CVE-2025-38463,CVE-2025-38465,CVE-2025-38467,CVE-2025-38468,CVE-2025-38470,CVE-2025-38471,CVE-2025-38473,CVE-2025-38474,CVE-2025-38476,CVE-2025-38477,CVE-2025-38478,CVE-2025-38480,CVE-2025-38481,CVE-2025-38482,CVE-2025-38483,CVE-2025-38485,CVE-2025-38487,CVE-2025-38489,CVE-2025-38494,CVE-2025-38495,CVE-2025-38496,CVE-2025-38497,CVE-2025-38498 The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2019-11135: TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may - CVE-2024-36028: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (bsc#1225707). - CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357: x86/process: Move the buffer clearing before MONITOR (bsc#1238896). - CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (bsc#1230216). - CVE-2024-56742: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (bsc#1235613). - CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061). - CVE-2025-21872: efi/mokvar-table: Avoid repeated map/unmap of the same page (bsc#1240323). - CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837). - CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068). - CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479). - CVE-2025-37984: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (bsc#1243669). - CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792). - CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801). - CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750). - CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151). - CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440). - CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216). - CVE-2025-38063: dm: fix unconditional IO throttle caused by REQ_PREFLUSH (bsc#1245202). - CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201). - CVE-2025-38074: vhost-scsi: protect vq->log_used with vq->mutex (bsc#1244735). - CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649). - CVE-2025-38097: kabi: restore encap_sk in struct xfrm_state (bsc#1245660). - CVE-2025-38098: drm/amd/display: Do not treat wb connector as physical in (bsc#1245654). - CVE-2025-38099: Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers (bsc#1245671). - CVE-2025-38100: x86/iopl: Cure TIF_IO_BITMAP inconsistencies (bsc#1245650). - CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682). - CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689). - CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695). - CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708). - CVE-2025-38131: coresight: prevent deactivate active config while enabling the config (bsc#1245677). - CVE-2025-38132: coresight: holding cscfg_csdev_lock while removing cscfg from csdev (bsc#1245679). - CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768). - CVE-2025-38158: hisi_acc_vfio_pci: fix XQE dma address error (bsc#1245750). - CVE-2025-38162: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (bsc#1245752). - CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937). - CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() (bsc#1246006). - CVE-2025-38187: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951). - CVE-2025-38188: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (bsc#1246098). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38202: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (bsc#1245980). - CVE-2025-38203: jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044). - CVE-2025-38204: jfs: fix array-index-out-of-bounds read in add_missing_indices (bsc#1245983). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073). - CVE-2025-38210: configfs-tsm-report: Fix NULL dereference of tsm_ops (bsc#1246020). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966). - CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976). - CVE-2025-38236: af_unix: Disable MSG_OOB for unprivileged users (bsc#1246093). - CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index (bsc#1246178). - CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183). - CVE-2025-38248: bridge: mcast: Fix use-after-free during router port configuration (bsc#1246173). - CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182). - CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387). - CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268). - CVE-2025-38279: selftests/bpf: Add tests with stack ptr register in conditional jmp (bsc#1246264). - CVE-2025-38283: hisi_acc_vfio_pci: bugfix live migration function without VF device driver (bsc#1246273). - CVE-2025-38303: Bluetooth: eir: Fix possible crashes on eir_create_adv_data (bsc#1246354). - CVE-2025-38310: seg6: Fix validation of nexthop addresses (bsc#1246361). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38334: x86/sgx: Prevent attempts to reclaim poisoned pages (bsc#1246384). - CVE-2025-38335: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (bsc#1246250). - CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253). - CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911). - CVE-2025-38364: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() (bsc#1247091). - CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023). - CVE-2025-38371: drm/v3d: Disable interrupts before resetting the GPU (bsc#1247178). - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177). - CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031). - CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169). - CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156). - CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097). - CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141). - CVE-2025-38414: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (bsc#1247145). - CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252). - CVE-2025-38429: bus: mhi: ep: Update read pointer only after buffer is written (bsc#1247253). - CVE-2025-38455: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (bsc#1247101). - CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098). - CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143). - CVE-2025-38461: vsock: Fix transport_* TOCTOU (bsc#1247103). - CVE-2025-38462: vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1247104). - CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113). - CVE-2025-38465: netlink: make sure we allow at least one dump skb (bsc#1247118). - CVE-2025-38470: kABI fix for net: vlan: fix VLAN 0 refcount imbalance of toggling (bsc#1247288). - CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247450). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). - CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374). The following non-security bugs were fixed: - ACPI: LPSS: Remove AudioDSP related ID (git-fixes). - ACPI: PRM: Reduce unnecessary printing to avoid user confusion (bsc#1246122). - ACPI: processor: perflib: Fix initial _PPC limit application (git-fixes). - ACPICA: Refuse to evaluate a method if arguments are missing (stable-fixes). - ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes). - ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes). - ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (stable-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes). - ALSA: hda/tegra: Add Tegra264 support (stable-fixes). - ALSA: hda: Add missing NVIDIA HDA codec IDs (stable-fixes). - ALSA: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes). - ALSA: hda: Ignore unsol events for cards being shut down (stable-fixes). - ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes). - ALSA: sb: Do not allow changing the DMA mode during operations (stable-fixes). - ALSA: sb: Force to disable DMAs once when DMA mode is changed (stable-fixes). - ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 (stable-fixes). - ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (stable-fixes). - ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (stable-fixes). - ASoC: amd: yc: update quirk data for HP Victus (stable-fixes). - ASoC: codec: wcd9335: Convert to GPIO descriptors (stable-fixes). - ASoC: codecs: wcd9335: Fix missing free of regulator supplies (git-fixes). - ASoC: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() (stable-fixes). - ASoC: cs35l56: probe() should fail if the device ID is not recognized (git-fixes). - ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode (git-fixes). - ASoC: fsl_xcvr: get channel status data when PHY is not exists (git-fixes). - ASoC: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes). - ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes). - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (git-fixes). - Bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes). - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (git-fixes). - Bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT (git-fixes). - Bluetooth: MGMT: mesh_send: check instances prior disabling advertising (git-fixes). - Bluetooth: MGMT: set_mesh: update LE scan interval and window (git-fixes). - Bluetooth: Prevent unintended pause by checking if advertising is active (git-fixes). - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (git-fixes). - Bluetooth: SMP: If an unallowed command is received consider it a failure (git-fixes). - Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (git-fixes). - Bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes). - Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (git-fixes). - Bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes). - Bluetooth: hci_sync: Attempt to dequeue connection attempt (git-fixes). - Bluetooth: hci_sync: Fix UAF on create_le_conn_complete (git-fixes). - Bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL (git-fixes). - Bluetooth: hci_sync: Fix not disabling advertising instance (git-fixes). - Bluetooth: hci_sync: fix connectable extended advertising when using static random address (git-fixes). - Bluetooth: hci_sync: revert some mesh modifications (git-fixes). - Correctly put RDMA kabi patch into patches.kabi instead of patches.suse - Docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes). - Documentation: ACPI: Fix parent device references (git-fixes). - Documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes). - Fix dma_unmap_sg() nents value (git-fixes) - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes). - HID: core: do not bypass hid_hw_raw_request (stable-fixes). - HID: core: ensure __hid_request reserves the report ID as the first byte (git-fixes). - HID: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes). - HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (stable-fixes). - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (stable-fixes). - IB/mlx5: Fix potential deadlock in MR deregistration (git-fixes) - Input: iqs7222 - explicitly define number of external channels (git-fixes). - Input: xpad - adjust error handling for disconnect (git-fixes). - Input: xpad - set correct controller type for Acer NGR200 (git-fixes). - Input: xpad - support Acer NGR 200 Controller (stable-fixes). - Logitech C-270 even more broken (stable-fixes). - Move upstreamed SCSI and ACPI patches into sorted section - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes). - NFS: Fix the setting of capabilities when automounting a new filesystem (git-fixes). - NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes). - NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes). - NFSD: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes). - NFSv4.2: another fix for listxattr (git-fixes). - NFSv4.2: fix listxattr to return selinux security label (git-fixes). - NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes). - NFSv4: Always set NLINK even if the server does not support it (git-fixes). - NFSv4: xattr handlers should check for absent nfs filehandles (git-fixes). - PCI/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457). - PCI: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes). - PCI: endpoint: Fix configfs group list head handling (git-fixes). - PCI: endpoint: Fix configfs group removal on driver teardown (git-fixes). - PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes). - PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes). - PCI: hv: Allow dynamic MSI-X vector allocation (bsc#1245457). - PCI: rockchip-host: Fix 'Unexpected Completion' log message (git-fixes). - PM / devfreq: Check governor before using governor->name (git-fixes). - RDMA/core: Rate limit GID cache warning messages (git-fixes) - RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes) - RDMA/hns: Drop GFP_NOWARN (git-fixes) - RDMA/hns: Fix -Wframe-larger-than issue (git-fixes) - RDMA/hns: Fix HW configurations not cleared in error flow (git-fixes) - RDMA/hns: Fix accessing uninitialized resources (git-fixes) - RDMA/hns: Fix double destruction of rsv_qp (git-fixes) - RDMA/hns: Get message length of ack_req from FW (git-fixes) - RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes) - RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes) - RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - RDMA/mlx5: Fix CC counters query for MPV (git-fixes) - RDMA/mlx5: Fix HW counters query for non-representor devices (git-fixes) - RDMA/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes) - RDMA/mlx5: Fix vport loopback for MPV device (git-fixes) - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (git-fixes) - RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes) - RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes) - RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes) - RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes) - RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes) - RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - Reapply 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes). - Revert 'ACPI: battery: negate current when discharging' (stable-fixes). - Revert 'cgroup_freezer: cgroup_freezing: Check if not frozen' (bsc#1219338). - Revert 'drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1' (stable-fixes). - Revert 'mmc: sdhci: Disable SD card clock before changing parameters' (git-fixes). - Revert 'usb: xhci: Implement xhci_handshake_check_state() helper' (git-fixes). - Revert 'vgacon: Add check for vc_origin address range in vgacon_scroll()' (stable-fixes). - SMB3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion (git-fixes). - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes). - USB: serial: option: add Foxconn T99W640 (stable-fixes). - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes). - [SMB3] send channel sequence number in SMB3 requests after reconnects (git-fixes). - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (git-fixes). - af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093). - amd/amdkfd: fix a kfd_process ref leak (stable-fixes). - aoe: clean device rq_list in aoedev_downdev() (git-fixes). - apple-mfi-fastcharge: protect first device name (git-fixes). - ata: pata_cs5536: fix build on 32-bit UML (stable-fixes). - audit,module: restore audit logging in load failure case (git-fixes). - bpf, sockmap: Fix sk_msg_reset_curr (git-fixes). - bpf/lpm_trie: Inline longest_prefix_match for fastpath (git-fixes). - bpf/selftests: Check errno when percpu map value size exceeds (git-fixes). - bpf: Add a possibly-zero-sized read test (git-fixes). - bpf: Avoid __hidden__ attribute in static object (git-fixes). - bpf: Check percpu map value size first (git-fixes). - bpf: Disable some `attribute ignored' warnings in GCC (git-fixes). - bpf: Fix memory leak in bpf_core_apply (git-fixes). - bpf: Fix potential integer overflow in resolve_btfids (git-fixes). - bpf: Harden __bpf_kfunc tag against linker kfunc removal (git-fixes). - bpf: Make the pointer returned by iter next method valid (git-fixes). - bpf: Simplify checking size of helper accesses (git-fixes). - bpf: fix order of args in call to bpf_map_kvcalloc (git-fixes). - bpf: sockmap, updating the sg structure should also update curr (git-fixes). - bpftool: Fix missing pids during link show (git-fixes). - bpftool: Fix undefined behavior caused by shifting into the sign bit (git-fixes). - bpftool: Mount bpffs on provided dir instead of parent dir (git-fixes). - bpftool: Remove unnecessary source files from bootstrap version (git-fixes). - bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer (git-fixes). - btrfs: do not ignore inode missing when replaying log tree (git-fixes). - btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes). - btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes). - btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068) - btrfs: fix assertion when building free space tree (git-fixes). - btrfs: fix inode lookup error handling during log replay (git-fixes). - btrfs: fix invalid inode pointer dereferences during log replay (git-fixes). - btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes). - btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes). - btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes). - btrfs: fix ssd_spread overallocation (git-fixes). - btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068) - btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes). - btrfs: rename err to ret in btrfs_rmdir() (git-fixes). - btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes). - btrfs: return a btrfs_inode from read_one_inode() (git-fixes). - btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes). - btrfs: update superblock's device bytes_used when dropping chunk (git-fixes). - btrfs: use NOFS context when getting inodes during logging and log replay (git-fixes). - btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes). - bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes). - bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes). - can: dev: can_restart(): move debug message and stats after successful restart (stable-fixes). - can: dev: can_restart(): reverse logic to remove need for goto (stable-fixes). - can: kvaser_pciefd: Store device channel index (git-fixes). - can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes). - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (git-fixes). - can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes). - can: peak_usb: fix USB FD devices potential malfunction (git-fixes). - cdc-acm: fix race between initial clearing halt and open (git-fixes). - cgroup,freezer: fix incomplete freezing when attaching tasks (bsc#1245789). - cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks (bsc#1241166). - cifs: reconnect helper should set reconnect for the right channel (git-fixes). - clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes). - clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes). - clk: sunxi-ng: v3s: Fix de clock definition (git-fixes). - clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes). - clocksource: Scale the watchdog read retries automatically (bsc#1241345 bsc#1244457). - clocksource: Set cs_watchdog_read() checks based on .uncertainty_margin (bsc#1241345 bsc#1244457). - comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (git-fixes). - comedi: Fix initialization of data for instructions that write to subdevice (git-fixes). - comedi: Fix some signed shift left operations (git-fixes). - comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (git-fixes). - comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes). - comedi: das16m1: Fix bit shift out of bounds (git-fixes). - comedi: das6402: Fix bit shift out of bounds (git-fixes). - comedi: pcl812: Fix bit shift out of bounds (git-fixes). - compiler_types.h: Define __retain for __attribute__((__retain__)) (git-fixes). - config: enable RBD (jsc#PED-13238) - crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes). - crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes). - crypto: ccp - Fix locking on alloc failure handling (git-fixes). - crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes). - crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes). - crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes). - crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes). - crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes). - crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes). - crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes). - crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes). - crypto: qat - fix state restore for banks with exceptions (git-fixes). - crypto: qat - flush misc workqueue during device shutdown (git-fixes). - crypto: qat - use unmanaged allocation for dc_data (git-fixes). - crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes). - dm-bufio: fix sched in atomic context (git-fixes). - dm-flakey: error all IOs when num_features is absent (git-fixes). - dm-flakey: make corrupting read bios work (git-fixes). - dm-mirror: fix a tiny race condition (git-fixes). - dm-raid: fix variable in journal device check (git-fixes). - dm-verity: fix a memory leak if some arguments are specified multiple times (git-fixes). - dm: do not change md if dm_table_set_restrictions() fails (git-fixes). - dm: free table mempools if not used in __bind (git-fixes). - dm: restrict dm device size to 2^63-512 bytes (git-fixes). - dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (stable-fixes). - dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes). - dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (stable-fixes). - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes). - dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes). - dmaengine: nbpfaxi: Fix memory corruption in probe() (git-fixes). - dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes). - dmaengine: xilinx_dma: Set dma_device directions (stable-fixes). - drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes). - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes). - drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (git-fixes). - drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram (stable-fixes). - drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes). - drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed (git-fixes). - drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type (git-fixes). - drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes). - drm/bridge: ti-sn65dsi86: make use of debugfs_init callback (stable-fixes). - drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (git-fixes). - drm/exynos: fimd: Guard display clock control with runtime PM calls (git-fixes). - drm/framebuffer: Acquire internal references on GEM handles (git-fixes). - drm/gem: Acquire references on GEM handles for framebuffers (stable-fixes). - drm/gem: Fix race in drm_gem_handle_create_tail() (stable-fixes). - drm/i915/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/i915/gt: Fix timeline left held on VMA alloc error (git-fixes). - drm/i915/selftests: Change mock_request() to return error pointers (git-fixes). - drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes). - drm/msm: Fix a fence leak in submit error path (stable-fixes). - drm/msm: Fix another leak in the submit error path (stable-fixes). - drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes). - drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes). - drm/sched: Increment job count before swapping tail spsc queue (git-fixes). - drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes). - drm/scheduler: signal scheduled fence when kill job (stable-fixes). - drm/tegra: nvdec: Fix dma_alloc_coherent error check (git-fixes). - drm/ttm: fix error handling in ttm_buffer_object_transfer (git-fixes). - drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes). - exfat: fdatasync flag should be same like generic_write_sync() (git-fixes). - fbcon: Fix outdated registered_fb reference in comment (git-fixes). - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes). - firewire: ohci: correct code comments about bus_reset tasklet (git-fixes). - fs/jfs: consolidate sanity checking in dbMount (git-fixes). - fs/orangefs: Allow 2 more characters in do_c_string() (git-fixes). - gpio: mlxbf2: use platform_get_irq_optional() (git-fixes). - gpio: pca953x: log an error when failing to get the reset GPIO (git-fixes). - gpio: sim: include a missing header (git-fixes). - gpio: vf610: add locking to gpio direction functions (git-fixes). - gpio: virtio: Fix config space reading (git-fixes). - gpiolib: Fix debug messaging in gpiod_find_and_request() (git-fixes). - gpiolib: Handle no pin_ranges in gpiochip_generic_config() (git-fixes). - gpiolib: acpi: Do not use GPIO chip fwnode in acpi_gpiochip_find() (bsc#1233300). - gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match (bsc#1233300). - gpiolib: cdev: Ignore reconfiguration without direction (git-fixes). - gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes). - hfs: make splice write available again (git-fixes). - hfsplus: make splice write available again (git-fixes). - hfsplus: remove mutex_lock check in hfsplus_free_extents (git-fixes). - hv_netvsc: Use VF's tso_max_size value when data path is VF (bsc#1246203). - hwmon: (corsair-cpro) Validate the size of the received input buffer (git-fixes). - hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes). - hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes). - hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes). - i2c/designware: Fix an initialization issue (git-fixes). - i2c: qup: jump out of the loop in case of timeout (git-fixes). - i2c: stm32: fix the device used for the DMA map (git-fixes). - i2c: tegra: Fix reset error handling with ACPI (git-fixes). - i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes). - i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes). - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (git-fixes). - iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes). - iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos (stable-fixes). - iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes). - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes). - iio: adc: max1363: Reorder mode_list[] entries (stable-fixes). - iio: adc: stm32-adc: Fix race in installing chained IRQ handler (git-fixes). - iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes). - iio: pressure: zpa2326: Use aligned_s64 for the timestamp (stable-fixes). - iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes). - iommu/amd: Set the pgsize_bitmap correctly (git-fixes). - iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes). - iommu/vt-d: Fix possible circular locking dependency (git-fixes). - iommu/vt-d: Fix system hang on reboot -f (git-fixes). - ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes). - ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (git-fixes). - ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes). - ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes). - iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes). - jfs: fix metapage reference count leak in dbAllocCtl (git-fixes). - kABI workaround for struct drm_framebuffer changes (git-fixes). - kABI: Fix the module::name type in audit_context (git-fixes). - kasan: remove kasan_find_vm_area() to prevent possible deadlock (git-fixes). - kernel-syms.spec: Drop old rpm release number hack (bsc#1247172). - leds: multicolor: Fix intensity setting while SW blinking (stable-fixes). - lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1236897). - lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897). - maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes). - md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes). - media: gspca: Add bounds checking to firmware parser (git-fixes). - media: hi556: correct the test pattern configuration (git-fixes). - media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes). - media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes). - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes). - media: usbtv: Lock resolution while streaming (git-fixes). - media: uvcvideo: Do not mark valid metadata as invalid (git-fixes). - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes). - media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes). - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes). - media: venus: Add a check for packet size after reading from shared memory (git-fixes). - media: venus: hfi: explicitly release IRQ during teardown (git-fixes). - media: venus: protect against spurious interrupts during probe (git-fixes). - media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: vivid: fix wrong pixel_array control size (git-fixes). - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (git-fixes). - mfd: max14577: Fix wakeup source leaks on device unbind (stable-fixes). - misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes). - mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes). - mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (git-fixes). - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (git-fixes). - mmc: sdhci: Add a helper function for dump register in dynamic debug mode (stable-fixes). - mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes). - module: Fix memory deallocation on error path in move_module() (git-fixes). - module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes). - module: Restore the moduleparam prefix length check (git-fixes). - mtd: fix possible integer overflow in erase_xfer() (git-fixes). - mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes). - mtd: rawnand: atmel: set pmecc data setup time (git-fixes). - mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes). - mtd: rawnand: renesas: Add missing check after DMA map (git-fixes). - mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes). - mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes). - mtd: spinand: fix memory leak of ECC engine conf (stable-fixes). - mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes). - mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (git-fixes). - mtk-sd: Prevent memory corruption from DMA map failure (git-fixes). - mtk-sd: reset host->mrq on prepare_data() error (git-fixes). - mwl8k: Add missing check after DMA map (git-fixes). - nbd: fix uaf in nbd_genl_connect() error path (git-fixes). - net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes). - net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes). - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (git-fixes). - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes). - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes). - net/sched: sch_qfq: Fix race condition on qfq_aggregate (git-fixes). - net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes). - net: mana: Add debug logs in MANA network driver (bsc#1246212). - net: mana: Add handler for hardware servicing events (bsc#1245730). - net: mana: Allocate MSI-X vectors dynamically (bsc#1245457). - net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457). - net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (bsc#1246203). - net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729). - net: mana: Set tx_packets to post gso processing packet count (bsc#1245731). - net: mana: explain irq_setup() algorithm (bsc#1245457). - net: phy: Do not register LEDs for genphy (git-fixes). - net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes). - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (git-fixes). - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (git-fixes). - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (git-fixes). - net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (git-fixes). - net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes). - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes). - net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes). - netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes). - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (git-fixes). - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes). - nilfs2: reject invalid file types when reading inodes (git-fixes). - nvme-pci: refresh visible attrs after being checked (git-fixes). - nvme: Fix incorrect cdw15 value in passthru error logging (git-fixes). - nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes). - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes). - nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes). - nvmet-tcp: fix callback lock for TLS handshake (git-fixes). - objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (git-fixes). - objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks (git-fixes). - objtool: Fix _THIS_IP_ detection for cold functions (git-fixes). - objtool: Fix error handling inconsistencies in check() (git-fixes). - objtool: Ignore dangling jump table entries (git-fixes). - objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes). - objtool: Properly disable uaccess validation (git-fixes). - objtool: Silence more KCOV warnings (git-fixes). - objtool: Silence more KCOV warnings, part 2 (git-fixes). - objtool: Stop UNRET validation on UD2 (git-fixes). - pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes). - pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes). - perf: Fix sample vs do_exit() (bsc#1246547). - phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (git-fixes). - pinctrl: amd: Clear GPIO debounce for suspend (git-fixes). - pinctrl: qcom: msm: mark certain pins as invalid for interrupts (git-fixes). - pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes). - pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes). - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes). - platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (git-fixes). - platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (git-fixes). - platform/mellanox: mlxreg-lc: Fix logic error in power state check (git-fixes). - platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (git-fixes). - platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (stable-fixes). - platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (git-fixes). - platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes). - platform/x86: think-lmi: Create ksets consecutively (stable-fixes). - platform/x86: think-lmi: Fix kobject cleanup (git-fixes). - platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes). - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes). - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes). - powercap: call put_device() on an error path in powercap_register_control_type() (stable-fixes). - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes). - powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (git-fixes). - powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH (git-fixes). - ptp: fix breakage after ptp_vclock_in_use() rework (bsc#1246506). - pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes). - pwm: mediatek: Ensure to disable clocks in error path (git-fixes). - regmap: fix potential memory leak of regmap_bus (git-fixes). - regulator: fan53555: add enable_time support and soft-start times (stable-fixes). - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (git-fixes). - regulator: pwm-regulator: Calculate the output voltage for disabled PWMs (stable-fixes). - resource: fix false warning in __request_region() (git-fixes). - restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes). - ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes). - rose: fix dangling neighbour pointers in rose_rt_device_down() (git-fixes). - rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes). - rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes). - rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes). - rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes). - rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes). - s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246870). - s390/entry: Fix last breaking event handling in case of stack corruption (git-fixes bsc#1243806). - s390/pci: Do not try re-enabling load/store if device is disabled (git-fixes bsc#1245646). - s390/pci: Fix stale function handles in error handling (git-fixes bsc#1245647). - s390/pkey: Prevent overflow in size calculation for memdup_user() (git-fixes bsc#1245598). - s390: Add z17 elf platform (LTC#214086 bsc#1245540). - samples: mei: Fix building on musl libc (git-fixes). - sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1219338). - sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (git-fixes). - scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (git-fixes). - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Copyright updates for 14.4.0.10 patches (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Modify end-of-life adapters' model descriptions (bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142). - scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Revise logging format for failed CT MIB requests (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Update debugfs trace ring initialization messages (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: megaraid_sas: Fix invalid node index (git-fixes). - scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (git-fixes). - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (git-fixes). - scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes bsc#1245599). - selftests/bpf: Add CFLAGS per source file and runner (git-fixes). - selftests/bpf: Add tests for iter next method returning valid pointer (git-fixes). - selftests/bpf: Change functions definitions to support GCC (git-fixes). - selftests/bpf: Fix a few tests for GCC related warnings (git-fixes). - selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect (git-fixes). - selftests/bpf: Fix prog numbers in test_sockmap (git-fixes). - smb3: move server check earlier when setting channel sequence number (git-fixes). - soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes). - soc: aspeed: lpc-snoop: Cleanup resources in stack-order (git-fixes). - soc: aspeed: lpc-snoop: Do not disable channels that are not enabled (git-fixes). - soc: qcom: QMI encoding/decoding for big endian (git-fixes). - soc: qcom: fix endianness for QMI header (git-fixes). - soc: qcom: pmic_glink: fix OF node leak (git-fixes). - soundwire: amd: fix for clearing command status register (git-fixes). - soundwire: stream: restore params when prepare ports fail (git-fixes). - spi: spi-fsl-dspi: Clear completion counter before initiating transfer (git-fixes). - staging: axis-fifo: remove sysfs interface (git-fixes). - staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes). - staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes). - struct cdns: move new member to the end (git-fixes). - struct ucsi_operations: use padding for new operation (git-fixes). - sunrpc: do not immediately retransmit on seqno miss (git-fixes). - sunrpc: fix client side handling of tls alerts (git-fixes). - tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes). - thunderbolt: Fix bit masking in tb_dp_port_set_hops() (git-fixes). - thunderbolt: Fix copy+paste error in match_service_id() (git-fixes). - thunderbolt: Fix wake on connect at runtime (git-fixes). - tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes). - tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes). - types: Complement the aligned types with signed 64-bit one (stable-fixes). - ucount: fix atomic_long_inc_below() argument type (git-fixes). - ucsi-glink: adapt to kABI consistency (git-fixes). - ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes). - ucsi_operations: add stubs for all operations (git-fixes). - ucsi_ops: adapt update_connector to kABI consistency (git-fixes). - usb: Add checks for snprintf() calls in usb_alloc_dev() (stable-fixes). - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes). - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes). - usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes). - usb: cdnsp: Fix issue with resuming from L1 (git-fixes). - usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (stable-fixes). - usb: cdnsp: do not disable slot for disabled slot (git-fixes). - usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (git-fixes). - usb: common: usb-conn-gpio: use a unique name for usb connector device (stable-fixes). - usb: dwc2: also exit clock_gating when stopping udc while suspended (stable-fixes). - usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes). - usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes). - usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes). - usb: gadget: u_serial: Fix race condition in TTY wakeup (git-fixes). - usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes). - usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes). - usb: hub: Do not try to recover devices lost during warm reset (git-fixes). - usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes). - usb: musb: fix gadget state on disconnect (git-fixes). - usb: musb: omap2430: fix device leak at unbind (git-fixes). - usb: net: sierra: check for no status endpoint (git-fixes). - usb: potential integer overflow in usbg_make_tpg() (stable-fixes). - usb: typec: Update sysfs when setting ops (git-fixes). - usb: typec: altmodes/displayport: do not index invalid pin_assignments (git-fixes). - usb: typec: displayport: Fix potential deadlock (git-fixes). - usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (stable-fixes). - usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set (stable-fixes). - usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes). - usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes). - usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes). - usb: typec: ucsi: Add DATA_RESET option of Connector Reset command (git-fixes). - usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk (git-fixes). - usb: typec: ucsi: Delay alternate mode discovery (git-fixes). - usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes). - usb: typec: ucsi: Fix the partner PD revision (git-fixes). - usb: typec: ucsi: Get PD revision for partner (git-fixes). - usb: typec: ucsi: Set orientation as none when connector is unplugged (git-fixes). - usb: typec: ucsi: Update power_supply on power role change (git-fixes). - usb: typec: ucsi: add callback for connector status updates (git-fixes). - usb: typec: ucsi: add update_connector callback (git-fixes). - usb: typec: ucsi: do not retrieve PDOs if not supported (git-fixes). - usb: typec: ucsi: extract code to read PD caps (git-fixes). - usb: typec: ucsi: fix UCSI on SM8550 & SM8650 Qualcomm devices (git-fixes). - usb: typec: ucsi: glink: fix off-by-one in connector_status (git-fixes). - usb: typec: ucsi: glink: increase max ports for x1e80100 (git-fixes). - usb: typec: ucsi: glink: move GPIO reading into connector_status callback (git-fixes). - usb: typec: ucsi: glink: use typec_set_orientation (git-fixes). - usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error() (git-fixes). - usb: typec: ucsi: properly register partner's PD device (git-fixes). - usb: typec: ucsi: support delaying GET_PDOS for device (git-fixes). - usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes). - usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 / sm8650 (git-fixes). - usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk (git-fixes). - usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk on qcm6490 (git-fixes). - usb: typec: ucsi_glink: rework quirks implementation (git-fixes). - usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (git-fixes). - usb: xhci: quirk for data loss in ISOC transfers (stable-fixes). - usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes). - virtgpu: do not reset on shutdown (git-fixes). - vmci: Prevent the dispatching of uninitialized payloads (git-fixes). - vt: add missing notification when switching back to text mode (stable-fixes). - vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes). - vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes). - watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes). - wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes). - wifi: ath11k: fix source ring-buffer corruption (git-fixes). - wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes). - wifi: ath12k: fix source ring-buffer corruption (git-fixes). - wifi: ath6kl: remove WARN on bad firmware input (stable-fixes). - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes). - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes). - wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes). - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes). - wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes). - wifi: mac80211: Add link iteration macro for link data (stable-fixes). - wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes). - wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes). - wifi: mac80211: Do not schedule stopped TXQs (git-fixes). - wifi: mac80211: chan: chandef is non-NULL for reserved (stable-fixes). - wifi: mac80211: drop invalid source address OCB frames (stable-fixes). - wifi: mac80211: reject TDLS operations when station is not associated (git-fixes). - wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (git-fixes). - wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (git-fixes). - wifi: mt76: mt7925: fix the wrong config for tx interrupt (git-fixes). - wifi: plfxlc: Fix error handling in usb driver probe (git-fixes). - wifi: prevent A-MSDU attacks in mesh networks (stable-fixes). - wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes). - wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes). - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (git-fixes). - x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes). - x86/mce/amd: Add default names for MCA banks and blocks (git-fixes). - x86/mce/amd: Fix threshold limit reset (git-fixes). - x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes). - x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes). - x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes). - x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes). - x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes). - x86: UV RTC: Add parameter to disable RTC clocksource (bsc#1241345). - xfs: fix off-by-one error in fsmap's end_daddr usage (bsc#1235837). - xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes). - xfs: remove unused event xfs_alloc_near_error (git-fixes). - xfs: remove unused event xfs_alloc_near_nominleft (git-fixes). - xfs: remove unused event xfs_attr_node_removename (git-fixes). - xfs: remove unused event xfs_ioctl_clone (git-fixes). - xfs: remove unused event xfs_pagecache_inval (git-fixes). - xfs: remove unused event xlog_iclog_want_sync (git-fixes). - xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes). - xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes). - xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes). - xfs: remove unused xfs_attr events (git-fixes). - xfs: remove unused xfs_reflink_compare_extents events (git-fixes). - xfs: remove usused xfs_end_io_direct events (git-fixes). - xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (git-fixes). - xhci: dbc: Flush queued requests before stopping dbc (git-fixes). - xhci: dbctty: disable ECHO flag by default (git-fixes). The following package changes have been done: - kernel-rt-6.4.0-35.1 updated - container:SL-Micro-container-2.1.3-6.75 updated From sle-container-updates at lists.suse.com Tue Aug 26 07:20:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 09:20:56 +0200 (CEST) Subject: SUSE-CU-2025:6572-1: Security update of suse/sle15 Message-ID: <20250826072056.224D5FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6572-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.23.28 , suse/sle15:15.6 , suse/sle15:15.6.47.23.28 Container Release : 47.23.28 Severity : moderate Type : security References : 1232234 1240058 1246221 1246965 1247144 1247148 CVE-2024-10041 CVE-2025-8058 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2956-1 Released: Fri Aug 22 08:57:48 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increased limit for CRL download (bsc#1247148, bsc#1247144) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.36.4 updated - libopenssl3-3.1.4-150600.5.36.4 updated - openssl-3-3.1.4-150600.5.36.4 updated - pam-1.3.0-150000.6.86.1 updated From sle-container-updates at lists.suse.com Tue Aug 26 07:22:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 09:22:12 +0200 (CEST) Subject: SUSE-CU-2025:6573-1: Security update of bci/spack Message-ID: <20250826072212.5A994FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6573-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.53 Container Release : 11.53 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - pam-1.3.0-150000.6.86.1 updated - container:registry.suse.com-bci-bci-base-15.6-0934acc60b392531bf6a68a99f0793b3e01c1027d0968caade3ec95a5cd1b2e6-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 07:22:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 09:22:27 +0200 (CEST) Subject: SUSE-CU-2025:6574-1: Security update of bci/dotnet-aspnet Message-ID: <20250826072227.EE3C1FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6574-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0.19 , bci/dotnet-aspnet:8.0.19-67.7 Container Release : 67.7 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 07:22:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 09:22:39 +0200 (CEST) Subject: SUSE-CU-2025:6575-1: Security update of bci/dotnet-aspnet Message-ID: <20250826072239.DC2EBFF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6575-1 Container Tags : bci/dotnet-aspnet:9.0 , bci/dotnet-aspnet:9.0.8 , bci/dotnet-aspnet:9.0.8-26.7 , bci/dotnet-aspnet:latest Container Release : 26.7 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 07:22:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 09:22:46 +0200 (CEST) Subject: SUSE-CU-2025:6576-1: Security update of suse/registry Message-ID: <20250826072246.A4A24FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6576-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-7.9 , suse/registry:latest Container Release : 7.9 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.86.1 updated From sle-container-updates at lists.suse.com Tue Aug 26 07:23:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 09:23:00 +0200 (CEST) Subject: SUSE-CU-2025:6577-1: Security update of bci/dotnet-sdk Message-ID: <20250826072300.29262FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6577-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0.19 , bci/dotnet-sdk:8.0.19-67.7 Container Release : 67.7 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 07:23:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 09:23:14 +0200 (CEST) Subject: SUSE-CU-2025:6578-1: Security update of bci/dotnet-runtime Message-ID: <20250826072314.3F448FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6578-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0.19 , bci/dotnet-runtime:8.0.19-67.7 Container Release : 67.7 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 07:23:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 09:23:23 +0200 (CEST) Subject: SUSE-CU-2025:6579-1: Security update of suse/kea Message-ID: <20250826072323.0FCAAFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/kea ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6579-1 Container Tags : suse/kea:2.6 , suse/kea:2.6-62.21 , suse/kea:latest Container Release : 62.21 Severity : moderate Type : security References : 1232234 1240058 1246221 1246965 CVE-2024-10041 CVE-2025-8058 ----------------------------------------------------------------- The container suse/kea was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - pam-1.3.0-150000.6.86.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 07:23:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 09:23:28 +0200 (CEST) Subject: SUSE-CU-2025:6580-1: Security update of bci/bci-micro-fips Message-ID: <20250826072328.60C73FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6580-1 Container Tags : bci/bci-micro-fips:15.7 , bci/bci-micro-fips:15.7-7.18 , bci/bci-micro-fips:latest Container Release : 7.18 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/bci-micro-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:34:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:34:24 +0200 (CEST) Subject: SUSE-CU-2025:6581-1: Security update of suse/mariadb Message-ID: <20250826083424.7A395FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6581-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.11 , suse/mariadb:10.11.11-70.30 Container Release : 70.30 Severity : moderate Type : security References : 1232234 1240058 1246221 1246965 CVE-2024-10041 CVE-2025-8058 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - pam-1.3.0-150000.6.86.1 updated - container:suse-sle15-15.6-0934acc60b392531bf6a68a99f0793b3e01c1027d0968caade3ec95a5cd1b2e6-0 updated - container:registry.suse.com-bci-bci-micro-15.6-1998c870659774535cf3fcd5f21bf2171bcd511edd7b5515cb3aa1c420e8a441-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:35:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:35:38 +0200 (CEST) Subject: SUSE-CU-2025:6582-1: Security update of bci/bci-base-fips Message-ID: <20250826083538.0B7A6FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6582-1 Container Tags : bci/bci-base-fips:15.7 , bci/bci-base-fips:15.7-6.19 , bci/bci-base-fips:latest Container Release : 6.19 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:35:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:35:44 +0200 (CEST) Subject: SUSE-CU-2025:6583-1: Security update of suse/cosign Message-ID: <20250826083544.4314BFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/cosign ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6583-1 Container Tags : suse/cosign:2 , suse/cosign:2.5 , suse/cosign:2.5.3 , suse/cosign:2.5.3-13.23 , suse/cosign:latest Container Release : 13.23 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container suse/cosign was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:suse-sle15-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated - container:registry.suse.com-bci-bci-micro-15.7-e631ddc87a64067f3454b729f811eed0236dbf4ae669a438bf1b78e771b90a13-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:35:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:35:54 +0200 (CEST) Subject: SUSE-CU-2025:6584-1: Security update of bci/dotnet-sdk Message-ID: <20250826083554.475B5FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6584-1 Container Tags : bci/dotnet-sdk:9.0 , bci/dotnet-sdk:9.0.8 , bci/dotnet-sdk:9.0.8-27.7 , bci/dotnet-sdk:latest Container Release : 27.7 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:36:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:36:04 +0200 (CEST) Subject: SUSE-CU-2025:6585-1: Security update of bci/dotnet-runtime Message-ID: <20250826083604.4884EFF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6585-1 Container Tags : bci/dotnet-runtime:9.0 , bci/dotnet-runtime:9.0.8 , bci/dotnet-runtime:9.0.8-26.7 , bci/dotnet-runtime:latest Container Release : 26.7 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:36:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:36:12 +0200 (CEST) Subject: SUSE-CU-2025:6586-1: Security update of suse/git Message-ID: <20250826083612.1FA8CFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6586-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-63.22 , suse/git:latest Container Release : 63.22 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:suse-sle15-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated - container:registry.suse.com-bci-bci-micro-15.7-e631ddc87a64067f3454b729f811eed0236dbf4ae669a438bf1b78e771b90a13-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:36:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:36:19 +0200 (CEST) Subject: SUSE-CU-2025:6587-1: Security update of suse/helm Message-ID: <20250826083619.54B34FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6587-1 Container Tags : suse/helm:3 , suse/helm:3.18 , suse/helm:3.18.3 , suse/helm:3.18.3-63.20 , suse/helm:latest Container Release : 63.20 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:suse-sle15-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated - container:registry.suse.com-bci-bci-micro-15.7-e631ddc87a64067f3454b729f811eed0236dbf4ae669a438bf1b78e771b90a13-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:36:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:36:23 +0200 (CEST) Subject: SUSE-CU-2025:6580-1: Security update of bci/bci-micro-fips Message-ID: <20250826083623.1BCA0FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6580-1 Container Tags : bci/bci-micro-fips:15.7 , bci/bci-micro-fips:15.7-7.18 , bci/bci-micro-fips:latest Container Release : 7.18 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/bci-micro-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:36:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:36:26 +0200 (CEST) Subject: SUSE-CU-2025:6588-1: Security update of bci/bci-micro Message-ID: <20250826083626.73151FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6588-1 Container Tags : bci/bci-micro:15.7 , bci/bci-micro:15.7-46.16 , bci/bci-micro:latest Container Release : 46.16 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:36:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:36:36 +0200 (CEST) Subject: SUSE-CU-2025:6589-1: Security update of suse/nginx Message-ID: <20250826083636.A1E7CFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6589-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-62.21 , suse/nginx:latest Container Release : 62.21 Severity : moderate Type : security References : 1232234 1240058 1246221 1246965 CVE-2024-10041 CVE-2025-8058 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - pam-1.3.0-150000.6.86.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:36:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:36:46 +0200 (CEST) Subject: SUSE-CU-2025:6590-1: Security update of bci/nodejs Message-ID: <20250826083646.C4F86FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6590-1 Container Tags : bci/node:22 , bci/node:22.15.1 , bci/node:22.15.1-10.20 , bci/node:latest , bci/nodejs:22 , bci/nodejs:22.15.1 , bci/nodejs:22.15.1-10.20 , bci/nodejs:latest Container Release : 10.20 Severity : moderate Type : security References : 1232234 1240058 1246221 1246965 CVE-2024-10041 CVE-2025-8058 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - pam-1.3.0-150000.6.86.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:36:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:36:57 +0200 (CEST) Subject: SUSE-CU-2025:6591-1: Security update of bci/openjdk-devel Message-ID: <20250826083657.63334FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6591-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.16.0 , bci/openjdk-devel:17.0.16.0-8.21 Container Release : 8.21 Severity : moderate Type : security References : 1232234 1240058 1246221 1246965 CVE-2024-10041 CVE-2025-8058 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - pam-1.3.0-150000.6.86.1 updated - container:bci-openjdk-17-15.7.17-8.20 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:37:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:37:06 +0200 (CEST) Subject: SUSE-CU-2025:6592-1: Security update of bci/openjdk Message-ID: <20250826083706.87164FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6592-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.16.0 , bci/openjdk:17.0.16.0-8.20 Container Release : 8.20 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:37:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:37:15 +0200 (CEST) Subject: SUSE-CU-2025:6593-1: Security update of bci/openjdk Message-ID: <20250826083715.398C5FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6593-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.8.0 , bci/openjdk:21.0.8.0-11.20 , bci/openjdk:latest Container Release : 11.20 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:37:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:37:25 +0200 (CEST) Subject: SUSE-CU-2025:6594-1: Security update of bci/php-apache Message-ID: <20250826083725.565BEFF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6594-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.3.23 , bci/php-apache:8.3.23-12.22 , bci/php-apache:latest Container Release : 12.22 Severity : moderate Type : security References : 1232234 1240058 1246221 1246965 CVE-2024-10041 CVE-2025-8058 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - pam-1.3.0-150000.6.86.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:37:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:37:33 +0200 (CEST) Subject: SUSE-CU-2025:6595-1: Security update of bci/php Message-ID: <20250826083733.C9FFDFF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6595-1 Container Tags : bci/php:8 , bci/php:8.3.23 , bci/php:8.3.23-12.18 , bci/php:latest Container Release : 12.18 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:37:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:37:45 +0200 (CEST) Subject: SUSE-CU-2025:6596-1: Security update of bci/python Message-ID: <20250826083745.AF150FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6596-1 Container Tags : bci/python:3 , bci/python:3.13 , bci/python:3.13.5 , bci/python:3.13.5-76.20 , bci/python:latest Container Release : 76.20 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:37:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:37:58 +0200 (CEST) Subject: SUSE-CU-2025:6597-1: Security update of bci/python Message-ID: <20250826083758.27E46FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6597-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-73.22 Container Release : 73.22 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:38:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:38:07 +0200 (CEST) Subject: SUSE-CU-2025:6598-1: Security update of suse/rmt-server Message-ID: <20250826083807.9731BFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6598-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.23 , suse/rmt-server:2.23-73.22 , suse/rmt-server:latest Container Release : 73.22 Severity : moderate Type : security References : 1232234 1240058 1246221 1246965 CVE-2024-10041 CVE-2025-8058 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - pam-1.3.0-150000.6.86.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:38:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:38:16 +0200 (CEST) Subject: SUSE-CU-2025:6599-1: Security update of bci/ruby Message-ID: <20250826083816.E5E2AFF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6599-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-13.19 Container Release : 13.19 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-devel-2.38-150600.14.37.1 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:38:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:38:19 +0200 (CEST) Subject: SUSE-CU-2025:6600-1: Security update of bci/ruby Message-ID: <20250826083819.256F4FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6600-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-13.21 Container Release : 13.21 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - pam-1.3.0-150000.6.86.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:45:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:45:07 +0200 (CEST) Subject: SUSE-CU-2025:6600-1: Security update of bci/ruby Message-ID: <20250826084507.7985CFF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6600-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-13.21 Container Release : 13.21 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - pam-1.3.0-150000.6.86.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:45:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:45:18 +0200 (CEST) Subject: SUSE-CU-2025:6601-1: Security update of bci/ruby Message-ID: <20250826084518.1A25FFF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6601-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-12.19 , bci/ruby:latest Container Release : 12.19 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-devel-2.38-150600.14.37.1 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:45:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:45:20 +0200 (CEST) Subject: SUSE-CU-2025:6602-1: Security update of bci/ruby Message-ID: <20250826084520.520EEFF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6602-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-12.21 , bci/ruby:latest Container Release : 12.21 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - pam-1.3.0-150000.6.86.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:45:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:45:31 +0200 (CEST) Subject: SUSE-CU-2025:6603-1: Security update of bci/rust Message-ID: <20250826084531.CC1E3FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6603-1 Container Tags : bci/rust:1.88 , bci/rust:1.88.0 , bci/rust:1.88.0-1.3.18 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.3.18 Container Release : 3.18 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - glibc-devel-2.38-150600.14.37.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:45:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:45:39 +0200 (CEST) Subject: SUSE-CU-2025:6604-1: Security update of suse/samba-client Message-ID: <20250826084539.0606DFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6604-1 Container Tags : suse/samba-client:4.21 , suse/samba-client:4.21 , suse/samba-client:4.21-64.19 , suse/samba-client:latest Container Release : 64.19 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/samba-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.86.1 updated - container:suse-sle15-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:45:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:45:46 +0200 (CEST) Subject: SUSE-CU-2025:6605-1: Security update of suse/samba-server Message-ID: <20250826084546.1C9BBFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6605-1 Container Tags : suse/samba-server:4.21 , suse/samba-server:4.21 , suse/samba-server:4.21-64.19 , suse/samba-server:latest Container Release : 64.19 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/samba-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.86.1 updated - container:suse-sle15-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:45:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:45:52 +0200 (CEST) Subject: SUSE-CU-2025:6606-1: Security update of suse/samba-toolbox Message-ID: <20250826084552.B3B44FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6606-1 Container Tags : suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21-64.19 , suse/samba-toolbox:latest Container Release : 64.19 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/samba-toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.86.1 updated - container:suse-sle15-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:46:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:46:01 +0200 (CEST) Subject: SUSE-CU-2025:6607-1: Security update of suse/sle15 Message-ID: <20250826084601.58BD4FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6607-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-5.8.29 , bci/bci-base:latest , suse/sle15:15.7 , suse/sle15:15.7-5.8.29 , suse/sle15:latest Container Release : 5.8.29 Severity : moderate Type : security References : 1232234 1240058 1246221 1246965 CVE-2024-10041 CVE-2025-8058 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - pam-1.3.0-150000.6.86.1 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:46:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:46:16 +0200 (CEST) Subject: SUSE-CU-2025:6608-1: Security update of bci/spack Message-ID: <20250826084616.119E0FF2D@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6608-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-15.19 , bci/spack:latest Container Release : 15.19 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - pam-1.3.0-150000.6.86.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:46:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:46:21 +0200 (CEST) Subject: SUSE-CU-2025:6609-1: Security update of suse/stunnel Message-ID: <20250826084621.5A426FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6609-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-63.15 , suse/stunnel:latest Container Release : 63.15 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.86.1 updated - container:suse-sle15-15.7-9236f3121a25538342227d3bdffc4afd969c20d49d1c1870cd254055a5e5ab87-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:46:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:46:23 +0200 (CEST) Subject: SUSE-CU-2025:6610-1: Security update of suse/stunnel Message-ID: <20250826084623.D003AFF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6610-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-63.20 , suse/stunnel:latest Container Release : 63.20 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:suse-sle15-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated - container:registry.suse.com-bci-bci-micro-15.7-e631ddc87a64067f3454b729f811eed0236dbf4ae669a438bf1b78e771b90a13-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:46:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:46:31 +0200 (CEST) Subject: SUSE-CU-2025:6611-1: Security update of suse/valkey Message-ID: <20250826084631.CC494FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6611-1 Container Tags : suse/valkey:8 , suse/valkey:8.0 , suse/valkey:8.0.2 , suse/valkey:8.0.2-63.20 , suse/valkey:latest Container Release : 63.20 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container suse/valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:suse-sle15-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated - container:registry.suse.com-bci-bci-micro-15.7-e631ddc87a64067f3454b729f811eed0236dbf4ae669a438bf1b78e771b90a13-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:48:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:48:12 +0200 (CEST) Subject: SUSE-CU-2025:6616-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20250826084812.C7AB7FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6616-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.16 , suse/manager/4.3/proxy-tftpd:4.3.16.9.57.18 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.57.18 Severity : moderate Type : security References : 1244925 CVE-2025-50181 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2985-1 Released: Mon Aug 25 15:55:03 2025 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1244925,CVE-2025-50181 This update for python-urllib3 fixes the following issues: - CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925) The following package changes have been done: - python3-urllib3-1.25.10-150300.4.18.1 updated - container:sles15-ltss-image-15.4.0-2.69 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:49:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:49:41 +0200 (CEST) Subject: SUSE-CU-2025:6617-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250826084941.EBE74FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6617-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.166 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.166 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.86.1 updated From sle-container-updates at lists.suse.com Tue Aug 26 08:51:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 10:51:13 +0200 (CEST) Subject: SUSE-CU-2025:6618-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250826085113.D88B1FF2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6618-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.168 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.168 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.86.1 updated From sle-container-updates at lists.suse.com Tue Aug 26 09:14:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 11:14:50 +0200 (CEST) Subject: SUSE-CU-2025:6619-1: Security update of suse/bind Message-ID: <20250826091450.D1167FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/bind ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6619-1 Container Tags : suse/bind:9 , suse/bind:9.20 , suse/bind:9.20.11 , suse/bind:9.20.11-65.23 , suse/bind:latest Container Release : 65.23 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container suse/bind was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:suse-sle15-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated - container:registry.suse.com-bci-bci-micro-15.7-e631ddc87a64067f3454b729f811eed0236dbf4ae669a438bf1b78e771b90a13-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 09:14:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 11:14:56 +0200 (CEST) Subject: SUSE-CU-2025:6620-1: Security update of suse/registry Message-ID: <20250826091456.42681FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6620-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-7.11 , suse/registry:latest Container Release : 7.11 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:bci-bci-micro-15.7-e631ddc87a64067f3454b729f811eed0236dbf4ae669a438bf1b78e771b90a13-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 09:15:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 11:15:04 +0200 (CEST) Subject: SUSE-CU-2025:6621-1: Security update of bci/gcc Message-ID: <20250826091504.3D4CDFF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6621-1 Container Tags : bci/gcc:14 , bci/gcc:14.3 , bci/gcc:14.3-11.19 , bci/gcc:latest Container Release : 11.19 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - glibc-devel-2.38-150600.14.37.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 09:15:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 11:15:15 +0200 (CEST) Subject: SUSE-CU-2025:6622-1: Security update of bci/golang Message-ID: <20250826091515.23E87FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6622-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-73.13 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-73.13 Container Release : 73.13 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - glibc-devel-2.38-150600.14.37.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 09:15:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 11:15:24 +0200 (CEST) Subject: SUSE-CU-2025:6623-1: Security update of bci/golang Message-ID: <20250826091524.B9777FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6623-1 Container Tags : bci/golang:1.25 , bci/golang:1.25.0 , bci/golang:1.25.0-1.71.3 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.71.3 Container Release : 71.3 Severity : important Type : security References : 1240058 1244485 1246118 1246965 1247719 1247720 CVE-2025-4674 CVE-2025-47906 CVE-2025-47907 CVE-2025-8058 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2924-1 Released: Wed Aug 20 09:34:43 2025 Summary: Security update for go1.25 Type: security Severity: important References: 1244485,1246118,1247719,1247720,CVE-2025-4674,CVE-2025-47906,CVE-2025-47907 go1.25 (released 2025-08-12) is a major release of Go. go1.25.x minor releases will be provided through August 2026. https://github.com/golang/go/wiki/Go-Release-Cycle go1.25 arrives six months after Go 1.24. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. (boo#1244485 go1.25 release tracking) * Language changes: There are no languages changes that affect Go programs in Go 1.25. However, in the language specification the notion of core types has been removed in favor of dedicated prose. See the respective blog post for more information. * go command: The go build -asan option now defaults to doing leak detection at program exit. This will report an error if memory allocated by C is not freed and is not referenced by any other memory allocated by either C or Go. These new error reports may be disabled by setting ASAN_OPTIONS=detect_leaks=0 in the environment when running the program. * go command: The Go distribution will include fewer prebuilt tool binaries. Core toolchain binaries such as the compiler and linker will still be included, but tools not invoked by build or test operations will be built and run by go tool as needed. * go command: The new go.mod ignore directive can be used to specify directories the go command should ignore. Files in these directories and their subdirectories will be ignored by the go command when matching package patterns, such as all or ./..., but will still be included in module zip files. * go command: The new go doc -http option will start a documentation server showing documentation for the requested object, and open the documentation in a browser window. * go command: The new go version -m -json option will print the JSON encodings of the runtime/debug.BuildInfo structures embedded in the given Go binary files. * go command: The go command now supports using a subdirectory of a repository as the path for a module root, when resolving a module path using the syntax to indicate that the root-path corresponds to the subdir of the repo-url with version control system vcs. * go command: The new work package pattern matches all packages in the work (formerly called main) modules: either the single work module in module mode or the set of workspace modules in workspace mode. * go command: When the go command updates the go line in a go.mod or go.work file, it no longer adds a toolchain line specifying the command???s current version. * go vet: The go vet command includes new analyzers: * go vet: waitgroup reports misplaced calls to sync.WaitGroup.Add; * go vet: hostport reports uses of fmt.Sprintf('%s:%d', host, port) to construct addresses for net.Dial, as these will not work with IPv6; instead it suggests using net.JoinHostPort. * Runtime: Container-aware GOMAXPROCS. The default behavior of the GOMAXPROCS has changed. In prior versions of Go, GOMAXPROCS defaults to the number of logical CPUs available at startup (runtime.NumCPU). Go 1.25 introduces two changes: On Linux, the runtime considers the CPU bandwidth limit of the cgroup containing the process, if any. If the CPU bandwidth limit is lower than the number of logical CPUs available, GOMAXPROCS will default to the lower limit. In container runtime systems like Kubernetes, cgroup CPU bandwidth limits generally correspond to the ???CPU limit??? option. The Go runtime does not consider the ???CPU requests??? option. On all OSes, the runtime periodically updates GOMAXPROCS if the number of logical CPUs available or the cgroup CPU bandwidth limit change. Both of these behaviors are automatically disabled if GOMAXPROCS is set manually via the GOMAXPROCS environment variable or a call to runtime.GOMAXPROCS. They can also be disabled explicitly with the GODEBUG settings containermaxprocs=0 and updatemaxprocs=0, respectively. In order to support reading updated cgroup limits, the runtime will keep cached file descriptors for the cgroup files for the duration of the process lifetime. * Runtime: garbage collector: A new garbage collector is now available as an experiment. This garbage collector???s design improves the performance of marking and scanning small objects through better locality and CPU scalability. Benchmark result vary, but we expect somewhere between a 10???40% reduction in garbage collection overhead in real-world programs that heavily use the garbage collector. The new garbage collector may be enabled by setting GOEXPERIMENT=greenteagc at build time. We expect the design to continue to evolve and improve. To that end, we encourage Go developers to try it out and report back their experiences. See the GitHub issue for more details on the design and instructions for sharing feedback. * Runtime: trace flight recorder: Runtime execution traces have long provided a powerful, but expensive way to understand and debug the low-level behavior of an application. Unfortunately, because of their size and the cost of continuously writing an execution trace, they were generally impractical for debugging rare events. The new runtime/trace.FlightRecorder API provides a lightweight way to capture a runtime execution trace by continuously recording the trace into an in-memory ring buffer. When a significant event occurs, a program can call FlightRecorder.WriteTo to snapshot the last few seconds of the trace to a file. This approach produces a much smaller trace by enabling applications to capture only the traces that matter. The length of time and amount of data captured by a FlightRecorder may be configured within the FlightRecorderConfig. * Runtime: Change to unhandled panic output: The message printed when a program exits due to an unhandled panic that was recovered and repanicked no longer repeats the text of the panic value. * Runtime: VMA names on Linux: On Linux systems with kernel support for anonymous virtual memory area (VMA) names (CONFIG_ANON_VMA_NAME), the Go runtime will annotate anonymous memory mappings with context about their purpose. e.g., [anon: Go: heap] for heap memory. This can be disabled with the GODEBUG setting decoratemappings=0. * Compiler: nil pointer bug: This release fixes a compiler bug, introduced in Go 1.21, that could incorrectly delay nil pointer checks. * Compiler: DWARF5 support: The compiler and linker in Go 1.25 now generate debug information using DWARF version 5. The newer DWARF version reduces the space required for debugging information in Go binaries, and reduces the time for linking, especially for large Go binaries. DWARF 5 generation can be disabled by setting the environment variable GOEXPERIMENT=nodwarf5 at build time (this fallback may be removed in a future Go release). * Compiler: Faster slices: The compiler can now allocate the backing store for slices on the stack in more situations, which improves performance. This change has the potential to amplify the effects of incorrect unsafe.Pointer usage, see for example issue 73199. In order to track down these problems, the bisect tool can be used to find the allocation causing trouble using the -compile=variablemake flag. All such new stack allocations can also be turned off using -gcflags=all=-d=variablemakehash=n. * Linker: The linker now accepts a -funcalign=N command line option, which specifies the alignment of function entries. The default value is platform-dependent, and is unchanged in this release. * Standard library: testing/synctest: The new testing/synctest package provides support for testing concurrent code. This package was first available in Go 1.24 under GOEXPERIMENT=synctest, with a slightly different API. The experiment has now graduated to general availability. The old API is still present if GOEXPERIMENT=synctest is set, but will be removed in Go 1.26. * Standard library: testing/synctest: The Test function runs a test function in an isolated ???bubble???. Within the bubble, time is virtualized: time package functions operate on a fake clock and the clock moves forward instantaneously if all goroutines in the bubble are blocked. * Standard library: testing/synctest: The Wait function waits for all goroutines in the current bubble to block. * Standard library: encoding/json/v2: Go 1.25 includes a new, experimental JSON implementation, which can be enabled by setting the environment variable GOEXPERIMENT=jsonv2 at build time. When enabled, two new packages are available: The encoding/json/v2 package is a major revision of the encoding/json package. The encoding/json/jsontext package provides lower-level processing of JSON syntax. In addition, when the ???jsonv2??? GOEXPERIMENT is enabled: The encoding/json package uses the new JSON implementation. Marshaling and unmarshaling behavior is unaffected, but the text of errors returned by package function may change. The encoding/json package contains a number of new options which may be used to configure the marshaler and unmarshaler. The new implementation performs substantially better than the existing one under many scenarios. In general, encoding performance is at parity between the implementations and decoding is substantially faster in the new one. See the github.com/go-json-experiment/jsonbench repository for more detailed analysis. We encourage users of encoding/json to test their programs with GOEXPERIMENT=jsonv2 enabled to help detect any compatibility issues with the new implementation. We expect the design of encoding/json/v2 to continue to evolve. We encourage developers to try out the new API and provide feedback on the proposal issue. * archive/tar: The Writer.AddFS implementation now supports symbolic links for filesystems that implement io/fs.ReadLinkFS. * encoding/asn1: Unmarshal and UnmarshalWithParams now parse the ASN.1 types T61String and BMPString more consistently. This may result in some previously accepted malformed encodings now being rejected. * crypto: MessageSigner is a new signing interface that can be implemented by signers that wish to hash the message to be signed themselves. A new function is also introduced, SignMessage, which attempts to upgrade a Signer interface to MessageSigner, using the MessageSigner.SignMessage method if successful, and Signer.Sign if not. This can be used when code wishes to support both Signer and MessageSigner. * crypto: Changing the fips140 GODEBUG setting after the program has started is now a no-op. Previously, it was documented as not allowed, and could cause a panic if changed. * crypto: SHA-1, SHA-256, and SHA-512 are now slower on amd64 when AVX2 instructions are not available. All server processors (and most others) produced since 2015 support AVX2. * crypto/ecdsa: The new ParseRawPrivateKey, ParseUncompressedPublicKey, PrivateKey.Bytes, and PublicKey.Bytes functions and methods implement low-level encodings, replacing the need to use crypto/elliptic or math/big functions and methods. * crypto/ecdsa: When FIPS 140-3 mode is enabled, signing is now four times faster, matching the performance of non-FIPS mode. * crypto/ed25519: When FIPS 140-3 mode is enabled, signing is now four times faster, matching the performance of non-FIPS mode. * crypto/elliptic: The hidden and undocumented Inverse and CombinedMult methods on some Curve implementations have been removed. * crypto/rsa: PublicKey no longer claims that the modulus value is treated as secret. VerifyPKCS1v15 and VerifyPSS already warned that all inputs are public and could be leaked, and there are mathematical attacks that can recover the modulus from other public values. * crypto/rsa: Key generation is now three times faster. * crypto/sha1: Hashing is now two times faster on amd64 when SHA-NI instructions are available. * crypto/sha3: The new SHA3.Clone method implements hash.Cloner. * crypto/sha3: Hashing is now two times faster on Apple M processors. * crypto/tls: The new ConnectionState.CurveID field exposes the key exchange mechanism used to establish the connection. * crypto/tls: The new Config.GetEncryptedClientHelloKeys callback can be used to set the EncryptedClientHelloKeys for a server to use when a client sends an Encrypted Client Hello extension. * crypto/tls: SHA-1 signature algorithms are now disallowed in TLS 1.2 handshakes, per RFC 9155. They can be re-enabled with the GODEBUG setting tlssha1=1. * crypto/tls: When FIPS 140-3 mode is enabled, Extended Master Secret is now required in TLS 1.2, and Ed25519 and X25519MLKEM768 are now allowed. * crypto/tls: TLS servers now prefer the highest supported protocol version, even if it isn???t the client???s most preferred protocol version. * crypto/tls: Both TLS clients and servers are now stricter in following the specifications and in rejecting off-spec behavior. Connections with compliant peers should be unaffected. * crypto/x509: CreateCertificate, CreateCertificateRequest, and CreateRevocationList can now accept a crypto.MessageSigner signing interface as well as crypto.Signer. This allows these functions to use signers which implement ???one-shot??? signing interfaces, where hashing is done as part of the signing operation, instead of by the caller. * crypto/x509: CreateCertificate now uses truncated SHA-256 to populate the SubjectKeyId if it is missing. The GODEBUG setting x509sha256skid=0 reverts to SHA-1. * crypto/x509: ParseCertificate now rejects certificates which contain a BasicConstraints extension that contains a negative pathLenConstraint. * crypto/x509: ParseCertificate now handles strings encoded with the ASN.1 T61String and BMPString types more consistently. This may result in some previously accepted malformed encodings now being rejected. * debug/elf: The debug/elf package adds two new constants: PT_RISCV_ATTRIBUTES and SHT_RISCV_ATTRIBUTES for RISC-V ELF parsing. * go/ast: The FilterPackage, PackageExports, and MergePackageFiles functions, and the MergeMode type and its constants, are all deprecated, as they are for use only with the long-deprecated Object and Package machinery. * go/ast: The new PreorderStack function, like Inspect, traverses a syntax tree and provides control over descent into subtrees, but as a convenience it also provides the stack of enclosing nodes at each point. * go/parser: The ParseDir function is deprecated. * go/token: The new FileSet.AddExistingFiles method enables existing Files to be added to a FileSet, or a FileSet to be constructed for an arbitrary set of Files, alleviating the problems associated with a single global FileSet in long-lived applications. * go/types: Var now has a Var.Kind method that classifies the variable as one of: package-level, receiver, parameter, result, local variable, or a struct field. * go/types: The new LookupSelection function looks up the field or method of a given name and receiver type, like the existing LookupFieldOrMethod function, but returns the result in the form of a Selection. * hash: The new XOF interface can be implemented by ???extendable output functions???, which are hash functions with arbitrary or unlimited output length such as SHAKE. * hash: Hashes implementing the new Cloner interface can return a copy of their state. All standard library Hash implementations now implement Cloner. * hash/maphash: The new Hash.Clone method implements hash.Cloner. * io/fs: A new ReadLinkFS interface provides the ability to read symbolic links in a filesystem. * log/slog: GroupAttrs creates a group Attr from a slice of Attr values. * log/slog: Record now has a Source method, returning its source location or nil if unavailable. * mime/multipart: The new helper function FileContentDisposition builds multipart Content-Disposition header fields. * net: LookupMX and Resolver.LookupMX now return DNS names that look like valid IP address, as well as valid domain names. Previously if a name server returned an IP address as a DNS name, LookupMX would discard it, as required by the RFCs. However, name servers in practice do sometimes return IP addresses. * net: On Windows, ListenMulticastUDP now supports IPv6 addresses. * net: On Windows, it is now possible to convert between an os.File and a network connection. Specifcally, the FileConn, FilePacketConn, and FileListener functions are now implemented, and return a network connection or listener corresponding to an open file. Similarly, the File methods of TCPConn, UDPConn, UnixConn, IPConn, TCPListener, and UnixListener are now implemented, and return the underlying os.File of a network connection. * net/http: The new CrossOriginProtection implements protections against Cross-Site Request Forgery (CSRF) by rejecting non-safe cross-origin browser requests. It uses modern browser Fetch metadata, doesn???t require tokens or cookies, and supports origin-based and pattern-based bypasses. * os: On Windows, NewFile now supports handles opened for asynchronous I/O (that is, syscall.FILE_FLAG_OVERLAPPED is specified in the syscall.CreateFile call). These handles are associated with the Go runtime???s I/O completion port, which provides the following benefits for the resulting File: I/O methods (File.Read, File.Write, File.ReadAt, and File.WriteAt) do not block an OS thread. Deadline methods (File.SetDeadline, File.SetReadDeadline, and File.SetWriteDeadline) are supported. This enhancement is especially beneficial for applications that communicate via named pipes on Windows. Note that a handle can only be associated with one completion port at a time. If the handle provided to NewFile is already associated with a completion port, the returned File is downgraded to synchronous I/O mode. In this case, I/O methods will block an OS thread, and the deadline methods have no effect. * os: The filesystems returned by DirFS and Root.FS implement the new io/fs.ReadLinkFS interface. CopyFS supports symlinks when copying filesystems that implement io/fs.ReadLinkFS. The Root type supports the following additional methods: Root.Chmod, Root.Chown, Root.Chtimes, Root.Lchown, Root.Link, Root.MkdirAll, Root.ReadFile, Root.Readlink, Root.RemoveAll, Root.Rename, Root.Symlink, and Root.WriteFile. * reflect: The new TypeAssert function permits converting a Value directly to a Go value of the given type. This is like using a type assertion on the result of Value.Interface, but avoids unnecessary memory allocations. * regexp/syntax: The \p{name} and \P{name} character class syntaxes now accept the names Any, ASCII, Assigned, Cn, and LC, as well as Unicode category aliases like \p{Letter} for \pL. Following Unicode TR18, they also now use case-insensitive name lookups, ignoring spaces, underscores, and hyphens. * runtime: Cleanup functions scheduled by AddCleanup are now executed concurrently and in parallel, making cleanups more viable for heavy use like the unique package. Note that individual cleanups should still shunt their work to a new goroutine if they must execute or block for a long time to avoid blocking the cleanup queue. * runtime: A new GODEBUG=checkfinalizers=1 setting helps find common issues with finalizers and cleanups, such as those described in the GC guide. In this mode, the runtime runs diagnostics on each garbage collection cycle, and will also regularly report the finalizer and cleanup queue lengths to stderr to help identify issues with long-running finalizers and/or cleanups. See the GODEBUG documentation for more details. * runtime: The new SetDefaultGOMAXPROCS function sets GOMAXPROCS to the runtime default value, as if the GOMAXPROCS environment variable is not set. This is useful for enabling the new GOMAXPROCS default if it has been disabled by the GOMAXPROCS environment variable or a prior call to GOMAXPROCS. * runtime/pprof: The mutex profile for contention on runtime-internal locks now correctly points to the end of the critical section that caused the delay. This matches the profile???s behavior for contention on sync.Mutex values. The runtimecontentionstacks setting for GODEBUG, which allowed opting in to the unusual behavior of Go 1.22 through 1.24 for this part of the profile, is now gone. * sync: The new WaitGroup.Go method makes the common pattern of creating and counting goroutines more convenient. * testing: The new methods T.Attr, B.Attr, and F.Attr emit an attribute to the test log. An attribute is an arbitrary key and value associated with a test. * testing: With the -json flag, attributes appear as a new ???attr??? action. * testing: The new Output method of T, B and F provides an io.Writer that writes to the same test output stream as TB.Log. Like TB.Log, the output is indented, but it does not include the file and line number. * testing: The AllocsPerRun function now panics if parallel tests are running. The result of AllocsPerRun is inherently flaky if other tests are running. The new panicking behavior helps catch such bugs. * testing/fstest: MapFS implements the new io/fs.ReadLinkFS interface. TestFS will verify the functionality of the io/fs.ReadLinkFS interface if implemented. TestFS will no longer follow symlinks to avoid unbounded recursion. * unicode: The new CategoryAliases map provides access to category alias names, such as ???Letter??? for ???L???. * unicode: The new categories Cn and LC define unassigned codepoints and cased letters, respectively. These have always been defined by Unicode but were inadvertently omitted in earlier versions of Go. The C category now includes Cn, meaning it has added all unassigned code points. * unique: The unique package now reclaims interned values more eagerly, more efficiently, and in parallel. As a consequence, applications using Make are now less likely to experience memory blow-up when lots of truly unique values are interned. * unique: Values passed to Make containing Handles previously required multiple garbage collection cycles to collect, proportional to the depth of the chain of Handle values. Now, once unused, they are collected promptly in a single cycle. * Darwin port: As announced in the Go 1.24 release notes, Go 1.25 requires macOS 12 Monterey or later. Support for previous versions has been discontinued. * Windows port: Go 1.25 is the last release that contains the broken 32-bit windows/arm port (GOOS=windows GOARCH=arm). It will be removed in Go 1.26. * Loong64 port: The linux/loong64 port now supports the race detector, gathering traceback information from C code using runtime.SetCgoTraceback, and linking cgo programs with the internal link mode. * RISC-V port: The linux/riscv64 port now supports the plugin build mode. * RISC-V port: The GORISCV64 environment variable now accepts a new value rva23u64, which selects the RVA23U64 user-mode application profile. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - go1.25-doc-1.25.0-150000.1.5.1 added - glibc-devel-2.38-150600.14.37.1 updated - go1.25-1.25.0-150000.1.5.1 added - go1.25-race-1.25.0-150000.1.5.1 added - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated - go1.24-1.24.6-150000.1.32.1 removed - go1.24-doc-1.24.6-150000.1.32.1 removed - go1.24-race-1.24.6-150000.1.32.1 removed From sle-container-updates at lists.suse.com Tue Aug 26 09:15:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 11:15:36 +0200 (CEST) Subject: SUSE-CU-2025:6624-1: Security update of bci/golang Message-ID: <20250826091536.8AC78FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6624-1 Container Tags : bci/golang:1.24-openssl , bci/golang:1.24.3-openssl , bci/golang:1.24.3-openssl-73.14 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-73.14 Container Release : 73.14 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - glibc-devel-2.38-150600.14.37.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 09:15:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 11:15:44 +0200 (CEST) Subject: SUSE-CU-2025:6626-1: Security update of suse/kubectl Message-ID: <20250826091544.48A05FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6626-1 Container Tags : suse/kubectl:1.33 , suse/kubectl:1.33.1 , suse/kubectl:1.33.1-1.63.20 , suse/kubectl:latest , suse/kubectl:stable , suse/kubectl:stable-1.63.20 Container Release : 63.20 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:suse-sle15-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated - container:registry.suse.com-bci-bci-micro-15.7-e631ddc87a64067f3454b729f811eed0236dbf4ae669a438bf1b78e771b90a13-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 09:15:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 11:15:40 +0200 (CEST) Subject: SUSE-CU-2025:6625-1: Security update of suse/kubectl Message-ID: <20250826091540.39A6AFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6625-1 Container Tags : suse/kubectl:1.31 , suse/kubectl:1.31.9 , suse/kubectl:1.31.9-2.63.20 , suse/kubectl:oldstable , suse/kubectl:oldstable-2.63.20 Container Release : 63.20 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:suse-sle15-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated - container:registry.suse.com-bci-bci-micro-15.7-e631ddc87a64067f3454b729f811eed0236dbf4ae669a438bf1b78e771b90a13-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 09:15:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 11:15:54 +0200 (CEST) Subject: SUSE-CU-2025:6627-1: Security update of bci/openjdk-devel Message-ID: <20250826091554.BEFE4FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6627-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.8.0 , bci/openjdk-devel:21.0.8.0-11.21 , bci/openjdk-devel:latest Container Release : 11.21 Severity : moderate Type : security References : 1232234 1240058 1246221 1246965 CVE-2024-10041 CVE-2025-8058 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - pam-1.3.0-150000.6.86.1 updated - container:bci-openjdk-21-15.7.21-11.20 updated From sle-container-updates at lists.suse.com Tue Aug 26 09:16:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 11:16:06 +0200 (CEST) Subject: SUSE-CU-2025:6628-1: Security update of bci/python Message-ID: <20250826091606.15D43FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6628-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.13 , bci/python:3.11.13-74.21 Container Release : 74.21 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 09:16:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 11:16:13 +0200 (CEST) Subject: SUSE-CU-2025:6629-1: Security update of suse/samba-client Message-ID: <20250826091613.BDE37FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6629-1 Container Tags : suse/samba-client:4.21 , suse/samba-client:4.21 , suse/samba-client:4.21-64.23 , suse/samba-client:latest Container Release : 64.23 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container suse/samba-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:suse-sle15-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated - container:registry.suse.com-bci-bci-micro-15.7-e631ddc87a64067f3454b729f811eed0236dbf4ae669a438bf1b78e771b90a13-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 09:16:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 11:16:20 +0200 (CEST) Subject: SUSE-CU-2025:6630-1: Security update of suse/samba-server Message-ID: <20250826091620.98F94FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6630-1 Container Tags : suse/samba-server:4.21 , suse/samba-server:4.21 , suse/samba-server:4.21-64.23 , suse/samba-server:latest Container Release : 64.23 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container suse/samba-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:suse-sle15-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated - container:registry.suse.com-bci-bci-micro-15.7-e631ddc87a64067f3454b729f811eed0236dbf4ae669a438bf1b78e771b90a13-0 updated From sle-container-updates at lists.suse.com Tue Aug 26 09:16:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Aug 2025 11:16:27 +0200 (CEST) Subject: SUSE-CU-2025:6631-1: Security update of suse/samba-toolbox Message-ID: <20250826091627.95DF2FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6631-1 Container Tags : suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21-64.23 , suse/samba-toolbox:latest Container Release : 64.23 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container suse/samba-toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:suse-sle15-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated - container:registry.suse.com-bci-bci-micro-15.7-e631ddc87a64067f3454b729f811eed0236dbf4ae669a438bf1b78e771b90a13-0 updated From sle-container-updates at lists.suse.com Wed Aug 27 07:07:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Aug 2025 09:07:40 +0200 (CEST) Subject: SUSE-CU-2025:6632-1: Security update of suse/mariadb-client Message-ID: <20250827070740.B5F71FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6632-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.11 , suse/mariadb-client:10.11.11-63.25 Container Release : 63.25 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - container:suse-sle15-15.6-0934acc60b392531bf6a68a99f0793b3e01c1027d0968caade3ec95a5cd1b2e6-0 updated - container:registry.suse.com-bci-bci-micro-15.6-1998c870659774535cf3fcd5f21bf2171bcd511edd7b5515cb3aa1c420e8a441-0 updated From sle-container-updates at lists.suse.com Wed Aug 27 07:10:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Aug 2025 09:10:24 +0200 (CEST) Subject: SUSE-CU-2025:6633-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250827071024.A97C4FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6633-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.47.13 Container Release : 47.13 Severity : moderate Type : security References : 1232234 1240058 1246221 1246965 1247144 1247148 CVE-2024-10041 CVE-2025-8058 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2956-1 Released: Fri Aug 22 08:57:48 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increased limit for CRL download (bsc#1247148, bsc#1247144) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - libopenssl3-3.1.4-150600.5.36.4 updated - libopenssl-3-fips-provider-3.1.4-150600.5.36.4 updated - pam-1.3.0-150000.6.86.1 updated - openssl-3-3.1.4-150600.5.36.4 updated - glibc-locale-base-2.38-150600.14.37.1 updated - glibc-locale-2.38-150600.14.37.1 updated - glibc-devel-2.38-150600.14.37.1 updated - container:registry.suse.com-bci-bci-base-15.6-0934acc60b392531bf6a68a99f0793b3e01c1027d0968caade3ec95a5cd1b2e6-0 updated From sle-container-updates at lists.suse.com Wed Aug 27 07:10:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Aug 2025 09:10:40 +0200 (CEST) Subject: SUSE-CU-2025:6634-1: Security update of suse/389-ds Message-ID: <20250827071040.0AF73FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6634-1 Container Tags : suse/389-ds:2.5 , suse/389-ds:2.5.3 , suse/389-ds:2.5.3-62.24 , suse/389-ds:latest Container Release : 62.24 Severity : moderate Type : security References : 1232234 1240058 1246221 1246965 CVE-2024-10041 CVE-2025-8058 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - pam-1.3.0-150000.6.86.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Wed Aug 27 07:10:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Aug 2025 09:10:51 +0200 (CEST) Subject: SUSE-CU-2025:6635-1: Security update of bci/bci-init Message-ID: <20250827071051.BB8CAFF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6635-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-42.21 , bci/bci-init:latest Container Release : 42.21 Severity : moderate Type : security References : 1232234 1240058 1246221 1246965 CVE-2024-10041 CVE-2025-8058 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - pam-1.3.0-150000.6.86.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Wed Aug 27 07:10:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Aug 2025 09:10:58 +0200 (CEST) Subject: SUSE-CU-2025:6636-1: Security update of suse/kea Message-ID: <20250827071058.F0EA7FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/kea ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6636-1 Container Tags : suse/kea:2.6 , suse/kea:2.6-62.22 , suse/kea:latest Container Release : 62.22 Severity : important Type : security References : 1248119 1248120 1248122 CVE-2025-8713 CVE-2025-8714 CVE-2025-8715 ----------------------------------------------------------------- The container suse/kea was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2986-1 Released: Tue Aug 26 12:41:07 2025 Summary: Security update for postgresql17 Type: security Severity: important References: 1248119,1248120,1248122,CVE-2025-8713,CVE-2025-8714,CVE-2025-8715 This update for postgresql17 fixes the following issues: Updated to 17.6: * CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table (bsc#1248120) * CVE-2025-8714: Fixed untrusted data inclusion in pg_dump allows superuser of origin server to execute arbitrary code in psql client (bsc#1248122) * CVE-2025-8715: Fixed improper neutralization of newlines in pg_dump leading to arbitrary code execution in the psql client and in the restore target server (bsc#1248119) The following package changes have been done: - libpq5-17.6-150600.13.16.1 updated From sle-container-updates at lists.suse.com Wed Aug 27 07:11:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Aug 2025 09:11:16 +0200 (CEST) Subject: SUSE-CU-2025:6637-1: Security update of bci/kiwi Message-ID: <20250827071116.8A538FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6637-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-18.28 , bci/kiwi:latest Container Release : 18.28 Severity : moderate Type : security References : 1232234 1240058 1244925 1246221 1246965 CVE-2024-10041 CVE-2025-50181 CVE-2025-8058 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2985-1 Released: Mon Aug 25 15:55:03 2025 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1244925,CVE-2025-50181 This update for python-urllib3 fixes the following issues: - CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - pam-1.3.0-150000.6.86.1 updated - glibc-locale-base-2.38-150600.14.37.1 updated - glibc-devel-2.38-150600.14.37.1 updated - python3-urllib3-1.25.10-150300.4.18.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Wed Aug 27 07:11:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Aug 2025 09:11:29 +0200 (CEST) Subject: SUSE-CU-2025:6638-1: Security update of suse/pcp Message-ID: <20250827071129.224C1FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6638-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-62.27 , suse/pcp:latest Container Release : 62.27 Severity : moderate Type : security References : 1232234 1240058 1246221 1246965 CVE-2024-10041 CVE-2025-8058 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - pam-1.3.0-150000.6.86.1 updated - container:bci-bci-init-15.7-4905b4987aa6ae402ae4d01e9f7bb042bbeb05fe45d6d039c1b4c5c57c4636aa-0 updated From sle-container-updates at lists.suse.com Wed Aug 27 07:11:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Aug 2025 09:11:39 +0200 (CEST) Subject: SUSE-CU-2025:6639-1: Security update of bci/php-fpm Message-ID: <20250827071139.4841DFF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6639-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.3.23 , bci/php-fpm:8.3.23-12.21 , bci/php-fpm:latest Container Release : 12.21 Severity : moderate Type : security References : 1232234 1240058 1246221 1246965 CVE-2024-10041 CVE-2025-8058 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - pam-1.3.0-150000.6.86.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Wed Aug 27 07:11:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Aug 2025 09:11:48 +0200 (CEST) Subject: SUSE-CU-2025:6640-1: Security update of suse/postgres Message-ID: <20250827071148.1584FFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6640-1 Container Tags : suse/postgres:16 , suse/postgres:16.9 , suse/postgres:16.9 , suse/postgres:16.9-74.23 Container Release : 74.23 Severity : important Type : security References : 1232234 1240058 1246221 1246965 1248119 1248120 1248122 CVE-2024-10041 CVE-2025-8058 CVE-2025-8713 CVE-2025-8714 CVE-2025-8715 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2986-1 Released: Tue Aug 26 12:41:07 2025 Summary: Security update for postgresql17 Type: security Severity: important References: 1248119,1248120,1248122,CVE-2025-8713,CVE-2025-8714,CVE-2025-8715 This update for postgresql17 fixes the following issues: Updated to 17.6: * CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table (bsc#1248120) * CVE-2025-8714: Fixed untrusted data inclusion in pg_dump allows superuser of origin server to execute arbitrary code in psql client (bsc#1248122) * CVE-2025-8715: Fixed improper neutralization of newlines in pg_dump leading to arbitrary code execution in the psql client and in the restore target server (bsc#1248119) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - glibc-locale-base-2.38-150600.14.37.1 updated - glibc-locale-2.38-150600.14.37.1 updated - libpq5-17.6-150600.13.16.1 updated - pam-1.3.0-150000.6.86.1 updated - container:suse-sle15-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated - container:registry.suse.com-bci-bci-micro-15.7-e631ddc87a64067f3454b729f811eed0236dbf4ae669a438bf1b78e771b90a13-0 updated From sle-container-updates at lists.suse.com Wed Aug 27 07:11:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Aug 2025 09:11:56 +0200 (CEST) Subject: SUSE-CU-2025:6641-1: Security update of suse/postgres Message-ID: <20250827071156.A2130FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6641-1 Container Tags : suse/postgres:17 , suse/postgres:17.6 , suse/postgres:17.6 , suse/postgres:17.6-64.22 , suse/postgres:latest Container Release : 64.22 Severity : important Type : security References : 1232234 1240058 1246221 1246965 1248119 1248120 1248122 CVE-2024-10041 CVE-2025-8058 CVE-2025-8713 CVE-2025-8714 CVE-2025-8715 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2986-1 Released: Tue Aug 26 12:41:07 2025 Summary: Security update for postgresql17 Type: security Severity: important References: 1248119,1248120,1248122,CVE-2025-8713,CVE-2025-8714,CVE-2025-8715 This update for postgresql17 fixes the following issues: Updated to 17.6: * CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table (bsc#1248120) * CVE-2025-8714: Fixed untrusted data inclusion in pg_dump allows superuser of origin server to execute arbitrary code in psql client (bsc#1248122) * CVE-2025-8715: Fixed improper neutralization of newlines in pg_dump leading to arbitrary code execution in the psql client and in the restore target server (bsc#1248119) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - glibc-locale-base-2.38-150600.14.37.1 updated - glibc-locale-2.38-150600.14.37.1 updated - libpq5-17.6-150600.13.16.1 updated - postgresql17-17.6-150600.13.16.1 updated - pam-1.3.0-150000.6.86.1 updated - postgresql17-server-17.6-150600.13.16.1 updated - container:suse-sle15-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated - container:registry.suse.com-bci-bci-micro-15.7-e631ddc87a64067f3454b729f811eed0236dbf4ae669a438bf1b78e771b90a13-0 updated From sle-container-updates at lists.suse.com Wed Aug 27 07:12:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Aug 2025 09:12:07 +0200 (CEST) Subject: SUSE-CU-2025:6642-1: Security update of bci/rust Message-ID: <20250827071207.3DE17FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6642-1 Container Tags : bci/rust:1.87 , bci/rust:1.87.0 , bci/rust:1.87.0-2.3.18 , bci/rust:oldstable , bci/rust:oldstable-2.3.18 Container Release : 3.18 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - glibc-devel-2.38-150600.14.37.1 updated - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated From sle-container-updates at lists.suse.com Wed Aug 27 15:16:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Aug 2025 17:16:49 +0200 (CEST) Subject: SUSE-IU-2025:2383-1: Recommended update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250827151649.DE446FF2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2383-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.78 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.78 Severity : moderate Type : recommended References : 1241114 1241680 1247819 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 436 Released: Wed Aug 27 07:59:25 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1241114,1241680,1247819 This update for dracut fixes the following issues: - fix (dracut-util): crash if CMDLINE ends with quotation mark (bsc#1247819) - fix (rngd): adjust license to match the license of the whole project - fix (dracut): kernel module name normalization in drivers lists (bsc#1241680) - fix (dracut-init): assign real path to srcmods (bsc#1241114) The following package changes have been done: - SL-Micro-release-6.0-25.45 updated - dracut-059+suse.605.gc5a2b7ff-1.1 updated - container:SL-Micro-base-container-2.1.3-7.47 updated From sle-container-updates at lists.suse.com Wed Aug 27 15:17:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Aug 2025 17:17:35 +0200 (CEST) Subject: SUSE-IU-2025:2384-1: Recommended update of suse/sl-micro/6.0/base-os-container Message-ID: <20250827151735.0B016FF2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2384-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.47 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.47 Severity : important Type : recommended References : 1241114 1241680 1246912 1247819 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 436 Released: Wed Aug 27 07:59:25 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1241114,1241680,1247819 This update for dracut fixes the following issues: - fix (dracut-util): crash if CMDLINE ends with quotation mark (bsc#1247819) - fix (rngd): adjust license to match the license of the whole project - fix (dracut): kernel module name normalization in drivers lists (bsc#1241680) - fix (dracut-init): assign real path to srcmods (bsc#1241114) ----------------------------------------------------------------- Advisory ID: 437 Released: Wed Aug 27 10:33:36 2025 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1246912 This update for libzypp fixes the following issues: - Make ld.so ignore the subarch packages during install (bsc#1246912) The following package changes have been done: - SL-Micro-release-6.0-25.45 updated - dracut-059+suse.605.gc5a2b7ff-1.1 updated - libzypp-17.37.17-1.1 updated - container:suse-toolbox-image-1.0.0-9.31 updated From sle-container-updates at lists.suse.com Wed Aug 27 15:18:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Aug 2025 17:18:22 +0200 (CEST) Subject: SUSE-IU-2025:2385-1: Recommended update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250827151822.06D69FF2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2385-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.70 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.70 Severity : moderate Type : recommended References : 1241114 1241680 1247819 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 436 Released: Wed Aug 27 07:59:25 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1241114,1241680,1247819 This update for dracut fixes the following issues: - fix (dracut-util): crash if CMDLINE ends with quotation mark (bsc#1247819) - fix (rngd): adjust license to match the license of the whole project - fix (dracut): kernel module name normalization in drivers lists (bsc#1241680) - fix (dracut-init): assign real path to srcmods (bsc#1241114) The following package changes have been done: - SL-Micro-release-6.0-25.45 updated - dracut-059+suse.605.gc5a2b7ff-1.1 updated - container:SL-Micro-base-container-2.1.3-7.47 updated From sle-container-updates at lists.suse.com Wed Aug 27 15:19:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Aug 2025 17:19:10 +0200 (CEST) Subject: SUSE-IU-2025:2386-1: Recommended update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250827151910.39FAAFF2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2386-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.79 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.79 Severity : moderate Type : recommended References : 1241114 1241680 1247819 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 436 Released: Wed Aug 27 07:59:25 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1241114,1241680,1247819 This update for dracut fixes the following issues: - fix (dracut-util): crash if CMDLINE ends with quotation mark (bsc#1247819) - fix (rngd): adjust license to match the license of the whole project - fix (dracut): kernel module name normalization in drivers lists (bsc#1241680) - fix (dracut-init): assign real path to srcmods (bsc#1241114) The following package changes have been done: - SL-Micro-release-6.0-25.45 updated - dracut-059+suse.605.gc5a2b7ff-1.1 updated - container:SL-Micro-container-2.1.3-6.78 updated From sle-container-updates at lists.suse.com Wed Aug 27 15:20:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Aug 2025 17:20:45 +0200 (CEST) Subject: SUSE-CU-2025:6650-1: Security update of suse/sl-micro/6.0/toolbox Message-ID: <20250827152045.568F4FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6650-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.31 , suse/sl-micro/6.0/toolbox:latest Container Release : 9.31 Severity : important Type : security References : 1246912 1247249 CVE-2025-8194 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 437 Released: Wed Aug 27 10:33:36 2025 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1246912 This update for libzypp fixes the following issues: - Make ld.so ignore the subarch packages during install (bsc#1246912) ----------------------------------------------------------------- Advisory ID: 438 Released: Wed Aug 27 12:27:12 2025 Summary: Security update for python311 Type: security Severity: important References: 1247249,CVE-2025-8194 This update for python311 fixes the following issues: - CVE-2025-8194: Fixed infinite loop and deadlock caused by tar archives with negative offsets (bsc#1247249) The following package changes have been done: - SL-Micro-release-6.0-25.45 updated - libpython3_11-1_0-3.11.13-2.1 updated - libzypp-17.37.17-1.1 updated - python311-base-3.11.13-2.1 updated - skelcd-EULA-SL-Micro-2024.01.19-8.44 updated From sle-container-updates at lists.suse.com Wed Aug 27 15:24:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Aug 2025 17:24:37 +0200 (CEST) Subject: SUSE-CU-2025:6651-1: Recommended update of bci/ruby Message-ID: <20250827152437.16B31FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6651-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-13.22 Container Release : 13.22 Severity : important Type : recommended References : 1247473 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2989-1 Released: Wed Aug 27 07:45:10 2025 Summary: Recommended update for rubygem-gem2rpm Type: recommended Severity: important References: 1247473 This update for rubygem-gem2rpm fixes the following issues: - Fixed the complaint about the template file not being found * use opensuse template on sles as well - On newer ruby versions Kernel.open is no longer working with URIs. Use URI.open() - Also treat contributing as documentation. - Build and ship ruby3.4-rubygem-gem2rpm. (bsc#1247473) The following package changes have been done: - ruby2.5-rubygem-gem2rpm-0.10.1-150700.22.7.1 updated From sle-container-updates at lists.suse.com Wed Aug 27 15:24:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Aug 2025 17:24:49 +0200 (CEST) Subject: SUSE-CU-2025:6652-1: Recommended update of bci/ruby Message-ID: <20250827152449.51F8AFF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6652-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-12.22 , bci/ruby:latest Container Release : 12.22 Severity : important Type : recommended References : 1247473 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2989-1 Released: Wed Aug 27 07:45:10 2025 Summary: Recommended update for rubygem-gem2rpm Type: recommended Severity: important References: 1247473 This update for rubygem-gem2rpm fixes the following issues: - Fixed the complaint about the template file not being found * use opensuse template on sles as well - On newer ruby versions Kernel.open is no longer working with URIs. Use URI.open() - Also treat contributing as documentation. - Build and ship ruby3.4-rubygem-gem2rpm. (bsc#1247473) The following package changes have been done: - ruby2.5-rubygem-gem2rpm-0.10.1-150700.22.7.1 updated From sle-container-updates at lists.suse.com Thu Aug 28 07:08:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Aug 2025 09:08:55 +0200 (CEST) Subject: SUSE-CU-2025:6654-1: Security update of suse/postgres Message-ID: <20250828070855.4154CFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6654-1 Container Tags : suse/postgres:16 , suse/postgres:16.10 , suse/postgres:16.10 , suse/postgres:16.10-74.24 Container Release : 74.24 Severity : important Type : security References : 1248119 1248120 1248122 CVE-2025-8713 CVE-2025-8714 CVE-2025-8715 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3005-1 Released: Wed Aug 27 15:43:27 2025 Summary: Security update for postgresql16 Type: security Severity: important References: 1248119,1248120,1248122,CVE-2025-8713,CVE-2025-8714,CVE-2025-8715 This update for postgresql16 fixes the following issues: Upgraded to 16.10: * CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table (bsc#1248120) * CVE-2025-8714: Fixed untrusted data inclusion in pg_dump allows superuser of origin server to execute arbitrary code in psql client (bsc#1248122) * CVE-2025-8715: Fixed improper neutralization of newlines in pg_dump leading to arbitrary code execution in the psql client and in the restore target server (bsc#1248119) The following package changes have been done: - postgresql16-16.10-150600.16.21.1 updated - postgresql16-server-16.10-150600.16.21.1 updated From sle-container-updates at lists.suse.com Thu Aug 28 07:09:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Aug 2025 09:09:01 +0200 (CEST) Subject: SUSE-CU-2025:6655-1: Security update of suse/mariadb-client Message-ID: <20250828070901.1B8FEFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6655-1 Container Tags : suse/mariadb-client:11.8 , suse/mariadb-client:11.8.2 , suse/mariadb-client:11.8.2-61.1 , suse/mariadb-client:latest Container Release : 61.1 Severity : moderate Type : security References : 1232234 1240058 1246221 1246965 CVE-2024-10041 CVE-2025-8058 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2941-1 Released: Thu Aug 21 11:23:26 2025 Summary: Recommended update for mariadb Type: recommended Severity: moderate References: This update for mariadb fixes the following issues: - Update to 11.8.2: https://mariadb.com/kb/en/mariadb-11-8-2-release-notes/ https://mariadb.com/kb/en/mariadb-11-8-2-changelog/ - Update list of skipped tests ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - libaio1-0.3.109-1.25 added - libpcre2-posix3-10.42-150600.1.26 added - mariadb-errormessages-11.8.2-150700.3.3.1 updated - pam-1.3.0-150000.6.86.1 updated - mariadb-client-11.8.2-150700.3.3.1 updated - container:suse-sle15-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated - container:registry.suse.com-bci-bci-micro-15.7-e631ddc87a64067f3454b729f811eed0236dbf4ae669a438bf1b78e771b90a13-0 updated From sle-container-updates at lists.suse.com Thu Aug 28 07:09:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Aug 2025 09:09:08 +0200 (CEST) Subject: SUSE-CU-2025:6656-1: Security update of suse/mariadb Message-ID: <20250828070908.9B55EFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6656-1 Container Tags : suse/mariadb:11.8 , suse/mariadb:11.8.2 , suse/mariadb:11.8.2-61.1 , suse/mariadb:latest Container Release : 61.1 Severity : moderate Type : security References : 1232234 1240058 1246221 1246965 CVE-2024-10041 CVE-2025-8058 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2941-1 Released: Thu Aug 21 11:23:26 2025 Summary: Recommended update for mariadb Type: recommended Severity: moderate References: This update for mariadb fixes the following issues: - Update to 11.8.2: https://mariadb.com/kb/en/mariadb-11-8-2-release-notes/ https://mariadb.com/kb/en/mariadb-11-8-2-changelog/ - Update list of skipped tests ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - libpcre2-posix3-10.42-150600.1.26 added - mariadb-errormessages-11.8.2-150700.3.3.1 updated - mariadb-tools-11.8.2-150700.3.3.1 updated - pam-1.3.0-150000.6.86.1 updated - mariadb-client-11.8.2-150700.3.3.1 updated - mariadb-11.8.2-150700.3.3.1 updated - container:suse-sle15-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated - container:registry.suse.com-bci-bci-micro-15.7-e631ddc87a64067f3454b729f811eed0236dbf4ae669a438bf1b78e771b90a13-0 updated From sle-container-updates at lists.suse.com Thu Aug 28 07:09:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Aug 2025 09:09:14 +0200 (CEST) Subject: SUSE-CU-2025:6657-1: Security update of suse/kiosk/xorg-client Message-ID: <20250828070914.17BD3FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6657-1 Container Tags : suse/kiosk/xorg-client:21 , suse/kiosk/xorg-client:21-64.18 , suse/kiosk/xorg-client:latest Container Release : 64.18 Severity : moderate Type : security References : 1232234 1240058 1246221 1246965 CVE-2024-10041 CVE-2025-8058 ----------------------------------------------------------------- The container suse/kiosk/xorg-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - pam-1.3.0-150000.6.86.1 updated - container:suse-sle15-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated - container:registry.suse.com-bci-bci-micro-15.7-e631ddc87a64067f3454b729f811eed0236dbf4ae669a438bf1b78e771b90a13-0 updated From sle-container-updates at lists.suse.com Fri Aug 29 07:07:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Aug 2025 09:07:25 +0200 (CEST) Subject: SUSE-CU-2025:6659-1: Security update of bci/golang Message-ID: <20250829070725.27A28FF2E@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6659-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.6 , bci/golang:1.24.6-2.71.3 , bci/golang:oldstable , bci/golang:oldstable-2.71.3 Container Release : 71.3 Severity : important Type : security References : 1236217 1236217 1236217 1236217 1236217 1236217 1236217 1238572 1239182 1240058 1240550 1240764 1242715 1242715 1244156 1244157 1244158 1246118 1246965 1247719 1247720 CVE-2025-0913 CVE-2025-22870 CVE-2025-22871 CVE-2025-22873 CVE-2025-22873 CVE-2025-22874 CVE-2025-4673 CVE-2025-4674 CVE-2025-47906 CVE-2025-47907 CVE-2025-8058 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:509-1 Released: Thu Feb 13 12:32:59 2025 Summary: Recommended update for go1.24 Type: recommended Severity: moderate References: 1236217 This update for go1.24 fixes the following issues: go1.24 (released 2025-02-11) is a major release of Go. go1.24.x minor releases will be provided through February 2026. https://github.com/golang/go/wiki/Go-Release-Cycle go1.24 arrives six months after Go 1.23. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. (boo#1236217) * Language change: Go 1.24 now fully supports generic type aliases: a type alias may be parameterized like a defined type. See the language spec for details. For now, the feature can be disabled by setting GOEXPERIMENT=noaliastypeparams; but the aliastypeparams setting will be removed for Go 1.25. * go command: Go modules can now track executable dependencies using tool directives in go.mod. This removes the need for the previous workaround of adding tools as blank imports to a file conventionally named 'tools.go'. The go tool command can now run these tools in addition to tools shipped with the Go distribution. * go command: The new -tool flag for go get causes a tool directive to be added to the current module for named packages in addition to adding require directives. * go command: The new tool meta-pattern refers to all tools in the current module. This can be used to upgrade them all with go get tool or to install them into your GOBIN directory with go install tool. * go command: Executables created by go run and the new behavior of go tool are now cached in the Go build cache. This makes repeated executions faster at the expense of making the cache larger. See go#69290. * go command: The go build and go install commands now accept a -json flag that reports build output and failures as structured JSON output on standard output. For details of the reporting format, see go help buildjson. Furthermore, go test -json now reports build output and failures in JSON, interleaved with test result JSON. These are distinguished by new Action types, but if they cause problems in a test integration system, you can revert to the text build output with GODEBUG setting gotestjsonbuildtext=1. * go command: The new GOAUTH environment variable provides a flexible way to authenticate private module fetches. See go help goauth for more information. * go command: The go build command now sets the main module's version in the compiled binary based on the version control system tag and/or commit. A +dirty suffix will be appended if there are uncommitted changes. Use the -buildvcs=false flag to omit version control information from the binary. * go command: The new GODEBUG setting toolchaintrace=1 can be used to trace the go command's toolchain selection process. * cgo: cgo supports new annotations for C functions to improve run time performance. cgo noescape cFunctionName tells the compiler that memory passed to the C function cFunctionname does not escape. cgo nocallback cFunctionName tells the compiler that the C function cFunctionName does not call back to any Go functions. * cgo: cgo currently refuses to compile calls to a C function which has multiple incompatible declarations. For instance, if f is declared as both void f(int) and void f(double), cgo will report an error instead of possibly generating an incorrect call sequence for f(0). New in this release is a better detector for this error condition when the incompatible declarations appear in different files. See go#67699. * objdump: The objdump tool now supports dissassembly on 64-bit LoongArch (GOARCH=loong64), RISC-V (GOARCH=riscv64), and S390X (GOARCH=s390x). * vet: The new tests analyzer reports common mistakes in declarations of tests, fuzzers, benchmarks, and examples in test packages, such as malformed names, incorrect signatures, or examples that document non-existent identifiers. Some of these mistakes may cause tests not to run. This analyzer is among the subset of analyzers that are run by go test. * vet: The existing printf analyzer now reports a diagnostic for calls of the form fmt.Printf(s), where s is a non-constant format string, with no other arguments. Such calls are nearly always a mistake as the value of s may contain the % symbol; use fmt.Print instead. See go#60529. This check tends to produce findings in existing code, and so is only applied when the language version (as specified by the go.mod go directive or //go:build comments) is at least Go 1.24, to avoid causing continuous integration failures when updating to the 1.24 Go toolchain. * vet: The existing buildtag analyzer now reports a diagnostic when there is an invalid Go major version build constraint within a //go:build directive. For example, //go:build go1.23.1 refers to a point release; use //go:build go1.23 instead. See go#64127. * vet: The existing copylock analyzer now reports a diagnostic when a variable declared in a 3-clause 'for' loop such as for i := iter(); done(i); i = next(i) { ... } contains a sync.Locker, such as a sync.Mutex. Go 1.22 changed the behavior of these loops to create a new variable for each iteration, copying the value from the previous iteration; this copy operation is not safe for locks. See go#66387. * GOCACHEPROG: The cmd/go internal binary and test caching mechanism can now be implemented by child processes implementing a JSON protocol between the cmd/go tool and the child process named by the GOCACHEPROG environment variable. This was previously behind a GOEXPERIMENT. For protocol details, see the documentation. * Runtime: Several performance improvements to the runtime have decreased CPU overheads by 2-3% on average across a suite of representative benchmarks. Results may vary by application. These improvements include a new builtin map implementation based on Swiss Tables, more efficient memory allocation of small objects, and a new runtime-internal mutex implementation. * Runtime: The new builtin map implementation and new runtime-internal mutex may be disabled by setting GOEXPERIMENT=noswissmap and GOEXPERIMENT=nospinbitmutex at build time respectively. * Compiler: The compiler already disallowed defining new methods with receiver types that were cgo-generated, but it was possible to circumvent that restriction via an alias type. Go 1.24 now always reports an error if a receiver denotes a cgo-generated type, whether directly or indirectly (through an alias type). * Linker: The linker now generates a GNU build ID (the ELF NT_GNU_BUILD_ID note) on ELF platforms and a UUID (the Mach-O LC_UUID load command) on macOS by default. The build ID or UUID is derived from the Go build ID. It can be disabled by the -B none linker flag, or overridden by the -B 0xNNNN linker flag with a user-specified hexadecimal value. * Bootstrap: As mentioned in the Go 1.22 release notes, Go 1.24 now requires Go 1.22.6 or later for bootstrap. We expect that Go 1.26 will require a point release of Go 1.24 or later for bootstrap. * Standard library: Directory-limited filesystem access: The new os.Root type provides the ability to perform filesystem operations within a specific directory. The os.OpenRoot function opens a directory and returns an os.Root. Methods on os.Root operate within the directory and do not permit paths that refer to locations outside the directory, including ones that follow symbolic links out of the directory. The methods on os.Root mirror most of the file system operations available in the os package, including for example os.Root.Open, os.Root.Create, os.Root.Mkdir, and os.Root.Stat, * Standard library: new benchmark function: Benchmarks may now use the faster and less error-prone testing.B.Loop method to perform benchmark iterations like for b.Loop() { ... } in place of the typical loop structures involving b.N like for range b.N. This offers two significant advantages: 1) The benchmark function will execute exactly once per -count, so expensive setup and cleanup steps execute only once, and 2) Function call parameters and results are kept alive, preventing the compiler from fully optimizing away the loop body. * Standard library: Improved finalizers: The new runtime.AddCleanup function is a finalization mechanism that is more flexible, more efficient, and less error-prone than runtime.SetFinalizer. AddCleanup attaches a cleanup function to an object that will run once the object is no longer reachable. However, unlike SetFinalizer, multiple cleanups may be attached to a single object, cleanups may be attached to interior pointers, cleanups do not generally cause leaks when objects form a cycle, and cleanups do not delay the freeing of an object or objects it points to. New code should prefer AddCleanup over SetFinalizer. * Standard library: New weak package: The new weak package provides weak pointers. Weak pointers are a low-level primitive provided to enable the creation of memory-efficient structures, such as weak maps for associating values, canonicalization maps for anything not covered by package unique, and various kinds of caches. For supporting these use-cases, this release also provides runtime.AddCleanup and maphash.Comparable. * Standard library: New crypto/mlkem package: The new crypto/mlkem package implements ML-KEM-768 and ML-KEM-1024. ML-KEM is a post-quantum key exchange mechanism formerly known as Kyber and specified in FIPS 203. * Standard library: New crypto/hkdf, crypto/pbkdf2, and crypto/sha3 packages: The new crypto/hkdf package implements the HMAC-based Extract-and-Expand key derivation function HKDF, as defined in RFC 5869. The new crypto/pbkdf2 package implements the password-based key derivation function PBKDF2, as defined in RFC 8018. The new crypto/sha3 package implements the SHA-3 hash function and SHAKE and cSHAKE extendable-output functions, as defined in FIPS 202. All three packages are based on pre-existing golang.org/x/crypto/... packages. * FIPS: release includes a new set of mechanisms to facilitate FIPS 140-3 compliance. See https://go.dev/doc/security/fips140 The Go Cryptographic Module is a set of internal standard library packages that are transparently used to implement FIPS 140-3 approved algorithms. Applications require no changes to use the Go Cryptographic Module for approved algorithms. * FIPS: The new GOFIPS140 environment variable can be used to select the Go Cryptographic Module version to use in a build. The new fips140 GODEBUG setting can be used to enable FIPS 140-3 mode at runtime. * FIPS: Go 1.24 includes Go Cryptographic Module version v1.0.0, which is currently under test with a CMVP-accredited laboratory. * Standard library: New experimental testing/synctest package: The new experimental testing/synctest package provides support for testing concurrent code. The synctest.Run function starts a group of goroutines in an isolated 'bubble'. Within the bubble, time package functions operate on a fake clock. The synctest.Wait function waits for all goroutines in the current bubble to block. The synctest package is experimental and must be enabled by setting GOEXPERIMENT=synctest at build time. The package API is subject to change in future releases. See issue go#67434 for more information and to provide feeback. * archive: The (*Writer).AddFS implementations in both archive/zip and archive/tar now write a directory header for an empty directory. * bytes: The bytes package adds several functions that work with iterators. * bytes: Lines returns an iterator over the newline-terminated lines in a byte slice. * bytes: SplitSeq returns an iterator over all subslices of a byte slice split around a separator. * bytes: SplitAfterSeq returns an iterator over subslices of a byte slice split after each instance of a separator. * bytes: FieldsSeq returns an iterator over subslices of a byte slice split around runs of whitespace characters, as defined by unicode.IsSpace. * bytes: FieldsFuncSeq returns an iterator over subslices of a byte slice split around runs of Unicode code points satisfying a predicate. * crypto/aes: The value returned by NewCipher no longer implements the NewCTR, NewGCM, NewCBCEncrypter, and NewCBCDecrypter methods. These methods were undocumented and not available on all architectures. Instead, the Block value should be passed directly to the relevant crypto/cipher functions. For now, crypto/cipher still checks for those methods on Block values, even if they are not used by the standard library anymore. * crypto/aes: The Stream implementation returned by NewCTR when used with crypto/aes is now several times faster on amd64 and arm64. * crypto/cipher: The new NewGCMWithRandomNonce function returns an AEAD that implements AES-GCM by generating a random nonce during Seal and prepending it to the ciphertext. * crypto/cipher: NewOFB, NewCFBEncrypter, and NewCFBDecrypter are now deprecated. OFB and CFB mode are not authenticated, which generally enables active attacks to manipulate and recover the plaintext. It is recommended that applications use AEAD modes instead. If an unauthenticated Stream mode is required, use NewCTR instead. * crypto/ecdsa: PrivateKey.Sign now produces a deterministic signature according to RFC 6979 if the random source is nil. * crypto/md5: The value returned by md5.New now also implements the encoding.BinaryAppender interface. * crypto/rand: The Read function is now guaranteed not to fail. It will always return nil as the error result. If Read were to encounter an error while reading from Reader, the program will irrecoverably crash. Note that the platform APIs used by the default Reader are documented to always succeed, so this change should only affect programs that override the Reader variable. One exception are Linux kernels before version 3.17, where the default Reader still opens /dev/urandom and may fail. * crypto/rand: On Linux 6.11 and later, Reader now uses the getrandom system call via vDSO. This is several times faster, especially for small reads. * crypto/rand: On OpenBSD, Reader now uses arc4random_buf(3). * crypto/rand: The new Text function can be used to generate cryptographically secure random text strings. * crypto/rsa: GenerateKey now returns an error if a key of less than 1024 bits is requested. All Sign, Verify, Encrypt, and Decrypt methods now return an error if used with a key smaller than 1024 bits. Such keys are insecure and should not be used. GODEBUG setting rsa1024min=0 restores the old behavior, but we recommend doing so only if necessary and only in tests, for example by adding a //go:debug rsa1024min=0 line to a test file. A new GenerateKey example provides an easy-to-use standard 2048-bit test key. * crypto/rsa: It is now safe and more efficient to call PrivateKey.Precompute before PrivateKey.Validate. Precompute is now faster in the presence of partially filled out PrecomputedValues, such as when unmarshaling a key from JSON. * crypto/rsa: The package now rejects more invalid keys, even when Validate is not called, and GenerateKey may return new errors for broken random sources. The Primes and Precomputed fields of PrivateKey are now used and validated even when some values are missing. See also the changes to crypto/x509 parsing and marshaling of RSA keys described below. * crypto/rsa: SignPKCS1v15 and VerifyPKCS1v15 now support SHA-512/224, SHA-512/256, and SHA-3. * crypto/rsa: GenerateKey now uses a slightly different method to generate the private exponent (Carmichael's totient instead of Euler's totient). Rare applications that externally regenerate keys from only the prime factors may produce different but compatible results. * crypto/rsa: Public and private key operations are now up to two times faster on wasm. * crypto/sha1: The value returned by sha1.New now also implements the encoding.BinaryAppender interface. * crypto/sha256: The values returned by sha256.New and sha256.New224 now also implement the encoding.BinaryAppender interface. * crypto/sha512: The values returned by sha512.New, sha512.New384, sha512.New512_224 and sha512.New512_256 now also implement the encoding.BinaryAppender interface. * crypto/subtle: The new WithDataIndependentTiming function allows the user to run a function with architecture specific features enabled which guarantee specific instructions are data value timing invariant. This can be used to make sure that code designed to run in constant time is not optimized by CPU-level features such that it operates in variable time. Currently, WithDataIndependentTiming uses the PSTATE.DIT bit on arm64, and is a no-op on all other architectures. GODEBUG setting dataindependenttiming=1 enables the DIT mode for the entire Go program. * crypto/subtle: The XORBytes output must overlap exactly or not at all with the inputs. Previously, the behavior was otherwise undefined, while now XORBytes will panic. * crypto/tls: The TLS server now supports Encrypted Client Hello (ECH). This feature can be enabled by populating the Config.EncryptedClientHelloKeys field. * crypto/tls: The new post-quantum X25519MLKEM768 key exchange mechanism is now supported and is enabled by default when Config.CurvePreferences is nil. GODEBUG setting tlsmlkem=0 reverts the default. * crypto/tls: Support for the experimental X25519Kyber768Draft00 key exchange has been removed. * crypto/tls: Key exchange ordering is now handled entirely by the crypto/tls package. The order of Config.CurvePreferences is now ignored, and the contents are only used to determine which key exchanges to enable when the field is populated. * crypto/tls: The new ClientHelloInfo.Extensions field lists the IDs of the extensions received in the Client Hello message. This can be useful for fingerprinting TLS clients. * crypto/x509: The x509sha1 GODEBUG setting has been removed. Certificate.Verify no longer supports SHA-1 based signatures. * crypto/x509: OID now implements the encoding.BinaryAppender and encoding.TextAppender interfaces. * crypto/x509: The default certificate policies field has changed from Certificate.PolicyIdentifiers to Certificate.Policies. When parsing certificates, both fields will be populated, but when creating certificates policies will now be taken from the Certificate.Policies field instead of the Certificate.PolicyIdentifiers field. This change can be reverted with GODEBUG setting x509usepolicies=0. * crypto/x509: CreateCertificate will now generate a serial number using a RFC 5280 compliant method when passed a template with a nil Certificate.SerialNumber field, instead of failing. * crypto/x509: Certificate.Verify now supports policy validation, as defined in RFC 5280 and RFC 9618. The new VerifyOptions.CertificatePolicies field can be set to an acceptable set of policy OIDs. Only certificate chains with valid policy graphs will be returned from Certificate.Verify. * crypto/x509: MarshalPKCS8PrivateKey now returns an error instead of marshaling an invalid RSA key. (MarshalPKCS1PrivateKey doesn't have an error return, and its behavior when provided invalid keys continues to be undefined.) * crypto/x509: ParsePKCS1PrivateKey and ParsePKCS8PrivateKey now use and validate the encoded CRT values, so might reject invalid RSA keys that were previously accepted. Use GODEBUG setting x509rsacrt=0 to revert to recomputing the CRT values. * debug/elf: The debug/elf package adds support for handling symbol versions in dynamic ELF (Executable and Linkable Format) files. The new File.DynamicVersions method returns a list of dynamic versions defined in the ELF file. The new File.DynamicVersionNeeds method returns a list of dynamic versions required by this ELF file that are defined in other ELF objects. Finally, the new Symbol.HasVersion and Symbol.VersionIndex fields indicate the version of a symbol. * encoding: Two new interfaces, TextAppender and BinaryAppender, have been introduced to append the textual or binary representation of an object to a byte slice. These interfaces provide the same functionality as TextMarshaler and BinaryMarshaler, but instead of allocating a new slice each time, they append the data directly to an existing slice. These interfaces are now implemented by standard library types that already implemented TextMarshaler and/or BinaryMarshaler. * encoding/json: When marshaling, a struct field with the new omitzero option in the struct field tag will be omitted if its value is zero. If the field type has an IsZero() bool method, that will be used to determine whether the value is zero. Otherwise, the value is zero if it is the zero value for its type. The omitzero field tag is clearer and less error-prone than omitempty when the intent is to omit zero values. In particular, unlike omitempty, omitzero omits zero-valued time.Time values, which is a common source of friction. * encoding/json: If both omitempty and omitzero are specified, the field will be omitted if the value is either empty or zero (or both). * encoding/json: UnmarshalTypeError.Field now includes embedded structs to provide more detailed error messages. * go/types: All go/types data structures that expose sequences using a pair of methods such as Len() int and At(int) T now also have methods that return iterators, allowing you to simplify code. The methods are: Interface.EmbeddedTypes, Interface.ExplicitMethods, Interface.Methods, MethodSet.Methods, Named.Methods, Scope.Children, Struct.Fields, Tuple.Variables, TypeList.Types, TypeParamList.TypeParams, Union.Terms. * hash/adler32: The value returned by New now also implements the encoding.BinaryAppender interface. * hash/crc32: The values returned by New and NewIEEE now also implement the encoding.BinaryAppender interface. * hash/crc64: The value returned by New now also implements the encoding.BinaryAppender interface. * hash/fnv: The values returned by New32, New32a, New64, New64a, New128 and New128a now also implement the encoding.BinaryAppender interface. * hash/maphash: The new Comparable and WriteComparable functions can compute the hash of any comparable value. These make it possible to hash anything that can be used as a Go map key. * log/slog: The new DiscardHandler is a handler that is never enabled and always discards its output. * log/slog: Level and LevelVar now implement the encoding.TextAppender interface. * math/big: Float, Int and Rat now implement the encoding.TextAppender interface. * math/rand: Calls to the deprecated top-level Seed function no longer have any effect. To restore the old behavior use GODEBUG setting randseednop=0. For more background see proposal go#67273. * math/rand/v2: ChaCha8 and PCG now implement the encoding.BinaryAppender interface. * net: ListenConfig now uses MPTCP by default on systems where it is supported (currently on Linux only). * net: IP now implements the encoding.TextAppender interface. * net/http: Transport's limit on 1xx informational responses received in response to a request has changed. It previously aborted a request and returned an error after receiving more than 5 1xx responses. It now returns an error if the total size of all 1xx responses exceeds the Transport.MaxResponseHeaderBytes configuration setting. * net/http: In addition, when a request has a net/http/httptrace.ClientTrace.Got1xxResponse trace hook, there is now no limit on the total number of 1xx responses. The Got1xxResponse hook may return an error to abort a request. * net/http: Transport and Server now have an HTTP2 field which permits configuring HTTP/2 protocol settings. * net/http: The new Server.Protocols and Transport.Protocols fields provide a simple way to configure what HTTP protocols a server or client use. * net/http: The server and client may be configured to support unencrypted HTTP/2 connections. * net/http: When Server.Protocols contains UnencryptedHTTP2, the server will accept HTTP/2 connections on unencrypted ports. The server can accept both HTTP/1 and unencrypted HTTP/2 on the same port. * net/http: When Transport.Protocols contains UnencryptedHTTP2 and does not contain HTTP1, the transport will use unencrypted HTTP/2 for http:// URLs. If the transport is configured to use both HTTP/1 and unencrypted HTTP/2, it will use HTTP/1. * net/http: Unencrypted HTTP/2 support uses 'HTTP/2 with Prior Knowledge' (RFC 9113, section 3.3). The deprecated 'Upgrade: h2c' header is not supported. * net/netip: Addr, AddrPort and Prefix now implement the encoding.BinaryAppender and encoding.TextAppender interfaces. * net/url: URL now also implements the encoding.BinaryAppender interface. * os/user: On Windows, Current can now be used in Windows Nano Server. The implementation has been updated to avoid using functions from the NetApi32 library, which is not available in Nano Server. * os/user: On Windows, Current, Lookup and LookupId now support the following built-in service user accounts: NT AUTHORITY\SYSTEM, NT AUTHORITY\LOCAL SERVICE, NT AUTHORITY\NETWORK SERVICE * os/user: On Windows, Current has been made considerably faster when the current user is joined to a slow domain, which is the usual case for many corporate users. The new implementation performance is now in the order of milliseconds, compared to the previous implementation which could take several seconds, or even minutes, to complete. * os/user: On Windows, Current now returns the process owner user when the current thread is impersonating another user. Previously, it returned an error. * regexp: Regexp now implements the encoding.TextAppender interface. * runtime: The GOROOT function is now deprecated. In new code prefer to use the system path to locate the 'go' binary, and use go env GOROOT to find its GOROOT. * strings: The strings package adds several functions that work with iterators. * strings: Lines returns an iterator over the newline-terminated lines in a string. * strings: SplitSeq returns an iterator over all substrings of a string split around a separator. * strings: SplitAfterSeq returns an iterator over substrings of a string split after each instance of a separator. * strings: FieldsSeq returns an iterator over substrings of a string split around runs of whitespace characters, as defined by unicode.IsSpace. * strings: FieldsFuncSeq returns an iterator over substrings of a string split around runs of Unicode code points satisfying a predicate. * sync: The implementation of sync.Map has been changed, improving performance, particularly for map modifications. For instance, modifications of disjoint sets of keys are much less likely to contend on larger maps, and there is no longer any ramp-up time required to achieve low-contention loads from the map. If you encounter any problems, set GOEXPERIMENT=nosynchashtriemap at build time to switch back to the old implementation and please file an issue. * testing: The new T.Context and B.Context methods return a context that's canceled after the test completes and before test cleanup functions run. * testing: The new T.Chdir and B.Chdir methods can be used to change the working directory for the duration of a test or benchmark. * text/template: Templates now support range-over-func and range-over-int. * time: Time now implements the encoding.BinaryAppender and encoding.TextAppender interfaces. * Linux port: As announced in the Go 1.23 release notes, Go 1.24 requires Linux kernel version 3.2 or later. * Darwin port: Go 1.24 is the last release that will run on macOS 11 Big Sur. Go 1.25 will require macOS 12 Monterey or later. * WebAssembly: The go:wasmexport compiler directive is added for Go programs to export functions to the WebAssembly host. * WebAssembly: On WebAssembly System Interface Preview 1 (GOOS=wasip1 GOARCH=wasm), Go 1.24 supports building a Go program as a reactor/library, by specifying the -buildmode=c-shared build flag. * WebAssembly: More types are now permitted as argument or result types for go:wasmimport functions. Specifically, bool, string, uintptr, and pointers to certain types are allowed (see the documentation for detail), along with 32-bit and 64-bit integer and float types, and unsafe.Pointer, which are already allowed. These types are also permitted as argument or result types for go:wasmexport functions. * WebAssembly: The support files for WebAssembly have been moved to lib/wasm from misc/wasm. * Windows: The 32-bit windows/arm port (GOOS=windows GOARCH=arm) has been marked broken. See issue go#70705 for details. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:802-1 Released: Thu Mar 6 15:05:29 2025 Summary: Security update for go1.24 Type: security Severity: moderate References: 1236217,1238572,CVE-2025-22870 This update for go1.24 fixes the following issues: - CVE-2025-22870: golang.org/x/net/proxy, golang.org/x/net/http/httpproxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238572) Other fixes: - Updated go version to go1.24.1 (bsc#1236217): * go#71986 go#71984 bsc#1238572 security: fix CVE-2025-22870 net/http, x/net/proxy, x/net/http/httpproxy: proxy bypass using IPv6 zone IDs * go#71687 cmd/go: panics with GOAUTH='git dir' go get -x * go#71705 runtime: add linkname of runtime.lastmoduledatap for cloudwego/sonic * go#71728 runtime: usleep computes wrong tv_nsec on s390x * go#71745 crypto: add fips140 as an opaque GODEBUG setting and add documentation for it * go#71829 cmd/compile: fail to compile package in 1.24 * go#71836 os: possible regression from Go 1.23 to Go 1.24 when opening DevNull with O_TRUNC * go#71840 runtime: recover added in range-over-func loop body doesn't stop panic propagation / segfaults printing error * go#71849 os: spurious SIGCHILD on running child process * go#71855 cmd/compile: Pow10 freeze the compiler on certain condition on Go 1.24 * go#71858 debug/buildinfo: false positives with external scanners flag for go117 binary in testdata * go#71876 reflect: Value.Seq panicking on functional iterator methods * go#71904 cmd/compile: nil dereference when storing field of non-nil struct value * go#71916 reflect: Value.Seq iteration value types not matching the type of given int types * go#71938 cmd/compile: 'fatal error: found pointer to free object' on arm64 * go#71955 proposal: runtime: allow cleanups to run concurrently * go#71963 runtime/cgo: does not build with -Wdeclaration-after-statement * go#71977 syscall: js/wasm file operations fail on windows / node.js ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1153-1 Released: Mon Apr 7 10:15:48 2025 Summary: Security update for go1.24 Type: security Severity: important References: 1236217,1239182,1240550,CVE-2025-22871 This update for go1.24 fixes the following issues: - Update to go1.24.2 - CVE-2025-22871: Fix an issue with request smuggling through invalid chunked data. (bsc#1240550) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1428-1 Released: Fri May 2 09:54:49 2025 Summary: Recommended update for go1.24 Type: recommended Severity: important References: 1240764 This update for go1.24 fixes the following issues: - Fixed random segmentation faults (bsc#1240764) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1551-1 Released: Wed May 14 19:06:08 2025 Summary: Security update for go1.24 Type: security Severity: moderate References: 1236217,1242715,CVE-2025-22873 This update for go1.24 fixes the following issues: Update to go1.24.3 (bsc#1236217): Security fixes: - CVE-2025-22873: Fixed os.Root permits access to parent directory (bsc#1242715) Changelog: * go#73556 go#73555 security: fix CVE-2025-22873 os: Root permits access to parent directory * go#73082 os: Root.Open panics when opening a symlink referencing the root * go#73092 cmd/link: linkname directive on userspace variable can override runtime variable * go#73118 crypto/tls: ECH decodeInnerClientHello incorrectly rejects ClientHello with GREASE values in supportedVersions * go#73144 runtime: segmentation fault from vgetrandomPutState and runtime.growslice w/ runtime.OSLockThread * go#73192 runtime: -race data race map traceback report incorrect functions * go#73281 cmd/compile: program compiles to wasm but is invalid: go:wasmexport: integer too large * go#73379 runtime, x/sys/unix: Connectx is broken on darwin/amd64 * go#73440 cmd/compile: infinite loop in the inliner * go#73500 cmd/go: +dirty in version stamping doesn't combine well with +incompatible ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1846-1 Released: Mon Jun 9 20:33:58 2025 Summary: Security update for go1.24 Type: security Severity: important References: 1236217,1242715,1244156,1244157,1244158,CVE-2025-0913,CVE-2025-22873,CVE-2025-22874,CVE-2025-4673 This update for go1.24 fixes the following issues: go1.24.4 (released 2025-06-05) includes security fixes to the crypto/x509, net/http, and os packages, as well as bug fixes to the linker, the go command, and the hash/maphash and os packages. ( bsc#1236217 go1.24 release tracking CVE-2025-22874 CVE-2025-0913 CVE-2025-4673) * CVE-2025-22874: crypto/x509: ExtKeyUsageAny bypasses policy validation (bsc#1244158) * CVE-2025-0913: os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows (bsc#1244157) * CVE-2025-4673: net/http: sensitive headers not cleared on cross-origin redirect (bsc#1244156) * os: Root.Mkdir creates directories with zero permissions on OpenBSD * hash/maphash: hashing channels with purego impl. of maphash.Comparable panics * runtime/debug: BuildSetting does not document DefaultGODEBUG * cmd/go: add fips140 module selection mechanism * cmd/link: Go 1.24.3 and 1.23.9 regression - duplicated definition of symbol dlopen * CVE-2025-22873: os: Root permits access to parent directory ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2295-1 Released: Fri Jul 11 17:18:47 2025 Summary: Security update for go1.24 Type: security Severity: important References: 1236217,1246118,CVE-2025-4674 This update for go1.24 fixes the following issues: - Update to version go1.24.5 - CVE-2025-4674: Fixed potential command execution in untrusted VCS repositories. (bsc#1246118) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2760-1 Released: Tue Aug 12 14:08:20 2025 Summary: Security update for go1.24 Type: security Severity: moderate References: 1236217,1247719,1247720,CVE-2025-47906,CVE-2025-47907 This update for go1.24 fixes the following issues: - Update to go1.24.6: * CVE-2025-47906: Fixed LookPath returning unexpected paths (bsc#1247719) * CVE-2025-47907: Fixed incorrect results returned from Rows.Scan (bsc#1247720) * go#73800 runtime: RSS seems to have increased in Go 1.24 while the runtime accounting has not * go#74416 runtime: use-after-free of allpSnapshot in findRunnable * go#74694 runtime: segfaults in runtime.(*unwinder).next * go#74760 os/user:nolibgcc: TestGroupIdsTestUser failures ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - go1.24-doc-1.24.6-150000.1.32.1 added - glibc-devel-2.38-150600.14.37.1 updated - go1.24-1.24.6-150000.1.32.1 added - go1.24-race-1.24.6-150000.1.32.1 added - container:registry.suse.com-bci-bci-base-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated - go1.23-1.23.12-150000.1.40.1 removed - go1.23-doc-1.23.12-150000.1.40.1 removed - go1.23-race-1.23.12-150000.1.40.1 removed From sle-container-updates at lists.suse.com Thu Aug 28 07:07:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Aug 2025 09:07:29 +0200 (CEST) Subject: SUSE-CU-2025:6653-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250828070729.1A790FF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:6653-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.103 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.103 Severity : important Type : security References : 1204142 1219338 1225707 1230216 1232234 1233300 1235613 1235837 1236333 1236897 1238896 1239061 1239470 1240058 1240323 1240885 1240966 1241166 1241345 1241537 1242086 1242414 1242837 1242960 1242965 1242993 1243068 1243100 1243479 1243669 1243806 1244309 1244337 1244457 1244735 1244749 1244750 1244792 1244801 1245151 1245201 1245202 1245216 1245260 1245431 1245440 1245457 1245498 1245499 1245504 1245506 1245508 1245510 1245540 1245598 1245599 1245646 1245647 1245649 1245650 1245654 1245658 1245660 1245665 1245666 1245668 1245669 1245670 1245671 1245675 1245676 1245677 1245679 1245682 1245683 1245684 1245688 1245689 1245690 1245691 1245695 1245705 1245708 1245711 1245713 1245714 1245719 1245723 1245729 1245730 1245731 1245735 1245737 1245744 1245745 1245746 1245747 1245748 1245749 1245750 1245751 1245752 1245757 1245758 1245765 1245768 1245769 1245777 1245781 1245789 1245937 1245945 1245951 1245952 1245954 1245957 1245966 1245970 1245976 1245980 1245983 1245986 1246000 1246002 1246006 1246008 1246020 1246023 1246029 1246031 1246037 1246041 1246042 1246044 1246045 1246047 1246049 1246050 1246055 1246073 1246093 1246098 1246109 1246122 1246125 1246171 1246173 1246178 1246182 1246183 1246186 1246195 1246203 1246212 1246220 1246221 1246236 1246240 1246243 1246246 1246249 1246250 1246253 1246258 1246262 1246264 1246266 1246268 1246273 1246283 1246287 1246292 1246293 1246295 1246334 1246337 1246342 1246349 1246354 1246358 1246361 1246364 1246370 1246375 1246384 1246386 1246387 1246438 1246453 1246473 1246490 1246506 1246547 1246777 1246781 1246870 1246879 1246911 1246965 1247018 1247023 1247028 1247031 1247033 1247035 1247061 1247089 1247091 1247097 1247098 1247101 1247103 1247104 1247113 1247118 1247123 1247125 1247128 1247132 1247138 1247141 1247143 1247145 1247146 1247147 1247149 1247150 1247151 1247153 1247154 1247156 1247160 1247164 1247169 1247170 1247171 1247172 1247174 1247176 1247177 1247178 1247181 1247209 1247210 1247227 1247233 1247236 1247238 1247241 1247251 1247252 1247253 1247255 1247271 1247273 1247274 1247276 1247277 1247278 1247279 1247284 1247285 1247288 1247289 1247293 1247311 1247314 1247317 1247347 1247348 1247349 1247374 1247437 1247450 CVE-2019-11135 CVE-2024-10041 CVE-2024-36028 CVE-2024-36348 CVE-2024-36349 CVE-2024-36350 CVE-2024-36357 CVE-2024-44963 CVE-2024-49861 CVE-2024-56742 CVE-2024-57947 CVE-2025-21839 CVE-2025-21854 CVE-2025-21872 CVE-2025-22090 CVE-2025-23163 CVE-2025-37798 CVE-2025-37856 CVE-2025-37864 CVE-2025-37885 CVE-2025-37920 CVE-2025-37984 CVE-2025-38034 CVE-2025-38035 CVE-2025-38051 CVE-2025-38052 CVE-2025-38058 CVE-2025-38061 CVE-2025-38062 CVE-2025-38063 CVE-2025-38064 CVE-2025-38074 CVE-2025-38084 CVE-2025-38085 CVE-2025-38087 CVE-2025-38088 CVE-2025-38089 CVE-2025-38090 CVE-2025-38094 CVE-2025-38095 CVE-2025-38097 CVE-2025-38098 CVE-2025-38099 CVE-2025-38100 CVE-2025-38102 CVE-2025-38105 CVE-2025-38107 CVE-2025-38108 CVE-2025-38109 CVE-2025-38110 CVE-2025-38111 CVE-2025-38112 CVE-2025-38113 CVE-2025-38115 CVE-2025-38117 CVE-2025-38118 CVE-2025-38120 CVE-2025-38122 CVE-2025-38123 CVE-2025-38124 CVE-2025-38126 CVE-2025-38127 CVE-2025-38129 CVE-2025-38131 CVE-2025-38132 CVE-2025-38135 CVE-2025-38136 CVE-2025-38138 CVE-2025-38142 CVE-2025-38143 CVE-2025-38145 CVE-2025-38147 CVE-2025-38148 CVE-2025-38149 CVE-2025-38151 CVE-2025-38153 CVE-2025-38154 CVE-2025-38155 CVE-2025-38157 CVE-2025-38158 CVE-2025-38159 CVE-2025-38161 CVE-2025-38162 CVE-2025-38165 CVE-2025-38166 CVE-2025-38173 CVE-2025-38174 CVE-2025-38177 CVE-2025-38180 CVE-2025-38181 CVE-2025-38182 CVE-2025-38183 CVE-2025-38187 CVE-2025-38188 CVE-2025-38192 CVE-2025-38193 CVE-2025-38194 CVE-2025-38197 CVE-2025-38198 CVE-2025-38200 CVE-2025-38202 CVE-2025-38203 CVE-2025-38204 CVE-2025-38206 CVE-2025-38210 CVE-2025-38211 CVE-2025-38212 CVE-2025-38213 CVE-2025-38214 CVE-2025-38215 CVE-2025-38217 CVE-2025-38220 CVE-2025-38222 CVE-2025-38225 CVE-2025-38226 CVE-2025-38227 CVE-2025-38229 CVE-2025-38231 CVE-2025-38236 CVE-2025-38239 CVE-2025-38244 CVE-2025-38246 CVE-2025-38248 CVE-2025-38249 CVE-2025-38250 CVE-2025-38257 CVE-2025-38259 CVE-2025-38264 CVE-2025-38272 CVE-2025-38273 CVE-2025-38275 CVE-2025-38277 CVE-2025-38279 CVE-2025-38283 CVE-2025-38286 CVE-2025-38289 CVE-2025-38290 CVE-2025-38292 CVE-2025-38293 CVE-2025-38300 CVE-2025-38303 CVE-2025-38304 CVE-2025-38305 CVE-2025-38307 CVE-2025-38310 CVE-2025-38312 CVE-2025-38313 CVE-2025-38319 CVE-2025-38323 CVE-2025-38326 CVE-2025-38328 CVE-2025-38332 CVE-2025-38334 CVE-2025-38335 CVE-2025-38336 CVE-2025-38337 CVE-2025-38338 CVE-2025-38342 CVE-2025-38343 CVE-2025-38344 CVE-2025-38345 CVE-2025-38348 CVE-2025-38349 CVE-2025-38350 CVE-2025-38352 CVE-2025-38354 CVE-2025-38362 CVE-2025-38363 CVE-2025-38364 CVE-2025-38365 CVE-2025-38369 CVE-2025-38371 CVE-2025-38373 CVE-2025-38375 CVE-2025-38376 CVE-2025-38377 CVE-2025-38380 CVE-2025-38382 CVE-2025-38384 CVE-2025-38385 CVE-2025-38386 CVE-2025-38387 CVE-2025-38389 CVE-2025-38391 CVE-2025-38392 CVE-2025-38393 CVE-2025-38395 CVE-2025-38396 CVE-2025-38399 CVE-2025-38400 CVE-2025-38401 CVE-2025-38403 CVE-2025-38404 CVE-2025-38406 CVE-2025-38409 CVE-2025-38410 CVE-2025-38412 CVE-2025-38414 CVE-2025-38415 CVE-2025-38416 CVE-2025-38420 CVE-2025-38424 CVE-2025-38425 CVE-2025-38426 CVE-2025-38428 CVE-2025-38429 CVE-2025-38430 CVE-2025-38436 CVE-2025-38443 CVE-2025-38448 CVE-2025-38449 CVE-2025-38455 CVE-2025-38457 CVE-2025-38460 CVE-2025-38461 CVE-2025-38462 CVE-2025-38463 CVE-2025-38465 CVE-2025-38467 CVE-2025-38468 CVE-2025-38470 CVE-2025-38471 CVE-2025-38473 CVE-2025-38474 CVE-2025-38476 CVE-2025-38477 CVE-2025-38478 CVE-2025-38480 CVE-2025-38481 CVE-2025-38482 CVE-2025-38483 CVE-2025-38485 CVE-2025-38487 CVE-2025-38489 CVE-2025-38494 CVE-2025-38495 CVE-2025-38496 CVE-2025-38497 CVE-2025-38498 CVE-2025-8058 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2996-1 Released: Wed Aug 27 14:02:41 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1204142,1219338,1225707,1230216,1233300,1235613,1235837,1236333,1236897,1238896,1239061,1239470,1240323,1240885,1240966,1241166,1241345,1241537,1242086,1242414,1242837,1242960,1242965,1242993,1243068,1243100,1243479,1243669,1243806,1244309,1244337,1244457,1244735,1244749,1244750,1244792,1244801,1245151,1245201,1245202,1245216,1245260,1245431,1245440,1245457,1245498,1245499,1245504,1245506,1245508,1245510,1245540,1245598,1245599,1245646,1245647,1245649,1245650,1245654,1245658,1245660,1245665,1245666,1245668,1245669,1245670,1245671,1245675,1245676,1245677,1245679,1245682,1245683,1245684,1245688,1245689,1245690,1245691,1245695,1245705,1245708,1245711,1245713,1245714,1245719,1245723,1245729,1245730,1245731,1245735,1245737,1245744,1245745,1245746,1245747,1245748,1245749,1245750,1245751,1245752,1245757,1245758,1245765,1245768,1245769,1245777,1245781,1245789,1245937,1245945,1245951,1245952,1245954,1245957,1245966,1245970,1245976,1245980,1245983,1245986,1246000,1246002,1246006,1 246008,1246020,1246023,1246029,1246031,1246037,1246041,1246042,1246044,1246045,1246047,1246049,1246050,1246055,1246073,1246093,1246098,1246109,1246122,1246125,1246171,1246173,1246178,1246182,1246183,1246186,1246195,1246203,1246212,1246220,1246236,1246240,1246243,1246246,1246249,1246250,1246253,1246258,1246262,1246264,1246266,1246268,1246273,1246283,1246287,1246292,1246293,1246295,1246334,1246337,1246342,1246349,1246354,1246358,1246361,1246364,1246370,1246375,1246384,1246386,1246387,1246438,1246453,1246473,1246490,1246506,1246547,1246777,1246781,1246870,1246879,1246911,1247018,1247023,1247028,1247031,1247033,1247035,1247061,1247089,1247091,1247097,1247098,1247101,1247103,1247104,1247113,1247118,1247123,1247125,1247128,1247132,1247138,1247141,1247143,1247145,1247146,1247147,1247149,1247150,1247151,1247153,1247154,1247156,1247160,1247164,1247169,1247170,1247171,1247172,1247174,1247176,1247177,1247178,1247181,1247209,1247210,1247227,1247233,1247236,1247238,1247241,1247251,1247252,124725 3,1247255,1247271,1247273,1247274,1247276,1247277,1247278,1247279,1247284,1247285,1247288,1247289,1247293,1247311,1247314,1247317,1247347,1247348,1247349,1247374,1247437,1247450,CVE-2019-11135,CVE-2024-36028,CVE-2024-36348,CVE-2024-36349,CVE-2024-36350,CVE-2024-36357,CVE-2024-44963,CVE-2024-49861,CVE-2024-56742,CVE-2024-57947,CVE-2025-21839,CVE-2025-21854,CVE-2025-21872,CVE-2025-22090,CVE-2025-23163,CVE-2025-37798,CVE-2025-37856,CVE-2025-37864,CVE-2025-37885,CVE-2025-37920,CVE-2025-37984,CVE-2025-38034,CVE-2025-38035,CVE-2025-38051,CVE-2025-38052,CVE-2025-38058,CVE-2025-38061,CVE-2025-38062,CVE-2025-38063,CVE-2025-38064,CVE-2025-38074,CVE-2025-38084,CVE-2025-38085,CVE-2025-38087,CVE-2025-38088,CVE-2025-38089,CVE-2025-38090,CVE-2025-38094,CVE-2025-38095,CVE-2025-38097,CVE-2025-38098,CVE-2025-38099,CVE-2025-38100,CVE-2025-38102,CVE-2025-38105,CVE-2025-38107,CVE-2025-38108,CVE-2025-38109,CVE-2025-38110,CVE-2025-38111,CVE-2025-38112,CVE-2025-38113,CVE-2025-38115,CVE-2025-38117,CVE-2025- 38118,CVE-2025-38120,CVE-2025-38122,CVE-2025-38123,CVE-2025-38124,CVE-2025-38126,CVE-2025-38127,CVE-2025-38129,CVE-2025-38131,CVE-2025-38132,CVE-2025-38135,CVE-2025-38136,CVE-2025-38138,CVE-2025-38142,CVE-2025-38143,CVE-2025-38145,CVE-2025-38147,CVE-2025-38148,CVE-2025-38149,CVE-2025-38151,CVE-2025-38153,CVE-2025-38154,CVE-2025-38155,CVE-2025-38157,CVE-2025-38158,CVE-2025-38159,CVE-2025-38161,CVE-2025-38162,CVE-2025-38165,CVE-2025-38166,CVE-2025-38173,CVE-2025-38174,CVE-2025-38177,CVE-2025-38180,CVE-2025-38181,CVE-2025-38182,CVE-2025-38183,CVE-2025-38187,CVE-2025-38188,CVE-2025-38192,CVE-2025-38193,CVE-2025-38194,CVE-2025-38197,CVE-2025-38198,CVE-2025-38200,CVE-2025-38202,CVE-2025-38203,CVE-2025-38204,CVE-2025-38206,CVE-2025-38210,CVE-2025-38211,CVE-2025-38212,CVE-2025-38213,CVE-2025-38214,CVE-2025-38215,CVE-2025-38217,CVE-2025-38220,CVE-2025-38222,CVE-2025-38225,CVE-2025-38226,CVE-2025-38227,CVE-2025-38229,CVE-2025-38231,CVE-2025-38236,CVE-2025-38239,CVE-2025-38244,CVE-2025-38246,C VE-2025-38248,CVE-2025-38249,CVE-2025-38250,CVE-2025-38257,CVE-2025-38259,CVE-2025-38264,CVE-2025-38272,CVE-2025-38273,CVE-2025-38275,CVE-2025-38277,CVE-2025-38279,CVE-2025-38283,CVE-2025-38286,CVE-2025-38289,CVE-2025-38290,CVE-2025-38292,CVE-2025-38293,CVE-2025-38300,CVE-2025-38303,CVE-2025-38304,CVE-2025-38305,CVE-2025-38307,CVE-2025-38310,CVE-2025-38312,CVE-2025-38313,CVE-2025-38319,CVE-2025-38323,CVE-2025-38326,CVE-2025-38328,CVE-2025-38332,CVE-2025-38334,CVE-2025-38335,CVE-2025-38336,CVE-2025-38337,CVE-2025-38338,CVE-2025-38342,CVE-2025-38343,CVE-2025-38344,CVE-2025-38345,CVE-2025-38348,CVE-2025-38349,CVE-2025-38350,CVE-2025-38352,CVE-2025-38354,CVE-2025-38362,CVE-2025-38363,CVE-2025-38364,CVE-2025-38365,CVE-2025-38369,CVE-2025-38371,CVE-2025-38373,CVE-2025-38375,CVE-2025-38376,CVE-2025-38377,CVE-2025-38380,CVE-2025-38382,CVE-2025-38384,CVE-2025-38385,CVE-2025-38386,CVE-2025-38387,CVE-2025-38389,CVE-2025-38391,CVE-2025-38392,CVE-2025-38393,CVE-2025-38395,CVE-2025-38396,CVE-2025 -38399,CVE-2025-38400,CVE-2025-38401,CVE-2025-38403,CVE-2025-38404,CVE-2025-38406,CVE-2025-38409,CVE-2025-38410,CVE-2025-38412,CVE-2025-38414,CVE-2025-38415,CVE-2025-38416,CVE-2025-38420,CVE-2025-38424,CVE-2025-38425,CVE-2025-38426,CVE-2025-38428,CVE-2025-38429,CVE-2025-38430,CVE-2025-38436,CVE-2025-38443,CVE-2025-38448,CVE-2025-38449,CVE-2025-38455,CVE-2025-38457,CVE-2025-38460,CVE-2025-38461,CVE-2025-38462,CVE-2025-38463,CVE-2025-38465,CVE-2025-38467,CVE-2025-38468,CVE-2025-38470,CVE-2025-38471,CVE-2025-38473,CVE-2025-38474,CVE-2025-38476,CVE-2025-38477,CVE-2025-38478,CVE-2025-38480,CVE-2025-38481,CVE-2025-38482,CVE-2025-38483,CVE-2025-38485,CVE-2025-38487,CVE-2025-38489,CVE-2025-38494,CVE-2025-38495,CVE-2025-38496,CVE-2025-38497,CVE-2025-38498 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-36028: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (bsc#1225707). - CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357: x86/process: Move the buffer clearing before MONITOR (bsc#1238896). - CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (1230216). - CVE-2024-49861: net: clear the dst when changing skb protocol (bsc#1245954). - CVE-2024-56742: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (bsc#1235613). - CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061). - CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470). - CVE-2025-21872: efi/mokvar-table: Avoid repeated map/unmap of the same page (bsc#1240323). - CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537). - CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837). - CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068). - CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479). - CVE-2025-37984: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (bsc#1243669). - CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792). - CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801). - CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750). - CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151). - CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440). - CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216). - CVE-2025-38063: dm: fix unconditional IO throttle caused by REQ_PREFLUSH (bsc#1245202). - CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201). - CVE-2025-38074: vhost-scsi: protect vq->log_used with vq->mutex (bsc#1244735). - CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649). - CVE-2025-38097: kabi: restore encap_sk in struct xfrm_state (bsc#1245660). - CVE-2025-38098: drm/amd/display: Do not treat wb connector as physical in (bsc#1245654). - CVE-2025-38099: Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers (bsc#1245671). - CVE-2025-38100: x86/iopl: Cure TIF_IO_BITMAP inconsistencies (bsc#1245650). - CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682). - CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689). - CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695). - CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708). - CVE-2025-38131: coresight: prevent deactivate active config while enabling the config (bsc#1245677). - CVE-2025-38132: coresight: holding cscfg_csdev_lock while removing cscfg from csdev (bsc#1245679). - CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768). - CVE-2025-38158: hisi_acc_vfio_pci: fix XQE dma address error (bsc#1245750). - CVE-2025-38162: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (bsc#1245752). - CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937). - CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() (bsc#1246006). - CVE-2025-38187: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951). - CVE-2025-38188: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (bsc#1246098). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38202: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (bsc#1245980). - CVE-2025-38203: jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044). - CVE-2025-38204: jfs: fix array-index-out-of-bounds read in add_missing_indices (bsc#1245983). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073). - CVE-2025-38210: configfs-tsm-report: Fix NULL dereference of tsm_ops (bsc#1246020). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966). - CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976). - CVE-2025-38236: af_unix: Disable MSG_OOB for unprivileged users (bsc#1246093). - CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index (bsc#1246178). - CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183). - CVE-2025-38248: bridge: mcast: Fix use-after-free during router port configuration (bsc#1246173). - CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182). - CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387). - CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268). - CVE-2025-38279: selftests/bpf: Add tests with stack ptr register in conditional jmp (bsc#1246264). - CVE-2025-38283: hisi_acc_vfio_pci: bugfix live migration function without VF device driver (bsc#1246273). - CVE-2025-38303: Bluetooth: eir: Fix possible crashes on eir_create_adv_data (bsc#1246354). - CVE-2025-38310: seg6: Fix validation of nexthop addresses (bsc#1246361). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38334: x86/sgx: Prevent attempts to reclaim poisoned pages (bsc#1246384). - CVE-2025-38335: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (bsc#1246250). - CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253). - CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911). - CVE-2025-38364: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() (bsc#1247091). - CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023). - CVE-2025-38371: drm/v3d: Disable interrupts before resetting the GPU (bsc#1247178). - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177). - CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031). - CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169). - CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156). - CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097). - CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141). - CVE-2025-38414: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (bsc#1247145). - CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252). - CVE-2025-38429: bus: mhi: ep: Update read pointer only after buffer is written (bsc#1247253). - CVE-2025-38455: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (bsc#1247101). - CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098). - CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143). - CVE-2025-38461: vsock: Fix transport_* TOCTOU (bsc#1247103). - CVE-2025-38462: vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1247104). - CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113). - CVE-2025-38465: netlink: make sure we allow at least one dump skb (bsc#1247118). - CVE-2025-38470: kABI fix for net: vlan: fix VLAN 0 refcount imbalance of toggling (bsc#1247288). - CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247450). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). - CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374). The following non-security bugs were fixed: - Fix dma_unmap_sg() nents value (git-fixes) - Logitech C-270 even more broken (stable-fixes). - Reapply 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes). - Revert 'ACPI: battery: negate current when discharging' (stable-fixes). - Revert 'cgroup_freezer: cgroup_freezing: Check if not frozen' (bsc#1219338). - Revert 'drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1' (stable-fixes). - Revert 'mmc: sdhci: Disable SD card clock before changing parameters' (git-fixes). - Revert 'usb: xhci: Implement xhci_handshake_check_state() helper' (git-fixes). - Revert 'vgacon: Add check for vc_origin address range in vgacon_scroll()' (stable-fixes). - acpi: LPSS: Remove AudioDSP related ID (git-fixes). - acpi: PRM: Reduce unnecessary printing to avoid user confusion (bsc#1246122). - acpi: processor: perflib: Fix initial _PPC limit application (git-fixes). - acpica: Refuse to evaluate a method if arguments are missing (stable-fixes). - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (git-fixes). - af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093). - alsa: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes). - alsa: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes). - alsa: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (stable-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes). - alsa: hda/tegra: Add Tegra264 support (stable-fixes). - alsa: hda: Add missing NVIDIA HDA codec IDs (stable-fixes). - alsa: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes). - alsa: hda: Ignore unsol events for cards being shut down (stable-fixes). - alsa: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes). - alsa: sb: Do not allow changing the DMA mode during operations (stable-fixes). - alsa: sb: Force to disable DMAs once when DMA mode is changed (stable-fixes). - amd/amdkfd: fix a kfd_process ref leak (stable-fixes). - aoe: clean device rq_list in aoedev_downdev() (git-fixes). - apple-mfi-fastcharge: protect first device name (git-fixes). - asoc: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 (stable-fixes). - asoc: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (stable-fixes). - asoc: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (stable-fixes). - asoc: amd: yc: update quirk data for HP Victus (stable-fixes). - asoc: codec: wcd9335: Convert to GPIO descriptors (stable-fixes). - asoc: codecs: wcd9335: Fix missing free of regulator supplies (git-fixes). - asoc: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() (stable-fixes). - asoc: cs35l56: probe() should fail if the device ID is not recognized (git-fixes). - asoc: fsl_asrc: use internal measured ratio for non-ideal ratio mode (git-fixes). - asoc: fsl_xcvr: get channel status data when PHY is not exists (git-fixes). - asoc: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes). - asoc: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes). - ata: pata_cs5536: fix build on 32-bit UML (stable-fixes). - audit,module: restore audit logging in load failure case (git-fixes). - bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (git-fixes). - bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes). - bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (git-fixes). - bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT (git-fixes). - bluetooth: MGMT: mesh_send: check instances prior disabling advertising (git-fixes). - bluetooth: MGMT: set_mesh: update LE scan interval and window (git-fixes). - bluetooth: Prevent unintended pause by checking if advertising is active (git-fixes). - bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (git-fixes). - bluetooth: SMP: If an unallowed command is received consider it a failure (git-fixes). - bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (git-fixes). - bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes). - bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (git-fixes). - bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes). - bluetooth: hci_sync: Attempt to dequeue connection attempt (git-fixes). - bluetooth: hci_sync: Fix UAF on create_le_conn_complete (git-fixes). - bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL (git-fixes). - bluetooth: hci_sync: Fix not disabling advertising instance (git-fixes). - bluetooth: hci_sync: fix connectable extended advertising when using static random address (git-fixes). - bluetooth: hci_sync: revert some mesh modifications (git-fixes). - bpf, sockmap: Fix sk_msg_reset_curr (git-fixes). - bpf/lpm_trie: Inline longest_prefix_match for fastpath (git-fixes). - bpf/selftests: Check errno when percpu map value size exceeds (git-fixes). - bpf: Add a possibly-zero-sized read test (git-fixes). - bpf: Avoid __hidden__ attribute in static object (git-fixes). - bpf: Check percpu map value size first (git-fixes). - bpf: Disable some `attribute ignored' warnings in GCC (git-fixes). - bpf: Fix memory leak in bpf_core_apply (git-fixes). - bpf: Fix potential integer overflow in resolve_btfids (git-fixes). - bpf: Harden __bpf_kfunc tag against linker kfunc removal (git-fixes). - bpf: Make the pointer returned by iter next method valid (git-fixes). - bpf: Simplify checking size of helper accesses (git-fixes). - bpf: fix order of args in call to bpf_map_kvcalloc (git-fixes). - bpf: sockmap, updating the sg structure should also update curr (git-fixes). - bpftool: Fix missing pids during link show (git-fixes). - bpftool: Fix undefined behavior caused by shifting into the sign bit (git-fixes). - bpftool: Mount bpffs on provided dir instead of parent dir (git-fixes). - bpftool: Remove unnecessary source files from bootstrap version (git-fixes). - bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer (git-fixes). - btrfs: do not ignore inode missing when replaying log tree (git-fixes). - btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes). - btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes). - btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068) - btrfs: fix assertion when building free space tree (git-fixes). - btrfs: fix inode lookup error handling during log replay (git-fixes). - btrfs: fix invalid inode pointer dereferences during log replay (git-fixes). - btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes). - btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes). - btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes). - btrfs: fix ssd_spread overallocation (git-fixes). - btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068) - btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes). - btrfs: rename err to ret in btrfs_rmdir() (git-fixes). - btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes). - btrfs: return a btrfs_inode from read_one_inode() (git-fixes). - btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes). - btrfs: update superblock's device bytes_used when dropping chunk (git-fixes). - btrfs: use NOFS context when getting inodes during logging and log replay (git-fixes). - btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes). - bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes). - bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes). - can: dev: can_restart(): move debug message and stats after successful restart (stable-fixes). - can: dev: can_restart(): reverse logic to remove need for goto (stable-fixes). - can: kvaser_pciefd: Store device channel index (git-fixes). - can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes). - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (git-fixes). - can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes). - can: peak_usb: fix USB FD devices potential malfunction (git-fixes). - cdc-acm: fix race between initial clearing halt and open (git-fixes). - cgroup,freezer: fix incomplete freezing when attaching tasks (bsc#1245789). - cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks (bsc#1241166). - cifs: reconnect helper should set reconnect for the right channel (git-fixes). - clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes). - clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes). - clk: sunxi-ng: v3s: Fix de clock definition (git-fixes). - clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes). - clocksource: Scale the watchdog read retries automatically (bsc#1241345 bsc#1244457). - clocksource: Set cs_watchdog_read() checks based on .uncertainty_margin (bsc#1241345 bsc#1244457). - comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (git-fixes). - comedi: Fix initialization of data for instructions that write to subdevice (git-fixes). - comedi: Fix some signed shift left operations (git-fixes). - comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (git-fixes). - comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes). - comedi: das16m1: Fix bit shift out of bounds (git-fixes). - comedi: das6402: Fix bit shift out of bounds (git-fixes). - comedi: pcl812: Fix bit shift out of bounds (git-fixes). - compiler_types.h: Define __retain for __attribute__((__retain__)) (git-fixes). - crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes). - crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes). - crypto: ccp - Fix locking on alloc failure handling (git-fixes). - crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes). - crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes). - crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes). - crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes). - crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes). - crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes). - crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes). - crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes). - crypto: qat - fix state restore for banks with exceptions (git-fixes). - crypto: qat - flush misc workqueue during device shutdown (git-fixes). - crypto: qat - use unmanaged allocation for dc_data (git-fixes). - crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes). - dm-bufio: fix sched in atomic context (git-fixes). - dm-flakey: error all IOs when num_features is absent (git-fixes). - dm-flakey: make corrupting read bios work (git-fixes). - dm-mirror: fix a tiny race condition (git-fixes). - dm-raid: fix variable in journal device check (git-fixes). - dm-verity: fix a memory leak if some arguments are specified multiple times (git-fixes). - dm: do not change md if dm_table_set_restrictions() fails (git-fixes). - dm: free table mempools if not used in __bind (git-fixes). - dm: restrict dm device size to 2^63-512 bytes (git-fixes). - dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (stable-fixes). - dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes). - dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (stable-fixes). - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes). - dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes). - dmaengine: nbpfaxi: Fix memory corruption in probe() (git-fixes). - dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes). - dmaengine: xilinx_dma: Set dma_device directions (stable-fixes). - docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes). - documentation: ACPI: Fix parent device references (git-fixes). - documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes). - drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes). - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes). - drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (git-fixes). - drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram (stable-fixes). - drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes). - drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed (git-fixes). - drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type (git-fixes). - drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes). - drm/bridge: ti-sn65dsi86: make use of debugfs_init callback (stable-fixes). - drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (git-fixes). - drm/exynos: fimd: Guard display clock control with runtime PM calls (git-fixes). - drm/framebuffer: Acquire internal references on GEM handles (git-fixes). - drm/gem: Acquire references on GEM handles for framebuffers (stable-fixes). - drm/gem: Fix race in drm_gem_handle_create_tail() (stable-fixes). - drm/i915/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/i915/gt: Fix timeline left held on VMA alloc error (git-fixes). - drm/i915/selftests: Change mock_request() to return error pointers (git-fixes). - drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes). - drm/msm: Fix a fence leak in submit error path (stable-fixes). - drm/msm: Fix another leak in the submit error path (stable-fixes). - drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes). - drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes). - drm/sched: Increment job count before swapping tail spsc queue (git-fixes). - drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes). - drm/scheduler: signal scheduled fence when kill job (stable-fixes). - drm/tegra: nvdec: Fix dma_alloc_coherent error check (git-fixes). - drm/ttm: fix error handling in ttm_buffer_object_transfer (git-fixes). - drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes). - exfat: fdatasync flag should be same like generic_write_sync() (git-fixes). - fbcon: Fix outdated registered_fb reference in comment (git-fixes). - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes). - firewire: ohci: correct code comments about bus_reset tasklet (git-fixes). - fs/jfs: consolidate sanity checking in dbMount (git-fixes). - fs/orangefs: Allow 2 more characters in do_c_string() (git-fixes). - gpio: mlxbf2: use platform_get_irq_optional() (git-fixes). - gpio: pca953x: log an error when failing to get the reset GPIO (git-fixes). - gpio: sim: include a missing header (git-fixes). - gpio: vf610: add locking to gpio direction functions (git-fixes). - gpio: virtio: Fix config space reading (git-fixes). - gpiolib: Fix debug messaging in gpiod_find_and_request() (git-fixes). - gpiolib: Handle no pin_ranges in gpiochip_generic_config() (git-fixes). - gpiolib: acpi: Do not use GPIO chip fwnode in acpi_gpiochip_find() (bsc#1233300). - gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match (bsc#1233300). - gpiolib: cdev: Ignore reconfiguration without direction (git-fixes). - gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes). - hfs: make splice write available again (git-fixes). - hfsplus: make splice write available again (git-fixes). - hfsplus: remove mutex_lock check in hfsplus_free_extents (git-fixes). - hid: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes). - hid: core: do not bypass hid_hw_raw_request (stable-fixes). - hid: core: ensure __hid_request reserves the report ID as the first byte (git-fixes). - hid: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes). - hid: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (stable-fixes). - hid: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (stable-fixes). - hv_netvsc: Use VF's tso_max_size value when data path is VF (bsc#1246203). - hwmon: (corsair-cpro) Validate the size of the received input buffer (git-fixes). - hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes). - hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes). - hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes). - i2c/designware: Fix an initialization issue (git-fixes). - i2c: qup: jump out of the loop in case of timeout (git-fixes). - i2c: stm32: fix the device used for the DMA map (git-fixes). - i2c: tegra: Fix reset error handling with ACPI (git-fixes). - i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes). - i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes). - ib/mlx5: Fix potential deadlock in MR deregistration (git-fixes) - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (git-fixes). - iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes). - iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos (stable-fixes). - iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes). - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes). - iio: adc: max1363: Reorder mode_list[] entries (stable-fixes). - iio: adc: stm32-adc: Fix race in installing chained IRQ handler (git-fixes). - iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes). - iio: pressure: zpa2326: Use aligned_s64 for the timestamp (stable-fixes). - input: iqs7222 - explicitly define number of external channels (git-fixes). - input: xpad - adjust error handling for disconnect (git-fixes). - input: xpad - set correct controller type for Acer NGR200 (git-fixes). - input: xpad - support Acer NGR 200 Controller (stable-fixes). - iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes). - iommu/amd: Set the pgsize_bitmap correctly (git-fixes). - iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes). - iommu/vt-d: Fix possible circular locking dependency (git-fixes). - iommu/vt-d: Fix system hang on reboot -f (git-fixes). - ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes). - ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (git-fixes). - ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes). - ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes). - iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes). - jfs: fix metapage reference count leak in dbAllocCtl (git-fixes). - kABI workaround for struct drm_framebuffer changes (git-fixes). - kABI: Fix the module::name type in audit_context (git-fixes). - kasan: remove kasan_find_vm_area() to prevent possible deadlock (git-fixes). - leds: multicolor: Fix intensity setting while SW blinking (stable-fixes). - lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1236897). - lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897). - maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes). - md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes). - media: gspca: Add bounds checking to firmware parser (git-fixes). - media: hi556: correct the test pattern configuration (git-fixes). - media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes). - media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes). - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes). - media: usbtv: Lock resolution while streaming (git-fixes). - media: uvcvideo: Do not mark valid metadata as invalid (git-fixes). - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes). - media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes). - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes). - media: venus: Add a check for packet size after reading from shared memory (git-fixes). - media: venus: hfi: explicitly release IRQ during teardown (git-fixes). - media: venus: protect against spurious interrupts during probe (git-fixes). - media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: vivid: fix wrong pixel_array control size (git-fixes). - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (git-fixes). - mfd: max14577: Fix wakeup source leaks on device unbind (stable-fixes). - misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes). - mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes). - mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (git-fixes). - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (git-fixes). - mmc: sdhci: Add a helper function for dump register in dynamic debug mode (stable-fixes). - mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes). - module: Fix memory deallocation on error path in move_module() (git-fixes). - module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes). - module: Restore the moduleparam prefix length check (git-fixes). - mtd: fix possible integer overflow in erase_xfer() (git-fixes). - mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes). - mtd: rawnand: atmel: set pmecc data setup time (git-fixes). - mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes). - mtd: rawnand: renesas: Add missing check after DMA map (git-fixes). - mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes). - mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes). - mtd: spinand: fix memory leak of ECC engine conf (stable-fixes). - mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes). - mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (git-fixes). - mtk-sd: Prevent memory corruption from DMA map failure (git-fixes). - mtk-sd: reset host->mrq on prepare_data() error (git-fixes). - mwl8k: Add missing check after DMA map (git-fixes). - nbd: fix uaf in nbd_genl_connect() error path (git-fixes). - net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes). - net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes). - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (git-fixes). - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes). - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes). - net/sched: sch_qfq: Fix race condition on qfq_aggregate (git-fixes). - net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes). - net: mana: Add debug logs in MANA network driver (bsc#1246212). - net: mana: Add handler for hardware servicing events (bsc#1245730). - net: mana: Allocate MSI-X vectors dynamically (bsc#1245457). - net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457). - net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (bsc#1246203). - net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729). - net: mana: Set tx_packets to post gso processing packet count (bsc#1245731). - net: mana: explain irq_setup() algorithm (bsc#1245457). - net: phy: Do not register LEDs for genphy (git-fixes). - net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes). - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (git-fixes). - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (git-fixes). - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (git-fixes). - net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (git-fixes). - net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes). - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes). - net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes). - netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes). - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (git-fixes). - nfs: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes). - nfs: Fix the setting of capabilities when automounting a new filesystem (git-fixes). - nfs: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes). - nfs: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes). - nfsd: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes). - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes). - nfsv4.2: another fix for listxattr (git-fixes). - nfsv4.2: fix listxattr to return selinux security label (git-fixes). - nfsv4/pnfs: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes). - nfsv4: Always set NLINK even if the server does not support it (git-fixes). - nfsv4: xattr handlers should check for absent nfs filehandles (git-fixes). - nilfs2: reject invalid file types when reading inodes (git-fixes). - nvme-pci: refresh visible attrs after being checked (git-fixes). - nvme: Fix incorrect cdw15 value in passthru error logging (git-fixes). - nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes). - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes). - nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes). - nvmet-tcp: fix callback lock for TLS handshake (git-fixes). - objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (git-fixes). - objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks (git-fixes). - objtool: Fix _THIS_IP_ detection for cold functions (git-fixes). - objtool: Fix error handling inconsistencies in check() (git-fixes). - objtool: Ignore dangling jump table entries (git-fixes). - objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes). - objtool: Properly disable uaccess validation (git-fixes). - objtool: Silence more KCOV warnings (git-fixes). - objtool: Silence more KCOV warnings, part 2 (git-fixes). - objtool: Stop UNRET validation on UD2 (git-fixes). - pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes). - pci/msi: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457). - pci: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes). - pci: endpoint: Fix configfs group list head handling (git-fixes). - pci: endpoint: Fix configfs group removal on driver teardown (git-fixes). - pci: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes). - pci: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes). - pci: hv: Allow dynamic MSI-X vector allocation (bsc#1245457). - pci: rockchip-host: Fix 'Unexpected Completion' log message (git-fixes). - perf: Fix sample vs do_exit() (bsc#1246547). - phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (git-fixes). - pinctrl: amd: Clear GPIO debounce for suspend (git-fixes). - pinctrl: qcom: msm: mark certain pins as invalid for interrupts (git-fixes). - pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes). - pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes). - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes). - platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (git-fixes). - platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (git-fixes). - platform/mellanox: mlxreg-lc: Fix logic error in power state check (git-fixes). - platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (git-fixes). - platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (stable-fixes). - platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (git-fixes). - platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes). - platform/x86: think-lmi: Create ksets consecutively (stable-fixes). - platform/x86: think-lmi: Fix kobject cleanup (git-fixes). - platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes). - pm / devfreq: Check governor before using governor->name (git-fixes). - pnfs/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes). - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes). - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes). - powercap: call put_device() on an error path in powercap_register_control_type() (stable-fixes). - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes). - powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (git-fixes). - powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH (git-fixes). - ptp: fix breakage after ptp_vclock_in_use() rework (bsc#1246506). - pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes). - pwm: mediatek: Ensure to disable clocks in error path (git-fixes). - rdma/core: Rate limit GID cache warning messages (git-fixes) - rdma/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes) - rdma/hns: Drop GFP_NOWARN (git-fixes) - rdma/hns: Fix -Wframe-larger-than issue (git-fixes) - rdma/hns: Fix HW configurations not cleared in error flow (git-fixes) - rdma/hns: Fix accessing uninitialized resources (git-fixes) - rdma/hns: Fix double destruction of rsv_qp (git-fixes) - rdma/hns: Get message length of ack_req from FW (git-fixes) - rdma/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes) - rdma/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes) - rdma/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - rdma/mlx5: Fix CC counters query for MPV (git-fixes) - rdma/mlx5: Fix HW counters query for non-representor devices (git-fixes) - rdma/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes) - rdma/mlx5: Fix vport loopback for MPV device (git-fixes) - rdma/mlx5: Initialize obj_event->obj_sub_list before xa_insert (git-fixes) - rdma/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes) - rdma/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes) - rdma/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes) - rdma/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes) - rdma/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes) - rdma/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - regmap: fix potential memory leak of regmap_bus (git-fixes). - regulator: fan53555: add enable_time support and soft-start times (stable-fixes). - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (git-fixes). - regulator: pwm-regulator: Calculate the output voltage for disabled PWMs (stable-fixes). - resource: fix false warning in __request_region() (git-fixes). - restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes). - ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes). - rose: fix dangling neighbour pointers in rose_rt_device_down() (git-fixes). - rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes). - rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337) - rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes). - rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes). - rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes). - rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes). - s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246870). - s390/entry: Fix last breaking event handling in case of stack corruption (git-fixes bsc#1243806). - s390/pci: Do not try re-enabling load/store if device is disabled (git-fixes bsc#1245646). - s390/pci: Fix stale function handles in error handling (git-fixes bsc#1245647). - s390/pkey: Prevent overflow in size calculation for memdup_user() (git-fixes bsc#1245598). - s390: Add z17 elf platform (LTC#214086 bsc#1245540). - samples: mei: Fix building on musl libc (git-fixes). - sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1219338). - sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (git-fixes). - scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (git-fixes). - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Copyright updates for 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Modify end-of-life adapters' model descriptions (bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142). - scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Revise logging format for failed CT MIB requests (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Update debugfs trace ring initialization messages (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: megaraid_sas: Fix invalid node index (git-fixes). - scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (git-fixes). - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (git-fixes). - scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes bsc#1245599). - selftests/bpf: Add CFLAGS per source file and runner (git-fixes). - selftests/bpf: Add tests for iter next method returning valid pointer (git-fixes). - selftests/bpf: Change functions definitions to support GCC (git-fixes). - selftests/bpf: Fix a few tests for GCC related warnings (git-fixes). - selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect (git-fixes). - selftests/bpf: Fix prog numbers in test_sockmap (git-fixes). - smb3: move server check earlier when setting channel sequence number (git-fixes). - smb3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion (git-fixes). - smb3: send channel sequence number in SMB3 requests after reconnects (git-fixes). - soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes). - soc: aspeed: lpc-snoop: Cleanup resources in stack-order (git-fixes). - soc: aspeed: lpc-snoop: Do not disable channels that are not enabled (git-fixes). - soc: qcom: QMI encoding/decoding for big endian (git-fixes). - soc: qcom: fix endianness for QMI header (git-fixes). - soc: qcom: pmic_glink: fix OF node leak (git-fixes). - soundwire: amd: fix for clearing command status register (git-fixes). - soundwire: stream: restore params when prepare ports fail (git-fixes). - spi: spi-fsl-dspi: Clear completion counter before initiating transfer (git-fixes). - staging: axis-fifo: remove sysfs interface (git-fixes). - staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes). - staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes). - struct cdns: move new member to the end (git-fixes). - struct ucsi_operations: use padding for new operation (git-fixes). - sunrpc: do not immediately retransmit on seqno miss (git-fixes). - sunrpc: fix client side handling of tls alerts (git-fixes). - supported.conf: add missing entries for armv7hl - supported.conf: move nvme-apple to optional again - supported.conf: sort entries again - tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes). - thunderbolt: Fix bit masking in tb_dp_port_set_hops() (git-fixes). - thunderbolt: Fix copy+paste error in match_service_id() (git-fixes). - thunderbolt: Fix wake on connect at runtime (git-fixes). - tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes). - tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes). - types: Complement the aligned types with signed 64-bit one (stable-fixes). - ucount: fix atomic_long_inc_below() argument type (git-fixes). - ucsi-glink: adapt to kABI consistency (git-fixes). - ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes). - ucsi_operations: add stubs for all operations (git-fixes). - ucsi_ops: adapt update_connector to kABI consistency (git-fixes). - usb: Add checks for snprintf() calls in usb_alloc_dev() (stable-fixes). - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes). - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes). - usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes). - usb: cdnsp: Fix issue with resuming from L1 (git-fixes). - usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (stable-fixes). - usb: cdnsp: do not disable slot for disabled slot (git-fixes). - usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (git-fixes). - usb: common: usb-conn-gpio: use a unique name for usb connector device (stable-fixes). - usb: dwc2: also exit clock_gating when stopping udc while suspended (stable-fixes). - usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes). - usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes). - usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes). - usb: gadget: u_serial: Fix race condition in TTY wakeup (git-fixes). - usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes). - usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes). - usb: hub: Do not try to recover devices lost during warm reset (git-fixes). - usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes). - usb: musb: fix gadget state on disconnect (git-fixes). - usb: musb: omap2430: fix device leak at unbind (git-fixes). - usb: net: sierra: check for no status endpoint (git-fixes). - usb: potential integer overflow in usbg_make_tpg() (stable-fixes). - usb: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes). - usb: serial: option: add Foxconn T99W640 (stable-fixes). - usb: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes). - usb: typec: Update sysfs when setting ops (git-fixes). - usb: typec: altmodes/displayport: do not index invalid pin_assignments (git-fixes). - usb: typec: displayport: Fix potential deadlock (git-fixes). - usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (stable-fixes). - usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set (stable-fixes). - usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes). - usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes). - usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes). - usb: typec: ucsi: Add DATA_RESET option of Connector Reset command (git-fixes). - usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk (git-fixes). - usb: typec: ucsi: Delay alternate mode discovery (git-fixes). - usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes). - usb: typec: ucsi: Fix the partner PD revision (git-fixes). - usb: typec: ucsi: Get PD revision for partner (git-fixes). - usb: typec: ucsi: Set orientation as none when connector is unplugged (git-fixes). - usb: typec: ucsi: Update power_supply on power role change (git-fixes). - usb: typec: ucsi: add callback for connector status updates (git-fixes). - usb: typec: ucsi: add update_connector callback (git-fixes). - usb: typec: ucsi: do not retrieve PDOs if not supported (git-fixes). - usb: typec: ucsi: extract code to read PD caps (git-fixes). - usb: typec: ucsi: fix UCSI on SM8550 & SM8650 Qualcomm devices (git-fixes). - usb: typec: ucsi: glink: fix off-by-one in connector_status (git-fixes). - usb: typec: ucsi: glink: increase max ports for x1e80100 (git-fixes). - usb: typec: ucsi: glink: move GPIO reading into connector_status callback (git-fixes). - usb: typec: ucsi: glink: use typec_set_orientation (git-fixes). - usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error() (git-fixes). - usb: typec: ucsi: properly register partner's PD device (git-fixes). - usb: typec: ucsi: support delaying GET_PDOS for device (git-fixes). - usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes). - usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 / sm8650 (git-fixes). - usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk (git-fixes). - usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk on qcm6490 (git-fixes). - usb: typec: ucsi_glink: rework quirks implementation (git-fixes). - usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (git-fixes). - usb: xhci: quirk for data loss in ISOC transfers (stable-fixes). - usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes). - virtgpu: do not reset on shutdown (git-fixes). - vmci: Prevent the dispatching of uninitialized payloads (git-fixes). - vt: add missing notification when switching back to text mode (stable-fixes). - vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes). - vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes). - watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes). - wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes). - wifi: ath11k: fix source ring-buffer corruption (git-fixes). - wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes). - wifi: ath12k: fix source ring-buffer corruption (git-fixes). - wifi: ath6kl: remove WARN on bad firmware input (stable-fixes). - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes). - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes). - wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes). - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes). - wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes). - wifi: mac80211: Add link iteration macro for link data (stable-fixes). - wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes). - wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes). - wifi: mac80211: Do not schedule stopped TXQs (git-fixes). - wifi: mac80211: chan: chandef is non-NULL for reserved (stable-fixes). - wifi: mac80211: drop invalid source address OCB frames (stable-fixes). - wifi: mac80211: reject TDLS operations when station is not associated (git-fixes). - wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (git-fixes). - wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (git-fixes). - wifi: mt76: mt7925: fix the wrong config for tx interrupt (git-fixes). - wifi: plfxlc: Fix error handling in usb driver probe (git-fixes). - wifi: prevent A-MSDU attacks in mesh networks (stable-fixes). - wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes). - wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes). - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (git-fixes). - x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes). - x86/mce/amd: Add default names for MCA banks and blocks (git-fixes). - x86/mce/amd: Fix threshold limit reset (git-fixes). - x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes). - x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes). - x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes). - x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes). - x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes). - x86: UV RTC: Add parameter to disable RTC clocksource (bsc#1241345). - xfs: fix off-by-one error in fsmap's end_daddr usage (bsc#1235837). - xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes). - xfs: remove unused event xfs_alloc_near_error (git-fixes). - xfs: remove unused event xfs_alloc_near_nominleft (git-fixes). - xfs: remove unused event xfs_attr_node_removename (git-fixes). - xfs: remove unused event xfs_ioctl_clone (git-fixes). - xfs: remove unused event xfs_pagecache_inval (git-fixes). - xfs: remove unused event xlog_iclog_want_sync (git-fixes). - xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes). - xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes). - xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes). - xfs: remove unused xfs_attr events (git-fixes). - xfs: remove unused xfs_reflink_compare_extents events (git-fixes). - xfs: remove usused xfs_end_io_direct events (git-fixes). - xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (git-fixes). - xhci: dbc: Flush queued requests before stopping dbc (git-fixes). - xhci: dbctty: disable ECHO flag by default (git-fixes). The following package changes have been done: - glibc-locale-base-2.38-150600.14.37.1 updated - glibc-2.38-150600.14.37.1 updated - kernel-default-6.4.0-150600.23.65.1 updated - pam-1.3.0-150000.6.86.1 updated