SUSE-IU-2025:2260-1: Security update of suse/sle-micro/base-5.5

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Sat Aug 2 07:04:48 UTC 2025 

SUSE Image Update Advisory: suse/sle-micro/base-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:2260-1
Image Tags        : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.191 , suse/sle-micro/base-5.5:latest
Image Release     : 5.8.191
Severity          : important
Type              : security
References        : 1206051 1221829 1233551 1234480 1234863 1236104 1236333 1238160
                        1239644 1242417 1244523 1245217 1245431 1246000 1246029 1246037
                        1246045 1246073 1246186 1246287 1246555 CVE-2022-49138 CVE-2022-49770
                        CVE-2023-52923 CVE-2023-52927 CVE-2024-26643 CVE-2024-53057 CVE-2024-53164
                        CVE-2024-57947 CVE-2025-37797 CVE-2025-38079 CVE-2025-38181 CVE-2025-38200
                        CVE-2025-38206 CVE-2025-38212 CVE-2025-38213 CVE-2025-38257 CVE-2025-38289
-----------------------------------------------------------------

The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2588-1
Released:    Fri Aug  1 14:35:14 2025
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1206051,1221829,1233551,1234480,1234863,1236104,1236333,1238160,1239644,1242417,1244523,1245217,1245431,1246000,1246029,1246037,1246045,1246073,1246186,1246287,1246555,CVE-2022-49138,CVE-2022-49770,CVE-2023-52923,CVE-2023-52927,CVE-2024-26643,CVE-2024-53057,CVE-2024-53164,CVE-2024-57947,CVE-2025-37797,CVE-2025-38079,CVE-2025-38181,CVE-2025-38200,CVE-2025-38206,CVE-2025-38212,CVE-2025-38213,CVE-2025-38257,CVE-2025-38289

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.


The following security bugs were fixed:

- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104).
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2024-26643: Fixed mark set as dead when unbinding anonymous  set with timeout (bsc#1221829).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217).
- CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037).
- CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186).
- CVE-2025-38289: scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1246287).

The following non-security bugs were fixed:

- Revert 'hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).'
- Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race'
- Revert 'mm/hugetlb: unshare page tables during VMA split, not before'
- bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (bsc#1244523).
- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480 bsc#1246555).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2590-1
Released:    Fri Aug  1 15:13:35 2025
Summary:     Recommended update for elemental-toolkit
Type:        recommended
Severity:    moderate
References:  
This update for elemental-toolkit fixes the following issues:

- Adapt code and unit tests
- Update KVM and ginkgo setup
- Bump GHA upload-artifact
- Remove test-deps
- Copyright changes in all files
- Added git binary to elemental-bin stage and remove step for go mod download,
  as some 3rd party packages are no longer available.
  The dependencies are already vendored so build wil leverage the same.
- Minor change to lookup devices using blkid and updating the upgradeSpec if needed. 
  This may be needed when running elemental upgrade in multipathd systems.


The following package changes have been done:

- kernel-default-5.14.21-150500.55.116.1 updated
- elemental-toolkit-1.1.7-150500.3.9.1 updated

More information about the sle-container-updates mailing list