SUSE-CU-2025:5991-1: Security update of suse/kiosk/pulseaudio
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Aug 7 07:14:34 UTC 2025
SUSE Container Update Advisory: suse/kiosk/pulseaudio
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:5991-1
Container Tags : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-63.2 , suse/kiosk/pulseaudio:latest
Container Release : 63.2
Severity : important
Type : security
References : 1189495 1191175 1216752 1218686 1221107 1222259 1230959 1231748
1232326 1246296 1246428 1246934 CVE-2021-3521 CVE-2024-2236 CVE-2025-7425
-----------------------------------------------------------------
The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4073-1
Released: Fri Oct 13 11:40:26 2023
Summary: Recommended update for rpm
Type: recommended
Severity: low
References:
This update for rpm fixes the following issue:
- Enables build for all python modules (jsc#PED-68, jsc#PED-1988)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:614-1
Released: Mon Feb 26 11:31:18 2024
Summary: Recommended update for rpm
Type: recommended
Severity: important
References: 1216752
This update for rpm fixes the following issues:
- backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1091-1
Released: Tue Apr 2 12:18:46 2024
Summary: Recommended update for rpm
Type: recommended
Severity: moderate
References:
This update for rpm fixes the following issues:
- Turn on IMA/EVM file signature support, move the imaevm code that needs the
libiamevm library into a plugin, and install this plugin as part of a new
'rpm-imaevmsign' subpackage (jsc#PED-7246).
- Backport signature reserved space handling from upstream.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1206-1
Released: Thu Apr 11 12:56:24 2024
Summary: Recommended update for rpm
Type: recommended
Severity: moderate
References: 1222259
This update for rpm fixes the following issues:
- remove imaevmsign plugin from rpm-ndb [bsc#1222259]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1557-1
Released: Wed May 8 11:42:34 2024
Summary: Security update for rpm
Type: security
Severity: moderate
References: 1189495,1191175,1218686,CVE-2021-3521
This update for rpm fixes the following issues:
Security fixes:
- CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175)
Other fixes:
- accept more signature subpackets marked as critical (bsc#1218686)
- backport limit support for the autopatch macro (bsc#1189495)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2599-1
Released: Fri Aug 1 17:35:01 2025
Summary: Recommended update for openssl-3
Type: recommended
Severity: important
References: 1230959,1231748,1232326,1246428
This update for openssl-3 fixes the following issues:
- FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2617-1
Released: Mon Aug 4 09:04:59 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1246296,CVE-2025-7425
This update for libxml2 fixes the following issues:
- CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2714-1
Released: Wed Aug 6 11:36:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References:
This update for systemd fixes the following issues:
- triggers.systemd: skip update of hwdb, journal-catalog if executed during
an offline update.
- systemd-repart is no more considered as experimental (jsc#PED-13213)
- Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2719-1
Released: Thu Aug 7 05:38:32 2025
Summary: Security update for libgcrypt
Type: security
Severity: moderate
References: 1221107,1246934,CVE-2024-2236
This update for libgcrypt fixes the following issues:
- CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2720-1
Released: Thu Aug 7 05:38:44 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References:
This update for crypto-policies fixes the following issues:
- Update the BSI policy (jsc#PED-12880)
* BSI: switch to 3072 minimum RSA key size
* BSI: Update BSI policy for new 2024 minimum
The following package changes have been done:
- crypto-policies-20230920.570ea89-150600.3.12.1 updated
- libudev1-254.27-150600.4.43.3 updated
- libgcrypt20-1.11.0-150700.5.7.1 updated
- libxml2-2-2.12.10-150700.4.6.1 updated
- libopenssl3-3.2.3-150700.5.15.1 updated
- libsystemd0-254.27-150600.4.43.3 updated
- rpm-ndb-4.14.3-150400.59.16.1 added
- systemd-254.27-150600.4.43.3 updated
- udev-254.27-150600.4.43.3 updated
- container:suse-sle15-15.7-0cffa22c4781b79b45cb22872b4da4160b01ca1230a476fd7f81b4fdd3714f23-0 added
- container:registry.suse.com-bci-bci-micro-15.7-c0bbcf809c1ae4117c45543f3b3f5fd89bede788a858710201c358cafbfc5925-0 added
- container:registry.suse.com-bci-bci-base-15.7-4232c2790095361d6776af20382c431e7222f9956d773c3790d57cf7e94a7911-0 removed
- libopenssl-3-fips-provider-3.2.3-150700.5.10.1 removed
- patterns-base-fips-20200124-150700.36.1 removed
More information about the sle-container-updates
mailing list