SUSE-CU-2025:6030-1: Security update of trento/trento-web
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Aug 8 07:32:40 UTC 2025
SUSE Container Update Advisory: trento/trento-web
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:6030-1
Container Tags : trento/trento-web:2.5.0 , trento/trento-web:2.5.0-build4.52.1 , trento/trento-web:latest
Container Release : 4.52.1
Severity : important
Type : security
References : 1203617 1219736 1220338 1220893 1220895 1220896 1221107 1224044
1225936 1225939 1225941 1225942 1227637 1229228 1229655 1230959
1231463 1231472 1231748 1232227 1232234 1232326 1233282 1233752
1234015 1234015 1234128 1234313 1234665 1234713 1234765 1235151
1235481 1235873 1236033 1236136 1236136 1236165 1236177 1236282
1236588 1236590 1236619 1236643 1236771 1236858 1236886 1236960
1237496 1239883 1240366 1240414 1240607 1240897 1241605 1242060
1242827 1242844 1242938 1243226 1243259 1243317 1243767 1243935
1244079 1244509 1244596 1245309 1245310 1245311 1245314 CVE-2024-10041
CVE-2024-13176 CVE-2024-13176 CVE-2024-2236 CVE-2024-34397 CVE-2024-52533
CVE-2025-0167 CVE-2025-0395 CVE-2025-0725 CVE-2025-24528 CVE-2025-27587
CVE-2025-31115 CVE-2025-3360 CVE-2025-40909 CVE-2025-4373 CVE-2025-4598
CVE-2025-4802 CVE-2025-4877 CVE-2025-4878 CVE-2025-5278 CVE-2025-5318
CVE-2025-5372 CVE-2025-6018 CVE-2025-6020 CVE-2025-6052
-----------------------------------------------------------------
The container trento/trento-web was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1950-1
Released: Fri Jun 7 17:20:14 2024
Summary: Security update for glib2
Type: security
Severity: moderate
References: 1224044,CVE-2024-34397
This update for glib2 fixes the following issues:
Update to version 2.78.6:
+ Fix a regression with IBus caused by the fix for CVE-2024-34397
Changes in version 2.78.5:
+ Fix CVE-2024-34397: GDBus signal subscriptions for well-known
names are vulnerable to unicast spoofing. (bsc#1224044)
+ Bugs fixed:
- gvfs-udisks2-volume-monitor SIGSEGV in
g_content_type_guess_for_tree() due to filename with bad
encoding
- gcontenttype: Make filename valid utf-8 string before processing.
- gdbusconnection: Don't deliver signals if the sender doesn't match.
Changes in version 2.78.4:
+ Bugs fixed:
- Fix generated RST anchors for methods, signals and properties.
- docs/reference: depend on a native gtk-doc.
- gobject_gdb.py: Do not break bt on optimized build.
- gregex: clean up usage of _GRegex.jit_status.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4254-1
Released: Fri Dec 6 18:03:05 2024
Summary: Security update for glib2
Type: security
Severity: important
References: 1231463,1233282,CVE-2024-52533
This update for glib2 fixes the following issues:
Security issues fixed:
- CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282).
Non-security issue fixed:
- Fix error when uninstalling packages (bsc#1231463).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:358-1
Released: Wed Feb 5 10:06:22 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1235873
This update for permissions fixes the following issues:
- Version update 20240826:
* permissions: remove legacy and nonsensical entries.
* permissions: remove traceroute entry.
* permissions: remove outdated sudo directories.
* permissions: remove legacy RPM directory entries.
* permissions: remove some static /var/spool/* dirs.
* permissions: remove unnecessary static dirs and devices (bsc#1235873).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:369-1
Released: Wed Feb 5 16:32:36 2025
Summary: Security update for curl
Type: security
Severity: moderate
References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725
This update for curl fixes the following issues:
- CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590)
- CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:401-1
Released: Mon Feb 10 10:38:28 2025
Summary: Security update for crypto-policies, krb5
Type: security
Severity: moderate
References: 1236619,CVE-2025-24528
This update for crypto-policies and krb5 fixes the following issues:
Security issue fixed:
- CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619).
Feature addition:
- Add crypto-policies support; (jsc#PED-12018)
* The default krb5.conf has been updated to include config
snippets in the krb5.conf.d directory, where crypto-policies
drops its.
- Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018);
* This key derivation function is used by AES256-CTS-HMAC-SHA1-96
and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active
directory. If these encryption types are allowed or not in
FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:430-1
Released: Tue Feb 11 15:13:32 2025
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1236136,CVE-2024-13176
This update for openssl-3 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:501-1
Released: Thu Feb 13 10:53:21 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1236960
This update for permissions fixes the following issues:
- Version update 20240826.
- Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:508-1
Released: Thu Feb 13 12:29:31 2025
Summary: Recommended update for findutils
Type: recommended
Severity: moderate
References: 1231472
This update for findutils fixes the following issue:
- fix crash when file system loop was encountered (bsc#1231472).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:547-1
Released: Fri Feb 14 08:26:30 2025
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1229228,1233752,1234313,1234765
This update for systemd fixes the following issues:
- Fix agetty failing to open credentials directory (bsc#1229228)
- stdio-bridge: fix polled fds
- hwdb: comment out the entry for Logitech MX Keys for Mac
- core/unit-serialize: fix serialization of markers
- locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged
- core: fix assert when AddDependencyUnitFiles is called with invalid parameter
- Fix systemd-network recommending libidn2-devel (bsc#1234765)
- tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:582-1
Released: Tue Feb 18 15:55:29 2025
Summary: Security update for glibc
Type: security
Severity: low
References: 1236282,CVE-2025-0395
This update for glibc fixes the following issues:
- CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:613-1
Released: Fri Feb 21 11:37:54 2025
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1236136,1236771,CVE-2024-13176
This update for openssl-1_1 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136).
Other bugfixes:
- Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:626-1
Released: Fri Feb 21 12:18:09 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1236858
This update for crypto-policies fixes the following issue:
- Remove dangling symlink for the libreswan config (bsc#1236858).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:915-1
Released: Wed Mar 19 08:04:05 2025
Summary: Recommended update for libgcrypt
Type: recommended
Severity: moderate
References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942
This update for libgcrypt fixes the following issues:
- FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939]
- FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939]
- FIPS: Disable setting the library in non-FIPS mode [bsc#1220893]
- FIPS: Disallow rsa < 2048 [bsc#1225941]
* Mark RSA operations with keysize < 2048 as non-approved in the SLI
- FIPS: Service level indicator for libgcrypt [bsc#1225939]
- FIPS: Consider deprecate sha1 [bsc#1225942]
* In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will
transition at the end of 2030. Mark SHA1 as non-approved in SLI.
- FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936]
* cipher: Do not run RSA encryption selftest by default
- FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG
for the whole length entropy buffer in FIPS mode. [bsc#1220893]
- FIPS: Set the FSM into error state if Jitter RNG is returning an
error code to the caller when an health test error occurs when
random bytes are requested through the jent_read_entropy_safe()
function. [bsc#1220895]
- FIPS: Replace the built-in jitter rng with standalone version
* Remove the internal jitterentropy copy [bsc#1220896]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:969-1
Released: Thu Mar 20 14:28:47 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1227637,1236165
This update for crypto-policies fixes the following issues:
- Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637).
- tolerate fips dracut module presence w/o FIPS
* Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode
(bsc#1236165).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1016-1
Released: Tue Mar 25 15:59:05 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1234015,1236643,1236886
This update for systemd fixes the following issues:
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- journald: close runtime journals before their parent directory removed
- journald: reset runtime seqnum data when flushing to system journal (bsc#1236886)
- Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643)
It is likely an oversight from when systemd-userdb was migrated from the
experimental package to the main one.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1137-1
Released: Thu Apr 3 17:11:02 2025
Summary: Security update for xz
Type: security
Severity: important
References: 1240414,CVE-2025-31115
This update for xz fixes the following issues:
- CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1198-1
Released: Fri Apr 11 09:46:09 2025
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1234128,1234713,1239883
This update for glibc fixes the following issues:
- Fix the lost wakeup from a bug in signal stealing (bsc#1234128)
- Mark functions in libc_nonshared.a as hidden (bsc#1239883)
- Bump minimal kernel version to 4.3 to enable use of direct socketcalls
on x86-32 and s390x (bsc#1234713)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1242-1
Released: Mon Apr 14 12:43:18 2025
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1235481,1236033
This update for aaa_base fixes the following issues:
- SP6 logrotate and rcsyslog binary (bsc#1236033)
- Update detection for systemd in rc.status
- Mountpoint for cgroup changed with cgroup2
- If a user switches the login shell respect the already set PATH
environment (bsc#1235481)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1334-1
Released: Thu Apr 17 09:03:05 2025
Summary: Security update for pam
Type: security
Severity: moderate
References: 1232234,CVE-2024-10041
This update for pam fixes the following issues:
- CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1367-1
Released: Thu Apr 24 16:38:48 2025
Summary: Security update for glib2
Type: security
Severity: moderate
References: 1240897,CVE-2025-3360
This update for glib2 fixes the following issues:
- CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long
and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1376-1
Released: Fri Apr 25 18:11:02 2025
Summary: Recommended update for libgcrypt
Type: recommended
Severity: moderate
References: 1241605
This update for libgcrypt fixes the following issues:
- FIPS: Pad PKCS1.5 signatures with SHA3 correctly [bsc#1241605]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1377-1
Released: Fri Apr 25 19:43:34 2025
Summary: Recommended update for patterns-base
Type: recommended
Severity: moderate
References:
This update for patterns-base fixes the following issues:
- add bpftool to patterns enhanced base. jsc#PED-8375
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1394-1
Released: Mon Apr 28 16:15:21 2025
Summary: Recommended update for glibc
Type: recommended
Severity: important
References:
This update for glibc fixes the following issues:
- Add support for userspace livepatching for ppc64le (jsc#PED-11850)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1550-1
Released: Fri May 16 02:16:11 2025
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1230959,1231748,1232326,1240366,1240607,CVE-2025-27587
This update for openssl-3 fixes the following issues:
Security:
- CVE-2025-27587: Timing side channel vulnerability in the P-384
implementation when used with ECDSA in the PPC architecture (bsc#1240366).
- Missing null pointer check before accessing handshake_func in ssl_lib.c (bsc#1240607).
FIPS:
- Disabling EMS in OpenSSL configuration prevents sshd from starting (bsc#1230959, bsc#1232326, bsc#1231748).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1702-1
Released: Sat May 24 11:50:53 2025
Summary: Security update for glibc
Type: security
Severity: important
References: 1243317,CVE-2025-4802
This update for glibc fixes the following issues:
- CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen
search for libraries to load in LD_LIBRARY_PATH (bsc#1243317).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1714-1
Released: Tue May 27 13:23:20 2025
Summary: Recommended update for ncurses
Type: recommended
Severity: moderate
References:
This update for ncurses fixes the following issues:
- Backport sclp terminfo description entry if for s390 sclp terminal lines
- Add a further sclp entry for qemu s390 based systems
- Make use of dumb
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1733-1
Released: Wed May 28 17:59:52 2025
Summary: Recommended update for krb5
Type: recommended
Severity: moderate
References: 1242060
This update for krb5 fixes the following issue:
- Remove references to the LMDB backend in the kdc.conf manpage (bsc#1242060).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1739-1
Released: Thu May 29 11:40:51 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1236177,1237496,1242938,1243259
This update for systemd fixes the following issues:
- Add missing 'systemd-journal-remote' package
to 15-SP7 (bsc#1243259)
- umount: do not move busy network mounts (bsc#1236177)
- Apply coredump sysctl settings on systemd-coredump updates/removals.
- Fix the issue with journalctl not working
for users in Container UID range (bsc#1242938)
Don't write messages sent from users with UID falling into the container UID
range to the system journal. Daemons in the container don't talk to the
outside journald as they talk to the inner one directly, which does its
journal splitting based on shifted uids.
- man/pstore.conf: pstore.conf template is not always installed in /etc
- man: coredump.conf template is not always installed in /etc (bsc#1237496)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2013-1
Released: Wed Jun 18 20:05:07 2025
Summary: Security update for pam
Type: security
Severity: important
References: 1243226,1244509,CVE-2025-6018,CVE-2025-6020
This update for pam fixes the following issues:
- CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226).
- CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2027-1
Released: Thu Jun 19 17:15:41 2025
Summary: Security update for perl
Type: security
Severity: moderate
References: 1244079,CVE-2025-40909
This update for perl fixes the following issues:
- CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2167-1
Released: Mon Jun 30 09:14:40 2025
Summary: Security update for glib2
Type: security
Severity: important
References: 1242844,1244596,CVE-2025-4373,CVE-2025-6052
This update for glib2 fixes the following issues:
- CVE-2025-6052: Fixed integer overflow in g_string_maybe_expand() leads to potential buffer overflow in GString (bsc#1244596).
- CVE-2025-4373: Fixed buffer underflow through glib/gstring.c via function g_string_insert_unichar (bsc#1242844).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2229-1
Released: Fri Jul 4 18:02:30 2025
Summary: Security update for libssh
Type: security
Severity: important
References: 1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372
This update for libssh fixes the following issues:
- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).
- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).
- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).
- CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2237-1
Released: Mon Jul 7 14:59:13 2025
Summary: Recommended update for openssl-3
Type: recommended
Severity: moderate
References:
This update for openssl-3 fixes the following issues:
- Backport mdless cms signing support [jsc#PED-12895]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2244-1
Released: Tue Jul 8 10:44:02 2025
Summary: Security update for systemd
Type: security
Severity: moderate
References: 1242827,1243935,CVE-2025-4598
This update for systemd fixes the following issues:
- CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935).
Other bugfixes:
- logs-show: get timestamp and boot ID only when necessary (bsc#1242827).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2301-1
Released: Mon Jul 14 11:48:57 2025
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1229655
This update for cyrus-sasl fixes the following issues:
- Add Channel Binding support for GSSAPI/GSS-SPNEGO (bsc#1229655, jsc#PED-12097)
- Add support for setting max ssf 0 to GSS-SPNEGO (bsc#1229655, jsc#PED-12097).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2362-1
Released: Fri Jul 18 11:07:24 2025
Summary: Security update for coreutils
Type: security
Severity: moderate
References: 1243767,CVE-2025-5278
This update for coreutils fixes the following issues:
- CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2447-1
Released: Mon Jul 21 16:45:25 2025
Summary: Security update for libgcrypt
Type: security
Severity: moderate
References: 1221107,CVE-2024-2236
This update for libgcrypt fixes the following issues:
- CVE-2024-2236: Fixed timing based side-channel in RSA implementation. (bsc#1221107)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2714-1
Released: Wed Aug 6 11:36:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References:
This update for systemd fixes the following issues:
- triggers.systemd: skip update of hwdb, journal-catalog if executed during
an offline update.
- systemd-repart is no more considered as experimental (jsc#PED-13213)
- Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0
The following package changes have been done:
- crypto-policies-20230920.570ea89-150600.3.9.2 updated
- libssh-config-0.9.8-150600.11.3.1 updated
- glibc-2.38-150600.14.32.1 updated
- libsasl2-3-2.1.28-150600.7.6.2 updated
- liblzma5-5.4.1-150600.3.3.1 updated
- perl-base-5.26.1-150300.17.20.1 updated
- libncurses6-6.1-150000.5.30.1 updated
- terminfo-base-6.1-150000.5.30.1 updated
- ncurses-utils-6.1-150000.5.30.1 updated
- libglib-2_0-0-2.78.6-150600.4.16.1 added
- libopenssl3-3.1.4-150600.5.33.1 updated
- libgcrypt20-1.10.3-150600.3.9.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.33.1 updated
- krb5-1.20.1-150600.11.11.2 updated
- patterns-base-fips-20200124-150600.32.6.1 updated
- libssh4-0.9.8-150600.11.3.1 updated
- findutils-4.8.0-150300.3.3.2 updated
- libcurl4-8.6.0-150600.4.21.1 updated
- coreutils-8.32-150400.9.9.1 updated
- permissions-20240826-150600.10.18.2 updated
- pam-1.3.0-150000.6.83.1 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated
- libopenssl1_1-1.1.1w-150600.5.12.2 updated
- libsystemd0-254.27-150600.4.43.3 updated
- container:registry.suse.com-bci-nodejs-20-16f7860907407d232041cc8c1be7a913c828cd1ad4cc823983430b90e35c23bc-0 updated
- container:registry.suse.com-bci-bci-base-15.6-005770759dcf00d155a6a603323da3e031fdf5f080aa25f945a31477a5127659-0 updated
More information about the sle-container-updates
mailing list