SUSE-IU-2025:2313-1: Security update of suse/sl-micro/6.0/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Aug 13 07:17:45 UTC 2025 

SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:2313-1
Image Tags        : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.70 , suse/sl-micro/6.0/baremetal-os-container:latest
Image Release     : 6.70
Severity          : important
Type              : security
References        : 1240414 1242827 1243935 1245169 1247074 391434 CVE-2025-31115
                        CVE-2025-4598 
-----------------------------------------------------------------

The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 410
Released:    Tue Aug  5 15:33:35 2025
Summary:     Recommended update for open-vm-tools
Type:        recommended
Severity:    moderate
References:  1245169,391434
This update for open-vm-tools fixes the following issues:

- Update to open-vm-tools 13.0.0 based on build 24696409. (bsc#1245169): 
  There are no new features in the open-vm-tools 13.0.0 release.  This is
  primarily a maintenance release that addresses a few issues, including:
  + The vm-support script has been updated to collect the open-vm-tools log
    files from the Linux guest and information from the systemd journal.
  + Github pull requests has been integrated and issues fixed.  Please see
    the Resolved Issues section of the Release Notes.
  For a more complete list of issues resolved in this release, see the
  Resolved Issues section of the Release Notes.
- Add patch:
  Currently the 'telinit 6' command is used to reboot a Linux VM
  following Guest OS Customization.  As the classic Linux init system,
  SysVinit, is deprecated in favor of a newer init system, systemd,
  the telinit command may not be available on the base Linux OS.
  This change adds support to Guest OS Customization for the systemd init
  system.  If the modern init system, systemd, is available, then a
  'systemctl reboot' command will be used to trigger reboot.  Otherwise,
  the 'telinit 6' command will be used assuming the traditional init
  system, SysVinit, is still available.
- Ran /usr/lib/obs/service/source_validators/helpers/fix_changelog to fix changes
  file where source validator was failing.

-----------------------------------------------------------------
Advisory ID: 412
Released:    Fri Aug  8 12:14:29 2025
Summary:     Security update for xz
Type:        security
Severity:    important
References:  1240414,CVE-2025-31115
This update for xz fixes the following issues:

- CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset  (bsc#1240414)

-----------------------------------------------------------------
Advisory ID: 416
Released:    Tue Aug 12 16:05:24 2025
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1242827,1243935,1247074,CVE-2025-4598
This update for systemd fixes the following issues:

- Remove the script used to help migrating the language and locale settings
  located in /etc/sysconfig/language on old systems to the systemd default
  locations (bsc#1247074)

  The script was introduced more than 7 years ago and all systems running TW
  should have been migrated since then. Moreover the installer supports the
  systemd default locations since approximately SLE15. 

- triggers.systemd: skip update of hwdb, journal-catalog if executed during an
  offline update.

- logs-show: get timestamp and boot ID only when necessary (bsc#1242827)
- sd-journal: drop to use Hashmap to manage journal files per boot ID
- tree-wide: set SD_JOURNAL_ASSUME_IMMUTABLE where appropriate
- sd-journal: introduce SD_JOURNAL_ASSUME_IMMUTABLE flag
- sd-journal: make journal_file_read_tail_timestamp() notify to the caller that some new journal entries added
- sd-journal: cache last entry offset and journal file state
- sd-journal: fix typo in function name

- coredump: use %d in kernel core pattern (bsc#1243935 CVE-2025-4598)


The following package changes have been done:

- liblzma5-5.4.3-5.1 updated
- libudev1-254.27-1.1 updated
- libsystemd0-254.27-1.1 updated
- xz-5.4.3-5.1 updated
- SL-Micro-release-6.0-25.40 updated
- systemd-254.27-1.1 updated
- udev-254.27-1.1 updated
- libvmtools0-13.0.0-1.1 updated
- open-vm-tools-13.0.0-1.1 updated
- container:SL-Micro-base-container-2.1.3-7.38 updated

More information about the sle-container-updates mailing list