SUSE-IU-2025:2322-1: Security update of suse/sl-micro/6.0/rt-os-container
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Aug 15 07:11:49 UTC 2025
SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:2322-1
Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.72 , suse/sl-micro/6.0/rt-os-container:latest
Image Release : 7.72
Severity : important
Type : security
References : 1240414 1242827 1243935 1245309 1245310 1245311 1245312 1245314
1245317 1247074 CVE-2025-31115 CVE-2025-4598 CVE-2025-4877 CVE-2025-4878
CVE-2025-5318 CVE-2025-5351 CVE-2025-5372 CVE-2025-5987
-----------------------------------------------------------------
The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 412
Released: Fri Aug 8 12:14:29 2025
Summary: Security update for xz
Type: security
Severity: important
References: 1240414,CVE-2025-31115
This update for xz fixes the following issues:
- CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414)
-----------------------------------------------------------------
Advisory ID: 416
Released: Tue Aug 12 16:05:24 2025
Summary: Security update for systemd
Type: security
Severity: moderate
References: 1242827,1243935,1247074,CVE-2025-4598
This update for systemd fixes the following issues:
- Remove the script used to help migrating the language and locale settings
located in /etc/sysconfig/language on old systems to the systemd default
locations (bsc#1247074)
The script was introduced more than 7 years ago and all systems running TW
should have been migrated since then. Moreover the installer supports the
systemd default locations since approximately SLE15.
- triggers.systemd: skip update of hwdb, journal-catalog if executed during an
offline update.
- logs-show: get timestamp and boot ID only when necessary (bsc#1242827)
- sd-journal: drop to use Hashmap to manage journal files per boot ID
- tree-wide: set SD_JOURNAL_ASSUME_IMMUTABLE where appropriate
- sd-journal: introduce SD_JOURNAL_ASSUME_IMMUTABLE flag
- sd-journal: make journal_file_read_tail_timestamp() notify to the caller that some new journal entries added
- sd-journal: cache last entry offset and journal file state
- sd-journal: fix typo in function name
- coredump: use %d in kernel core pattern (bsc#1243935 CVE-2025-4598)
-----------------------------------------------------------------
Advisory ID: 419
Released: Thu Aug 14 11:26:49 2025
Summary: Security update for libssh
Type: security
Severity: important
References: 1245309,1245310,1245311,1245312,1245314,1245317,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5351,CVE-2025-5372,CVE-2025-5987
This update for libssh fixes the following issues:
- CVE-2025-5372: ssh_kdf() returns a success code on certain failures (bsc#1245314)
- CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend (bsc#1245317)
- CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions (bsc#1245309)
- CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() (bsc#1245310)
- CVE-2025-5318: Likely read beyond bounds in sftp server handle management (bsc#1245311)
- CVE-2025-5351: Double free in functions exporting keys (bsc#1245312)
The following package changes have been done:
- liblzma5-5.4.3-5.1 updated
- libudev1-254.27-1.1 updated
- libsystemd0-254.27-1.1 updated
- xz-5.4.3-5.1 updated
- SL-Micro-release-6.0-25.41 updated
- systemd-254.27-1.1 updated
- udev-254.27-1.1 updated
- libssh-config-0.10.6-2.1 updated
- libssh4-0.10.6-2.1 updated
- container:SL-Micro-container-2.1.3-6.71 updated
More information about the sle-container-updates
mailing list