SUSE-CU-2025:6403-1: Security update of bci/bci-sle15-kernel-module-devel
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Aug 20 15:05:31 UTC 2025
SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:6403-1
Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-44.3 , bci/bci-sle15-kernel-module-devel:latest
Container Release : 44.3
Severity : important
Type : security
References : 1221107 1230262 1232526 1233012 1237143 1237442 1238491 1239566
1239938 1240788 1241038 1241549 1243273 1243991 1244032 1244050
1244056 1244059 1244060 1244061 1244401 1244705 1245573 1246597
1246697 1246934 1247249 831629 CVE-2024-12718 CVE-2024-2236 CVE-2025-4138
CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069
CVE-2025-6297 CVE-2025-6965 CVE-2025-8194
-----------------------------------------------------------------
The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2672-1
Released: Mon Aug 4 15:06:13 2025
Summary: Security update for sqlite3
Type: security
Severity: important
References: 1246597,CVE-2025-6965
This update for sqlite3 fixes the following issues:
- Update to version 3.50.2
- CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2719-1
Released: Thu Aug 7 05:38:32 2025
Summary: Security update for libgcrypt
Type: security
Severity: moderate
References: 1221107,1246934,CVE-2024-2236
This update for libgcrypt fixes the following issues:
- CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2720-1
Released: Thu Aug 7 05:38:44 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References:
This update for crypto-policies fixes the following issues:
- Update the BSI policy (jsc#PED-12880)
* BSI: switch to 3072 minimum RSA key size
* BSI: Update BSI policy for new 2024 minimum
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2734-1
Released: Fri Aug 8 10:05:10 2025
Summary: Security update for dpkg
Type: security
Severity: moderate
References: 1245573,CVE-2025-6297
This update for dpkg fixes the following issues:
- CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2776-1
Released: Wed Aug 13 08:10:36 2025
Summary: Recommended update for systemd-rpm-macros
Type: recommended
Severity: moderate
References: 1237143
This update for systemd-rpm-macros fixes the following issues:
- Introduce %udev_trigger_with_reload() for packages that need to trigger events
in theirs scriplets. The new macro automatically triggers a reload of the udev
rule files as this step is often overlooked by packages (bsc#1237143).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2778-1
Released: Wed Aug 13 08:45:57 2025
Summary: Security update for python3
Type: security
Severity: important
References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194
This update for python3 fixes the following issues:
- CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273).
- CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056)
- CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059)
- CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060)
- CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061)
- CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032)
- CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705)
- CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249)
Other fixes:
- Limit buffer size for IPv6 address parsing (bsc#1244401).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2780-1
Released: Wed Aug 13 10:28:27 2025
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050
This update for gcc14 fixes the following issues:
Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799
- Fixed libqt6webengine build.
- Fix build on s390x [bsc#1241549]
- Make sure link editing is done against our own shared library
copy rather than the installed system runtime. [bsc#1240788]
- Allow GCC executables to be built PIE. [bsc#1239938]
- Backport -msplit-patch-nops required for user-space livepatching on powerpc.
- Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566]
- Disable profiling during build when %want_reproducible_builds is set [bsc#1238491]
- Fixes reported ICE in [bsc#1237442]
- Add larchintrin.h, lasxintrin.h and lsxintrin.h
headers to gccXY main package in %files section
- libstdc++6 fix for parsing tzdata 2024b [gcc#116657]
- Fix ICE with LTO building openvino on aarch64 [bsc#1230262]
- Exclude shared objects present for link editing in the GCC specific
subdirectory from provides processing via __provides_exclude_from.
[bsc#1244050][bsc#1243991]
- Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap
variant conflict with the unversioned cross-*-gcc package.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2887-1
Released: Tue Aug 19 09:47:06 2025
Summary: Recommended update for suse-module-tools
Type: recommended
Severity: moderate
References: 1241038
This update for suse-module-tools fixes the following issues:
- Version update 15.7.6
- Add missing util-linux requirement in the spec file (bsc#1241038).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2890-1
Released: Tue Aug 19 09:54:32 2025
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1246697
This update for openssl-1_1 fixes the following issues:
- FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test
instead of NID_secp256k1. [bsc#1246697]
The following package changes have been done:
- crypto-policies-20230920.570ea89-150600.3.12.1 updated
- libsqlite3-0-3.50.2-150000.3.33.1 updated
- libgcc_s1-14.3.0+git11799-150000.1.11.1 updated
- libstdc++6-14.3.0+git11799-150000.1.11.1 updated
- libgcrypt20-1.11.0-150700.5.7.1 updated
- libatomic1-14.3.0+git11799-150000.1.11.1 updated
- libgomp1-14.3.0+git11799-150000.1.11.1 updated
- libitm1-14.3.0+git11799-150000.1.11.1 updated
- liblsan0-14.3.0+git11799-150000.1.11.1 updated
- libopenssl1_1-1.1.1w-150700.11.3.1 updated
- systemd-rpm-macros-16-150000.7.42.1 updated
- update-alternatives-1.19.0.4-150000.4.7.1 updated
- python3-base-3.6.15-150300.10.97.1 updated
- libpython3_6m1_0-3.6.15-150300.10.97.1 updated
- suse-module-tools-15.7.6-150700.3.3.3 updated
- mokutil-0.5.0-150600.8.3 added
- container:registry.suse.com-bci-bci-base-15.7-8399472c596cc49c0cda1e1dc5b89c4f79b4511d42a73f22c428ae465c82542d-0 updated
More information about the sle-container-updates
mailing list